María Teresa Nieto Galán

Have you ever stopped to think that, in the future, not only humans will have their own identity, but also artificial intelligences? It sounds like science fiction, like something out of the movie "Her", right? But it’s not that far-fetched. As AI becomes increasingly integrated into our lives and businesses, the question of “who or what is that AI?” becomes critical. In fact, the growing adoption of AI agents is creating a real identity crisis within the ecosystem. In the business world, the enormous value that AI agents bring is already clear, and their usage is skyrocketing because they simplify our lives and optimise processes in ways we never imagined. The growing adoption of AI agents is creating a real identity crisis within the ecosystem. However, despite this rapid growth, there is still no standard way to verify who or what these agents truly represent. As a result, users remain vulnerable to identity theft, fraud and manipulation. This is where a powerful duo comes into play: AI agents and verifiable credentials. So, what exactly is an “AI agent”? To put it simply, an AI agent is an autonomous entity that acts on behalf of a user or another entity. Think of simple examples like your smartphone’s voice assistant booking a restaurant, or an algorithm that automatically manages your investments. But it goes much further. An AI agent can be a customer support bot resolving queries, a product recommendation engine that learns your preferences, or even a more complex AI handling financial transactions or interactions between companies. The key lies in its ability to act with a degree of autonomy, making decisions or taking actions based on the information it processes. An AI agent is an autonomous entity that acts on behalf of a user or another entity. Here’s the first big question: if this agent is going to act on our behalf or our company’s behalf, how can we be sure of its identity? And how can it prove, for instance, that it’s authorised to access certain data or make a purchase? Identity verification: the eternal challenge in the digital world Since the arrival of the internet, the issue of online identity has been a constant challenge. It brings to mind the famous saying, “on the internet, nobody knows you’re a dog”—but now on a much larger scale. In the digital world, verifying who’s on the other side of the screen is complex. Traditionally, we’ve relied on a few solutions that, while functional, have significant limitations: Passwords: The classic method, often inconvenient. Easy to forget, vulnerable to theft, and require juggling countless combinations. Centralised identity: Think of social networks or banking services. All our identity data is stored by a single company. What happens if that company suffers a cyberattack? Simple: our data is exposed. Plus, this model gives companies considerable control over our digital identity and sometimes the services we can access. Privacy concerns: We're often forced to share our full information with every service, losing control over who accesses what. Is it really necessary for a parking app to know our date of birth, or even to access a photo of our ID? These issues are already complex for human users of the internet, but they multiply exponentially when we talk about AI agents. If an agent is operating in a complex environment, interacting with other agents, systems or even people, it needs a robust, secure and private way to establish its identity and credentials. How can we verify that the bot assisting us is really from our bank and not an imposter? Or as companies, how do we know that an agent is authorised to represent a specific human? On the internet nobody knows you're a dog, scaled up to a whole new level. Verifiable credentials: the solution we need This is where verifiable credentials come into play. But what exactly are they? Think of your driving license, university degree or national ID, only in a digital format with enhanced capabilities. ■ A Verifiable Credential (VC) is essentially a piece of digital information that attests to a claim about an entity, whether it’s a person, an organisation, or in this case, an AI agent. The key feature is that the claim is cryptographically signed by a trusted issuing entity. Take a university degree as an example of a verifiable credential: The issuer: A university. The holder: The student who completed the programme. The credential: The digital university degree. The university creates a digital document containing the student’s name, course of study, and graduation date. What makes it powerful is that this document is digitally signed. That signature ensures two crucial things: the credential is authentic (legitimately issued by the university), and it hasn't been tampered with since it was issued. What’s even better is that the holder, the student, has ownership and control over that credential. They store it in their digital wallet (which could be a mobile app or, in the future, their AI agent’s wallet). When proof is needed—say, to show they're an engineer— they simply present the digital credential via the app. The key advantage is that the holder has full ownership and control of the credential. And here's one of the biggest benefits: there's no need to reveal all your data. If you only need to prove you're over 18, you can present a credential that states just that without revealing your full birthdate. This gives you complete privacy control. Why verifiable credentials are the ideal solution for digital identity If verifiable credentials are useful for humans, for AI agents they’re nothing short of revolutionary. Here are some of the most important benefits: Robust security: Cryptography ensures credentials are authentic and unaltered. So when an AI agent presents a credential, we can trust it’s legitimate and that its content is accurate—significantly reducing the risk of impersonation. Privacy by design: AI agents can share only the necessary information. For example, if an agent needs to access a specific API, it can present a credential proving that access—without revealing sensitive details about its configuration or managing entity. Limitless interoperability: Verifiable credentials are designed as a standard. This allows an AI agent from one company to seamlessly interact with another company’s systems—regardless of their underlying technology. Picture a home energy management agent coordinating with your utility provider’s agent—they can "speak the same language" thanks to machine-to-machine communication standards. Auditability and accountability: If an AI agent makes a mistake or acts inappropriately, verifiable credentials help trace its identity and the permissions it had at the time. This is vital for accountability in a future where AI agents will be making increasingly important decisions. Decentralisation: There's no single point of failure or central authority controlling your identity. Credential verification happens directly between the verifier and the issuer (or via cryptographic proof), with traceability stored in trusted decentralised technology like Blockchain, eliminating the need for intermediaries. Verifiable credentials are a true game-changer for AI agents. The future is now: AI with its own identity Imagine a world where your personal AI agent—helping with your finances, health or shopping—can interact securely and privately with other services and agents. Your AI agent could present a credential authorising access to your banking data for expense analysis, without the bank needing to store your personal data. By verifying the credential, the bank knows the request comes from your legitimate, authorised agent, preventing fraud through unauthorised access or identity theft. A logistics company’s AI agent could present a credential proving it's authorised to pick up and deliver packages, interacting directly with warehouse agents. The credential, issued by the logistics company and validated by the warehouse, proves