The next iteration of crypto that must be solved is identity. The classic example of distributed consensus is voting, yet identity hasn't been solved. Paradoxically, it seems that crypto is at odds with two applications that make it most interesting, voting and lending.
Please keep in mind that the end goal is that no public key should need to trust any other public key, or rely on any information external to the protocol.
Abstractly, a vote is a single entity (or person) submitting a single vote. The single vote is easy enough to solve - we verify it wasn't double counted or otherwise tampered with, on a blockchain. How do we know how many entities (or people) exist at a moment in time? Much harder. Concretely, take a world in which there exists 2 people at time x, which need to reach consensus on if they should eat dinner. They cast a vote at time y which receives 2 votes in favor of eating dinner. However, at a time between x and y, a third person came into existence. The distributed protocol could say the vote is still valid, but then again, how would the distributed protocol even be made aware of the existence of the 3rd person? It's a dumb protocol that doesn't interface with the outside world, because that would require a trusted authority to announce a 3rd member of society.
This example came from a conversation with a close friend when we spoke of the proverbial value of voting on a blockchain. The issue comes not with verifying validity, but with verifying the meta level of how many votes exist at a point in time. This problem is the problem I refer to as the identity problem. 1 person, 1 vote conceptually relies upon a central authority verifying the number of humans in the population.
This is not only a question of how many people were recently born, but also how many people recently died. Some private keys are created, some must be destroyed. But who can the protocol rely on to make this determination? If the protocol relies on the majority of it's users (51%) to agree on the birth or death of a person, that would be practically impossible in the world of atoms (as opposed to the world of bits). I find this peculiar case arise a lot in crypto - the protocol must rely on central authorities, operating off-chain, to function properly in the world of atoms.
Lending here is connecting two parties to exchange value, one exchanges value n now, in return for receiving n+1 later. A person needs $1,000 to buy a car, so they ask a bank for $1,100 at a later date. Why would the bank agree to this if the person could just run to a foreign country with the money? The answer is simple, the bank is aware of the history of the persons ability to payback the loan. A better history means lower risk for the bank, so they only ask for $1,100 in return, but a worse history means higher risk, so the bank might ask for $1,250 in return. This is known as creditworthiness, and, at the consumer level, captured by a credit score. The credit score is one number that says how long of history you have and how well you handled the loan paybacks.
The issue is that credit score is clearly coupled to an individual identifier (e.g. SSN). People might immediately think, "No problem, we have this in crypto-space!" What they think of is the public key identifier. Awesome! We just traverse a blockchain ledger for examples of ID x paying back the public key it initially drew money from, with added interest. Now there is proof x pays back loans by maturity date with interest. Not so fast. Imagine x engages friend y and asks, "I need a better credit score, can you lend me money that I will give back to you to boost my score?" Imagine they do this for years - they look like the most creditworthy person in all of crypto. Now they go ask for a huge loan 1MM BTC. The lender looks back at the ledger and has no reason to pause here because the credit history is beautiful! X then runs away with 1MM BTC.
Sure, they could be penalized by the network for this mishap, but remember they are 1MM BTC richer and might not need the network at all anymore. Now we are back at square one, the creditors need to know the identity of the public keys that lent the loans. If big bank 1 originated the loan, big bank 1 being a verified, publically knowable, public key - the network can have a higher degree of confidence in the credit history. Maybe its fine to have large institutions that are verified and *more* trustable acting as a credit history legitimatizer, but in the end - aren't large institutions and central authorities what we are trying to move away from?
A thought experiment for lending -
When the network is young, you have large, *more* trustable institutions issuing credit to individuals via public key to begin blockchain credit history. Because this person was creditworthy with the large players, maybe an angel lendor now has the confidence to lend the individual money without knowing them.
The real issue underpinning these toy situations is that crypto hides identity, but real world applications rely on identity (right now).