Privado ID & Quark ID: On-Chain ZK-Powered Unified ID - Diego Fernandez & Evin McMullen - Epicenter - In-Depth Conversations about Blockchain & Crypto

Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
(00:00):
Identity data, data that describes our addresses or us
sometimes representing institutions or even AI agents
right now is not terribly standardized and is often
optimized for really niche use cases, not composability or
interoperability. We've essentially created on
chain the same silos we have in Web 2, but these ones are

(00:20):
slower, more expensive and less interoperable.
So Bravado ID enables unified identity.
That means you can prove your identity traits about yourself,
your capabilities, preferences, qualifications on any chain, any
device, anywhere. We realized that it would be
actually very valuable to bring to market a protocol agnostic

(00:42):
solution not bound to any singleblockchain.
Our first goal was to build the product code completely open
source because we we finally have the division that society
should be able of reading and understanding how are we dealing
with personal information. Just as there are many identity

(01:02):
issuers in the world today, nation states, so too is it
important that we support an open ecosystem where many
sources of identity can be used composably together.
Welcome to Epicenter, the show which talks about the
technologies, projects and people driving decentralization
and the blockchain revolution. I'm Federica Ans and today I'm
speaking with Evan McMullen, whois the Co founder of Privado ID

(01:25):
and Diego Fernandez, who is the former Secretary of innovation
for the city of Buenos Aires andthe Co creator of Coke ID.
Before I get started with Evan and Diego though, these are our
sponsors this week. If you're looking to stake your
crypto with confidence, look no further than course one more

(01:45):
than 150,000 delegators, including institutions like bit
gold, Pantera Capital and Ledgertrust.
Course one with the assets. They support over 50 block
chains and are leaders in governance on networks like
Cosmos, ensuring your stake is responsibly managed.
Thanks to the advanced MEB research, you can also enjoy the
highest staking rewards. You can stake directly from your

(02:05):
preferred wallet, set up a whitelabel note, restake your assets
on Eigenia or Symbiotic, or use their SDK for multi chain
staking in your app. Learn more at Chorus .1 and
start staking today. This episode is proudly brought
to you by Gnosis, a collective dedicated to advancing a
decentralized future. Gnosis leads innovation with

(02:26):
Circles, Gnosis Pay and Metri reshaping open banking and
money. With Hashi and Gnosis VPN,
they're building a more resilient, privacy focused
Internet. If you're looking for an L1 to
launch your project, Gnosis Chain offers the same
development environment as Ethereum with lower transaction
fees. It's supported by over 200,000

(02:49):
ballot errors, making Gnosis Chain a reliable and credibly
neutral foundation for your applications Gnosis Dow drives.
Gnosis Governance, where every voice matters.
Join the Gnosis community in theGnosis Dow forum today.
Deploy on the EVM compatible Gnosis chain or secure the
network with just one GNO and affordable hardware.

(03:12):
Start your decentralization journey today at gnosis dot IO.
Hey, Evan and Diego, it's it's apleasure to have you both.
On GM, it's great to be here. Thank you so much.
It's a pleasure being here for the.
Super nice. Maybe let's get started with a

(03:32):
little bit of background on bothof you.
And I'd start with Evan. So Ladies Fest Evan, tell us
about your journey up to and into Web 3.
So thank you so much for having us here today, Frederica.
It's wonderful, wonderful to be here.
Big fan of the Epicenter podcast.
So very proud to be able to share more of our work right

(03:54):
now. My journey on Chain began a
little over 10 years ago. As a student, I had the
privilege of one of the, you know, world's best professors
who introduced me to decentralized technologies and
Bitcoin. Several years later, I started
working at a company called Consensus, building out the
Etherium ecosystem and introducing decentralized

(04:14):
technologies to governments, institutions, and brands around
the world. After spending a few years
building in the decentralized space, I realized that we did
not have enough data on chain tocoordinate more than the D5 that
we know and love today. And that's what led me to the
identity space to bring the world's largest real world asset
on chain verifiable data in service of our identities.

(04:38):
I remember meeting you for the first time kind of when you had
just started disco, which was then kind of acquired by by the
Polygon ID, which is now PrivadoID making you a Co founder of
that. So tell me about starting disco
because kind of like at the timeit it was a slightly different

(05:03):
time than it is now. So kind of, yeah, tell, tell us
about that. And kind of like how how the
environment has changed. When I started a project called
DISCO couple years ago, there was no way for you to use your
existing crypto wallet to managedata written about you that

(05:23):
didn't live on the chain, that there was no way to use your
existing wallet to selectively share parts of yourselves in a
verifiable way. And so the way that you know,
the way that we approached identity was from a very
different manner than many had before.
You know, the the sort of friendly language that we used,
noting that you are the multifaceted center of the

(05:46):
party, just like a disco ball, Ithink helped many of our most
technical colleagues think aboutidentity in a different way.
In the years since, we've seen the concept of identity,
verifiable data, credentials anddecentralized identifiers go
from being the weird thing that Diego and Evan were talking
about and no one else was talking about to something that

(06:07):
is a common topic amongst investors, founders and builders
everywhere. So I definitely think 2025 will
be the year of identity, but part of that is due to the long
run up of our efforts proceeding.
So, so tell us about the the acquisition through Polygon ID.
So kind of obviously kind of identity is, is very much

(06:31):
vertical that kind of tends towards consolidation just
because there's no, no real value add in having several
competing identity solution. So kind of tell us how the
acquisition came about and kind of like what your considerations

(06:51):
were going into it? So Fredrika, first I'm going to
politely push back a little bit on the the need for or the
reality that multiple identity systems exist.
Just as there are many identity issuers in the world today,
nation states, so too is it important that we support an
open ecosystem where many sources of identity can be used

(07:13):
composably together. And actually that's one of the
challenges I see in many, you know, potential other solutions
or offerings that have been presented.
They are monopolistic and cannotbe used together.
But we live in a reality where there are multiple institutions,
multiple sources of reputation, multiple apps, multiple nation
states. And so that's why I think that

(07:34):
the open ecosystems, you know, in which Diego and I together
offers the only viable way forward and in service of that
open ecosystem. Actually, that's what first led
me to meet my now Co founders who who are then working in the
Polygon ecosystem. For those who might not be
familiar, Polygon ID was the identity system initially
optimized for the Polygon blockchain, but its roots run