the agent is legitimately authorised to handle a specific shipment—ensuring only verified agents are involved and preventing theft or unauthorised deliveries. In the public sector, an AI agent could handle grant applications by presenting credentials proving eligibility—streamlining processes and reducing bureaucracy. This ensures the interaction is with an agent representing a real, eligible citizen, preventing fraud in accessing public benefits. So, the combination of AI agents and verifiable credentials isn’t just a futuristic concept—it’s an urgent need. It enables us to build a more secure, private and efficient digital ecosystem, where both humans and machines can interact with confidence—knowing who they’re dealing with and what permissions they have. So the next time you interact with a bot or your voice assistant takes action for you, remember that thanks to verifiable credentials, in the not-so-distant future, that AI will have its own identity—and be able to prove exactly who it is. The combination of AI agents and verifiable credentials isn’t just a futuristic idea—it’s an urgent need. AI & Data AI and Blockchain: efficiency and trust in the age of autonomous agents July 21, 2025

Digital identity management has evolved from centralised and federated models towards an approach where users are in control, promising greater security and privacy. The upcoming implementation of the European Digital Identity Wallet (EUDI Wallet) marks a major step forward, empowering European citizens to manage their personal data with sovereignty and official recognition across the EU. ____ Have you ever felt trapped in the maze of digital identity? A password here, another there... and that constant worry about whether your data is truly safe. Opening an account, accessing a service, buying something online — every step seems to require giving away a little more of yourself. This fragmentation not only frustrates us as users, but also opens the door to serious privacy and security risks. How many times have we feared a data breach or wondered where and how our information is being used once we've handed it over? This challenge has driven a much-needed evolution in how we conceive and manage digital identity — culminating in the promising vision of self-sovereign identity and the imminent arrival of the European Digital Identity Wallet (EUDI Wallet). To understand the leap we're about to take, it's essential to look back at the journey so far and how we've attempted to manage our identity in the digital world. Centralised identity: the early days of the web At the beginning — from the early days of the internet — digital identity developed in a fully centralised way. This meant that every website, every online store, or email service where you registered would ask you to create a separate username and password. All your information for that service lived on that company's servers. Now imagine having a different key for every door in your city. Quite a lot to manage, right? For users, this translated into: a never-ending list of passwords impossible to remember, a constant risk of data leaks if any of those companies were attacked, and worst of all: zero control over what happens to your information once you hand it over. Federated identity: seeking convenience To tackle the credential chaos and simplify access, the concept of federated identity emerged. Sound familiar — "Log in with Google" or "Log in with Facebook"? That’s exactly it. The idea is simple: a large, trusted provider (like Google or Facebook) verifies your identity, and then "federates" or shares that verification with other services that trust them. One master key to open several doors. This model was a major relief, of course. Fewer passwords to remember. But be careful — it wasn’t a perfect solution. Relying on a few major providers raised privacy concerns, as these intermediaries gained a consolidated view of users’ online activity. Plus, identity "silos" began to form, limiting competition and innovation across the digital ecosystem. Self-Sovereign Identity (SSI): putting identity back in your hands And that brings us to Self-Sovereign Identity (SSI). Here’s where things get truly exciting. The philosophy behind SSI is about putting you back in the driver’s seat: you control your digital identity. Instead of your data being stored by third parties, you own it, manage it, and decide when and with whom to share it. Think of it as being the sole owner of your key — and every copy of it — without having to rely on anyone else. Even better: you decide which parts of that key to share. Need to prove you're over 18 on a website? There's no need to give your exact date of birth or home address. You simply present a cryptographic proof that says, "This person is over 18." Like magic! This is made possible by technologies such as blockchain and verifiable credentials, which enable secure, decentralised verification, reducing the need for intermediaries. That means you only share what's absolutely necessary, and your identity is portable — not tied to any one provider. This is the future we’re building, and the European Digital Identity Wallet is a huge step towards making it a reality across an entire continent. The European Digital Identity Wallet: your digital ID card in your pocket The European Commission has long recognised the potential of this identity model, and has been working for years on the concept of a digital wallet (EUDI Wallet) that enables all citizens to manage their digital identity. The EU Digital Identity Wallet (EUDI Wallet) is not just another app; it’s a pioneering initiative designed to give European citizens and businesses a secure, private, and convenient way to verify their identity and share personal data digitally. It’s the cornerstone of the new eIDAS 2.0 Regulation, which updates the previous framework so that your digital identity is recognised and functions seamlessly across the EU. So what exactly is the EUDI Wallet? It’s envisioned as a mobile app that will securely store a range of verified identity documents and attributes — such as your national ID, driver’s licence, academic degrees, banking credentials or even medical prescriptions. Beyond storage, its key functionality lies in allowing users to present and share these attributes selectively and verifiably — all with full control. The wallet will serve not just as a digital container, but as a tool where the user has absolute control over their data, with official recognition across the European Union, as it will be issued by the Member States. Benefits: a safer and more seamless future for all The arrival of the EU Digital Identity Wallet, supported by the eIDAS 2.0 Regulation, will bring many advantages — for both individuals and businesses or public administrations. For citizens: empowerment and simplicity Greater privacy control: Users will have the power to decide what personal data to share, with whom and when — minimising the exposure of non-essential information. Simpler and faster processes: Opening a bank account, applying for a loan, renting a vehicle, or accessing public and private services will become much faster, thanks to the elimination of manual checks and the need for physical documents. Improved security: By avoiding the storage of personal data in multiple centralised databases, the risk of cyberattacks is reduced — strengthening protection against identity theft and data breaches. Portability and EU-wide validity: The digital wallet will ensure that your digital identity is recognised and interoperable across all EU countries — making life easier for those who live, work or travel within the region. For companies and businesses: efficiency and trust Process optimisation: Organisations will reduce the costs and time associated with identity verification and "Know Your Customer" (KYC) and Anti-Money Laundering (AML) procedures. Enhanced security and reduced fraud: Reliable digital identity verification increases trust in electronic