The second part of a series of articles on the advantages and challenges in the usage of blockchain technology for collecting and sharing information, without violating users’ privacy.
From a technical viewpoint, blockchain is a growing records list that is cryptographically tied to and managed by a peer-to-peer network. At the same time, they join a protocol of communication among nodes to validate new blocks.
Essentially, a blockchain is a way of validating data transactions in a permanent and immutable manner to guarantee that the transaction:
- Has not been corrupted.
- Avoids double-spending.
- May transfer value.
We can also say that blockchain technology is a decentralized network where all the records are engraved in a distributed way and shared in several devices spread throughout the world.
The records are stored by all the members of a blockchain, and the network confirmations are performed in regular intervals, being linked (chained, encrypted) to previous existing blocks. That makes records unchangeable and inviolable.
Instead of providing our information to centralized platforms/stores, we can store them in a decentralized ledger, free from a single point of failure (a central data repository that most cybercriminals usually target).
The apparent contradiction between privacy and transparency in blockchains
While it seems contradictory, blockchains allow both transparency and privacy. As the transactions on a blockchain are made through public keys, which are aliases (and, depending on the blockchain, anonymous), people may perform operations on a blockchain without revealing their identity.
Moreover, a distinction must be made between truly anonymous blockchains. Anonymous blockchains like Monero, Dash or even Zcash deliberately withhold information about parties involved in the transaction and the transaction itself.
In aliases blockchains like Bitcoin, meanwhile, much information can be gathered regarding the parties of a transaction and the amount spent. Even though the identities behind the public keys are unknown, it’s possible to create that link.
Therefore, understanding the relationship between privacy and transparency in a blockchain is essential.
The relationship between privacy and transparency
If, at first sight, it seems that the relationship between privacy and transparency is nonexistent, the truth is that they are interdependent. More specifically, blockchain technology allows us to guarantee privacy and transparency at the same time.
Blockchain structures can conciliate in a brilliant way both the transparency of on-chain transactions and the privacy of their users.
The hash function
The fact the transactions are registered on a blockchain in the form of a hash allows some degree of transparency but also protects the content of the registered operation. The transactions registered on the blockchain are in the format of an “alpha-numeric code” (including a date and time stamp). Therefore, its architecture allows some degree of transparency and, simultaneously, protects the content registered in the network.
That alpha-numeric code, or hash, is equivalent to a “fingerprint” of a datum that exists outside the blockchain network. The chances of two different transactions having the same hash registered in a blockchain are practically null. Thus, transparency and confidentiality may be reconciled on a blockchain.
Hashing is a tool that allows protecting the content of data registered in a “block” in the blockchain network. In other words, hashing is the process of making an entry of any size and transforming it into a fixed cryptographic output through a mathematical algorithm.
Therefore, blockchain technology allows the privacy of the registered content in its network and simultaneously guarantees transparency in the protocol layer. Another element of the public blockchain architecture that illustrates the tension between privacy and transparency and its “false contradiction” is the public key cryptography.
Public key cryptography or asymmetric cryptography
Also known as asymmetric cryptography, the public key cryptography is any cryptographic system that uses key pairs. Public keys are those that can be widely disseminated, and private keys are only known by their owners.
With this pair of keys, two functions occur: authentication, where the public key verifies that a holder of the paired private key can decrypt the encrypted message with the public key; and encryption, where only the paired private key holder can decrypt the encrypted message with the public key.
The two users only exchange their keys to access and review that information — and the part may revoke that access at any time. Such “authorized” access made available by blockchain technology has already been explored as a corporate tool to deal with users’ privacy and data collection, according to the legislation of data protection.
Public blockchains work with a pair of keys required in all transactions
A public key, which somewhat looks like a bank account number, is a private key that may be compared to a password or a PIN. The public keys are usually aliases and can be anonymous on certain blockchains. However, even without knowing to whom a particular public key belongs, it is possible to track all the transactions of a public key and create a profile of the person behind the key.
