Blockchain Transparency vs. Privacy

Transparency is a key feature of the blockchain technology. However the coexistence of transparency and privacy can be mystifying for people and even some might confuse between the two terminologies. In this blog, I will try to explain how blockchain technology is able to balance between the two concepts.

What challenges our modern-day business models is users’ privacy.  In the conventional systems, users’ data is always at risk of being misused. If we take the example of social media giants, a huge amount of personal information, such as location, search history, applications used …etc., is stored without the knowledge or proper awareness and permission of the end users. Mainly this stored data is used by those companies to sell targeted advertisements which constitute their main source of revenue. Moreover the actual adopted architecture for networks is based on data storage centralization and millions of dollars are being invested in order to ensure the safety of the stored information. Nevertheless, we continue to hear from time to time about hackers’ attacks that were able to breach all access control security measures and users’ data have been stolen. On the other side of the fence, the right to be forgotten concept has arisen from desires of individuals to “determine the development of their life in an autonomous way, without being perpetually or periodically stigmatized as a consequence of a specific action performed in the past” [1]. This concept, intended to secure potentially damaging, private information about individuals, has been put in practice in the European Union and Argentina. According to this concept that has become a regulation in Europe, users’ personal data should be immediately erased when data are no longer required for their original processing purpose or the data subject has withdrawn his consent. It is also sometimes called the right for erasure.

Enabling transparency of information is one of the biggest promises of blockchain technology. The transparency of the blockchain stems from the fact that all digital transactions on a blockchain are recorded on a distributed tamperproof ledger. This ledger can be shared across multiple parties, and it can be private, public, or semi-private. In a public blockchain, such as Bitcoin, every participating node has his own copy of the ledger saved on his computer. What you will find in a ledger is the time of the transaction, block hash, block number, sender’s address, receiver’s address and transaction value and fees. It is important to know that it is not the information included in the block that is stored on the distributed ledger and is transparent to all nodes, but rather the block’s hash. Block hashes are generally done in combination with the original data stored off-chain. To better understand it you can compare it to what fingerprints are for the human body. Digital fingerprints are hashed into the blockchain, while the main body of information can be stored offline [2].

The transparency of blockchain offers users the opportunity to look through the history of all transactions. Nevertheless, blockchain transparency is neither absolute nor unconditional. Due to the various types of blockchain platforms, various degrees of transparency can be found. In a permissionless blockchain, such as Bitcoin, transactions data is shared publicly. But in the case of permissioned blockchain, where a participant requires permission to join the network, transactions data remain confidential and only visible to the authenticated participants.

By definition, privacy is the right to protect the data, attributes and assets of an entity from observation by unconsented parties. Confidentiality of data ensures that only authorized parties can have access to the data. Typical privacy concerns in a blockchain arise from the transparency feature of networks. Privacy and confidentiality concerns, in a blockchain, are mitigated by end-to-end asymmetrical encryption based on the two keys concept: private key and public key. A public key is how an account is identified in the crowd, similar to the email address, and the private key is what enables the account holder to decrypt received transactions, similar to the password. The private key is a random hexadecimal number that must be kept private by the account holder, whereas the public key is another hexadecimal number hashed from the private key. But since hashing is unidirectional, it is impossible to reconstruct the private key of an account just by having its public key. Both the public key and the private key together constitute an account’s digital signature. Digital signatures are used to validate the authenticity and integrity of any data. So as described, every account has a private key and a public key, and are indexed by an address that is where you send the transaction. The address is the last 20 bytes of the hash of the public key. Security of the assets held by an address is as good as the security of its private key.  If the private key is compromised, anyone having the key will be able to drain out the funds at the corresponding address. A solution to this problem is multisig. A multi-signature or multisig address has n number of keys, m of which are required to trigger a transaction. It is similar to a bank safe deposit box where you need two keys to open the box. You have the first key and the bank retains the second one.

So how does blockchain asymmetrical encryption work? You have to consider your public key as your mailbox and your private key as the key who unlocks your mailbox. So if an account A wants to transact with account B, he needs to know the public key of account B. Thus, the information included in the transaction will be encrypted with the public key of account B and only account B can decrypt it using his own private key. Even account A cannot decrypt the information included in the transaction once encrypted with account B’s public key.

Meanwhile and in order to comply with the latest market privacy requirements, extensive researches based on the zero knowledge proof and homomorphic encryption algorithm are being conducted. Zero knowledge proof concepts can be the next stage of private transactions. In a public blockchain, the default mode for any transaction’s visibility is openness and transparency. This means that anyone can trace the path of a transaction including the value it holds, and its originating and destination address. However, it is now possible to achieve confidentiality in transactions by encrypting the values, and it is also possible to hide the identities via zero-knowledge proof schemes. Zero knowledge proof protocols allow data to be verified without revealing that data. They therefore have the potential to revolutionize the way data is collected, used and transacted with.

Homomorphic encryption is, in the simplest non-technical definition, an encryption method that allows to perform useful operations, or computation, on encrypted values without decrypting them. The results of such computation remains in encrypted form and can be only decrypted by the holder of the security key, or in the case of blockchain, it is the private key. Several open-source implementations of homomorphic encryption schemes exist today, but nevertheless, they are still considered in the research phase.

References

[1] Mantelero, Alessandro (2013). “The EU Proposal for a General Data Protection Regulation and the roots of the ‘right to be forgotten'”. Computer Law & Security Review. 29(3): 229–235. 

[2] https://www.coindesk.com/information/what-can-a-blockchain-do, Authored by Nolan Bauerle

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s