Over the last few years, barely a week goes by without some user-data related topic breaking news headlines. Most recently, Google announced it was shutting down its G+ social network to personal users. This came after around half a million users account details were exposed to third-party developers over a period spanning three years.
To a global news audience already primed for massive data protection breaches by the Snowdon revelations and Facebook/Cambridge Analytica scandal, one of the more surprising things about that headline is that there were half a million people still using the G+ network. Nevertheless, it is still pretty shocking to learn that Google had covered up this issue for months.
In May this year, the EU rolled out the General Data Protection Regulation (GDPR). This far-reaching legislation ensures that data processing for EU citizens can only be done with explicit consent, preventing companies like Facebook or Google from harvesting personal data to sell on to advertisers or other third parties without users knowing what is happening behind the scenes.
Many advocates of blockchain have pointed out that the technology has a strong use case in obtaining and recording user consent to data processing. Key encryption gives us the means to ensure that consent is explicit, while the immutability of blockchain provides a permanent record of that explicit consent.
Of course, this is true. But by now, public blockchains such as Bitcoin are known to be exactly that — public. Just because a user or entity consents to provide their data, it doesn’t mean that in all cases it will be appropriate to have that data recorded publicly on a blockchain for anyone to decipher. Consider scenarios such as healthcare, banking or other financial transactions.
Fortunately, blockchain developers tend to be innovative by nature. The wider blockchain community places a high value on maintaining privacy while supporting the open-source nature of public blockchains. This means that other, more technical measures can be applied to blockchains, which help to ensure the privacy and security of user data and the transactions that relate to it.
Secret contracts are a privacy-centric enhancement to the concept of smart contracts. They are being developed by Enigma, which is creating a protocol that can run on top of dApp blockchain platforms such as Ethereum. Secret contracts are designed so that no party on a blockchain network can see all of the data that is included within the contract itself.
Enigma is still developing the solution, and plans to achieve this through a mechanism called Secure Multi-Party Computation (SPMC). Fundamentally, the contract itself is broken up into many pieces, which are encrypted separately from one another. This means that all of the data related to the contract transaction can be processed by the network. At the same time, it keeps the contents of the contract completely confidential from everyone except those who are party to the contract itself.
ReBloc is one of the first blockchain companies that will make use of Enigma’s secret contracts and are opening up a data marketplace for buyers and sellers of real estate data. As a financial transaction, real estate sales are subject to strict requirements for data confidentiality which is why it’s essential for ReBloc to ensure that real estate data can be bought and sold on its platform without making that data openly available as it would be on a typical public blockchain.
Within the real estate sector, there is a big problem with the availability of meaningful, correct data to support transactions. Real estate data is provided by a small number of players, who are often deliberately vague about the data’s integrity and sources. By using the power of a network to verify data, in addition to providing the necessary levels of confidentiality, ReBloc is aiming to enable change in the market for real estate data.
The concept of Zero-Knowledge Proofs (ZKPs) has been around a lot longer than blockchain itself. A ZKP allows one person to prove something to another person, without explicitly revealing the knowledge that they are trying to prove.
A simple illustration of ZKPs in practice is using the kids’ book, “Where’s Waldo?” Alice wants to prove to Bob that she knows where Waldo is on the page. But how can she do this without showing Bob the location of Waldo?
In a ZKP scenario, Alice could cover the book with a piece of paper with a small hole cut out of it. She can show Bob the image of Waldo through the hole, but Bob cannot see for himself where Waldo actually is on the page. However, Alice has successfully shown that she knows the location of Waldo.
In the context of a blockchain, ZKP’s are implemented using a technology called Zero Knowledge Succinct Non-Interactive Argument of Knowledge, or zk-SNARK. The cryptocurrency ZCash is one of the most well-known uses of zk-SNARKs. On ZCash, the network nodes use zk-SNARKs to verify the token transactions without having to know the details of the transactions themselves. This provides users of ZCash a better degree of privacy than they would get from, e.g., Bitcoin.
While the EU puts an onus of responsibility onto companies to ensure consent-based processing for individual users, there are broader regulatory requirements for data privacy in financial transactions and beyond. Currently, data privacy is one of the most significant problems that blockchain has to solve. Secret contracts, zero-knowledge proofs, and potential future developments could be the key to ensuring data privacy on the blockchain. If so, this could overcome one of the most critical hurdles to widespread adoption.