Keybase: An Excellent Tool To Prove Identity Via Cryptography, In Addition To Encrypted Messaging And File Sharing

Popular brands and influential people are often subject to identity fraud on the internet. There is a particularly common scam on Twitter where someone creates a fake profile that is almost exactly the same as a cryptocurrency influencer, and they post free cryptocurrency giveaway offers where a user is told to send some Bitcoin in order to receive 10X more, and of course anyone who falls for this receives nothing. That is just one example, there are many ways scammers can impersonate a business or famous person in order to steal money. Keybase, which was Co-Founded by Max Krohn and Chris Coyne who also are the Co-Founders of OkCupid and Sparknotes, solves this critical problem with cryptography.

Companies, influencers, famous people, and even regular joes can use Keybase to prove their identity, which helps prevent scams and makes business dealings more efficient. Essentially, a Keybase user can show proof for all of their official internet accounts in one spot. This is especially important in this day and age, since companies and people often have accounts on many different websites. For example, the Cypherpunk Labs Keybase verifies and links to our official Twitter account, our HackerNews profile, and our Bitcoin address, in addition to our official PGP key fingerprint.

A brief Segway into Pretty Good Privacy (PGP). Essentially, PGP is used to encrypt and decrypt messages and other sorts of data, so if a company has an official PGP key, that key can be used to prove the identity of the company during communications and data transfers, in addition to providing security. The PGP key is essentially the master key for Keybase accounts, and must be kept safe. A future Cypherpunk Labs article will do a deep dive on PGP, since it is the backbone of numerous cryptographic technologies.

In addition to Twitter, HackerNews, and Bitcoin, Keybase can be used to verify the authenticity of Reddit, Github, company websites, in addition to accounts on dozens of other less popular websites. Therefore, if a company or influencer has a Keybase, then savvy internet users can reference that Keybase to find links to official accounts, instead of possibly visiting the account of a copycat scammer.

Keybase uses the Sigchain in order to cryptographically prove the authenticity of everything on a Keybase account. The Sigchain is an ordered list of statements about how a Keybase account has changed over time, and each sequential piece of information in the Sigchain is signed with one of the keys from the user as well as a sequence number. This makes it so the Sigchain cannot be modified or rolled back without being invalidated.

All user’s Sigchains on Keybase are encrypted into a global Merkle Tree, so a change on any Keybase account changes the global Keybase Merkle Tree. A critical piece of Keybase’s security is that Keybase clients check that the Merkle Tree is accurate, in order to prevent attackers from maliciously changing a user’s Sigchain, which would cause a fork.

Essentially, Sigchain is a blockchain, and the Keybase clients act as decentralized nodes which ensure that the blockchain is immutable. Keybase clients only sign off on any new additions to the Sigchain after completing a series of checks to ensure the Sigchain has not been tampered with.

As an added layer of security Keybase writes the root of their global Merkle Tree to the Bitcoin blockchain, This is just in case someone commandeers the Keybase server and forks it. If that were to happen, the authentic Merkle Tree root for Keybase would still be in the Bitcoin blockchain, and since forking the Bitcoin blockchain is a practically impossible task that would require many millions or even billions of dollars of mining equipment, this makes it so Keybase cannot be forked even in a worst case scenario. The server simply has to cross reference the Merkle Tree root stored in the Bitcoin blockchain in order to verify that the Sigchain has not been maliciously altered.

In addition to verifying a user’s identity and official accounts with Sigchain, Keybase also has an easy to use messaging system with end to end encryption. This is particularly important, since communications on Facebook or Twitter, or even via text, can easily be intercepted. This can lead to breaches of privacy, stalking, and corporate espionage. Keybase uses Saltpack, which is similar to PGP messaging but easier to use, and more can be read about it here. Essentially, Keybase’s built-in messaging system makes communications private and secure, while proving the authenticity of each communicating party.

Finally, Keybase also has an integrated file system, where files can be quickly uploaded and shared publicly or privately. If using private storage, then a folder can be created where files can only be viewed by people you choose, and they will need their Keybase key to view the folder. The cool thing is Keybase is giving 250 GB of storage for free, and their system is just as efficient as any big name cloud storage service, with the added benefit of increased cryptography for private files. As discussed in a previous Cypherpunk Labs article, if you want the top level of security and anonymity when sharing files then check out OnionShare.

Thus, Keybase is a one-stop shop where user’s can cryptographically prove their identities in order to streamline business dealings and stop copycat scam attempts, in addition to a robust encrypted messaging and file system. Additionally, Keybase is open source, so users can verify that Keybase is doing what it says it’s doing.