Bringing data minimization to digital wallets at scale with general-purpose zero-knowledge proofs

E-print/Working paper (2023)

Today, digital identity management for individuals is either inconvenient and error-prone or creates undesirable lock-in effects and violates privacy and security expectations. These shortcomings inhibit ... [more ▼]

Today, digital identity management for individuals is either inconvenient and error-prone or creates undesirable lock-in effects and violates privacy and security expectations. These shortcomings inhibit the digital transformation in general and seem particularly concerning in the context of novel applications such as access control for decentralized autonomous organizations and identification in the Metaverse. Decentralized or self-sovereign identity (SSI) aims to offer a solution to this dilemma by empowering individuals to manage their digital identity through machine-verifiable attestations stored in a "digital wallet" application on their edge devices. However, when presented to a relying party, these attestations typically reveal more attributes than required and allow tracking end users' activities. Several academic works and practical solutions exist to reduce or avoid such excessive information disclosure, from simple selective disclosure to data-minimizing anonymous credentials based on zero-knowledge proofs (ZKPs). We first demonstrate that the SSI solutions that are currently built with anonymous credentials still lack essential features such as scalable revocation, certificate chaining, and integration with secure elements. We then argue that general-purpose ZKPs in the form of zk-SNARKs can appropriately address these pressing challenges. We describe our implementation and conduct performance tests on different edge devices to illustrate that the performance of zk-SNARK-based anonymous credentials is already practical. We also discuss further advantages that general-purpose ZKPs can easily provide for digital wallets, for instance, to create "designated verifier presentations" that facilitate new design options for digital identity infrastructures that previously were not accessible because of the threat of man-in-the-middle attacks. [less ▲]

Harmonizing sensitive data exchange and double-spending prevention through blockchain and digital wallets: The case of e-prescription management

in Distributed Ledger Technologies: Research and Practice (2022)

The digital transformation of the medical sector requires solutions that are convenient and efficient for all stakeholders while protecting patients’ sensitive data. One example that has already attracted ... [more ▼]

The digital transformation of the medical sector requires solutions that are convenient and efficient for all stakeholders while protecting patients’ sensitive data. One example that has already attracted design-oriented research are medical prescriptions. However, current implementations of electronic prescription management systems typically create centralized data silos, leaving user data vulnerable to cybersecurity incidents and impeding interoperability. Research has also proposed decentralized solutions based on blockchain technology, but privacy-related challenges have often been ignored. We conduct design science research to develop and implement a system for the exchange of electronic prescriptions that builds on two blockchains and a digital wallet app. Our solution combines the bilateral, verifiable, and privacy-focused exchange of information between doctors, patients, and pharmacies through verifiable credentials with a token-based, anonymized double-spending check. Our qualitative and quantitative evaluations as well as a security analysis suggest that this architecture can improve existing approaches to electronic prescription management by offering patients control over their data by design, a high level of security, sufficient performance and scalability, and interoperability with emerging digital identity management solutions for users, businesses, and institutions. We also derive principles on how to design decentralized, privacy-oriented information systems that require both the exchange of sensitive information and double-usage protection. [less ▲]

An in-depth investigation of the performance characteristics of Hyperledger Fabric

in Computers and Industrial Engineering (2022), 173

Private permissioned blockchains are deployed in ever greater numbers to facilitate cross-organizational processes in various industries, particularly in supply chain management. One popular example of ... [more ▼]

Private permissioned blockchains are deployed in ever greater numbers to facilitate cross-organizational processes in various industries, particularly in supply chain management. One popular example of this trend is Hyperledger Fabric. Compared to public permissionless blockchains, it promises improved performance and provides certain features that address key requirements of enterprises. However, also permissioned blockchains are still not as scalable as centralized systems, and due to the scarcity of theoretical results and empirical data, their real-world performance cannot be predicted with the necessary precision. We intend to address this issue by conducting an in-depth performance analysis of Hyperledger Fabric. The paper presents a detailed compilation of various performance characteristics using an enhanced version of the Distributed Ledger Performance Scan (DLPS). Researchers and practitioners alike can use the various performance properties identified and discussed as guidelines to better configure and implement their Hyperledger Fabric network. Likewise, they are encouraged to use the DLPS framework to conduct their measurements. [less ▲]

Enabling end-to-end digital carbon emission tracing with shielded NFTs

in Energy Informatics (2022), 5

In the energy transition, there is an urgent need for decreasing overall carbon emissions. Against this background, the purposeful and verifiable tracing of emissions in the energy system is a crucial key ... [more ▼]