(07:57):
much further back than that. Starting in 2017, a group of
very capable researchers and builders here in Barcelona,
Spain invented what are libraries that are you know, are
now used prevalently across the world, including Cercom and
snark JS. These these cryptographic
capabilities then formed the roots of the Hermes blockchain,

(08:18):
which then led to today's Polygon ZKEVM.
So our colleagues, you know, deeply steeped in ZK
capabilities and identity specific to 1 chain, then
realized we now live in a multi chain world.
So earlier this year when we satdown together to discuss
integration between DISCO and then Polygon ID, we realized

(08:39):
that it would be actually very valuable to bring to market a
protocol agnostic solution not bound to any single blockchain.
Because of course, human beings,agents and institutions are
likely to interact with multipleprotocols throughout their day,
not just one. And so your identity on chain
needs to be interoperable and all the places in the connected
world that you go, not just one protocol at a time, like a silo

(09:02):
unto itself. So through the course of
discussing technical integration, we actually
realized that our stacks complemented one another pretty
well from Discos protocol agnostic approach and strong
focus on developer experience and deep ZK expertise and R&D
from the Giga Chad engineering team over at then Polygon, now

(09:24):
Provado ID. So joining hands with my Co
founders Sandeep Nawal, Jordy Belina, David Z and Anthony
Martin, we now lead a team unified together under the focus
of bringing identity to the world, its agents, its
institutions and most importantly its D Jens.
Super nice. Yeah.
So we had to dive into kind of how it works under the hood in

(09:48):
just a bit. But Diego, super nice to have
you here too. So you have a, you have walked a
very different path to kind of Evan.
So kind of you were also kind ofan IT entrepreneur, but then you
kind of entered public service, right?

(10:09):
So kind of what motivated you kind of to, to this transition
from the private sector to the, to, you know, to public service?
I was an I have been an entrepreneur for all my life.
I was, I started my first companies of like 30 years ago.
So I had this entrepreneurship entrepreneurship experience and

(10:33):
I got the chance of getting intointo government by, by
coincidence, to be honest. And in my first thought was I
want to stay here just a couple of years.
And then I fell in love with thethe immense power of
transformation that you have when dealing with the private.
So with the public sector, of course there's this downside,
which is public sector is this big fat elephant to move it

(10:56):
around. I mean, you need to push really
hard. I did a six year term in a big
slum upgrading project that I helped you find and and
fundraise with the institutionalbanks as World Bank and IDB.
He's the biggest slum in Argentina.
And then I became the secretary of innovation of the city of
Buenos Aires. I started getting involved in in

(11:18):
first in cryptocurrencies from afinancial perspective.
And short months afterwards, I fell in love with the Bitcoin
white paper. And then after that I fell in
love with the ethos of the community.
And then and I think that that is kind of a pill that once you
take you're in, you kind of live.
Anyway. And how I got involved in

(11:40):
identity. It's a funny story actually,
because in 2019 I started the process of getting my Italian
passport because my family, the past generations came from
Italy. And I went through all these so
cumbersome process of getting, of course, the birth certificate

(12:00):
of my great grandmother. I expected that to be a hard one
because it was in Italy in 1800s.
And that of course, should be difficult, but the, the funny
story is that getting the birth certificate for my father and
for myself digitally, because I had a digitally signed document,
had to go through all of these nightmare of signatures and, and

(12:23):
physical signatures in, in the Argentine Ministry of Foreign
Affairs and the age accounts. So I mean, they say this cannot
be true. This is not even 20th century.
This is 19th century and, and that is the reality that we live
by. And, and it was such a difficult
process. It took me nearly six months
dedicating regular time on a week, on a weekly basis.

(12:46):
But I started to investigate andsay, hey, come on.
And we need to change this. And, and that's, that's how I
got involved in Quarkadie when Iwas offered the post as
secretary of innovation and said, hey, OK, I'm going to take
this, but on one condition. This is the thing that I want to
do. This is my, this is the project
I would like to lead and I got the OK from from my former boss
in Titan, the major of the city of Buenos Aires.

(13:08):
And something like one year afterwards that in 2021, I mean,
we started getting to know with Abin when we were just perhaps
the only two guys speaking in crypto events about ID.
And everybody looked at us as, hey, you're not doing D5, you're
not doing manacoins, you're not doing NFTS.
What are you talking about? Unfortunately, since we always

(13:32):
shared together today, identity had take has taken a very
different role in this space andeverybody's looking at an
identity in a different manner. And I am convinced that the we
need to get the world on chain and I'm convinced that the the
way of the of achieving that goal is through identity.
And then of course put the railways for financial usage

(13:54):
will come, but the main on boarding tool will be identity.
You make a lot of super interesting points and I think
kind of like this talking about kind of like this connection
between government, governments and identity and decentralized
identity systems. Kind of we'll spend a long time
talking about this, but we've before we dive right in, I have

(14:16):
a pure curiosity question. So kind of you, you said that
you spent a couple of years upgrading the biggest slum in
Argentina and kind of the way that you got there was a little
bit by coincidence. I mean, tell us about that
coincidence. So kind of like, how do you go
from being a tech entrepreneur to kind of trying to kind of,

(14:38):
you know, embark on this urban transformation of an entire
city, part of the city? Well, my, my first job in
government actually was, and that's a coincidence.
A friend of mine is going for a very difficult process, which
is, was the former secretary of sorry, the former Minister of
Education of the city of Buenos Aires, which unfortunately he

(15:01):
was diagnosed. The English word for that is
Amsi don't know this degenerating illness, which is
very bad. He got the, the, the job as
Ministry of Education and he said, you know what I mean?
Your help you, you have experienced managing companies
and, and, and managing new projects.

(15:21):
I'm going to be my chief of staff and say, OK, I want to try
that. But the time I decided to take
an absent sleeve of two years and say I'm going to try this
new thing. I got involved in that.
And, and again, the the power oftransformation is so amazing.
It's very difficult because I always like to think that in the
private world, you have a 2 dimension.

