It can be challenging to understand how data can be both public yet anonymous and secure at the same time. Enterprises planning to implement blockchain technology often ponder this question. And generally speaking, the arguments about the privacy of their data and transactions stored on a public blockchain ledger seem legit.
Even though transactions listed on a public blockchain are encrypted and almost tamper-proof, information such as wallet addresses and transaction amount are still visible. No organisation would ever want all their transaction data to be publicly accessible. But as is the case with public blockchains, anyone on the network can easily view all transactions within the network in real-time.
Does that make public blockchains — the practically decentralised ledgers — useless for enterprise use? Well, no. There are multiple solutions to attain enterprise-grade privacy on public blockchains.
Zero-Knowledge Proof (ZKP)
In simple terms, Zero-Knowledge Proof is a digital security protocol that encrypts information allowing two parties to transact and prove the legitimacy of the transaction data without having to reveal any sensitive information. For example, a transacting party can prove that they own the funds they say they own without actually showing any information related to their accounts to the verifier.
An exclusive variation of ZKP, zk-SNARKS stands for zero-knowledge succinct non-interactive argument of knowledge. A professor of UC Berkeley and the co-founder of cryptocurrency platform ZeroCash first proposed the solution.
The use of zk-SNARKS is the same as ZKP and it allows entities to prove the existence or legitimacy of any data without revealing the data itself. For example, a company can prove they received a funding of $10 million without having to show any legal papers or account statements.
Homomorphic hiding or encryption is a common solution for securing sensitive data even when it is to be processed or analysed. It is a primary part of the zk-SNARKS encryption protocol. This encryption method has become common to maintain the privacy of data on public blockchains as well as other storage alternatives.
There are three types of homomorphic encryption namely, partially homomorphic encryption, somewhat homomorphic encryption, and fully homomorphic encryption. While still in the works, the most important for cryptography is fully homomorphic encryption.
Secure multi-party computation (sMPC)
Andrew Yao’s solution to the “Millionaire’s Problem” initiated the creation of secure multi-party computation. The problem involved two parties who wanted to know which one of them was wealthier without having to reveal their net worth to each other.
To reach a conclusion without involving any third party, Yao suggested the use of secure two-party computation in 1982. Later in 1987, three researchers modified the same approach and proposed the multi-party computation method known as secure multi-party computation or sMPC. In this method, the data is divided into smaller pieces and masked with random numbers added to each piece using a cryptographic function. These pieces are then sent to multiple servers that can analyse the data without knowing what the underlying data is.
Software guard extensions
In a usual public blockchain transaction, a single node first verifies the transaction and then shares it with the whole network of nodes for re-verification and addition to the ledger. This allows all nodes to view the transaction information
Developed by the technology behemoth Intel, software guard extensions or Intel SGX is a software extension for data encryption. It helps avoid the re-verification step in blockchain transactions. When the data is needed for analysis or any transaction, SGX allows for decryption of data within a permissioned enclave where only those with required credentials can view it.
While initially, public blockchains were a nightmare for enterprises from the privacy perspective, we today have multiple solutions that surmount this obstacle. Enterprises can now easily trust public blockchains and leverage a truly decentralised infrastructure while still keeping their data privacy intact.