transactions and reduces the risk of fraud. Boost to the Digital Single Market: Standardising identification and authentication methods across the EU will help expand cross-border business and develop the Digital Single Market. Simplified regulatory compliance: The wallet will support organisations in complying with privacy regulations such as the GDPR, by allowing them to request and process only the strictly necessary data. Improved user experience: Smoother onboarding and authentication processes will lead to better customer experiences, resulting in greater satisfaction and loyalty. We’re on the cusp of a major shift in how we manage digital identity. From depending on others, we’re moving towards a model where the individual takes back control. The EUDI Wallet is much more than just an app — it's a bold step toward a more secure, private, and efficient digital ecosystem for everyone in Europe, all under the umbrella of the eIDAS 2.0 Regulation. This ecosystem not only promises greater security and privacy for individuals, but also signals a profound transformation in the efficiency and trust of digital interactions for businesses and public administrations across Europe. What do you think about this change? Are you ready to take control of your digital identity? AI & Data The truth about the 320 seconds to hack Bitcoin: a technical analysis May 27, 2025

A surprising claim has been circulating on the internet in recent weeks: quantum computing has allegedly managed to crack Bitcoin's security in just 320 seconds. This news has raised questions about the true resilience of the cryptography that protects Bitcoin. Is it really possible that quantum computing has come this far? In this article, we will analyze the origin of this claim, the current state of quantum computing, its threat to current cryptography, and the technical foundations of Bitcoin security in order to understand whether we are facing a revolutionary breakthrough or simply a technological myth. Why does quantum computing threaten today's cryptography? We have relied for decades on digital security systems that are based on mathematical problems so difficult that it would take traditional computer centuries to solve them. Generally, these mathematical problems can be based, for example, on using two very very large prime numbers. That difficulty is what keeps our passwords, our communications and, ultimately, our digital lives safe. However, the advent of quantum computing changes the rules of the game. These new machines don't work like the old ones: they take advantage of surprising properties of physics, such as superposition and entanglement, that allow them to perform computations in ways that previously seemed impossible. On Q-Day, the day that quantum computers arrive, what we consider safe today may no longer be safe. Thanks to this, certain quantum algorithms, such as those proposed by Shor and Grover, could solve these “impossible problems” in much less time. The result? Security systems such as RSA or ECC, which today protect everything from emails to Bitcoin transactions, could become vulnerable. In other words, what today we consider secure and therefore undecipherable, the day quantum computers arrive might not be, and that data would be completely exposed. And that makes this technology not only a promise, but also an urgent challenge for the cyber security of the future. Shor's algorithm: quantum shortcut that breaks digital locks Shor's algorithm is like the “ace up the sleeve” of quantum computing. If classical computers solve the mathematical problems of today's cryptography at a snail's pace, Shor's algorithm would do it at Formula 1 speed. It's as simple as that. Or in other words, if a key depends on two very large prime numbers that would take millions of years to figure out, with Shor it could be solved in a matter of hours or even minutes. And this would put in checkmate most of the keys and digital signatures (such as those used by Bitcoin) are protected by mathematical problems of this type. Shor's algorithm is like the 'ace up the sleeve' of quantum computing. And what does that mean? That, in theory, if someone had a sufficiently advanced quantum computer, they could use public information (such as a public key) to find out private data (such as a private key). That would allow him to impersonate the rightful owner and sign transactions on his behalf. In other words: it could break the security of Bitcoin and almost all applications that use current cryptography. Grover's algorithm: the 'quantum search engine' that speeds up the impossible! If Shor's algorithm is the hammer that breaks cryptographic locks, Grover is the quantum flashlight that finds needles in haystacks at light speed. How? Here goes the explanation without complicated formulas. Imagine you have a list of 1 million contacts, and you want to find someone whose name starts with “Z”. With classical methods, we could apply different search algorithms, but it would take too long. Grover would do it in 1,000 steps. Magic? No, quantum physics. In the case of Bitcoin, Grover could make finding a valid hash (what miners do) much easier for a quantum computer. But beware, this does not mean that Bitcoin is in imminent danger: even if Grover reduces the security of SHA-256 by half, it would still require a quantum power that we can't even dream of having today. Now, what has been achieved to date? Quantum computers have achieved some pretty interesting things so far, but they are still far -very far- from being able to break the security of systems like Bitcoin. A group of researchers, for example, managed to break down an 80-bit RSA number (which, incidentally, is tiny compared to current standards, such as RSA-2048) using a quantum computer called D-Wave Advantage, which has more than 5,000 qubits. Impressive, isn't it? It is, especially if we think that previously only numbers of up to 48 bits had been factored. But to put it in perspective: the keys we use today in digital security are typically 2048 bits or more. So, in practical terms, there is still a long way to go. The curious thing about this experiment is that they used a different technique called quantum annealing. It is as if the computer were looking for the best solution to a complicated problem by exploring quantum shortcuts, something like trying to get out of a labyrinth not by going around blindly, but by going through walls if necessary. Although it sounds very futuristic, today these advances are more promises than real threats. Is it really possible that quantum computing has managed to crack Bitcoin's security? Post-quantum cryptography to the rescue So what do we do with all this? Do we sit idly by while quantum computers get ready to break everything? Quite the opposite, because, as we already know what could happen, many people with expertise in security and cryptography are working on solutions. And this is where post-quantum cryptography comes in. These are new encryption methods designed to resist attacks even from quantum computers. In other words, they are cryptographic algorithms designed so that even a quantum computer will not be able to solve them. In fact, they are already being tested, and some have been proposed as standards. Further in this transition period, there is also a mixed approach that is called hybrid cryptography. Basically, it combines the best of both worlds: it uses classical and post-quantum algorithms at the same time, just in case. So, if one fails, the other continues to protect. Finally, back to the claim that “quantum computing had managed to crack Bitcoin in 320 seconds”, as we have seen throughout the article: it is false. So yes, quantum computing is advancing, and that forces us to be vigilant. Bitcoin and other blockchain technologies could break in the future. But it is also true that the scientific and technological community is already one step ahead. Because the future can be quantum, yes... but it can also be secure.

