Securing NFTs and their future applications with privacy-preserving biometrics
As the creation and possession of NFTs have made their way into mainstream conversation, it’s increasingly clear that more serious challenges have arisen when finding the best ways to secure and manage these digital assets. There’s no better way to illustrate the severity of this growing concern other than the fact, according to none other than Opensea themselves, that 80% of NFTs created for free on various platforms have either been plagiarized from other artists or are considered spam. Other forms of cybercrime are just as prevalent, with rates of cryptocurrency theft climbing to 516% over the last year. Though they concern some of the most valuable digital possessions that have ever existed, much of this cyber theft is actually the fault of rather mundane issues: impersonation via stolen passwords or compromised private keys.
This pervasive reality ultimately reflects the current priorities of Decentralized Finance (DeFi). The emerging frameworks intended to remove centralized control of money and finance from traditional institutions have fallen short with how they manage identity and secure assets for their users. Instead of a focus on airtight methods of security for DeFi and NFTs, leading platforms have sought maximum accessibility and privacy and reduced transaction times and costs. In a classic tradeoff, platforms have opted for minimal security processes that limit friction for users, even if it means that their wallets are vulnerable to the protection of weak passwords and PINs. As a result, the NFT marketplace in my humble opinion, is being held back from realizing its fullest potential, especially in the art world. As an article in the New York Times from last week stated, “What if the reproduction of a masterpiece is so good it looks just like the original, hanging in a beautiful frame on a wall? Don’t those have the potential to sell for millions, or at least hundreds of thousands?” How can we unleash this?
NFTs need a Chain of Custody
Regulators are definitely starting to pay attention. They are stepping in to provide governance on NFTs, focusing primarily on whether they should be treated like regular securities. However, the question of identity management and KYC is left open. In the traditional art world, the concept of provenance or chain of custody provides evidence for the original production and then subsequent ownership of a masterpiece. There is no reason not to apply this to the world of digital art and NFTs.
There is some movement in the right direction in the cryptocurrency arena. As KYC processes are emerging to help prevent money laundering, they are, in the process (inadvertently) establishing a framework for managing the chain of custody of NFTs. As accounts are created and NFTs are minted, through the KYC process, it is possible to link a person to their digital asset. This is because the KYC involves a selfie check; this selfie check can be leveraged for downstream authentication to connect account registration, bind NFTs, verify NFT trades and reinstate old or locked out NFT accounts.
The trick for NFT platforms is how to do this without compromising on privacy, convenience, and cost. With key innovations around biometrics and multi-party computing, there are ways to convert the selfie into sharded bits that can be decentralized over a vast network for use in verifying identity later on. This way, there is no central data store and no single ownership of any piece of personal data. The same concept can be applied to any digital asset, like a private key, which can also be stored in a distributed manner and only retrieved when a person’s identity has been authenticated. Combining these two elements provides a security infrastructure for NFT platforms based on an anchor of trust that allows sellers and buyers to reassign ownership of art only after they’ve authenticated their identities using their own biometric (selfie) data.
Looking forward, NFT decentralized authentication clearly aligns with both DeFi and Web3 goals. This straightforward solution has the potential to seal any gaps when it comes to NFT security and management, seeing as user identities must be validated against their real-world identity in every single transaction. And because the decentralization and biometric authentication is happening in the cloud, these methods are not linked to any specific device or application––a key benefit from a security standpoint.
As the applications of NFTs begin to span well beyond their current uses, most promisingly as a form of a digital credential, it becomes all the more imperative to be able to securely verify their origin and authenticity. In fact, beyond art, NFTs are gaining popularity in music, gaming, sports and entertainment, as well as for representing physical assets––even so much as documents like tickets, certificates and contracts. The time is now to marry up these NFTs with a decentralized authentication infrastructure. The sooner the NFTs platforms recognize this, the faster they will get ahead of a very complicated and exposed situation and be in a position to unleash their fullest potential.
To learn about how Anonybit can help secure your NFT platform, contact us.