Again, here, a certain degree of privacy is guaranteed by the public key. Meanwhile, all the transactions generated from it are transparent. Our data is stored in a decentralized way — in several computers spread in several places. You may ask yourself: “How can they truly be private?”
If the records on blockchains are stored in several places, how can they guarantee privacy?
Privacy on blockchains is possible through a safe exchange of values protected by cryptography, which compounds the blockchain architecture together with consensus mechanisms and peer-to-peer networks. And as we have seen in the previous discussion, blockchain technology uses public and private keys to protect the publicly available ledger records.
Once encrypted, the private key is necessary to unlock the information, enabling all encrypted data to be captured and still be entirely useless for a potential thief. By registering encrypted information as data points in the ledger, blockchains protect privacy.
Blockchain systems use asymmetric cryptography to protect transactions between users. In those systems, each user owns a public and a private key. And it is mathematically impossible for a user to guess the private key of another user from his or her public key. That provides an increase of privacy, protecting against hackers.
Blockchain technology allows legal documents, health care records, payment information or identity to be encrypted and entered as data points (pointers) in the ledger. Once this is done, there is no way to copy or duplicate this information without the owner’s explicit technological permission.
The secure exchange of records protected by asymmetric key encryption, however, is simple. Confidential information does not “change hands.”
Privacy via blockchains by other techniques
On public blockchains, anyone with an internet connection can view the transaction history list of the network. All the details associated with the transaction and the details of the portfolio can be seen, although the usernames are still unknown. Transaction details and users’ wallets appear as a public key. This unique code represents the user on the blockchain network. This way, the public key created through the asymmetric encryption technique protects privacy to a certain extent — but you can still be exposed by other methods. This has exposed the myth of anonymity and privacy on public blockchains and makes us realize that the user’s confidential information stored on certain blockchains is only confidential (aliases), not anonymous.
How to better protect privacy in public blockchains?
On current public blockchains, transactions are recorded in a ledger and are public and transparent. For this reason, several renowned brands and markets, such as Wall Street, hesitate to adopt them. The confidentiality of the client and the transaction is an obligation for them. However, there are several concepts and methods that incredibly improve the privacy of transactions on blockchains. In this sense, other much-appreciated forms of privacy via blockchains are zero-knowledge proofs and fully homomorphic encryption.
Zero-knowledge proof is an encryption scheme proposed by MIT researchers Silvio Micali, Shafi Goldwasser and Charles Rackoff in the 1980s. In this method, one party (“prover”) can prove that a specific statement is valid for the other party (“verifier”) without disclosing any additional information.
The benefits of zero-knowledge proof are:
- Simple — one of the main advantages of the zero-knowledge test is that it does not involve any complicated method of encryption.
- Safe — it doesn’t require anyone to reveal any information.
Despite the advantages of the zero-knowledge test, there are also some disadvantages caused by its early stage:
- Long — in the zero-knowledge method, there are about 2,000 computations, each requiring a certain amount of time to process. That is the main obstacle to zero knowledge.
- Imperfect — messages delivered to the verifier/vendor can be destroyed or modified.
- Limited — the zero-knowledge protocol requires that the secret be a numerical value. In other cases, a translation is needed.
Fully homomorphic encryption is a computing method already used by the company Skuchain where mathematical calculations are performed on encrypted data and generate an encrypted result. As it was explained earlier, in homomorphic cryptography, data is encrypted before sharing on the blockchain where it can be analyzed without decryption.
The benefits of the company overshadowing data via FHE on a blockchain are clear. The slowness of FHE, however, is even slower than zero-knowledge proof.
In this context, some entrepreneurs have already realized that this differential privacy (provided by blockchain technology) enables companies to glean aggregate information about users’ browsing habits while maintaining individual users’ confidentiality.
This is part two of a multi-part series on privacy with blockchain technology.
The views, thoughts and opinions expressed here are the author’s alone and do not necessarily reflect or represent the views and opinions of Cointelegraph.