The concept of Digital Identity has become increasingly important in our lives as the boundaries between real life and digital life blurred. As a result, and to the same extent that we digitize our multiple "selves", we become aware of the associated inconveniences of the process. We all complain about repeating our data every time we register for a service. Or the difficulty of managing multiple identities simultaneously and in isolation. We are also aware of the need to take control of the personal data we provide about ourselves, the risk of data breaches this poses, or giving away more data than necessary. Digital Identity and Blockchain We have repeatedly heard that Blockchain is the ideal technology to reinvent digital identity as we know it. It can also solve or minimize the difficulties mentioned. By means of a decentralized and immutable registration mechanism, such as Blockchain, it would be much simpler to authenticate and verify what we know as digital identity while also preserving the user's privacy. Using Blockchain it would be much simpler to authenticate and verify digital identity, while also preserving the user's privacy. In addition, to solve the famous problem of repeating the same data in all registration processes and not knowing where or to whom we are giving it, with this technology, as everything is always shared, it would be possible to reuse the same data from an identity and provide traceability and transparency every time a user shares part or all of their data with an entity. However, this always starts with the requirement that companies that want to use our data are on the same Blockchain network. Cyber Security AI of Things Digital Identity, Privacy and Blockchain —Can They All Be In The Same Equation? November 8, 2022 Sovereign digital identity, or recentralization vs. decentralization Based on these premises, many companies have bet on reinventing digital identity with Blockchain technology. There are currently several solutions available on the market, both proprietary and open-source solutions, such as uPort or Sovrin. All of them create a completely decentralized ecosystem where the concept of Sovereign Digital Identity is implemented. However, each solution is specific to a platform. In other words, we are once again creating multiple, isolated digital identity applications that cannot interoperate despite being decentralized. From a technological point of view, this fragmentation is also reflected when developing applications based on Blockchain technology. Every time we want to work with these networks, whether they are public like Bitcoin or Ethereum or private like those based on Hyperledger Fabric, we have to create a specific identity to operate on them. It is increasingly necessary to create interoperability mechanisms that allow us to create a single digital identity. This identity, while being decentralized, can operate with different technologies and applications. If we also add the need for a multi-platform system that has some authentication mechanism and is easy to monetize, the decentralization trend turns around and becoming the opposite: recentralization. For this reason, it is increasingly necessary to create interoperability mechanisms that allow us to create a single identity that is truly decentralized (i.e., without a single issuing entity that creates, maintains, validates, and guarantees it) and capable of operating with the different technologies and applications available in the market. In these cases, native decentralization is limited, and we need to decentralize the decentralized and make it interoperable. What is a (truly) Decentralized Identity? Just as in the original Blockchain networks, trust is placed in the network as a whole, composed of its members, and not in any specific relationship between them. The same should be true for identity. For example, let's consider a bond issuance on a Blockchain network that involves three banks. Why do we have to create a user account on that specific network created for that purpose to operate? If we join the network, what meaning does the identity created for us by the administrators (the three banks collectively) have for operating on that network? Why couldn't we operate with those bonds without having to participate in the network? What would be desirable is for each network to be able to offer me its services without knowing me. Or, in other words, to present myself to that network anonymously but with credentials that allow me to identify and verify my identity on any occasion. An example of providing a service to "verified" strangers It is somewhat similar to what telecommunications networks do when one of our subscribers visits another country and connects to a different mobile network while roaming. The visitor (roamer) is unknown to the visited network, which does not know who the owner of that mobile line is. But instead of giving them a new identity, it uses the identity verified by their home network and provides them with service, even though it does not know who they are or what their data is (name, surname, or account number to bill them). In this way, it would be possible to offer our customers digital identities that are not dependent on a single platform, service, or issuer, but on several. And also provide them with a much simpler and easier-to-manage user experience. Likewise, it would be possible to ensure that identity is not tied to a single decentralized access point or a single specific set of organizations or entities. Blockchain Hyperledger Besu: blockchain technology on the rise in the business environment September 8, 2022 Identity in Blockchain networks For all these reasons, interoperability between Blockchain networks, understood as the ability to operate with the same identity on various networks, is a necessary mechanism for the creation of a true decentralized identity. However, it is not enough for an identity issued on one network by one organization to be accepted by another entity on another network. True interoperability will exist when unknown networks trust each other when verifying a user's credentials and allow them to operate without any prior agreement, integration, or interconnection between them. True interoperability will exist when unknown networks trust each other when verifying a user's credentials Thanks to these relationships of trust, which we could call implicit, we would significantly streamline the processes of provision and onboarding in business processes. For example, we could create a Blockchain network to manage the supply chain without provisioning or registering suppliers in it. These would begin to operate without registering, but by sending transactions signed with their identity previously validated or issued in other sectoral, geographical, or functional networks. Requirements could also be imposed for operation based on their solvency through credentials issued in a network where such attributes are managed. Or if they have a legal entity with a tax address in a specific region, accepting digital certificates issued for legal entities by the administration. At Telefónica Tech, we have experience developing this type of solution in the TrustID project, released as open source through a project in Hyperledger Labs. Featured photo: Vadim Bogulov / Unsplash