(15:42):
I mean, you have someone who which reports to you and and
when you ask, put an objective and and set up a task in
general, the taskets stand or consequences arrive in the
state. That's kind of different because
the people that work for you, most of the time, you kind of I
mean they are just they are and you kind of move them and you

(16:06):
have this kind of three-dimensional gaming, which
perhaps the guy reporting to youhis political boss has more
power than your boss. So I mean, you get all the, the
intricate wave of world things that you need to tackle.
And this slum in Buenos Aires was, is a huge or was a huge
slam, something like 50,000 inhabitants in the middle of of

(16:29):
the city in perhaps the most expensive part of the city.
And it has been there for more than 100 years.
So they asked me to say, hey, why didn't you set up a team
and, and design study what what has happened here and, and what
has been done all around the world and come up with a project
to deal with that. I spent something like one year

(16:50):
with a team studying and, and designing that solution, but it
came up to be a pretty expensivesolution.
So for like $300 million. So let's get the money.
So I started sort of this was the first timer sort of
fundraising in the public sector.
And that means speaking to the World Bank, speaking to the
Inter American Development Bank in order to get the credits for

(17:13):
doing this. And we did it.
To be honest, I love doing new things, but it's hard to get a
project that is so, so emotionaland, and impactful in your life
at that one because you're dealing with real people
changing real people's life. And it was a huge project.

(17:33):
And then we relocated 1 tons of families to adjust two blocks
away to new houses. They were living under a
highway, you know, in a place which was devastating.
And, and we basically built all the infrastructure, sewage,
drainage, electricity, roads, they were mostly dirt roads.
And whenever you come to Buenos Aires, Abin or Frederick, you'll

(17:56):
be, we go and take a look aroundat what's, what's been done
there 'cause it's amazing. And then it came back to
technology then. I would absolutely love that
because I think kind of the partof me that just loves fixing
stuff. I I think kind of like the, the
problem solving part, it sounds like, like it's like an
incredibly rewarding kind of project to embark on because

(18:21):
kind of it's so real. Kind of.
It's so, yeah. For me the most difficult part
is, is, is actually not the the doing the building, the
constructing houses, the fixing roads or building drainage.
The the biggest and most difficult part is gaining trust
of a big community because thosecommunities have been neglected

(18:44):
for so many years that when these they see a public officer,
they instantly distrust you saying, you know what, this
another time they're going to donothing and and we're going to
keep on suffering. So gaining that trust takes
time, and it's by far the most difficult task.
Yeah, I, I, I think this goes for builders worldwide on chain

(19:08):
and off chain. So yeah, 100% maybe that's kind
of segue into prevado and then kind of we can we can make our
way back to Amoeba the the Buenos Buenos Aires identity
system. So Evan, tell us about kind of

(19:28):
Prevado and kind of what what parts it's made-up from and kind
of how how these kind of play together.
So bravado, I think, enables unified identity.
That means you can prove your identity traits about yourself,
your capabilities, preferences, qualifications on any chain, any

(19:49):
device, anywhere. The reason for this this
solution is that we currently live in a very fragmented world
on chain identity data. Data that describes our
addresses or us sometimes representing institutions or
even AI agents right now is not terribly standardized and is
often optimized for really nicheuse cases, not composability or

(20:11):
interoperability. We've essentially created on
chain the same silos we have in Web 2, but these ones are
slower, more expensive, and lessinteroperable.
However, we see a unique opportunity to leverage 0
knowledge proofs for interoperability and to take the
headache out of identity and many kinds of compliance for
builders. From a technical level, Provado

(20:32):
ID starts with a few smart contracts.
A registry of issuers of reputation.
These are proven authorities in their subject matter such as KYC
compliance. However, there are a variety of
different types of identity datathat can describe you.
For example, your chess.com score can now be taken out of
the application and to safely tothe chain through our

(20:55):
infrastructure as well. So this registry of authorities
of reputation can then issue verifiable credentials to
recipients, individuals, institutions, agents.
These credentials are kind of like diplomas, statements
written about you, signed by another party, encrypted against
your keys, secure so that only you can decide to disclose them,

(21:19):
then provide an ID. It makes it really cheap, fast
and easy to create a client sideproof on your mobile device and
then to publish evidence of thatproof on chain such that you can
initiate or or disclose to any application or service that you
indeed embody those proven traits.
Provado IDs Network of our Oracle network then enables this

(21:42):
data to be syndicated or called upon in other chain environments
so that you can prove a trade about yourself in one chain or
one application or one service and reuse that data again and
again and again. For this reason we are often
referred to as middleware infrastructure sitting in
between block chains and applications, making it easy to
reuse and build on top of data from multiple sources.

(22:04):
A few fun capabilities that Provado ID has introduced to the
world include ZK revocation of credentials so that for example,
if your KYC status changes, those credentials can be revoked
and their their shared private state can emanate across chains.
Additionally, we also allow the ability to refresh these
credentials. So for example, if you have a

(22:25):
proof of how much ETH you have in one wallet that you want to
be able to prove in another and that balance changes, you can
actually refresh that proof without interrupting any of the
of the outside processes that might rely upon it.
So in this way, we enable sharedprivate state of identity data
across chains and make that really simple from a ZK

(22:46):
perspective, abstracting away a lot of that complexity from
developers. If you're interested in
interacting with or building on Provado, Idi would probably
first direct you to our friendlyJSSDK embedded wallet.
Make it really easy to be able to plug in access control based
on certain traits or capabilities.
For example, age verification has become a popular topic in

(23:09):
recent weeks as Pump dot Fun recently had their live
streaming taken down for lack ofage verification.
With Provado ID, we make it easyto prove and reuse proofs of age
so that apps can build adults only experiences that are safe
for their users. Similarly, access control based
on KYC status, location and other essential traits allows us

(23:31):
to bootstrap on top of trust that has already been built or
can be asserted in the IRL or Web two world and to bring that
valuable RWA of our real world data on chain.
So when you say there's different entities that can
attest to things, does that meanthat kind of there's different

(23:53):
KYC providers kind of integratedinto this or kind of like chess
score providers or a kind of like like whatever kind of
attestation kind of you're looking for, right?
So is, is, is there like an entire host and kind of who
picks who I kind of who I authenticate against?
That is a great question. So yes, exactly as we were

(24:15):
discussing earlier in our conversation, there are many
sources of reputation in the world already, KYC providers,
nation states, companies that itmay attest that you work there
or even peers who know you and can say things about you.
So any address is able to make statements about others, but
based on how they present themselves, how they set up,

(24:36):
what qualifications or capabilities they provide, of
course, those can be presented differently.
The Provider ID marketplace of reputation issuers is broadly
diverse and growing by the day, including multiple KYC
providers. OK, and say kind of like now

(24:57):
let's look at this kind of from the user side of things.
So say I want to enter a Web 3 application that is age 18 and
up. What do I do?
So it depends on how that application wants to request

(25:17):
that proof of age. If they're interested in doing
so in a privacy preserving way, they can visit our query builder
without having to deal with any of the complex 0 knowledge
proofs. Instead, they can use a friendly
interface, click a few buttons to decide they would like for
their users to be over the age of 18, let's say.

