With an attestation, a user can send an attested transaction
An attested transaction is one that uses an attestation to prove something that the receiving Smart Contract can validate.
- In an ICO purchase is limited to residents of certain countries. To participate, one has to send an attested transaction that attests to his residency country. The Smart Contract would revert the transaction if the residency country isn't allowed.
- Similarly, one can send an attested transaction that proves the sender is above the legal age without giving away the actual age.
- If you have a Devcon ticket as an attestation, you can participate a smart contract vote as a valid Devcon ticket holder, without first converting such a ticket to a Non-Fungible Token.
- If you purchase prescription medicine from a Smart Contract, you can send an attested transaction that you have a prescription for it, if the prescription was issued to you as an attestation.
- If you are authorised to draw x amount of money from a line of credit or someone's wallet, that authorisation is provided as an attestation, and you draw the money by creating an attested transaction using it.
Since data on the blockchain is publically available, attested transactions often need to use certain cryptographic proofs for privacy protection.
For a person who proves his residency country, he should not reveal his national ID card number to the blockchain, or risk all his transactions are associated by an observer of the blockchain data.
The TokenScript team produced one of such prove mechanism in a paper on Ethereum attestation in 2018.
Alternative to attested transaction
If an 3rd party exists between the sender of the transaction and the smart contract which can assume accountability and confidentiality, you may use a white-list approach instead of attested transaction. Indeed, it was the model used by almost all 2017 ICO projects with KYC requirements.
The process would be like this:
- The sender of the transaction visits the confidential 3rd party's website, providing his Ethereum address and his identity, e.g. by taking a photo holding his passport and upload it.
- The 3rd party verifies the identity and put the Ethereum address into a whitelist by updating the Smart Contract.
- The sender now sends a purchase transaction to that Smart Contract and is allowed to purchase.
Compared with Attested Transaction, this method requires confidentiality and accountability from the 3rd party, meaning that they should do their best to protect the sender's identity. The best way to protect the privacy is to discard the private data, yet, for accountability reasons, they need to show that they have done KYC probably, therefore can't discard the private data.
With Attested Transaction, a smart contract would revert if the sender fails to meet the criteria, therefore doing away the responsibility of the 3rd party altogether.
Also, third party whitelists are not as easily reusable as attestations. If you have a country residence attestation or a legal age attestation, you can reuse it for as many transactions as you like.