We are becoming increasingly aware of how our data is circulating on the net. In fact, we have all probably had that feeling that, after looking at a pair of trousers in an online clothing shop, seeing them advertised on other websites and coming to believe that someone is spying on us. This thought makes the concept of privacy begin to resound in our minds. Privacy is defined as everything related to an individual's personal life that should be kept intimate and secret. The right to privacy is enshrined in the declaration of human rights. For this reason, companies are already starting to take a stand on this issue, such as Apple and its slogan “what happens on your iPhone, stays on your iPhone”. What Is Digital Identity? According to the RAE (Royal Spanish Academy), identity is “a set of traits of an individual or a group that characterise them in relation to others”. If we add the attribute “digital” to this definition, it would become “the set of traits that identify us in the digital world...”. Therefore, Digital Identity can be our first and last name, our personal email address, our professional email address or even our bank account. In other words, all that set of data or digital attributes that we use to interact with websites, applications, etc. Digital Identity is all that set of data or digital attributes that we use to interact with websites, applications, etc. Our features, our image or our habits and customs are also part of the attributes that identify us and differentiate us from other people in the real world. It is natural to think that they also have an equivalent in the digital world. In this case, we could talk about our aesthetic tastes in fashion when, for example, we look at those trousers we wanted to buy in an online shop or even our habits and behaviours when surfing the internet. In the end, as users, once we provide our data in the digital world, we practically lose control of it. We have previously discussed how Blockchain could be the perfect fit for managing our multiple identities simultaneously and the need to reinvent digital identity as we know it today. Digital Identity Legislation However, it is not all alarming. There are regulations that protect the processing of our personal data and its free movement within the European framework, such as the General Data Protection Regulation (GDPR). In compliance with this regulation, we as citizens can force companies to remove our personal data from their systems. However, not everything is so simple. To exercise this right, as a user you have to remember which companies you provided your personal data to, a rather complex task in this world where everything (or almost everything) is digital and where we interact with companies unconsciously many times a day. It is a fact that technology is advancing much faster than legislation, so from a technological point of view we also have to take care of the ethical aspects of users surfing the net. In many cases the GDPR is now starting to be insufficient when it comes to dealing with digital personal data. As a result, work and legislation has begun on what is known as Sovereign Digital Identity. What is Self-Sovereign Digital Identity? The main objective of this new conception of digital identity is that people can once again become the owners of their own data. This identity would consist of a set of traits that identify the individual, called verifiable credentials. Verifiable credentials, in addition to representing information, make it impossible for data manipulation to take place because they are digitally signed by the issuing entities. Moreover, they can be traced immutably, so it would be very easy to determine when our data is being used and under what circumstances. These two concepts, "immutability" and "traceability" are, without a doubt, synonymous with Blockchain technology. The credentials with the raw data would never leave what is known as a wallet or user wallet, which could be a simple application installed on our smartphone. In this way, and returning to the objective of giving people back control of their data, it would be possible to create, own and control access to this type of data. The Road to This New Identity Model Recently, the European Commission announced the creation of a European digital identity that would allow any European citizen to use any attribute of his or her identity in any country of the member states. An example could be their financial information, in order to be able to buy a house in a country other than their country of residence. This concept is conceived as a collection of compatible personal credentials interoperable between different public administrations, which is very close to the concept of Sovereign Digital Identity discussed above. Among its benefits are: The right of every person with a national identity card to have a recognised digital identity anywhere in the EU. A simple and secure way to control how much information you want to distribute with services that require information sharing. It works through digital wallets available on mobile applications and other devices for identifying yourself online and offline. Store and exchange information provided by governments, e.g. name, surname, date of birth, nationality, etc. Store and exchange information provided by trusted private sources. Use the information as confirmation of the right to reside, work or study in a given Member State. In the case of Spain, we are pioneers and leaders in the creation of mechanisms and solutions in this new identity model. A clear example is the application known as AlastriaID. (developed by the Spanish business consortium Alastria), in which Telefónica participates as a member. In January of last year, inspired by the AlstriaID model, the first global standard on decentralised digital identity in Blockchain was approved in Spain, following the publication of the Spanish standard PNE 71307-1 in the Official State Bulletin (Boletín Oficial del Estado). We add Blockchain as an ingredient to the recipe But are Blockchain and GDPR compatible terms? At first sight we might think that a technology where every participant has an identical copy of the information that makes it immutable and cannot be erased is not compatible with the rights to erasure or modification established by the General Data Protection Regulation (GDPR). However, in the case of a sovereign digital identity that is built on Blockchain technology, user data is never stored in any way. In this case, what is stored is the traceability that allows us to determine whether a person's data is still valid, but always maintaining their privacy. In other words, thanks to Blockchain, we could verify that a credential has neither been revoked nor altered and is therefore still valid. Potential applications of Sovereign Digital Identity We cannot forget the business vision. This new way of managing identity will give way to new models and use cases. Some of them could be the following, although the range of possibilities could be immense. Electronic medical records: Currently, in Spain, all the management of medical records is carried out by the public health system of the autonomous community in which the patient usually resides. When we leave the autonomous community and have to access other medical services, our records do not travel with us. Therefore, being able to use this digital identity model to carry our medical information in an interoperable way could be a possible solution. Simplification of registration processes (on boarding): Many times, we have stopped registering on certain websites because of the amount of data to be filled in the forms. For this reason, another possible use case is the reuse of our credentials as input data in a form. Moreover, since the credentials would be traced thanks to Blockchain, we would solve the current problem of not knowing which companies we have given our data to in order to be able to exercise our rights of deletion or modification, among other things. Wallets: These applications, our "credential receptacles", still need a lot of work to be done. We have talked many times about how complicated it is to manage the public-private keys of a Blockchain platform. One of the limitations of this technology is its accessibility for people who are not familiar with it or people with special needs. If we were to ask an elderly relative to download a Bitcoin wallet to use as a means of payment when going to the supermarket... can you imagine the result? Thanks to these technologies we could have apps that allow us, for example, to carry out procedures with public administrations. This is why we should not associate it so much with the world of cryptocurrencies and their wallets. The future here would be that, thanks to these technologies, we could have mobile applications that allow us, for example, to carry out procedures with public administrations using our identity in a very simple way, something that is currently a bit more complicated. In short, creating wallets or applications that simplify interaction with this identity model, with the goal of incorporating it into our daily lives, is the challenge ahead. Technology is available and mature. It just needs to be usable and transparent for users. The concept of sovereign digital identity is the best candidate to be the solution to all the limitations we have today. And the only one that will allow us to be able to become the owners of our personal data again, thus recovering the privacy that we so long for. Therefore, it is only a matter of time before we start to be able to use this type of solutions that simplify and facilitate the use of our digital identity in our daily lives.

