Note: that “users” and “Data Owners” are used interchangeably, as well as “Trust Anchors” and “VASPs”
Financial Action Task Force Travel Rule
In February of 2019, the Financial Action Task Force (FATF) released a guidance designed to mitigate risks around virtual assets. In section 7B of the guidance, the FATF recommends the application of the Travel Rule to virtual assets. This rule requires Virtual Asset Service Providers (VASPs), such as cryptocurrency exchanges, to share sender and receiver information with each other ahead of processing inter-VASP transactions on behalf of users. It is not possible to share user data as attachments to blockchain data without compromising user privacy and violating associated privacy laws, so use of external data transfer rails is required.
Anti-Money Laundering (AML)
Money laundering is a process by which illegal money is turned into legal money through methods such as washing; hence the name “laundering”. AML is a set of policies and guidelines laid out in every country's framework to fight black money and counter terrorist financing.
Know Your Customer (KYC)
KYC is a tool that acts as the first line of defense to support AML. In its most general sense, KYC is a questionnaire wherein the customer is asked certain questions and required to share personal data which is used for identification and verification purposes. Data commonly shared includes: name, address, employment details, etc.
An attestation is a message on the Shyft blockchain, signed with a private key by a Trust Anchor, which attests to the fact that this Trust Anchor has access to and is custodying certain data provided by a user, has the ability to disclose this data, and trusts that the data is accurate.
General Data Protection Regulation (GDPR)
This law is designed to safeguard data privacy for EU citizens, and applies to any business with EU users or customers, regardless of whether the business is based in the European Union or not. The penalty for non-compliance is "up to €20 million, or 4% of the worldwide annual revenue of the prior financial year, whichever is higher".
Consent - Within GDPR
Consent is a core component of the Shyft Network ecosystem. Users are asked by Trust Anchors to give consent in advance of any sharing of personal data that is not a regulatory requirement. For example, if user A wants to send a transaction from Coinbase to user B on Binance, user A would be asked to consent to sharing personal data with Binance, and user B would be asked to consent to sharing personal data with Coinbase. Users can always whitelist Trust Anchors and Data Consumers that they’re comfortable sharing data with in advance, to avoid needing to manually consent to every transaction.
Pseudonymisation - within GDPR
'Pseudonymisation' means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
Personal Identifiable Information (PII) - within GDPR
Information that can be used on its own or with other information to identify, contact, or locate a natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identify of that natural person.
Data Attestation Attribute Tags (DAATs)
These are tags with pseudA/ZKP properties which define or represent actual data. These are pointers to data attributes on a document (passport/Drivers License etc..). Eg:
- Your Driver's License contains:
- Actual Data
- Name: John Doe
- DOB: 1995/01/01
- Document Provided: Driver's License Address
- Available: Yes
- Data Attestation Attribute Tags:
- LNAM Has a (legal) name (for a natural person)
- RADD Has a residence address
- BDAT Has a birth date
Data Consumers are third-party services that do not custody “hard data” and are not regarded as fully-trusted parties. These parties custody and commit “soft” data to the network, providing context to “hard” user data and network activity. Data Consumers will offer Data Owners pre-approved services that require attestations of trusted data. When they request information from the network, they pay a small fee to the Data Owners and Trust Anchors in exchange for the attested information. By expanding the data marketplace in this way, Shyft enables new consumer and business opportunities across the entirety of the identity ecosystem.
Trust Anchors (sometimes referred to in use cases as VASPs)
Trust Anchors are first-party services and data custodians. They are regarded as trusted entities, and hold data that is highly regulated i.e. “hard” data. Trust Anchors receive data from Data Owners, and maintain, review, read, write, confirm, and attest to this data’s validity and existence on behalf of Data Owners, with the consent of Data Owners, formulating the basis for digital identity. Trust Anchors are usually regulated entities, and are held responsible for their attestations, formulating the basis for cumulative credibility and reputations. Each Trust Anchor sets their own rules and is fully interoperable with other actors in the Shyft ecosystem.
By abstracting the roles of “hard” data holders, Shyft is assisting in creating the next generation of economic and systemic stability for data rights, centered on the individuals themselves.
Examples: Financial institutions, cryptocurrency exchanges, regulatory bodies, social media networks.
