Consent-Before-Attest

Introducing Consent-Before-Attest: A Solution for Secure and Responsible On-Chain Attestations

In today's digital age, data is the new currency. It's valuable and can be used to build identity and reputation layers on-chain. AttestationStation, rolled out by Optimism, is a powerful library of key-value pairs that can be used to create a secure and trusted identity layer on the blockchain. However, there are some issues with the current approach. The biggest issue is that there is no consent taken from the subject of the attestation. Anyone can put up private or defaming data about someone else without their permission. This leads to a lack of data integrity and privacy concerns.

Moreover, once data is written on the blockchain, it's there forever. There's no right to be forgotten, and there's no way to erase data once it's written. This poses a challenge for individuals who want to protect their privacy and reputation.

To address these issues, we present Consent-Before-Attest, a solution that enables individuals to securely and responsibly store data on the blockchain. With Consent-Before-Attest, the subject of the attestation must provide their consent before any data is put on-chain. This ensures that only authorised and verified data is stored on the blockchain. This is important because it helps maintain data integrity and privacy.

So how does Consent-Before-Attest work?

Let's say Alice wants to make an attestation about Bob. She must initiate the process by submitting the key-value pair she wants to put on-chain. Bob then views this data and approves it by signing the payload. Alice can then send this signed payload to the smart contract which verifies that Bob's consent has been taken. Now we have successfully made an attestation with a win-win for both parties. Bob is sure that any data about him has to be approved before it goes on-chain. Alice gets the benefit of data integrity because Bob has approved the attestation and the data is being uploaded more responsibly rather than without consent.

Consent-Before-Attest provides a secure and responsible way to store data on the blockchain. It ensures that all data is verified and authorised, providing a high level of data integrity and privacy. Moreover, since only authorised data is stored on-chain, there's no need to worry about defamatory or private data being published without consent. This provides a safer and more secure way to build an identity and reputation layer on the blockchain.

Consent-Before-Attest is built on top of AttestationStation, taking advantage of its powerful features while addressing its limitations. With Consent-Before-Attest, we can unlock the full potential of the blockchain for identity and reputation management, while ensuring the highest standards of data integrity and privacy.

In conclusion, Consent-Before-Attest is a game-changer in the world of on-chain data storage. It provides a responsible and secure way to store data on the blockchain, ensuring that all data is verified and authorised. With Consent-Before-Attest, we can build a more trusted and secure identity layer on the blockchain, enabling new opportunities and unlocking the full potential of this powerful technology.

When building my project Consent-Before-Attest, I utilised a variety of technologies to create a seamless and secure attestation process. To begin with, I employed the concept of asymmetric key cryptography and signatures to ensure that only the subject of the attestation can approve the data being put on-chain. This process involved the subject signing a payload containing the ConsentualATST contract address, the creator address, the about address, the attest key, and the attest value.I used the ecrecover method to verify the signature's authenticity by checking if it was signed by the about address. This security step ensured that no one else could falsely approve or attest data on behalf of the subject.

To piece together the frontend of my project, I utilised the Optimism ATST starter repository. This repository includes a variety of tools and frameworks such as Wagmi, Vite, Foundry, React, and Rainbow-kit. These technologies were instrumental in streamlining the development process and allowed me to create a more efficient and reliable platform. For my database, I chose to use Cloud Firestore. This database allowed me to store and manage user data securely and efficiently before it can be published on-chain. Additionally, it allowed for easy integration with the frontend, which made for a seamless user experience.

Throughout the development process, I encountered several challenges that required me to use some creative and "hacky" solutions to overcome. One such challenge was the issue of nonce, which is used to prevent replay attacks. In my project, I decided not to include nonce because even in the event of a replay attack, there would be no change in the contract state. This decision helped to streamline the development process while still maintaining the necessary level of security for the platform.

In addition to the technologies I used, I also utilised sponsor technologies that provided significant benefits to my project. Specifically, the Optimism ATST starter repository proved to be an invaluable resource. The simplicity of the AttestationStation smart contract made me realise that even a simple solution can help solve major problems such as on-chain identity and reputation. The framework provided a solid foundation for the project and allowed me to focus on the attestation process's finer details without worrying about backend infrastructure.

In conclusion, building Consent-Before-Attest required a thoughtful and strategic approach to technology selection and integration. By utilising asymmetric key cryptography and signatures, and taking advantage of the various frameworks and tools offered by the Optimism starter kit, I was able to create a platform that is both secure and efficient.

ConsentualAttestationStation deployment - https://goerli-optimism.etherscan.io/address/0x6a91e93d407a6116aa6b3bd4a2f0779d615f20a3