Globalisation has become part of our daily lives in all economic activity areas. Some of those areas where change has been most visible are the agricultural, poultry and livestock sectors. By 2030, the demand for food is expected to grow by 35% due to a growing global population. This prediction will demand greater efficiencies in primary production systems. To meet this challenge, technology is the best ally they can have. Not only must demand be met, but it must also be done in a way that is sustainable for the planet. Likewise, in these primary sectors, there is a very clear local base, as each type of product is unique thanks to the type of soil, climate or native varieties that reside in a specific region of the world. In the case of Spain, was one of the first countries in the world to protect these geographical links and the traditions of our foodstuffs. As a result, designations of origin have become a key element in development policies. Blockchain certifies food quality, safety and authenticity However, these processes are characterised by the large number of intermediaries involved. With so many participants, it is not uncommon to encounter cases of fraud affecting their chain of trust. One of them is the case of fraud in half of the crianza wines sold from Valdepeñas where, after extrapolating the real consumption data on the market with those actually declared, it was observed that the resulting sales div was double that declared to the Designation of Origin organisation. Another case, related to the poultry sector, is the fraud of organic eggs. In Spain, 11 billion eggs are produced every year and are identified with a code where the first digit represents the type of egg. This number defines what treatment the hen received and can take different values: Number 3: reared in cages Number 2: reared on the floor of a house. Number 1, free-range hens: reared in poultry houses that have the possibility to go out and peck outside. However, their feed is not certified organic. Number 0, organic production: hens reared in the same way as above, but their feed is organic. In 2020 Seprona of the Guardia Civil uncovered a fraud operation involving irregular consignments. In one of the cases, 45,000 eggs were sold as organic, when in fact they were of a lower category. Blockchain technology is necessary for traceability solutions On multiple occasions we have already talked about the fact that Blockchain technology is very necessary for traceability solutions, as it allows us to control the process, guaranteeing the quality, security and immutability of the information related to the products. BLOCKCHAIN The Merge: one small step for Web3, one giant leap for Ethereum September 19, 2022 However, what would happen if an egg type 3, from caged hens, already fraudulently labelled as "organic" is certified as such on the blockchain? Blockchain technology would not be sufficient, as it is necessary to prove that the data is valid before recording it on the blockchain. BlockchAIn of Things You might ask, what can we do about it? Is it all lost? Have we found an unanswered limitation in this technology? The answer is simple: BlockchAIn of Things. At Telefóncia Tech we are aware that the technologies we work with are powerful and disruptive in themselves and, if we combine them, we could have the solution to our problems. In this way, we could find a solution to the case of ecological eggs if we combine Blockchain technology and Artificial Intelligence. The Blockchain part, we would have it clear, we would only have to give traceability to the eggs once they start in the supply chain. Blockchain The 7 priorities of a company when adopting Blockchain October 24, 2022 Where would Artificial Intelligence be applied then? One of the many applications of artificial intelligence is image recognition. Thanks to Deep Learning techniques, where the famous neural networks come into play, it is possible to recognise objects in images and even count them. In this way, you could monitor the hens on the farm with cameras in real time and automatically determine whether they were hens of type 3, 2, 1 or 0. In this way, the information could be certified on the Blockchain before there was any possibility of fraud. Therefore, the solution to the question of "what was certified first, the egg or the hen?" it would be much simpler than the typical problem, because the first to be certified in Blockchain was the chicken.

The NFT concept is becoming more and more popular, in fact, one could even say that it is trendy. And it is certainly no wonder, as the NFT market is estimated to be worth $41000 millions by 2021. What do these acronyms stand for?? NFT comes from "Non-Fungible Token", which is a cryptographic asset that has the ability to be unique and unrepeatable and also resides within a blockchain network. NFTs can take many forms, such as collectibles, event tickets, digital identity documents, and even music and video recordings. About a year ago, we already analysed this trend under the protection of Blockchain networks and discovered the imminent rise of this type of cryptoasset. One of the main use cases for NFTs today is digital art. This artistic trend can be defined as a creative discipline of the visual arts, through which works are generated and which incorporate digital technologies in both their production and exhibition processes. A well-known example of this type of art was the Terravision project, an artwork created in the 1990s that digitally represented the Earth. The digital experience it offered users was to be able to move freely and in real time over any location on our planet. This was achieved through interactive, 3D photographs generated by satellite imagery and geographic data. In this way, users could go sightseeing without having to physically move around. Can we say that it was one of the first approaches to what we now know as the metaverse? However, beyond the digital piece of work, it ended up becoming a Berlin-based technology startup that ended up getting into legal disputes with Google due to similarities with Google Earth. But what would have happened if this work of art had been an NFT? Would these legal proceedings and proofs that both companies had to submit have been processed more quickly? We will never answer these questions, but it is up to us to understand or approximate the value that NFTs can offer today. To do so, we will subject certain claims about this new and famous ecosystem to my favourite test, the polygraph. NFTs can generate new business models Digital artists have been the first professionals who have decided to use Blockchain technology and the NFT ecosystem to exploit their business. This new model, based on cryptoassets, provides them with a different and innovating way of interacting with their potential clients, or even being able to capture them. Likewise, thanks to blockchain technology and the existence of smart contracts, new business models can be implemented for digital artists. In this way, unlike other artists who died without knowing that their works were worth millions, as in the case of Vincent Van Gogh, artists can have returns every time their work is transferred in the market and trace the ownership of it. All this would be built through a decentralised application, which would automatically transfer a certain percentage of the sale to the artist. In addition, this whole process provides extra traceability that was previously not possible or very difficult to manage, as it can happen that a painting disappears and can never be heard from again. However, thanks to blockchain technology, this traceability would appear natively. On the other hand, as we have already seen, it is not only digital art that is the main application of NFTs, as they can represent any type of digital asset, such as, for example, a ticket or a second-hand product. Hence, the polygrapher says that this statement is true. NFTs are a collection of digital stickers that provide no value After the creation of what is known as the first collection of NFTs in history, the Cryptokitties, it has always been associated that an NFT is a digital sticker that belongs to a collection and that nothing else can be done with it, except its storage. A similar concept to the sticker