Blockchain - the data protection problem

Data within a blockchain network is never private to begin with, but can be read by other participants in the network. Trusted computing appliances can be used to counter this substantial problem.

There are use cases where the trustworthy processing of private data is not possible with today's blockchains. This is particularly problematic if intellectual property is to be protected while at the same time accelerating existing manual processes accompanied by appraisers and notaries.

Examples of such processes are the communication of regulated food additives in the consumer goods industry or substance control in the context of drug approval. But why can't blockchains be used today for trustworthy processing of private data?

After all, "trustworthiness" is at the top of the list of advantages of this technology. The sticking point is the "private" nature of the data to be processed.

In the classic sense, data within a blockchain is never private, i.e. always readable by other participants in the network. If the data is encrypted before it is sent to the blockchain, it can no longer be processed using smart contracts.

Unless, of course, the smart contract were to decrypt them. However, the decoding key required for this would then again be visible to all participants.

Hyperledger technology attempts to solve the visibility of data through so-called channels, which certain participants in a blockchain network can share. However, depending on the complexity of the relationship networks, this approach quickly becomes confusing and uneconomical.

Also, especially in the manufacturing industry, there is very strongly protected intellectual property, which must never leave the company network - especially not in the direction of a decentralized system, over which the owner does not have complete control. One possible solution to provide more data protection is offered by Camelot ITLab with the Trusted Computing Appliances.

Additional services Trusted Computing Appliances

The concept works as follows: The secret data is only stored locally by the owner, but registered on the blockchain by hash value. This rules out the possibility of the owner manipulating the data in his favor at any time.

All parties agree on an algorithm (program) that is allowed to process the private data, for example, a simple matching of two lists and the return of the intersection (intersection).

Optimally, the distribution of the program to the involved parties is also done via blockchain mechanisms. After execution of the program, the return value (the intersection) may be distributed to the relevant counterparties via the blockchain.

Now, this approach poses the following danger: Since the program runs on the infrastructure - the PC or server - of the data owner, the latter could manipulate the program itself and thus falsify the return value that reaches the blockchain in his favor.

This is where trusted computing comes into play: it prevents the manipulation of local programs as well as the influencing of running processes of these programs by measures firmly anchored in the processor.

Thus, the trusted computing appliance enables the operation of "off-chain smart contracts" because they run locally, but still in a trusted environment. The previously mentioned programs that all participants in the network agree on are called "trustlets" at Camelot, and the trusted environment in the current service version is Intel SGX (Software Guard Extension).

The biggest challenge in developing the trusted computing service was to secure the insecure area between the blockchain and the trustlets. This was achieved with the help of a coherent concept that describes onboarding mechanisms that work by means of voting machines and data integrity through digital signatures.

The blockchain to be used is in principle freely selectable. Camelot's reference implementation uses Hyperledger Fabric within the SAP Blockchain as a Service offering.

In addition to processing protected data, the technical use cases include, for example, so-called inter-blockchain data exchange, i.e., the secure transfer of transactions from one blockchain technology to another, as well as the insertion of data from secure data sources into a blockchain network.

The trustlets are exclusively code compiled at Camelot. However, script language interpreters are also planned for the next version of Trusted Computing in order to be able to distribute the algorithms in real time.

This shows that this environment still holds a high potential for optimization and further development, which meets a great demand in the market.