Blockchain authentication and credential privacy

The SkillsGraph proof of concept is built on the Cardano blockchain, which provides robust security and privacy guarantees.

A central purpose of SkillsGraph is to provide publicly-available, durable authentication of skills-based credentials. We do this by storing cryptographic proof of credential data on a public blockchain, in a private, secure way.

For our initial proof of concept, we are using the Cardano blockchain and Cardano's Atala PRISM protocol. Eventually, we plan to add interoperability with other blockchains and authentication protocols.

Privacy

It is a crucial feature of SkillsGraph that what is stored on the public blockchain is a Merkle proof of the authenticity of the skills credential. This proof is a 'hash' (a very large number) that cannot be used to recreate the underlying credential, because it is linked to the credential by a one-way hash algorithm ('one-way' means that the hash can easily be computed from the credential, but it is computationally infeasible to determine any credential data from the hash).

In our proof of concept, user and credential data (and associated private keys) are stored in a secure database hosted on a SkillsGraph instance. LearnerShape operates a SkillsGraph instance, and any other party can also choose to do so using our open source code. Although we intend to maintain this hosted option (many Web3 users choose hosted solutions for convenience - e.g. Coinbase, Binance or Kraken for cryptocurrency), we will also add the ability for private data and keys to be stored in personal credential wallets, so that no personal data at all needs to be held by anyone other than the holder of the credential (until credentials are shared) and SkillsGraph can be used in a fully decentralized way.

Security

The Cardano blockchain is a robust layer 1 public blockchain which is secured by a peer-reviewed, research-based proof of stake protocol that guarantees the reliability of blockchain data. At present, however, the version of Atala PRISM that we are using operates on the Cardano testnet, which lacks these security guarantees of the Cardano mainnet. Although the use of testnet is sufficient for a proof of concept, it is not sufficient for our eventual production deployment. We will make SkillsGraph available on mainnet once this option is supported by Atala PRISM.

For our proof of concept, we secure access to user data using a username / password combination. This will be augmented to include multi-factor authentication. We will also have enhanced security protection for the most sensitive user data, including private keys.