Now, it is finally the time for us to reveal the mysterious “secret weapon”of Ultrain and familiarize ourselves with the secret weapon they have been hiding under their sleeves – the zero-knowledge proof. The article below "How to use zero-knowledge proof to protect personal and business data" written by the Ultrain’s tech team, explains the zero-knowledge proof and privacy protection for the public chain to build a comprehensive business ecosystem and meet the needs of different application scenarios.
How to use zero-knowledge proof to protect personal and business data
It can be said that if there is no zero-knowledge proof, it is difficult to achieve privacy protection. The open and transparent nature of the blockchain cannot be applied to many industries where data privacy protections are needed. With the existence of such technology, Ultrain can realize the end goal of empowering real economy. Ultrain has completed the application of privacy protection solution and has been implemented in multiple scenarios. In this article. some uses cases are introduced to explain the principle how to use zero-knowledge proof to protect personal and business data.
During the information age, the protection of commercial data and personal privacy is very important. For individuals, information such as identity, consumption records, and health record will be part of a personal portrait. Once compromised, it can result in advertising harassment and even personal threats. For corporate business data, such as transaction flow, frequency, and business objects are confidential information of companies. Once those secretes are leaked to competitors, they are a huge threat to the company.
Whether it is a public chain or a permissioned chain, commercial data is synchronized between different nodes of the blockchain, if the data is not encrypted on desensitization platform, there are risk of being exposed and results in security problems.
Zero knowledge proof
Zero-knowledge proof is a method by which one party A can prove to the other party B that A knows a certain confidential information of x (such as age), and that a statement about the secret (such as being older than 18 years old) is correct, but do not disclose any information other than the statement.
Ultrain uses a zero-knowledge proof system based on zksnark. Compared to zero-knowledge proof systems such as zkSTARK or Legro, zksnark's proof is significantly smaller and has least impact on system performance. The proof and verification process are more efficient and has minimal loads on the nodes. In terms of theoretical security, zksnark is also more secure than other systems.
Through the support of zero-knowledge proof, we have naturally supported verifiable calculations, which we will not go in-depth here. The analysis described later can explain the relevant applications of verifiable calculations.
We all know that if an Internet company sells patient data, it can cause great concern to patients, and will have seriously affects the credibility of hospitals and platforms. Through zero-knowledge proof, we can make data collection legal, open and transparent.
User sharing information
The user generates proof that the user utilizes his or her personal information, combines the proof key, generates evidence, indicates that he or she meets the criteria, and then submits it to the blockchain. In addition, the patient's data will be partially stored in the hospital and stored in the blockchain by the hospital. The patient can allow the hospital to transfer part of the data to the data requester in an authorized manner. The hospital encrypts the data and uploads it.
Business model turn into codes
As demonstrated on the above graph. The data requested by the data analysis company, will select data based on certain criteria. Those data will form a certain logic, generating a pair of proof keys and verification key. The verification key will be sent to smart contract, and those who submit data that meets the criteria will receive a reward
User sharing information
The user generates proof that they are using his or her personal information, combines the proof key to generates evidence that indicates that he or she meets the criteria, and then submits it to the blockchain. In addition, the patient's data will be partially stored in the hospital and stored in the blockchain hosted by hospital. The patient can allow the hospital to transfer part of the data to the party that’s authorized to receive such data. The hospital then encrypts the data and uploads it.
The smart contract accepts the evidence submitted by the user and verifies if it meets the criteria, after passing the verification process, the user is authorized to issue incentives for the patients for their contribution. The data analysis company decrypts the corresponding encrypted data from the hospital and then analyzes the data.
By sharing the private data of users and rewarding them in a specific manner, not only the data ownership, but associates it with actual application. This secret weapon allows the data to be more legally regulated, and sustainable a healthier data ecosystem.