(25:38):
And then they can select from multiple sources of reputation,
multiple providers or issuers ofreputation whose data might
indicate that you're over the age of 18.
For example, if you've passed KYC, that means that you are
likely over the age of 18. Additionally, if you have a
national identity document that indicates your age, that could
be used as well. And so this is an example where

(25:59):
as a verifier or the party verified the data to allow you
into my space, I may want to accept multiple different types
of inputs to indicate your age to me.
This is consistent with the way that age proofs work in a
variety of different instances where you might be able to, for
example, use a utility bill or acredit card in Web 2.

(26:20):
So we want to make sure that flexibility is just as available
for builders in Web 3. From a user perspective, what
that looks like in your in your actual application experience
would probably be something to the tune of connecting your
wallet as you would normally to a Web 3 DAP inside of that
wallet being presented with a request for age proof.

(26:41):
You could click a button to elect to disclose that you are
above that age and so then sort of validate your sort of
qualifying trait on chain, but would not disclose the
underlying data such as your actual date of birth.
And then just like that, in a few seconds you'd be able to
enter your application and proceed happily on chain.

(27:03):
Super nice. If I kind of think about this
from the other point of view, kind of that of the dev
developer, how do I make sure that the source that's that's
kind of emitting this attestation is actually a good
source for that? So kind of like if kind of like
when I integrate AKYC provider, for instance, say I use some SAP

(27:27):
or Onfido or something. I, I mean, they, they are
usually kind of like regulated in some way.
Kind of, I know things about them set the same.
It's it's the same true for kindof interacting with them on your
platform? I think that is a really
important thing to point out that just because an address has
signed a statement doesn't mean they're an authority on the

(27:49):
subject. For example, if I Evan dot ETH
decide to sign a credential thatsays Diego has passed, KYCI
don't know that Frederica would recognize Evan as a legitimate
KYC provider in accordance with government policy.
And that's why the issuer registry is important.
Furthermore, for legally binding, you know or account

(28:10):
legally accountable situations where KYCAML needs to be
followed in accordance with certain regional laws.
There can also be additional commitments between issuers and
verifiers, fires made to guarantee for example, the
retention of data or it's reusability.
In, in some jurisdictions, and Iknow this because kind of we
have we have encountered this problem before kind of in

(28:33):
principle kind of having this attestation sounds fantastic.
And obviously it's kind of like a much better solution than kind
of like having tons of people's passports somewhere on your
server, right. But in many jurisdictions, you
actually need more than the attestation.
You actually need to save the clear text somewhere.

(28:54):
Do you think that's changing or do you think that's here to say?
So I absolutely think that thereare many places in which the old
school form of KYC requirements will remain in place, but there
are a variety of new technologies and new laws that
are evolving the standard. For example, recently past a
passporting regime has has entered the scene in the EU and

(29:17):
places like the MENA region. So for example, if we are all
European banks that we can all rely on one another as obligated
entities, we can pass data between each other without
needing to recheck it sort of called a passporting regime.
Similarly, we now have awesome decentralized storage solutions

(29:38):
such as our colleagues over at IDOS that enable sort of proof
of existence of this data and enable access to the clear text
data of behind KYC checks based on certain, you know, certain
requirements such as legislativelegal inquiry.
However, that decentralized storage can also permit the user

(30:00):
to request deletion of their data that can then be reflected
across the network. So as we're seeing more, you
know, progressive regulation andmore nimble technology in the ZK
space, I'm really looking forward to this process becoming
a lot easier. When we think about KYC, often
we have one KYC issuer and they have sort of one client or

(30:22):
recipient for whom they're performing that process and
that's it. So that by the time you may, you
know, enter into a second or third KYC process, it's like
your first day on the Internet and you have to begin from zero.
We're starting to see this premise of reusable KYC or
reusable credentials being offered as a as a solution to,

(30:43):
to have kind of an interim step to a totally open ecosystem.
We sometimes call this one to one KYC is kind of the old
school way and one to many KYC is one KYC provider and many
verifiers of that of that data. So this sort of one to many
premise I think is the intermediary step where we're
starting to see the kind of mostprogressive practices.

(31:06):
And I think that's kind of what's going what the ecosystem
is going to look like in the next, call it 2, three years to
come. Let's hope so.
So let's loop back to kind of the city of Buenos Aires,
because so far we've kind of talked about Web 3 and Web 3 and
Web 3. So let's kind of bring the
citizens of Argentina into this.How does the Buenos Aires

(31:27):
Digital Identity system operate on a technical level?
Well, we developed, I mean not we alone, but we in the local
regional community in the cryptospace, we developed Quark ID,
which is a self sovereign identity protocol based on the
W4C standards of the ID and verified credentials as provider

(31:48):
ID and many others are using outthere today.
We're anchoring the CKC in errorchain, but the protocol is by
definition multi chain. As a matter of fact, we started
and we anchored it in in Roostock, which is a layer 2
running on top of Bitcoin. We anchor it on Polygon as well.
We anchor it in E3 on layer one.We anchor it in start net.

(32:11):
And finally we decided to go through with with CK sync.
But we we have today in the gig hub, the protocol is open source
and, and it's has been declared digital public good.
But this is a public good alliance.
Anyone can take the code and anchor it.
It's not that hard of a job in any, in any type of in any type
of blockchain. How do we how do we do this?

