Blockchain, Privacy and Compliance: Keep It Secret, Keep It Safe
Online privacy concerns are as hot a topic as ever with blockchain technology being the potential cure.
The news cycle is regularly bombarded with stories of data breaches and sensitive information leaks, the consequences of which range from electrifying political scandals to divorce hearings (that is, if you got busted on Ashley Madison). Jokes aside, privacy in the tech sector is one of the leading concerns for experts and customers alike and although using certain applications or websites entail that we give up our privacy in exchange for a service, the voices that demand greater anonymity are growing in strength. Privacy is one of the key features and selling points of blockchain-based transactions. Private enough that it has caused concern among governing bodies and broader social worry.
Blockchain and GDPR
To fully understand the stakes, we must understand the structure of the current General Data Protection Regulation (GDPR) and the nature of what makes blockchain transactions so safe. This very nature is at the root of their conflict with current laws. The GDPR is a set of data protection laws that has been adopted by the European Union (EU). Not limited to Europe, the GDPRs influence reaches far beyond the EU. To put it simply, if you want to do business in the EU, you must follow these rulings. Lawmakers conceptualized the current legislation around 30 years ago and couldn’t imagine the advent of blockchain technology. Two major problems are in defining the term “data controller” and those regarding the principle of data limitation.
Let’s take a look at the concept of “data controller”. According to current legislation, a particular legal entity must own information, and this actor must follow various rules. This makes sure that they can be held accountable for malpractice. This lies in conflict with blockchain being a distributed database that aims for decentralization. These laws are void in an ecosystem of shared information, as accountability and responsibility are difficult to ascertain. Secondly, the law demands that data held by actors should be subject to erasure or modifications when necessary. Blockchain technology once again refuses to play by these rules, seeing as it built its ecosystem of trust on transparency and information integrity. Once you place something on the blockchain, it is nigh impossible to remove it.
Two Approaches to Blockchain Privacy
Polarization seems to be a stock feature of human nature, and to risk a broad simplification, there are two camps in the blockchain world. On one hand, there are technologies that are highly invested in creating a completely secure and private space for transactions. These solutions usually come at the cost of flirting with controversy (e.g., Monero). The lack of transparency exhibited is partly responsible for the image crisis blockchain technology has unfairly suffered in recent years. Sensationalism sells. So it is no surprise that the public sees this technological innovation through the lens of stories that feature money-laundering and shady darknet deals… but I digress. On the other hand, we have blockchain technologies with completely transparent databases. Information placed on a blockchain forever is also a cause for concern.
“A lack of privacy in blockchain, as well as an unhealthy abundance of it can cause legal doubts”
Adam Gągol (Co-Founder, CTO at Aleph Zero)
Connecting Privacy With Blockchain
How do we combine the best of both worlds? How do we offer the privacy that customers demand with transparency that creates both social and governmental trust? One of the solutions is to create private blockchain protocols that allow for limited access to our personal information. This solution will allow our sensitive data to stay hidden from prying eyes. It will also offer us the freedom to make it public if necessary. This compromise meets halfway the current legal conditions while also remaining true to the ethos that rests at the base of blockchain technology. If you could choose which elements of your online identity to share, it would do wonders for our concept of cybersecurity. It would also solve many of the problems linked to the surplus of information we unwittingly leave behind ourselves.
Why Aleph Zero Is the Solution for Private Blockchain Transactions
Aleph Zero can solve the problems mentioned in previous paragraphs by offering a protocol that fulfills the desires of both those requiring the utmost privacy while also following the rules governing data storage in the European Union (EU). To fully understand this, we must put one harmful myth out of its misery: that private transactions should be beyond the reach of the authorities. A good way to think of this is that transactions should be private but auditable.
Zero-knowledge proofs (ZK-SNARKs) and Secure Multiparty Computation (sMPC) embody two interesting takes on the idea of secure data sharing. The first solution has its roots in the theories of the cryptologists Goldasser, Micali and Rackoff. These ideas were first broadly adopted by Zerocoin and later Zcash. The idea behind the technology is to pass a secret key between two parties. The prover can use this encrypted key to confirm before the verifier that certain information is in the possession of the prover. The second solution (sMPC) involves keeping sensitive information off-chain on several nodes. Only if the nodes conduct a secure handshake can the user access the data. No one computer can access the encrypted contents without a unanimous consensus.
The Aleph Zero Advantage
The main criticism that ZK-SNARKs has to deal with is the fact that although this type of transaction is fast, there are many privacy concerns. We can say the exact opposite about MPCs. They offer much better security features at the cost of speed. Why not have both? Why can’t we have speed and security? Fortunately, we can. Aleph Zero uses a solution that treads both paths at the same time. We take the best from both worlds, offering superior security alongside quick transaction speeds.
Aleph Zero is also distinguished by the fact that it is completely software-based. Data security solutions that Secret Network and Oasis offer need special hardware. For example, Oasis uses a piece of hardware they call a secure enclave that acts as a black box. The secure enclave stores data and creates cryptographic proof that its programming has been correctly executed. The biggest issue in hardware solutions is being dependent on an entity that has to provide the hardware, thus leading to trust issues.
We’ve designed Aleph Zero to solve many of the issues facing the market at the time of writing this article. We trust that boasting a peer-reviewed protocol with superior speed and security is the next step forward for blockchain technology to enter the mainstream and find widespread use.
Do you think blockchain is about to go mainstream? If not, what problems do you think should still be addressed?