Blockchain Myths: Data Visibility
Public blockchains like Bitcoin depend on data visibility as a source of transparency. As the networks are mostly pseudonymous, the ability to trace each transaction back to its origin significantly narrows the space for malicious acts. This is not the norm. Some public blockchains value privacy above all other considerations and implement technological solutions to that end. Whereas private and permissioned blockchains are highly adaptable to the needs of their users. In other words, your data does not have to be visible to the general public if you do not want it to be.Origins of the Myth
One of Bitcoin’s biggest attributes is its decentralized nature. By removing a central authority that controls the blockchain, its creator wanted to adopt a more democratic approach. Not only would the playground be more equal, but the network would also be more secure, as there is no single point of failure for the system. This is also where data visibility comes in. By knowing what data comes from each participant in the network, malicious acts are quickly recognized and offenders penalized. This ensures the health of the network. Without a central figure to police it, it's in the best interest of all participants to work together.
However, this does not completely strip away any privacy the users might have. Bitcoin is pseudonymous: you do not have to provide your details to participate. But, transactions can still be traced back to your node (and even possibly to your identity, if you haven't been keeping it safe). Participants have to be able to protect their identities, but not to the point where malicious actors can get away with harming the network, so the balance is precarious.
Public Network Anonymity
As Bitcoin’s pseudonymity showed its disadvantages through the years, users decided to give anonymity a shot by employing advanced cryptographic solutions. Zero-knowledge proofs are one such technology. This is a highly complex way in which Alice tells Bob that she is in possession of certain knowledge without disclosing the knowledge. The complexity stems from the fact that Alice’s knowledge has to be provably correct without Bob ever knowing exactly what it is.
An example of zero-knowledge proof in action comes from the Zcash network. The protocol is called a zk-SNARK (short for Zero-Knowledge Succinct Non-Interactive Argument of Knowledge). “Succinct” means the verification takes a few seconds. “Non-Interactive” means that there's no need for the two participants to communicate beyond the first verification message.
However, Zcash only employs this technology in shielded transactions, as it is very computationally heavy. Transactions are not shielded by default. In some cases, unshielded transactions have been known to leak data about shielded ones. As with most issues, there is a certain give and take, no solution is perfect when it comes to public blockchains.
Private Network: Privacy at the Forefront
Private and permissioned blockchains are another matter entirely. Without the different considerations that are innately tied to public blockchains, such as wide public access and transparency, there is none of the aforementioned give and take. In other words, there is no need to ensure that everyone gets equal access to the blockchain without compromising their privacy, as the owner sets the permissions according to the company requirements. There is no need for the data to be visible to anyone but the people at the company. Even then, the owners can decide who gets to see what.
The only potential exception to this rule would be if your blockchain solution were oriented towards the public and open to public use. Even then, however, you would not be required to keep the data visible to everyone. As already discussed, this is part of decentralized and unregulated blockchains that need to ensure the network stays healthy. If you can offer this through other means, data visibility could simply be a perk and not a requirement.
How Enterprise-Grade Blockchain Providers Approach Privacy
The three main enterprise-oriented blockchains and their providers, Hyperledger Fabric, R3 Corda, and ConsenSys Quorum, all have private and permissioned blockchain at their heart.
Hyperledger Fabric employs four different privacy measures:
- Asymmetric cryptography & zero-knowledge proofs used to separate transaction data from on-chain records.
- A digital certificate management service vouches for the legitimacy of your company.
- Their multi-channel design protects information from being shared across different channels.
- Privacy data collection serves to protect the data of different companies using the same channel.
ConsenSys Quorum has three main features when it comes to privacy:
- A private transaction manager called Tessera serves to store encrypted transaction data.
- A secure enclave is used to handle most of the cryptographic work, including holding private keys, but is isolated from the other components for security reasons.
- Public and private states that impose restrictions upon who gets to handle which transaction, depending on whether they are authorized to do so.
R3 Corda handles privacy in the following ways:
- Partial data visibility signifies that transactions are not globally broadcast.
- Transaction tear-offs mean that transactions can be signed without being completely visible to all parties.
- Key randomization is used to prevent any key being tied to one identity.
- Graph pruning means that old asset data can be “pruned” from the new version of the asset, so the new version does not allow anyone to follow its history back beyond the point of the pruning.
- Global ledger encryption is their main privacy effort—as its name implies, this keeps the entire ledger encrypted.
With all three platforms, not only is the data hidden from the public via a private network, but you also get to decide who gets access to which parts of the blockchain and how much they can see. In other words, data visibility and access are controlled.
Protecting their company’s sensitive data is of great importance to any manager. Blockchain does not have to be a compromise between that and the improvements it brings to the table, as long as you choose a private and permissioned blockchain instead of a fully public one.
If you’re interested in having more blockchain-related myths dispelled, read our 7 Common Myths About Blockchain article—and if you want to know more about each, we go into depth about them on our blog. Interested in deploying your own blockchain solution? Learn all you need to know by signing up for one of our upcoming Principles of Successful Deployments webinars.