PAIDIT: Private Anonymous Identity for Digital Transfers

Jan, 2022 → Dec, 2023

Partner: ICRC, funded by HAC
Partner contact: TBD
EPFL laboratory: Decentralized Distributed Systems Laboratory (DEDIS)
EPFL contact: Prof. Bryan Ford

To serve the 80 million forcibly-displaced people around the globe, direct cash assistance is gaining acceptance. The trouble is that the identity requirements normally attached to digital payments conflict with ICRC’s mandate to serve all people in need neutrally and inclusively. ICRC’s beneficiaries often do not have, or do not want, the ATM cards or mobile wallets normally used to spend or withdraw cash digitally, because issuers would subject them to privacy-invasive identity verification and potential screening against sanctions and counterterrorism watchlists. ICRC’s neutrality and protection standards do not allow programs to obligate beneficiaries to this unwanted exposure to the requirements of local authorities. On top of that, existing solutions increase the risk of data leaks or surveillance induced by the many third parties having access to the data generated in the transactions. The proposed research focuses on the identity, account, and wallet management challenges in the design of a humanitarian cryptocurrency or token intended to address the above problems. The research effort will in particular design and prototype a digital wallet intended to inspire and guide a potential future extension of ICRC’s RedSafe platform to support digital payments. The project’s technical research effort will focus on the challenges of creating digital wallets that are highly usable and privacy-preserving, yet accountable and abuse-resistant, while verifying users primarily in terms of personhood rather than identity. For privacy, the wallet will require minimum, and at most self-reported and unverified, identity information for account creation, and will avoid the collection of unencrypted data, or even exposing metadata about these accounts, in any centralized database. For accountability, the system will offer aid workers several privacy-preserving “personhood verification” methods, as alternatives to identity-based KYC, enabling agencies to reach a threshold of confidence in a beneficiary’s legitimacy and perform risk-based due diligence (RBDD).