# Compounded Identities

Blockchains utilize a pseudo-identity mechanism via a public keys. We extend this mechanism to create application-specific identity mechanism for Sharing Economy via Compounded Identities [http://web.media.mit.edu/~guyzys/data/ZNP15.pdf] as explained below.

A compound identity is a shared identity for two or more parties, where some parties (at least one) own the identity (owners), and the rest have restricted access to it (guests). As illustrated below, the identity is comprised of signing key-pairs for the owner and guest, as well as a symmetric key used to encrypt (and decrypt) the data, so that the data is protected from all other players in the system. Formally, a compound identity is externally (as seen by the network) observed by the 2-tuple:

$Compound(public) u,s = (pku,s sig , pks,u sig)$

Similarly, the entire identity (including the private keys) is the following 5-tuple:

$Compound(u,s) = (pku,s sig,sku,s sig,pks,u sig,sks,u sig,sku,s enc)$

Generation of a compounded identity:

1: procedure COMPOUNDIDENTITY(u, s) 2: u and s form a secure channel 3: u executes: 4: (pku,s sig , sku,s sig ) ← Gsig() 5: sku,s enc ← Genc() 6: u shares sku,s enc, pku,s sig with s 7: s executes: 8: (pks,u sig , sks,u sig ) ← Gsig() 9: s shares pks,u sig with s 10: // Both u and s have sku,s enc, pku,s sig , pks,u sig 11: return pku,s sig , pks,u sig , sku,s enc 12: end procedure