Overview

FIO Attestations is a FIO Improvement Proposal (FIP) candidate, which would enable 3rd parties to attest to truths about data associated with a FIO Handle, such as public address ownership. The following document is intended to be a starting point for industry discussions.

Benefits

Fully decentralized and open source

FIO Protocol is fully decentralized and open-source protocol designed specifically for crypto metadata exchange. It has already been integrated into many leading wallets and exchanges and is often selected as a default decentralized identity solution (e.g. Trust Wallet, EDGE Wallet).

Universal

FIO Attestations can be used for many types of attestations by many entities or users themselves and be accessed my multiple entities, so that the user does not have to continuously provide the same data to every requesting entity. Entities can freely choose which attesters they trust and only rely on their attestations.

Privacy-preserving and secure

FIO Handles are pseudonymous and PII is not stored on-chain. Attestation may be hashed, encrypted or refer to off-chain data accessible only based on bilateral agreements.

Attesters and attestations

Examples of attesters include, but are not limited to:

• FIO Handle owner (self attestation)

  • Any statement may be self attested, and may optionally include cryptographic proof.

• Virtual Asset Service Provider (VASP)

  • VASP may record a hash of public address indicating they have verified the ownership of that public address via signature or micro-transaction.

  • VASP may record a hash identifier indicating they hold data accessible to authorized parties, e.g. via Global Travel Rule integration.

• Wallets

  • Non-custodial can enable users to make public address ownership attestations, since they already secure user’s private keys.

• Know-your-customer (KYC provider)

  • KYC provider may record zero-knowledge proof that can confirm that they have verified user’s First and Last name. That proof would only be able to verify data if the user provided a unique nonce to the verifying entity.

  • KYC provider may record hash identifier indicating they hold data accessible to authorized parties, e.g. KYC data.

Attestation can be any statement following a common standard, which would be published in a FIP akin to token/chain code standard in FIP-15. This will allow for easy expansion of types of attestations without having to modify the FIO Chain. The data may be hashed or encrypted.

Pilot use case: public address ownership verification

Financial Action Task Force (FATF) has established global standards which require many entities to verify user’s crypto public addresses before a transaction can be allowed. However there is no common or open standard to enable such verification and entities do not share the verification data, requiring user to continuously re-verify the ownership of for the same public address.

Example flows

Public address ownership attestation

In this example a Virtual Asset Service Provider (VASP) is required to verify that a user is in control of a public address which will be used as withdrawal address, before withdrawal is completed. They will act as an Attester.

• VASP validates FIO Handle ownership, using Private key signature, FIO Request, or FIO Token Send

• VASP attaches the validated FIO Handle to the user profile for future use

• VASP validates a withdrawal public address using private key signature or token send

• VASP records attestation on FIO Chain

• Any party which trusts this Attester can now confirm that the public address is owned by the FIO Handle owner without having to ask for verification.

Proposed actions and getters

Attestation types standard

attest

Records attestation on FIO Chain.

Request

get_attestations

Fetches specific attestation from FIO Chain.

Request

Response

Other Related Topics