A blockchain solution to the Aadhar ?

The recent leak of Aadhar data (Aadhar number and other sensitive information) has brought back into focus the privacy and security issues with the program. There are a few concerns people talk about pertaining to Aadhar:

Multiple authentications without consent: A consumer is expected to provide his personal data (demographic/biometric) along with his Aadhar number for authenticating with private providers (telecom, banks etc.). Using this information, the entity tries to authenticate the user to determine if he is indeed the rightful owner of the Aadhar number.

There have been cases of biometrics being stored by the agency, and being repeatedly used to authenticate the holder. An alternative could be that the holder’s consent is required for every authentication request.

Unnecessary access to data: A simple authentication of a person by a telecom operator requires the user to provide his personal data to the operator. The operator then authenticates the user by calling the UIDAI services. While this is acceptable in case of KYC (such as banks) where the data is required by the entity, why do telecom operators need to know personal data ? The user should be able to authenticate himself with UIDAI, and merely provide the proof of authentication to the service agency.

Of course, these worries become alarming only if the Aadhar User Agency or AUA (entities seeking Authentication through UIDAI) indulges in malpractices such as sharing user data without consent, combining databases with other AUAs etc. Eventually, as long as there are no strict laws restricting the use of Aadhar data, one should assume that data collected by these organisations is not private.

Blockchain technology provides a sound solution to the problem of authentication without compromising on privacy. Generally, a blockchain is a public database, to which anyone can write data. This data can be of any form . A popular example is the Bitcoin blockchain, where users can add transactions to the blockchain, transferring a certain amount of Bitcoin currency to another user. The most notable characteristics of a blockchain are immutability and public access. Once some data has been written to the blockchain, it cannot be erased/changed. Furthermore, all the data is publicly viewable.

This fits particularly well for an identity verification system. Every entity which wants to authenticate a user/customer has to publicly request for it. Also, every request for authentication should be approved by the user, and only then forwarded to the government. Furthermore, the user should provide his data directly to the government.

The solution proposed is as follows:

  1. The AUA adds an authentication request to the blockchain. It specifies the user it wants to authenticate, and the purpose for which authentication is required.

All the steps above which involve writing to the database are publicly accessible. Thus, the request from the AUA, the approval by the user, and the approval by the government — all are verifiable at any later point in time.

If this entire behaviour can be codified, and the code itself can me made immutable, we can be assured that no human intervention can change/game the system. Ethereum can help us here.


Ethereum is public blockchain. It has its own currency (ether). However, its strength lies in its ability to store code. Pieces of code (called smart contracts) can be stored on the blockchain. These contracts can be made to solve any particular use case. They are publicly accessible, and the functions defined in these can be called by anyone on the ethereum network. A few points to keep in mind:

  1. Every user on the Ethereum network is given a unique public address.

Keeping this in mind, have a look at this contract, which codifies the behaviour stated above.

The notable advantages of this system:

  1. User approval is explicitly required for every request an AUA raises. The government cannot directly approve the authentication request.

The code (and all the requests made to it) are public, and can never be erased owing to the nature of the blockchain technology. This differs greatly from code which is locked in servers inaccessible to public scrutiny.

This transparency can help restore some of the faith lost in authentication programmes.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store