(32:34):
OK, our first goal was to build the protocol completely open
source because we, we finally have the division that society
should be able of reading and understanding how are we dealing
with personal information, even if we're using blockchain?
Because putting personal information in blockchain is for

(32:56):
me and no go. You can put claims or whatever,
but not BI because that's that'sextremely dangerous.
In in the case of Quark, ID information is only stored on
device. So of course the government of
the issue has the information, but there's no central database
of information anywhere. What we do as a city is let's

(33:16):
speak how we were operating before and how are we operating
now. Before we have basically 2 doors
open. The first door was the door that
our Web 2 application used in which you have your application,
you have your login and password.
You have to go through a biometric process in order to

(33:39):
verify your to KYC yourself. And once you have that, each
time you open the application, the application sort of pool for
this API and got this kind of electronic documents, digitally
signed electronic documents intoyour application.
That was the first door open. The second door was a verifying
door. So when someone wanted to verify

(34:02):
whichever birth certificate or thing you presented to another
third party, there was a verifying door in which
authorized verifiers got access for an API for API keys in order
to be enabled of verifying citizens.
And that basically presents two big problems.
The first one being we have opened doors with personal
information to the Internet. Although we have firewalls and

(34:24):
security procedures and and and credentials and so on, things
get hacked every day. And for me it's not a matter of
if, but if, but when are you going to be hacked?
Just to give you an idea, last year, the seat of Buenos Aires,
the 2024, the seat of Buenos Aires received over 30 million

(34:44):
attacks per month because people, I mean people love to
hack government. So you're always a big, big
target. Today, those two, those two
doors are basically closed because the first door, the
issuing door gets only opened one time to issue the
credentials. And then the credentials reside

(35:04):
on your phone. And you don't need to have a
permanent door open for people downloading credentials each
time they open their app. You open the door, mean the
credentials close the door and it's a temporary door.
And the second thing is you don't need a verifying API in
order to check the validity of acredential.
Because within the credential and following the W3C standard,

(35:28):
you have a location of an of an array of bits which the issuer
can change from one to zero for each credential to determine if
that credential is is valid or not.
And let let me give you a real word example.
Today we're meeting driver's licenses on the the Work ID
protocol using the Mibala Walletapp.

(35:51):
Maybe my driver's license expires in December 2026, but
maybe I don't know. The day before yesterday, I was
stopped by a for a control and then get positive for driving
and drinking or driving under the influence.
Hence the police health has the authority of revoking or doing a
temporary revocation of my license.

(36:11):
And that is how it's a lot of existing Port Osiris.
If they catch you drinking, you get your license revoked.
You need to go through a course,certain courses and things and
pay fines and whatever because of course you you may not drive
under the influence. The police has the authority of
revoking that license without touching your wallet and without
touching your credentials, because they just put a flag on

(36:33):
on the specific location on in which your in which the beat
corresponding to your wallet is.And they put that from zero from
one to zero. So the level of security and the
level of privacy that the seat of Buenos Aires now has and
disabled of man or how is able of managing personal information
is an order of magnitude better than it was before.

(36:58):
OK. So there's a lot to unpack here.
So maybe kind of let's let's kind of go back to kind of the
technical underlying. So kind of like you have the
Cook ID chain and that's kind ofanchored in the number of
different block chains, but kindof who has, who has the
authority to kind of right to that chain because kind of it

(37:19):
can't be everyone, right? Because I mean, the police
officer should be able to kind of invalidate your driving
license at least temporarily, but I, I very much shouldn't,
right? So kind of how do how do you
manage the access here? Quokka, this not a chain.
Quokka, this not a chain. We anchored.
We just anchored the DI DS whichis basically a hash identifying

(37:43):
your wallet in the chain. That's the only thing we put on
chain each. Issue each.
Issuer decides where their validity is stored.
That may be what what to access.That may be even stored on
chain. That may be a postgress service
with an appy. That is a this.
That is a decision which is madeby each verifier, by each

(38:05):
issuer. Sorry, so you as an issuer, when
you mean your credential, you you put a lot of information,
but basically 2 informations regarding credential validity.
First the first one is which where is the arrow of validation
located and 2nd which is the position of that credential
within that array. So that verifiers don't need to
contact the issuer each time they validate someone because

(38:27):
they just unload that arrow locally as a verifier and they
check it locally, they don't need to contact the verifier.
So the only one able of alteringthe validity of a credential is
the issue because they they havethe complete control over that
bit of our rights to determine the validate the validity of

(38:49):
each credential. So in this example, kind of the
issuer is the the DMV, the Department of Motor Vehicles,
It's it's not me, right? Kind of I don't issue.
Is it me kind of like if I do I issue my own?
No, no, it's a. Driving license?
No, it's the DMV. Right.
Yeah, the, I mean, it's, yeah, it's the equivalent to the DMV

(39:12):
to for the city of Buenos Aires.That's right.
OK. And then kind of like for each
one of these documents, there's a different, there can be a
different authority that kind ofcan alter the record, right?
Each issuer has complete controlover the over how they issue

(39:36):
their credentials and and and. This is important as the issuer
has no way of altering the credentials that you have in
your wallet because they are under your control.
This validity, this validity strategy is precisely so as not
because you can't touch, you can't modify any issued

(39:57):
credential because they already issued under the under the
control of users. You can specify if the
credential is still valid. That was example of as as Kevin
mentioned before, hey, somethingin my KYC is altered.
The KYC issuer needs to be enabled of saying, hey, this has
changed, this is no longer valid.
You need to reissue your document.

(40:18):
And here there's a combination between an interesting
combination between technicals, the technical side and the
regulation side. Let me give you an example.
I don't think that there's a document which has a greater
stability as a birth certificate.
You're only born once. But anyway, that document may
change because I don't know, maybe you change your name, for

(40:41):
example. So that document may
exceptionally change. And the amount, the percentage
amount of birth certificates that get changed, it's so, so,
so, so small. But anyway, it's not 0.
So for example, today there's kind of international regulation
that 1% of your birth certificate, it needs to, it
needs to be issued within the 30days window of being presented,

(41:04):
which is pretty absurd. But I mean, that's the only way
that sort of governments and verifiers are able of saying,
OK, I, I would use the, the riskof this birth certificate being
modified and I accept the 30 days window.
Maybe I changed my name, I don'tknow, 29 days ago and that birth
certificate is invalid. And this is the interesting
combination between regulations and technology.

(41:27):
Because of previous technology of digitally signed documents,
you had no way of perhaps verifying that the document is
still valid. With these type of technologies
you can do that perfectly well without even contacting the
issuer. I think now I kind of understand
the first or that kind of you, you spoke about kind of like
going in. Let's talk about kind of like

(41:47):
the second door, right? So I'm now kind of, I now have
something in my wallet and tell me what exactly I can do with
it. So kind of like say, kind of
you're in the position that kindof you need your own birth
certificate or kind of your father's birth certificate.
How does how does having Coke IDor Amoeba?

