article archive

Decentralized Access Rights Control – DARC

Current access rights management systems always depend on a centralized authority that all members must trust. However, for blockchains, this is not a good solution. Blockchains are decentralized and cannot easily use centralized trust systems.

We built DARCs, a group-management on steroids that allows decentralized administration and delegation of identities. It is used in the OmniLedger blockchain and is different from common group administrations in two ways: first, there is no central handling of the links between identities and groups. Second, to delegate, you can use generic AND/OR expressions.

Here are some solutions you can create using DARCs:

Using Multiple Devices

The demonstrator at C4DT allows access to your identity on the blockchain from multiple devices. This is done by delegating signing authority to more than one DARC. Every device has its own private key. If a device is lost, the corresponding DARC can simply be removed from the links, and nobody will be able to use this device to log in anymore. The same thing is possible if a device wants to perform a key-rotation for security reasons.

n-Factor Authentication

Some applications need more than one source of authentication for security reasons. This is often done with an SMS to prove that you also hold a phone. Using DARCs, you can delegate a 2nd, or 3rd factor, to any device you wish. It can be a phone or another desktop computer. It can even be the phone of somebody else!

Account Recovery

It happens to all of us: we lose a password or our phone gets stolen. Using DARCs, you can delegate trust to a group of persons, so that they can recover your account. Some examples:

  • Your best friends can recover your account. But only if 3 out of 5 confirm that you did lose your account.
  • Your boss together with your system administrator can recover your working account.
  • You, as dad or mom, can recover your kids’ accounts.

Possible Extensions

Currently we implemented only simple signing schemes in the AND/OR expressions. But it is also possible to include other sources, like W3C’s DIDs. Or anonymous group signatures, where you only prove that you belong to a group, while staying anonymous.

Including centralized authentication systems like LDAP, OAuth, or others is also possible. But more complicated, because a translator needs to connect the centralized system with the decentralized one.

The Mind for 2020

Every week at our engineers-meeting we have a short presentation of _anything_ we found on the internet that is somewhat work-related and that we would like to share with our fellow engineers. As the team-lead, I wanted to do some short team-building exercise, and I thought about the game “The Mind”.

It is a collaborative game where all players play against the game. Whereas there are very complicated games that take very long to set up and explain, the mind is very simple, but still it allows up to 4 (we also played with 5) players to get to know and to “feel” each other.

So if you want to go for a short 15-minutes game, give it a try!

PS: a no-card version is to have everybody walk in the room and then have people count from 1 to 20. But: only one number at a time, no signs, and if two speak at the same time, you have to start over again.

Account Management in OmniLedger

The C4DT Factory works using software produced by the EPFL IC labs. Our focus is on software that increases digital trust in the era of the internet. One area where we see a lack of trust is account management, which includes the following elements:

  • self-sovereign management of the account
  • using the account to login to remote services
  • storing account information, including sensitive data
  • managing consent to access personal data

The current solutions from Google or Facebook mean that a user gives all her login information to these big companies. The user can only partially control how these companies are using her data. This is why we created a decentralized account manager using OmniLedger.


With a centralized service, a user can only follow what the service allows her to do. Thanks to the GDPR, it has become easier to remove an account from a service. But sometimes even removing her account is very difficult. Self-soverignty means that the user can decide himself where her account is to be used. It also means she can remove access to her account by services she doesn’t trust anymore.

Self-soverignty is implemented in OmniLedger using DARCs. A DARC defines delegation of trust by the user. This enables the user to be self-soverign with regard to:

  • recovering accounts by a group chosen by the user itself
  • delegating access to a service to a group that is handled independently of the service itself
  • making groups of groups and add/remove groups as needed

SSO Login

Instead of using the SSO solution from Google or Facebook, an administrator can setup his service to accept CAS logins handled by OmniLedger. The administrator can then define himself who should have access to the service. Using DARCs, he can give access to groups of users. A user group doesn’t need to be administered by the service administrator, but can be handled by another entity. This frees up the administrator. Should the entity behave maliciously, the administrator can always recover the group belonging to that entity.

Storing Account Information

Because the blockchain stores the data of the user, the data needs to be encrypted. Accessing encrypted data is handled by Calypso, as described in the OmniLedger article. This allows to store some information directly on the blockchain, like the full name, phone-number, email, without having this information accessible by everybody.


The DEDIS lab at EPFL worked on a novel blockchain system called OmniLedger. It uses Calypso to provide decentralized access control including secure storage of data on a blockchain. This combination has the following characteristics:

  • OmniLedger builds on byzcoin, a permissioned, public blockchain which uses little energy. Contrary to other permissioned blockchains, it still allows public access
  • Decentralized Access Rights Control, or DARC, which allows users to control their own identity. Also administrators can setup groups of users and groups of groups. All without the need for a central authority
  • Calypso adds a decentralized encryption layer so that users can store their data encrypted on the blockchain. Combined with DARCs, this gives users the ability to handle their own consent management

Upon this structure we built a Login Service and we’re using it for our Demonstrators. If you are interested, please get in contact with us at


The DEDIS lab, together with C4DT, is running a network of nodes on the public internet. These nodes create a new block every 5 seconds. Contrary to Bitcoin and Ethereum, the block creation is handled by a pre-defined set of nodes. This means that byzcoin doesn’t need proof-of-work. Every new block is accepted if 2/3 of the nodes agree it’s a valid block. So, contrary to proof-of-work blockchains, every new block is final and cannot be invalidated.

Decentralized Access Rights Control – DARC

DARCs is a group-management on steroids that allows decentralized administration and delegation of identities. It is different from common group administrations in two ways: first, there is no central handling of the links between identities and groups, and second, groups, identities, and access control rules are the same structure. The decentralization allows to use the same identiy for different services, while keeping the same interface for the user. Using the same structure allows to delegate all rules and to mix them as needed.


Calypso is a re-encryption service that allows to store information encrypted on the blockchain. The access to this information is controlled using DARCs. This allows for a secure handling of private data by a blockchain. Also, the user can verify who accessed his data.

To use it, a user encrypts his data to the group public key of Calypso. Then he creates a DARC and adds all allowed users to this DARC. If one of the users in the DARC wants to decrypt the data, she needs to do the following:

  1. Create a proof in OmniLedger that she has access
  2. Send this proof to the Calypso re-encryption service, together with her public key
  3. Decrypt the data using her private key

The data stays always encrypted as long as it is on the public network. Only the original, and the final decryption at the reader, are in clear text.

Mobile OmniLedger App

For a bit more than three years, DEDIS has been working on a blockchain based on the byzcoin paper. The groundwork has been laid to add client interactions, first as a number of command line interfaces, then a first web-interface, a second interface added by C4DT as a demonstrator, and now, finally, a mobile app that started as a student project in 2018 and got now updated and ported to the latest version of byzcoin.

The app is available on github and is written using the nativescript framework. It is available as a pre-compiled binary on Applivery for iOS and Android. We used it on different occasions, namely:

  • Personhood party at IC3 in February 2019
  • OpenHouse 19 at EPFL in Octobre 2019
  • Course Technologies of societal self-organization CS-234 at EPFL

It connects to the identity-management on the byzcoin-ledger and allows to do the following:

  • scan new users and register them on byzcoin
  • create personhood-gatherings
  • play rock-paper-scissors on the blockchain
  • answer anonymous polls

If you’re interested in having a demo, get in contact with