Privacy on the blockchain? It can be done.

How Shyft network improves user privacy, without taking it to the extreme of being useless for compliance

Hello there! My name is Kristofer Coward, and I’m the Chief Scientist for Shyft Network. I wanted to chime in with a few words about our approach to privacy on the blockchain.

It’s hard to think of a blockchain as a privacy-enhancing technology. In nearly every common use case, a blockchain is a permanent, immutable, public ledger. While there are exceptions (zcash being notable among them), data posted to a chain remains there for the whole world to see, effectively forever.

In spite of this, we’ve designed the Shyft network to improve user privacy, without taking it to the extreme of being useless for compliance. By developing a network that enables the secure sharing of trusted data, we reduce the need for that data to be duplicated. At this most basic level, fewer copies of user data out in the world means fewer opportunities for this data to end up in the wrong hands. But these gains can only be realized if the network protocols themselves are designed with privacy in mind from the very start.

This is exactly what we did with Shyft.

When a trust anchor (that is, an entity the network inherently trusts without the need to derive it) has data about a user that’s available for sharing, that data is kept confidential, and only an attestation is published declaring that the information in question exists. The attestation is pseudonymous (attached to their network address rather than any more recognizable form of their identity), and generally restricted to metadata about the information it contains. Additionally, the metadata is encrypted with a user-controlled key, so that users can restrict access to the metadata, to entities that they consent to share it with. This degree of user control also makes it harder for an attacker to use social engineering or data mining attacks to obtain private information.

The attestation structure is also flexible. A certification body can easily use it to publish an attestation that a trust anchor is in compliance with a particular standard for the protection of confidential data, or an industry group could certify that they meet other standards for the accuracy of the records they provide. This will be supplemented by the Reputational Merit Token (RMT), a system for ranking trustworthiness, being built on top of the Shyft network, which enables users to distinguish between legitimate standards bodies and industry groups, and fraudulent certifiers intended to trick people into sharing their data with careless trust anchors or with attackers.

Finally, there’s the protection of data within applications. Included in the development of on-boarding standards, for tokens representing assets with KYC (Know Your Customer) requirements, we are developing standards to blind transaction values and token balances, while still maintaining the verifiability and integrity of the token system. In order to support this, mathematical functions used in homomorphic encryption systems have already been assigned as operations within the Shyft Virtual Machine (SVM).

In the coming weeks, I plan to expand on some of the concepts introduced in this post in considerably greater detail. Thanks for reading, and stay tuned!

Related posts:

According to the marketing website wyzowl.com, 10% of people remember what they hear, 20% of people remember what they read, but 80% of people remember what they see. Our society is becoming one that…