(42:09):
How does how does it help you? Just to give you a real world
example, today the main tool have 65 different credentials
being issued from the government, just from the
government and we have several private parties maintaining
credentials. And, and maybe we can then touch
on that because private parties can mean credentials without any

(42:30):
type of control or even I mean the government doesn't even is
not even able of knowing technically who is minting
credentials. And there is a decision.
I mean you, you decide who you trust.
Anyway, you have 65 different type of documents today.
The main 2 use cases, our birth certificate and driver's license
free and citizens credential. When you go through the KYC in

(42:53):
process, that which can which can be do be can be done in two
different ways. You can either do it digitally
using the Amoeba app, or you cando it physically.
When whenever you go to the drill, your driver's license or
you take an appointment in the, in the health, in the public
health system or whatever, then you get sort of KYC and you get,

(43:13):
are you given the, the right to issue to mean your credentials?
First, the use cases presenting your birth certificate whenever
the birth certificate is required, As for example, when
you are in Argentina without a requirement that you need to
present your birth certificate because you need to give your
underage children a permit to travel off offshore.

(43:35):
So if you, if you're underage children is going to another
country, you need, you need to have a, a, a permit signed by
both parents. And when you do that, you need
to present the birth certificateof both parents.
Yep, today we haven't done yet the verify credential of the of
the travel permit, but that would be done in the future.
So that is a is a real world usecase.

(43:57):
Second real world use case in the city of Buenos Aires will
have 3 to 5 million registered users and almost two and a half
million monthly logins in our websites.
So today you can log in your website just scanning AQR code
and exceeding and not that exceeding but presenting to the

(44:19):
website, to the website systems the the citizens credential.
So you scan AQR code, no username and password and you
get into the website and you cando whatever thing you need to do
with the government. And the third use case, which is
probably the most popular is thedriver's license.
So today if you have a driver's license issued by the seat of
Buenos Aires and we have a lot of driver's license, we show

(44:43):
something like 50,000 K per month.
A policeman stops you, shows youAQR code, you scan the QR code,
the policeman has a proof that you have a valid driver's
license. And and that is, that is just
starting up because our strategyhere and I think and and we have
discussed long, lengthy this with that.
And the critical part here is adoption is how do we get the

(45:06):
people on boarded? How do we get people to start
using the technology? And for me, the first required
thing for doing that is people don't need to know.
I mean, they shouldn't know thatthey're they're using blockchain
technologies. You need to have a pretty

(45:26):
straightforward app and a prettyeasy to use app that has no
difference at all with what to of course, if you are a web free
savvy user and you know your stuff and then you can do
whatever you want. You can download whichever
wallet and or deem your credentials, but I always
mention the same case. My 85 year old mother won't sign
transactions with Metamask, won't even understand what

(45:48):
Metamask is. So she she needs a pretty
straightforward web to up that she can use to to have her
driver's license or whatever thething she wants.
So that is that is something which is required.
And in my perspective, governments have a big power to
do a reverse adoption life cyclebecause governments have
something which is very bad but can be used in a good way, which

(46:11):
are the services that they provide are usually monopoly.
So if you want a driver's license from the zero point of
service, you have nowhere to go.You need to, you can do driver's
license here. So that's a really big
opportunity in order to perhaps go for some friction.
But after that, all of the all of the community has the ability

(46:33):
of benefiting from people being out, bordering on the system and
being on chain. Talk about the friction about
the user experience, problems that kind of you had to overcome
or that are still there for the users of the system.
We took a big decision. I would say the starts of 2024,

(46:56):
February 2024, we just when we started we wanted to go full
cipher Frank. So we say you know what is it
going to be everything open source, the water is open source
self custodial and that requiredus basically to have an open
source wallet with no governmentduplication at all.
Hence you need to do something which is basically like KYC in

(47:19):
or sign or signing in the government wallet to then be
enabled of downloading your credentials in the Quark ID open
source wallet. We did some testing and, and
basically regular users would have something like 25% of the
population over 60 in, in BuenosAires.
It was pretty hard. I mean people didn't get it

(47:41):
they're having two applications and so on.
Then we decided to take this bigapproach and say hey, you know
what we're going to do 2 flavors.
If you want to go full, full S custodial, you can do it.
You can download the Quark of the waters and get your
credentials there. But if you're not that much into
technology and, and give you alland you don't want to mess

(48:03):
things up, we just change the architecture of a what to app
embedded the Quark ID rails inside it and it's a custodial
app. And of course, you have the two
alternatives. You can choose to go South
custodial, then you choose to gocustodial.
I use the Quark ID wallet. My mother uses the Amoeba wallet

(48:24):
and we're fine with that. I mean, it's a user choice.
It's a user's choice. So from from a user's
perspective, they the friction is not that much because by
pursuing this strategy, basically one day users realized
that their Mayba application gotupdated.
We changed the logo and the first time they opened the

(48:44):
application, they had to go for this onboarding process.
If they didn't have to KYC the need to do it.
If they had to KYC, they just had to log in and then you you
had this kind of a one or two minutes process in which the ID
got created, the credentials gotminted, and so on.
Afterwards. The second time you open the
wallet is instant because the credentials are stored locally.

(49:06):
OK, Yeah, super interesting. And I think also kind of like
this dual path. I think that makes a lot of
sense because yeah, I, I think kind of like finding a solution
that fits all kind of greatly reduces the space in which
you're moving kind of design wise.
Sorry, just to give you one number, we launched October the

(49:28):
21st the the Meeba app embedded with Quark ID and as of today,
we aborted 250K in four to five days and we abort the two to
three K users per month per day.Sorry.
That, that those are crazy numbers in crypto land.
Let's talk about kind of like the ZK aspect of of what Evan

(49:52):
talked about earlier. So kind of say I'm stopped by
the police because I seem to be driving erratically and they
kind of they they look at my license.
Do they see everything that's onthere?
So kind of like say I'm licensedto kind of drive a car and drive
a truck and drive a motorcycle, but I'm in a in a car.