collections of our childhood, but digital. However, NFTs go much further. If we continue with the theme of digital art, an NFT can also be a tool that can be used to represent this art and be able to trace the entire life of the work. This hypothesis has already been validated this year at the latest edition of the contemporary art fair in Madrid, ARCO. One of the trends that most attracted the attention of those attending was that of crypto-art. Solimán Perez, the first artist to sell an NFT work at ARCO, stood out among all the works on display. His creation, which mixes agriculture with the cryptocurrency economy, is represented by an oil containing DNA molecules. If a sample of this oil is sent to a laboratory, the associated digital work is reconstructed. On the other hand, beyond the token itself, another thing to take into account regarding these digital assets is the utility, the project or the community behind it. An example of this is being part of a membership club, which provides a series of benefits for the mere fact of owning an NFT. Another example is the Pokemon-inspired Axie Infinity game. In this game, players battle each other with their Axies, the digital creatures of that world. An Axie, like a CryptoKitty, is represented by an NFT, so in addition to being a collectible asset it also allows you to interact within the game. Depending on the Axie's abilities, such as speed or attack, it can also be used in different types of battles. The polygrapher raised the alarm that this statement is a lie. Crypto scams may be behind multi-million-dollar sales As we saw at the beginning of the article, sales of NFTs soared to more than $41 billion. Unfortunately, when there are such volumes in any kind of market, not just cryptoassets, we can find scams. It is very important, when buying or selling an NFT, to do some research beforehand on the collection or token you want to buy. This is because most scams are a result of a lack of research. A clear example of this is the launch in October 2021 of the "Evolved Apes" collection, launched after the success of the "Bored Ape Yacht Club". In this collection, in addition to the possession of the NFT, the project proposed a fighting game between the apes where the winners received rewards in cryptocurrencies. This game was supposedly in development, but the developer, who called himself "Evil Ape", disappeared shortly after selling the NFT after having raised 798 ether (about $2.7 million at the time). So, no matter how dramatic, the polygraph tells the truth. Owning an NFT gives you intellectual property rights. Currently, according to existing regulations, copyrights and all intellectual property rights belong to the issuer, who is the only person who has the power to grant them. A case of great impact in the ecosystem, related to the intellectual property of an NFT, has been related to a book by the artist Alejandro Jodorowsky, in which he captured his attempt to create his own Dune movie. This work, auctioned as an NFT in January this year, a group of crypto-enthusiasts, called The Spice DAO, claimed to own one of the copies after paying almost €3 million. The intention of this group of people was to produce an entertainment series and sell the rights to a streaming service, however, having acquired this work would not have given them those rights to the intellectual property. Today, at a legal level, the purchaser of an NFT has no more than evidence recorded in blockchain that he or she is the owner of this digital asset, but natively, he or she would have neither ownership nor exploitation rights. Moreover, it would also be interesting to analyse the legal repercussions that could befall individuals, or companies, that engage in making NFTs over existing digital works to which they have no rights whatsoever. Finally, we would find the same situation if a non-fungible token were a physical asset since its possession of the token would not provide rights over its twin either. Therefore, our polygrapher would find this statement to be false. Beyond digital art collecting, there may be more applications within the world of NFTs. Based on the premise that a non-fungible token represents a unique digital asset that can be traced on a blockchain platform, this digital asset does not have to be digital art, but could represent anything that lives in the digital world or even something physical that has been digitalised: an image, a skin for use in a video game or even a telecommunications tower. An example of this is the project we have carried out in the Blockchain team at Telefónica Tech together with the infrastructure company Atrebo. Using the TrustOS platform, it has been possible to register 200,000 telecommunications infrastructures in order to trace in real time their status and all the operations carried out, both operationally and logistically. In addition, the use of the NFTs model allows the commercialisation of the rights to a tower and the implementation of crowdfunding models based on future returns. This would therefore imply that NFTs are a tool for the creation of new secondary market models. In this case, the polygrapher would say it is true. Finally, let's not forget that this technological trend, like any other, can carry an associated hype in which we can find all sorts of issues, both with negative and positive connotations. It is only a matter of time before we can see which aspects of NFTs are the ones that have been completely different and have brought value to the world in which we live.

From the beginning, one of the main limitations that we have found in Blockchain technology when developing solutions is scalability. This concept refers to the ability to continue offering a service without compromising its functionality as the number of transactions or requests made increases. This limitation is inherited from what is known as the blockchain technology trilemma, which is based on three fundamental pillars: security, decentralisation and scalability. This trilemma, like others, alludes to the fact that any network implementation must choose two of these three characteristics and leave one of them in the background. Therefore, by definition, public blockchain networks must be primarily secure and decentralised, so scalability is relegated to the background. In contrast, private blockchains are secure and scalable, but they are not as decentralised as public blockchains. Ethereum, as a public blockchain network, was not going to be any less, and during all these years different events have occurred which have led to compromising its functionality. The first of these occurred at the end of 2017 when the world of ICOs (Initial Coin Offerings) was booming. These trends also coincided with the first NFTs in the history of this platform, the Cryptokitties, which came to account for 15% of the network's traffic. The second one, we have been experiencing it since the summer of 2020, as two ecosystems are being adopted on a massive scale: DeFI (decentralised finance) and NFTs (Non-Fungible Tokens). These scalability issues are due to Ethereum's current mainnet consensus algorithm, the Proof of Work. This algorithm is computationally very expensive and causes the number of transactions per second on this network to be approximately fifteen to twenty. Gas impact Every write transaction carries an associated cost called gas and this cost, paid in ether, is calculated by reference to the computational cost of the transaction. Furthermore, the transaction can be executed faster or slower depending on the ether we want to pay per unit of gas. Therefore, when the network is very congested because of the poor scalability and we increase what we pay for gas to speed up the transaction, we increase what is known as the gas price. Why would this be considered a problem in the business world, you may ask. The answer is simple, and it is because of the associated cost that we find when acquiring or selling a software product. Imagine now that you want to make a service that is deployed on the public Ethereum network, how would it be monetised if it depends on the value of the ether coin and the gas to be paid for those transactions? How would we cover costs when there are peaks of transactions on the network that end up rising