Aleph Zero Blog
Business

Blockchain, Privacy and Compliance: Keep It Secret, Keep It Safe

May 27, 2021

AI Summary

Here's your AI summary of Blockchain, Privacy and Compliance: Keep It Secret, Keep It Safe on Aleph Zero blog

Top 10 key takeaways:

  1. Privacy Concerns: Online privacy remains a significant issue, with blockchain technology offering potential solutions to data breaches and leaks.

  2. GDPR Conflict: The General Data Protection Regulation (GDPR) conflicts with blockchain's decentralized nature, particularly around data ownership and the ability to erase or modify data.

  3. Data Controller Issue: GDPR requires a specific legal entity to own and be accountable for data, which is problematic in a decentralized blockchain system.

  4. Data Erasure Challenge: Blockchain's transparency and immutability make it difficult to comply with GDPR's requirement for data erasure or modification.

  5. Two Blockchain Camps: There are two main approaches in blockchain: one prioritizes complete privacy (e.g., Monero), while the other emphasizes transparency, each with its own legal and social challenges.

  6. Balancing Privacy and Transparency: A hybrid approach is needed to offer both privacy and transparency, meeting legal requirements while maintaining blockchain's core principles.

  7. Private Blockchain Protocols: Solutions like private blockchain protocols can limit access to personal information, allowing users to control what data is shared.

  8. Aleph Zero's Solution: Aleph Zero offers a protocol that balances privacy and compliance with EU data storage rules, using technologies like Zero-Knowledge Proofs (ZK-SNARKs) and Secure Multiparty Computation (sMPC).

  9. ZK-SNARKs and sMPC: ZK-SNARKs provide fast transactions but have privacy concerns, while sMPC offers better security but slower speeds. Aleph Zero combines both for optimal performance.

  10. Software-Based Security: Unlike hardware-dependent solutions, Aleph Zero's software-based approach avoids trust issues related to hardware providers, offering peer-reviewed, secure, and fast blockchain transactions.

AI Summary

Online privacy concerns are as hot a topic as ever with blockchain technology being the potential cure.

The news cycle is regularly bombarded with stories of data breaches and sensitive information leaks, the consequences of which range from electrifying political scandals to divorce hearings (that is, if you got busted on Ashley Madison). Jokes aside, privacy in the tech sector is one of the leading concerns for experts and customers alike and although using certain applications or websites entail that we give up our privacy in exchange for a service, the voices that demand greater anonymity are growing in strength. Privacy is one of the key features and selling points of blockchain-based transactions. Private enough that it has caused concern among governing bodies and broader social worry.

Blockchain and GDPR

To fully understand the stakes, we must understand the structure of the current General Data Protection Regulation (GDPR) and the nature of what makes blockchain transactions so safe. This very nature is at the root of their conflict with current laws. The GDPR is a set of data protection laws that has been adopted by the European Union (EU). Not limited to Europe, the GDPRs influence reaches far beyond the EU. To put it simply, if you want to do business in the EU, you must follow these rulings. Lawmakers conceptualized the current legislation around 30 years ago and couldn’t imagine the advent of blockchain technology. Two major problems are in defining the term “data controller” and those regarding the principle of data limitation. 

Let’s take a look at the concept of “data controller”. According to current legislation, a particular legal entity must own information, and this actor must follow various rules. This makes sure that they can be held accountable for malpractice. This lies in conflict with blockchain being a distributed database that aims for decentralization. These laws are void in an ecosystem of shared information, as accountability and responsibility are difficult to ascertain. Secondly, the law demands that data held by actors should be subject to erasure or modifications when necessary. Blockchain technology once again refuses to play by these rules, seeing as it built its ecosystem of trust on transparency and information integrity. Once you place something on the blockchain, it is nigh impossible to remove it. 

Two Approaches to Blockchain Privacy

Polarization seems to be a stock feature of human nature, and to risk a broad simplification, there are two camps in the blockchain world. On one hand, there are technologies that are highly invested in creating a completely secure and private space for transactions. These solutions usually come at the cost of flirting with controversy (e.g., Monero). The lack of transparency exhibited is partly responsible for the image crisis blockchain technology has unfairly suffered in recent years. Sensationalism sells. So it is no surprise that the public sees this technological innovation through the lens of stories that feature money-laundering and shady darknet deals… but I digress. On the other hand, we have blockchain technologies with completely transparent databases. Information placed on a blockchain forever is also a cause for concern.

“A lack of privacy in blockchain, as well as an unhealthy abundance of it can cause legal doubts”

Adam Gągol (Co-Founder, CTO at Aleph Zero)

Connecting Privacy With Blockchain

How do we combine the best of both worlds? How do we offer the privacy that customers demand with transparency that creates both social and governmental trust? One of the solutions is to create private blockchain protocols that allow for limited access to our personal information. This solution will allow our sensitive data to stay hidden from prying eyes. It will also offer us the freedom to make it public if necessary. This compromise meets halfway the current legal conditions while also remaining true to the ethos that rests at the base of blockchain technology. If you could choose which elements of your online identity to share, it would do wonders for our concept of cybersecurity. It would also solve many of the problems linked to the surplus of information we unwittingly leave behind ourselves. 

Why Aleph Zero Is the Solution for Private Blockchain Transactions

Aleph Zero can solve the problems mentioned in previous paragraphs by offering a protocol that fulfills the desires of both those requiring the utmost privacy while also following the rules governing data storage in the European Union (EU). To fully understand this, we must put one harmful myth out of its misery: that private transactions should be beyond the reach of the authorities. A good way to think of this is that transactions should be private but auditable.

Zero-knowledge proofs (ZK-SNARKs) and Secure Multiparty Computation (sMPC) embody two interesting takes on the idea of secure data sharing. The first solution has its roots in the theories of the cryptologists Goldasser, Micali and Rackoff. These ideas were first broadly adopted by Zerocoin and later Zcash. The idea behind the technology is to pass a secret key between two parties. The prover can use this encrypted key to confirm before the verifier that certain information is in the possession of the prover. The second solution (sMPC) involves keeping sensitive information off-chain on several nodes. Only if the nodes conduct a secure handshake can the user access the data. No one computer can access the encrypted contents without a unanimous consensus. 

sMPC nodes offer high levels of security by keeping data off-chain

The Aleph Zero Advantage

The main criticism that ZK-SNARKs has to deal with is the fact that although this type of transaction is fast, there are many privacy concerns. We can say the exact opposite about MPCs. They offer much better security features at the cost of speed. Why not have both? Why can’t we have speed and security? Fortunately, we can. Aleph Zero uses a solution that treads both paths at the same time. We take the best from both worlds, offering superior security alongside quick transaction speeds. 

Aleph Zero is also distinguished by the fact that it is completely software-based. Data security solutions that Secret Network and Oasis offer need special hardware. For example, Oasis uses a piece of hardware they call a secure enclave that acts as a black box. The secure enclave stores data and creates cryptographic proof that its programming has been correctly executed. The biggest issue in hardware solutions is being dependent on an entity that has to provide the hardware, thus leading to trust issues. 

We’ve designed Aleph Zero to solve many of the issues facing the market at the time of writing this article. We trust that boasting a peer-reviewed protocol with superior speed and security is the next step forward for blockchain technology to enter the mainstream and find widespread use. 

Do you think blockchain is about to go mainstream? If not, what problems do you think should still be addressed?