(50:13):
So is there a way for me to kindof restrict them from seeing
whether kind of I'm also allowedto drive a truck?
Or it's kind of maybe maybe it'smore more relevant kind of in
terms of birth certificate. So kind of like when I sign,
when I sign the transaction saying that my kids are allowed
to travel abroad. Is, is, is the person who kind

(50:37):
of sees that signature, can theysee they're kind of like, I've
been married and divorced three times and I have eight kids and
kind of like I, I have changed my name 10 times or something.
Is, is that all embedded or do they just see, OK, she she's,
she's the mother and she signed this and it's good.

(50:58):
This is a very interesting question because again,
technology and regulations, travel travels a different
speed. So technically today we are able
of just showing that you are able of driving and the police
should be OK with that. But regulations don't allow
that. Regulations require the

(51:19):
policeman to see every aspect ofyour driver's license, which is
completely crazy because they don't need to know where you
live, for example. And it's something stupid.
But I mean, from a technologicalpoint of view, we can do a
selective disclosure of, for example, your age when when my
daughter goes into a park, and that's OK.
The bar has no regulation that to determine.

(51:41):
They just need to be sure that someone is over 18 and we can do
that. But from a driver's license
perspective, today regulation requires that the policeman
seize the driver's license and that needs to change.
And that today we have the technology for that to change.
But again, regulations and technology travel at different
paces, and regulation eventuallywill catch up.

(52:05):
Yeah, let's, let's hope so. So do you see any societal
impact since kind of you've launched the Amoeba and Cook ID
app 45 days or so ago? So is there is there something
that kind of that kind of clicksfor people or is it just another
kind of piece of software they, they use as you know, a good
citizen? I hope this is just another

(52:28):
piece of software because if it changes too much, we don't want
to disrupt society, which I say,hey, you know what, this is
cool. I have my driver's license.
I can show it's kind of a QR code and that's it.
It's a piece of software. What happens under under the
hood is just, I mean, it's lovely, but it's still for nerds
and, and society doesn't care about it.
The greatest impact that we, we are seeing is private companies

(52:53):
and institutions getting on board because they say, hey, you
know what, this is amazing. We, we can sort of get rid of
several aspects of personal information and security that
you we used to deal with. And now we have a much better
way of doing it. Hey, just, and this is a real

(53:14):
world scenario again Fintech andwe are modifying the regulation
in order to achieve that Fintechsay hey, you know what if I get
presented the credential of the city of Buenos Aires, then I
could get rid of the KYC in partof doing going which we to what

(53:34):
Irene was saying about reusable KYC.
Can I get rid of the KYC and theonboarding process which is
costing me basically 50% drop off rate in my onboarding
process? Oh yes, you can.
Again, technically you can. We need to come up with certain
regulations in order for you to do so and the great ability that
it provides. For example, universities, banks

(53:58):
or whatever of minting credentials on their own at a 0
cost, because we already paid for the creation of the DAD and
they they can mean credentials at 0 cost.
So we have the second biggest university in Argentina starting
to mean credentials for the students because the students
have this sort of benefit in certain jobs and commerces in in

(54:20):
Buenos Aires that they can buy with discount because their
students OK, you present the credential of a student of this
university and then you get a discount.
The same thing happens with banks, the second largest retail
bank in Argentina integrated with this technology within
their wallet because they offer this possibility to sub national

(54:40):
states in Argentina. So here you know why we give you
this wallet with our banks services and you can put your
government documentation inside the wallet.
So all of these different applications that institutions,
private institutions are, and I mentioned big institutions.
There are two big electric also a gas companies, which are
starting to means the utility business verify credentials.

(55:04):
So people can show that as a proof of address.
And even much smaller, much morecompanies or start-ups As for
example, we have a crypto have here, which is called
Cresimiento and they're doing pop up series once every three
to four months, which is called Alef and that's Alef passport

(55:27):
credential is minted on top of Quark ID.
And for them it's pretty easy. They just download the issue or
start minting credentials and people can either use Quark ID
or they can use the same wallet of the 0 Buenos Aires.
That's super interesting kind ofhere how, how it works in
practice. I kind of I, I now have a

(55:49):
question for you again, Evan andI think I'll have the same
question for you Diego. So pay attention to what Evan
says. So what ethical considerations
kind of arise with blockchain based digital identity systems
or maybe kind of to to to reframe that?
What's the unhappy case? What could?
Go wrong. As Diego was noting earlier, the

(56:11):
practice of publishing data on apublic Ledger can get dicey when
we start talking about data thatdescribes human beings.
You know, I, I often think of block chains as the most public
and permanent form of expressionthat human beings have ever had
in our existence as a species. And so, you know, certainly

(56:33):
exposing private data, especially data that can be used
to marginalized or harm people in such a public and permanent
forum can have devastating effects.
We've already seen that the exposure of potentially harmful
personal data has, you know, hasexacted all kinds of of havoc on
individuals around the world from hacks or even malicious

(56:55):
publication of personal data. Not to mention the, you know,
the many different laws that prohibit the disclosure of
personally identifiable information in a form that
cannot be deleted and cannot be protected and sort of cannot
abide by law. The bear case for, you know, for
poorly built monopolistic doxingtechnologies is that we fail to

(57:20):
take advantage of the unique tools and capabilities of 0
knowledge proof scaling solutions and block chains for
their security and instead make short term compromises that that
add to the fragmentation of our ecosystem and endanger the
individuals that we would hope that they serve.
You know, the United Nations is actually named as one of their

(57:42):
sustainable development goals 16.9 that by the year 2030, the
objective is that all people in the world will have legal
identities. And I think that it is unlikely
that these sort of more niche monopolistic solutions could
possibly breach that goal. There are 850 million people in

(58:04):
the world right now that do not have, you know, provable
identity documentation. And so as we start to consider a
global implementation of this tech, we need to consider it
truly globally in the places where the, you know, privileged
and technical literacy that we enjoy here on chain that is not
necessarily equal to all. And so that's why I think think

(58:27):
privacy preserving technologies,legally compliant technologies
and you know, optimal user experience for everyone from our
D Jens to their 85 year old mothers like, you know, our our
friends at park ID or building are so essential to avoiding
that bear case. Yeah, that's that's several
interesting points you're makingthere, Evan, Giggle from kind of

