05/28/2014 01:05 pm ET Updated Jul 28, 2014

Bitcoin, Identity, and Decentralized Auctions

By now, most readers will have heard of Bitcoin, the curious technology that acts as a payment system and a medium of financial exchange. What you've probably heard of Bitcoin is the system's many political and economic repercussions, as well as its anonymity features. Instead of focusing on what's been covered, I will look at some applications of Bitcoin as an identity platform, and how it can improve eCommerce when integrated with another emerging cryptographic tool called Secure Multiparty Computation.

The Bitcoin technology allows, under some conditions, a large number of mutually distrusting parties to agree on a single, consistent, view of a giant ledger that records all transfers of units of bitcoin between Bitcoin users, since the beginning of time. In this case, the "beginning of time" is some day in January of 2009.

The other crucial component of the Bitcoin system is the wallet. A Bitcoin wallet consists of a public key and a private key. The public key is like a bank account number, where anyone can use the number to deposit bitcoins. Unlike regular bank accounts, one does not need to worry about revealing the public key to the world. Indeed, it only allows bitcoins to flow in. The private key, in contrast, is a credential that can be used to prove ownership of the wallet, and therefore to transfer bitcoins out. Clearly, preventing the private key from falling into hands of attackers is essential.

Interestingly, the way that "bitcoiners" prove ownership of their bitcoin is similar to the way that your online banking or shopping website proves that you've reached the right page. When implemented properly, this mechanism works so well that we almost never hear of a security breach that involves the public key based authentication part of the transaction. It relies on public key cryptography, which uses well-studied mathematical principles, and could not be cracked in a thousand years using today's technology. Unfortunately, most consumers do not have the luxury of proving their identity in this way. They must resort to clunky passwords that are either easy to guess or hard to remember, or they must use a government issued identifier, like their social security number, which is fixed for life and is coveted by identity thieves.

Bitcoin is one of the technologies that are trying to change that, and as its use grows, so will adoption by consumers of public key cryptography as a tool for proving identity. In Bitcoin, the owner proves ownership of an identity that is represented by a random number, not assigned to any "real world" identity. This works up to a point. What if a Bitcoin user wishes to obtain a loan or seek an investment? Linking real world and Bitcoin identities could enable that. Moreover, putting a public key cryptography credential behind a real world identity opens up the possibility of safely using one's identity without worrying about identity theft. It's hard to overemphasize the benefits of having full control over your identity credentials, with guarantee that only you could use it.

Public key cryptography has been around since the early 80's and is routinely used in business-to-business (B2B) and machine-to-machine (M2M) interactions. Another cryptographic tool that is quietly emerging to practice from the world of academia is Secure Multi-party Computation (MPC). MPC is best illustrated by what is known as the millionaire's problem: Alice and Bob are two millionaires who want to determine who has a higher net worth. They could just reveal their net worth and get the answer, but Alice and Bob are privacy conscious and want to learn the answer without revealing anything about the amounts of money that each of them has. In short, Alice has a number X, Bob has a number Y, and they want to determine whether X>Y without revealing X, Y, or any additional information about these values beyond what can be deduced from knowing whether X is greater than Y.

If Alice and Bob had a trusted friend, they could just reveal their numbers to the friend, who would calculate and announce the result. What MPC schemes allow you to do is to design a system assuming the existence of a trusted party, and then magically remove that party and replace it by a cryptographic protocol. In other words, every computation that can be done with the assistance of a trusted party can be modified to work securely in an environment without a central authority that runs everything.

Sounds familiar? Bitcoin as well is a method for removing trusted parties from a protocol. Combining decentralized currency with decentralized secure computation opens up some very interesting possibilities in the B2B space. One interesting example is the Danish sugar beet production contracts auction. The Danish sugar beet farmers arrange production contracts with Danisco - the only Danish sugar manufacturer. The contracts can then be traded among the farmers to meet production demand. The sugar beet auction was one of the first uses of MPC in practice, which allowed the farmers to run a double auction - an auction where a clearing price is determined and all contracts trade at that price - in a secure and decentralized manner.

The Danish farmers did not use Bitcoin, and had to separately fulfill the outcome of the auction using regular money and contract reassignment. By combining the three aspects of bitcoin as a method of payment, Bitcoin identity, and MPC, such auctions can be made fully automated and continuous. What do I mean by continuous? Imagine that stores, suppliers, and farmers around the world were connected to a global network that automatically clears the sugar beet market at the best possible price. This does not require mediators and happens in a cryptographically verified manner so that anyone can verify that the auction was fair and economically efficient.

Unsurprisingly, the above method is not limited to buying and selling sugar beets, and can be applied in other markets. Automated auctions are not a thing of the future. Web search companies run automated auctions every time a web search is performed, finding the highest bidding advertisers, charging them, and placing a link on the results page. These auctions happen on the search engine servers, mostly without human intervention. One difficulty in bringing automated auctions to other markets is the need for a centralized auction house. Bitcoin, digital identity, and MPC can be used to remove that requirement.

It's an exciting time for people working on products and services that bring years of research to consumers. I am looking forward to seeing the evolution of digital identity in the near future, and how technologies, such as Bitcoin, will influence its development.