Three Best Practices for Encrypting On-Chain Data

Blockchain, News, Opinion | May 25, 2022 By:

Benefits of blockchain technology — like immutability, verifiability and decentralization of blockchain records — are driving the adoption of the blockchain in industries ranging from healthcare to logistics.

With the growing adoption of blockchain technology comes a new problem, however — how do stakeholders protect their identities, or sensitive on-chain data? 

Various strategies have emerged for protecting on-chain data. Employing these strategies can help developers and stakeholders keep sensitive information safe when it needs to be stored on-chain.

Why Businesses Want On-Chain Encryption

By design, all the information in the blockchain is available to all blockchain participants. This availability of data is part of how blockchain design ensures that the accuracy of blockchain records is independently verifiable.

However, it is possible that participants may want to limit access to some of the information that is typically available to participants — like information on participant identity, participant inputs or even information stored on-chain.

Participants may also want to encrypt data as a way of preparing for cyber attacks. In the event that participants’ identity and access controls fail, an attacker could gain access to all unencrypted or otherwise unprotected blockchain data.

Regulatory compliance can also drive interest in blockchain encryption. In healthcare, for example, patient data is subject to several regulations that govern how providers can store and transmit that data. In some cases, providers may be legally required to encrypt certain kinds of data that they may want to store on-chain. The application of blockchain technology would only be practical for providers if it can be compliant with these regulations. 

Adoption of blockchain technology by major, security-minded organizations like IBM, Aetna and Anthem is likely to continue. As a result, blockchain encryption could soon become much more important.

1. Use Privacy-Preserving Blockchain Technologies

There are a number of proposed privacy-preserving solutions for blockchain applications. These solutions leverage existing cryptographic protocols to preserve the privacy of individual blockchain participants.

Secure Multi-Party Computation

For example, Secure multiparty computation (MPC or SMPC) is a cryptographic protocol that distributes computation across multiple users. Each individual user cannot see the other parties’ data. In practice, the protocol allows multiple users to jointly compute a function using individual inputs without sharing input data. 

For example, imagine a group of businesses that want to compute the average revenue of their particular business niche without sharing individual revenue data. An SMPC scheme could allow for a system that calculates this output without providing individual businesses access to inputs.

This approach to blockchain security requires a majority of the participants to be honest — otherwise, by comparing their data points, dishonest parties can determine input data from honest parties. 

Zero-Knowledge Proof

Zero-knowledge proof (ZKP) is an encryption scheme in which one party can prove the possession of certain information — like a private key or other secret value — without revealing that information to other parties.

One example of ZKPs in practice is privacy coin Zcoin, which deployed its own zero-knowledge proof protocol, Sigma, in 2019. The protocol allows the coin to go beyond pseudonymity and offer, according to the Zcoin team, full anonymity to coin users.

A ZKP protocol could allow developers to provide a blockchain architecture that helps to protect the identity of participants and sensitive information they made need to prove knowledge of.

2. Keep Compliant With Relevant Regulations

In addition to client or stakeholder concerns, effective blockchain privacy may also require a developer to consider industry regulations — like GDPR, CCPA or HIPAA. 

Awareness of these regulations and an understanding of how blockchain technology can comply with them will be essential for developers working on blockchain encryption.

For example, imagine a blockchain storing protected health information (or PHI) from one or more patients. Under HIPAA guidelines, this protected health information must be encrypted while it is at rest, with a few exceptions. Knowing when and how PHI must be encrypted will help developers determine the requirements for a healthcare blockchain project.

Stakeholder familiarity with the different states of data (at rest, in use and in motion) will also be important for ensuring that clients, developers and others involved in a project understand how encryption requirements may change depending on how data is used.

3. Consider the Blockchain Architecture

Different blockchain architectures can benefit from different types of encryption or privacy-preserving solutions.

Public, private (or managed), consortium and public-permissioned (or hybrid) blockchains all have different security vulnerabilities and needs. By default, private blockchains offer some additional privacy to participants and protection of their identities (and sensitive on-chain information) — but can be more vulnerable to malicious actors and fraud.

In addition to encryption, private blockchains can also benefit from identity and access management controls. These controls will help reduce the risk that attackers can pose as privileged members to make changes to the blockchain or verify blocks.

Strategies for Implementing Blockchain Encryption

Experts predict that adoption of blockchain technology is likely to accelerate over the next few years. Already, major companies are creating plans to adopt blockchain techonology, invest in blockchain research or launch pilot projects that will help them learn how blockchain can fit into their operations.

Encryption may be important for many potential blockchain use-cases that these businesses want to adopt. Familiarity with blockchain encryption protocols, like SMPC and ZKP, can help developers suggest options to clients.