(58:50):
the practitioners perspective. What?
What are you afraid could happen?
I wouldn't say what I'm afraid could happen, but I'm afraid of
what is happening and we see it every day.
Early 2024, the National People Register in Argentina got hacked

(59:13):
and 65,000,000 identities were stolen.
So you got personal information pouring all over the place.
So like four months ago, the national driver mobile, the,
the, the, the, the national driver's license institution got
hacked and you had a Telegram group in in which you put the

(59:35):
someone's ID number. You get a photo of of the
driver's license. Terrible.
As as gracious as it sounds, so,so people started entering the
Internet Telegram channel and they put the ID numbers of
famous people, the president, the ministry of security or
whatever. And they got you started having
on Twitter the, the driver's license of famous people born

(59:57):
all over the place. So last week, two of the main
hospitals in in the three of themain hospitals in Argentina got
hot and all of their medical records got obliterated and a
ransom word and they asked 150 BTC to go get those records
back. So people and I have a couple of

(01:00:17):
friends working there were forced to for example, instead
of when you do whichever study ablood test or whatever, instead
of using their systems, they were forced to print out the
study and carry the the papers all around.
So that is what is happening today in the type of solutions
that Trivado and and Evan's teamis working on that we are

(01:00:40):
working on is kind of getting usout of that reality in which
instead of having our database and information open to the
Internet and instead of even worse, creating this sort of
concentrated database is full ofdifferent sources of
information, which is the perhaps the biggest risk

(01:01:01):
building this monopolistic and and centralized vision.
And hey, let's do the let's giveusers a, a beautiful experience
gathering all of the data into this big, big warehouse and
safety that is going to get Cockman.
So I think that that's that's a huge, that's a huge risk that
that the things that we are building definitely is avoiding.

(01:01:24):
That's, that's a very valuable reality check When you think
about Prabhado ID and Buenos Aires kind of in the blockchain
space, what are the developmentsthat are currently under way?
So are there new features, integrations, regions of focus?
Because kind of right now it's, it's only in Buenos Aires,

(01:01:44):
right? Today is used in Buenos Aires.
We have partnered with a, with aGOP tech, a local Mexican GOP
tech company and we are implementing it.
It has been implemented in Leon,which is a state in Mexico this,
this Monday just for companies, that's for starters.

(01:02:08):
And we're, we're hoping to evolve into driver's license in
the next couple of months. We're doing the same with
Monterrey and with three different provinces in Argentina
and speaking with several governments, both municipal, sub
national and national around theregion and the world.

(01:02:29):
Cool. And kind of going beyond kind of
identity, what role do you both kind of see blockchain playing
in other aspects of governance and society?
I can, I can hop in with some thoughts there.
I think, you know, from our unique vantage point in the
identity space, we get to see a lot of the diverse use cases

(01:02:53):
that are not purely financial come to market because they
require more than token data alone.
I think from a global regulatorydiscussion, you know, our, we're
starting to see really progressive laws such as Mika
come into effect here in the European Union where zero
knowledge proofs will be permissible methods of, of

(01:03:16):
legally proving data. This is, I think you know, a
dramatic difference from a few years ago when few people even
in the crypto space could explain what a zero knowledge
proof was. I think what this means
essentially is that governments are starting to recognize the
diversity of not only identity, but compliance, age

(01:03:37):
verification, business identity,and even in the upcoming EUAI
bill that will go into effect in2026, AI agent identity.
So the, the sort of range of these different capabilities
then asks us the question, what will the impact of blockchain
transactions be for these different capabilities?

(01:03:59):
At Pravado ID, you know, 2 sort of camps where we receive a lot
of requests for support. One are in the agent identity
space, enabling agents to transact on chain and develop
reputation such that they can coordinate with one and one
another more easily. And then also in the
institutional space, there's over $2 trillion of capital

(01:04:19):
trapped off chain because it cannot enter the permission list
offshore casino and commingle funds with unknown parties.
So bringing permissioned liquidity into Defy through
institutional development, I think is also a meaningful way
that we can move value on chain,leveraging these more maturing,
maturing identity technologies and also bringing space forward

(01:04:42):
as a whole. Super nice.
So if others, be it governments,businesses, individuals kind of
want to get involved in shaping the future of digital identity,
how, how can they, how can they do that and how do they find
what you guys are doing? In my case, you could just go to

(01:05:06):
quarkid.org and and check our website there.
Or you can contact me at at Fernandez Deal, which is maybe
on Twitter. Fantastic.
What about you, Evan? For all sea gens, civilians and
builders alike that are interested in the identity
space, we always welcome you at provado dot ID or at provado ID

(01:05:27):
on Twitter. In terms of activities that you
can try right now, you can of course explore our libraries,
our embedded wallet marketplace,schema builder, query builder
and many other tools and capabilities.
So we have a lot documented for those who want to build at many
layers of the stack from the protocol all the way up to
applications. And certainly I would encourage

(01:05:49):
everyone if you are feeling in amood to, to move or to
physically go somewhere. Diego mentioned earlier the pop
up cities of a left, which I have heard are really
outstanding way to, you know, touch and experience a lot of
these new things we're talking about in person.
So I personally look forward to joining one of those and
definitely would include that inmy recommendations.

(01:06:11):
I mean, thanks so much for that.We have a run in pop up City
right now, but it's ending up inone week, so you're kind of
late, but we'll do another one in March, so you're more than
invited to come. I hope you to have you here.
So in that case, you've heard that.
Dear listeners, please join us in March.
Fredrika, if your schedule allows, I'm sure that we would

(01:06:31):
love to see you there too. Perfect, thank you both for
coming on. What a fun topic to discuss.
Thank you so much, Fredrika it. Was an absolute delight.
Thank you guys so much and we will see you on chain.

All Episodes

Privado ID & Quark ID: On-Chain ZK-Powered Unified ID - Diego Fernandez & Evin McMullen

Episode Transcript

Popular Podcasts

Dateline NBC

Stuff You Should Know

Law & Order: Criminal Justice System - Season 1 & Season 2

.css-15opob5{left:0;position:absolute;top:0.8rem;} All Episodes

.css-14f5ked{margin:0;word-break:break-word;display:-webkit-box;-webkit-box-orient:vertical;box-orient:vertical;-webkit-line-clamp:2;overflow:hidden;}Privado ID & Quark ID: On-Chain ZK-Powered Unified ID - Diego Fernandez & Evin McMullen