uncontrollably? Last but not least, two other limitations are the energy cost of validating blocks using the PoW consensus algorithm and the disk space required to store the network blockchain today. For this reason, more and more solutions are appearing in the ecosystem that independently or jointly try to mitigate these limitations. These can be divided into two groups. Layer 1 solution These types of solutions require changes to the Ethereum network protocol and are contemplated in what is known as Ethereum 2.0. Their aim is to attack the Blockchain trilemma and ensure that the network is able to enjoy the three characteristics we talked about at the beginning of the article: security, scalability and decentralisation. To this end, on the one hand, the Ethereum community has decided to change the network's consensus algorithm from Proof of Work (PoW) to Proof of Stake (PoS) and, on the other, to fragment the network into different subnetworks using a technique called "sharding". Focusing on the first case, it is important to understand the main difference between the two consensus algorithms. While PoW validates transactions by solving a computational problem, which makes it computationally very expensive, PoS uses the coins wagered by users (stake) to validate transactions, eliminating the need for computational power. This change, in the consensus algorithm, has already begun with a network known as the "Beacon chain", which has already been implemented and is currently being tested. The purpose of this chain is to use the Proof of Stake consensus algorithm and coordinate shards or sub-networks. This chain cannot handle accounts or smart contracts. It was planned that by 2021 this network would be merged with the Ethereum mainnet, however, everything points to a delay. In addition, this makes it easier to run a node by keeping hardware requirements low. As for sharding, this is not a Blockchain-specific technique but is already used in conventional databases. This solution involves dividing the chain into 64 sub-networks or shards horizontally to spread the transaction load. This technique allows for higher performance as each subnetwork operates a set of transactions in parallel. In this way, a validator (equivalent to a PoW miner) no longer must process all the transactions occurring in the entire network, thus lightening the transactional load and improving scalability. Layer 2 solutions As for the second layer solutions, the final intention is to minimise the number of interactions with the Ethereum main chain, thus grouping transactions in a secure way. Thus, by eliminating the number of interactions, the cost that users must pay to write to the network is considerably reduced and, on the other hand, the performance of processed transactions is increased, due to the fact that they are processed in a group and not in an individualised manner. Two types of second layer solutions are available: channels and sidechains and rollups. Channels: This technique is used when two users want to carry out a series of transactions in a row in a short period of time, such as in a chess game. The objective is that, by means of a smart contract, only two transactions are made on the network: the initial one to open the channel and the final one to close it. As long as the channel is open, users can exchange as many transactions as they wish instantaneously without having to rely on blockchain validation. So, if we were in that chess game, you would write the start of the game to open the channel, you would interact on every single move in the channel, and at the moment of checkmate you would close the channel. Sidechains and rollups: A sidechain, or alternative blockchain, is an independent blockchain network that is used to enhance the features of the main blockchain. One of the most widely adopted sidechains today is the Ethereum-compatible Polygon network. A rollup is also a solution that allows a group of transactions to be grouped into a single transaction. In other words, transactions are carried out in a sidechain and then, once the interaction is finished, the strictly necessary data is sent in a grouped manner to the main blockchain. In turn, rollups are classified into two types, depending on the security model to be implemented: ZK-Rollup: executes the calculation outside the chain and sends a proof of validity, following the Zero Knowledge Proof protocol, and sends a proof of validity to the main chain. Optimistic Rollup: assumes that transactions are always valid by default and the computation is only executed in case of a challenge. In other words, every transaction that is aggregated is assumed to work without committing fraud and proofs are only provided in case of fraud. Therefore, we can determine that in the Blockchain ecosystem there is a clear trend that focuses on solving the scalability problems of public blockchain networks. One of the solutions that we are observing the most in the short term, and which are already operational, are second-layer solutions. A clear example is the adoption of Polygon as a sidechain in the DeFi ecosystem. This network in particular is experiencing more transactions than the Ethereum network. However, regarding the first layer solutions, nowadays, these solutions are still in a period of development or testing, so it is not usual to see them applied in productive environments. Nevertheless, we will soon be able to see these solutions already applied in the ecosystem and we will be able to determine which of them has succeeded over all the others. Illustration 1 Photo by Max Ostrozhinskiy on Unsplash

At Telefónica Tech, we're pleased to announce that we have open-sourced one of the modules that make up our TrustOS solution as an independent project within the Hyperledger Labs ecosystem, under an open source license. Last year, we introduced TrustOS, the software we have been developing in recent years to simplify and facilitate the integration of business processes with Blockchain technology. TrustOS consists of several modules that expose, via APIs, the intrinsic and distinctive capabilities and functionalities of this technology. One of these modules is TrustID, which addresses the challenge of identity management in a truly decentralized manner. TrustID solves a common problem for many blockchain projects, which led to its growth as an independent project. By sharing this vision with the Hyperledger community, we confirmed interest from other members in collaborating and further developing TrustID's approach to identity management. Therefore, the best way for it to become a de facto solution was to release the code and make it the seed for a new project under the Hyperledger Labs umbrella. This week, the creation of the new project was officially announced, meaning that from now on, the open source community will actively contribute to the evolution of the solution initially developed by Telefónica. TrustID: A new project within Hyperledger Labs The goal of TrustID, as a new project within Hyperledger Labs, is to develop a new standard for simplifying identity management across Blockchain networks, regardless of the underlying technology of those networks. It doesn’t matter whether the network in question is based on Hyperledger technologies (Fabric, Besu, Indy, etc.) or other common blockchain technologies (Ethereum, CORDA, etc.). Initially, TrustID implements identity management in Hyperledger Fabric as a decentralized alternative using the DID standard specified by the W3C. However, in the medium term, it aims to allow the same credentials used by a user to update the state of an asset in Hyperledger Fabric to also manage their cryptocurrencies or tokens on Ethereum. This interoperability is currently unachievable because most identity solutions are conceived as silos that manage access to a specific network, are not interoperable, and depend heavily on the underlying technology. This is the fundamental purpose of TrustID: to create cross-platform mechanisms that manage a single identity, enabling and authorizing access to any blockchain network. We hope that TrustID will grow thanks to its inclusion in Hyperledger Labs and become the starting point to enable a higher level of interoperability for identity management across blockchain platforms.