Virtual Asset Service Providers (VASP)
- i. exchange between virtual assets and fiat currencies;
- ii. exchange between one or more forms of virtual assets;
- iii. transfer1 of virtual assets;
- iv. safekeeping and/or administration of virtual assets or instruments enabling control over virtual assets; and
- v. participation in and provision of financial services related to an issuer’s offer and/or sale of a virtual asset.
[1.] In this context of virtual assets, transfer means to conduct a transaction on behalf of another natural or legal person that moves a virtual asset from one virtual asset address or account to another.
Data Owners (also referred to as Users)
Data Owners are individuals or entities that sign up for a service with a Trust Anchor or Data Consumer. These parties have the authentication-based right to control, share, and revoke private data. They maintain control of their data via private keys, to which only they have access, and have the ability to grant access to their data via Shyft’s consent-based framework. Data Owners are incentivized via the network for the sharing of their data. By expanding users’ rights over their data, Shyft aims to enable the next generation of quality data markets, in a secure trusted manner, exposing only those attributes on public blockchains that the users directly consent to - no private data is held on the public blockchains, only references to where their data resides.
Examples: Enterprise clients of financial institutions and individual customers of financial institutions
The ability to share information and transact across different blockchains. In a fully interoperable environment, if a user from another blockchain sends you something on your blockchain, you will be able to read, comprehend, and interact with or respond to it with little effort.
Application Program Interface (API)
An API is a software intermediary that allows two applications to talk to each other. In other words, an API is the messenger that delivers your request to the provider that you're requesting it from and then delivers the response back to you.
The symmetric key, shared between the attestee and Trust Anchor, that is used to encrypt the ciphertext container of the attestation in question.
Block explorer is a global search for all the transactions, past and current, on the blockchain. They provide useful information such as network hash rate and transaction growth.
Byfrost (Shyft Bridge)
Byfrost is Shyft Network’s bridging technology, and operates as an internal network of servers, acting as an attestation engine to ensure data availability and synchronization. Byfrost enables interoperable, cross-chain asset transfer and management. Zero-knowledge proofs are utilized to enable secure transfers with minimal friction.
It is a state which is achieved when all the nodes on the network agree on the validity of the transactions, and each node has the exact copy of transactions.
Shyft Core Smart Contracts
They are the Shyft smart contracts that enable the core functionality of the Shyft Network such as Trust Anchor onboarding, attestation, and updating passes, as well as the KYC contract templates to handle proper transactions.
Shyft Safe is a collection of smart contracts across different blockchains that enables asset transfer (interoperability). These smart contracts talk to the Shyft Bridge in order to facilitate interoperability.
A protocol launch where transactions are being broadcasted, verified, and recorded on the blockchain.
Public Key Cryptography (Asymmetric Cryptography)
Any cryptographic system that uses pairs of keys: public keys which may be disseminated widely, and private keys which are known only to the owner. This accomplishes two functions: authentication, where the public key verifies that a holder of the paired private key sent the message, and encryption, where only the paired private key holder can decrypt the message encrypted with the public key.
Public Key Infrastructure (PKI)
The Public Key Infrastructure (PKI) is the set of hardware, software, policies, processes, and procedures required to create, manage, distribute, use, store, and revoke digital certificates and public-keys. The PKI is the foundation that enables the use of technologies, such as digital signatures and encryption, across large user populations.
It is a fork of the web-based solidity IDE that has been customized to work with the changes in Solidity resulting from the custom Opcodes created for Shyft Geth.
Reputational Merit Scoring (RMS/RMT)
Shyft’s Reputational Merit Scoring (RMS) system is a blockchain-specific reputation system that would establish secure and risk-bounded credibility/trust metrics for each user on the blockchain, in order to reconcile the quasi-anonymity of blockchain with industry regulations.
A node is a participant on the network which hosts a copy of the ledger on the blockchain network.
It is the public facing node infrastructure within the Shyft blockchain. The ring specializes in “last mile” connectivity to wallet users, serving as a blockchain explorer and local caching assistant for merkle tree proofs of the user’s fund and Shyft Safe status.
Shyft wallet has enhanced Public Key Infrastructure support, enabling time locks, allowance, password manager, secondary 2-factor authentication.
Zero-knowledge Proof (ZKP)
A ZKP is a (cryptographic) proof that an entity can provide to demonstrate knowledge of a piece of information without disclosing any of that piece of information itself. (e.g. if I know a private key, and you send me a random datum, my ability to sign that datum (in a way that you can verify with the public key) provides a zero-knowledge proof that I know the private key corresponding to that public key).