In the energy transition, there is an urgent need for decreasing overall carbon emissions. Against this background, the purposeful and verifiable tracing of emissions in the energy system is a crucial key element for promoting the deep decarbonization towards a net zero emission economy with a market-based approach. Such an effective tracing system requires end-to-end information flows that link carbon sources and sinks while keeping end consumers’ and businesses’ sensitive data confidential. In this paper, we illustrate how non-fungible tokens with fractional ownership can help to enable such a system, and how zero-knowledge proofs can address the related privacy issues associated with the fine-granular recording of stakeholders’ emission data. Thus, we contribute to designing a carbon emission tracing system that satisfies verifiability, distinguishability, fractional ownership, and privacy requirements. We implement a proof-of-concept for our approach and discuss its advantages compared to alternative centralized or decentralized architectures that have been proposed in the past. Based on a technical, data privacy, and economic analysis, we conclude that our approach is a more suitable technical backbone for end-to-end digital carbon emission tracing than previously suggested solutions. [less ▲]

How to make users adopt more sustainable cryptocurrencies: Evidence from Nigeria

E-print/Working paper (2022)

Some of the most popular decentralised cryptocurrency networks have drawn widespread criticism for consuming vast amounts of electricity and have thus become targets of regulatory interest. Attempts to ... [more ▼]

Some of the most popular decentralised cryptocurrency networks have drawn widespread criticism for consuming vast amounts of electricity and have thus become targets of regulatory interest. Attempts to influence cryptocurrency network operations via policy in the pursuit of sustainability in the past, however, have been widely unsuccessful. Some were abandoned out of fear of jeopardising innovation while others failed due to the highly globalised nature of decentralised systems. Considering Bitcoin as an archetype for cryptocurrencies with high energy demand, this study takes a bottom-up approach by analysing statements made by Nigerian cryptocurrency users (N = 158) concerning their perception of sustainability issues. Three main findings emerged: 1) Despite self-reporting as highly knowledgeable, most participants significantly underestimate the energy demand of Bitcoin. 2) Those who accurately assess the energy demand of Bitcoin are more likely to support measures targeting its energy demand than those who misestimate it. 3) Those who support measures predominantly hold private actors responsible. In light of these findings, it is concluded that the primary task of policy makers in the context of cryptocurrency sustainability is to enforce consumer education. [less ▲]

Exploring the use of self-sovereign identity for event ticketing systems

in Electronic Markets (2022), 32

This position paper discusses the challenges of blockchain applications in businesses and the public sector related to an excessive degree of transparency. We first point out the types of sensitive data ... [more ▼]

This position paper discusses the challenges of blockchain applications in businesses and the public sector related to an excessive degree of transparency. We first point out the types of sensitive data involved in different patterns of blockchain use cases. We then argue that the implications of blockchains’ information exposure caused by replicated transaction storage and execution go well beyond the often-mentioned conflicts with the GDPR’s “right to be forgotten” and may be more problematic than anticipated. In particular, we illustrate the trade-off between protecting sensitive information and increasing process efficiency through smart contracts. We also explore to which extent permissioned blockchains and novel applications of cryptographic technologies such as self-sovereign identities and zero-knowledge proofs can help overcome the transparency challenge and thus act as catalysts for blockchain adoption and diffusion in organizations. [less ▲]

Decentralised Finance's Unregulated Governance: Minority Rule in the Digital Wild West

E-print/Working paper (2022)

Decentralised finance (DeFi) is a category of unlicensed, unregulated, and non-custodial financial services that utilise public, distributed ledgers like Ethereum. The Bloomberg Galaxy DeFi Index ... [more ▼]

Decentralised finance (DeFi) is a category of unlicensed, unregulated, and non-custodial financial services that utilise public, distributed ledgers like Ethereum. The Bloomberg Galaxy DeFi Index, launched in August 2021, includes nine Ethereum-based projects – non-custodial exchanges as well as lending and derivatives platforms. Each project is governed, at least in part, by a community of unregistered individuals that hold tradable voting rights tokens (also known as governance tokens). Voting rights tokens allow holders to vote on proposed changes to a DeFi project’s features, parameters, or rules. DeFi’s governance power is thus linked to the distribution and exercise of tokenised voting rights. Since DeFi projects are typically not managed by companies or public institutions, not much is known about DeFi’s governance. Regulators and law-makers from the United States recently asked if DeFi’s governance entails a new class of “shadowy” elites. In response, we conducted an exploratory, multiple-case study that focuses on the voting rights tokens issued by the nine projects from Bloomberg’s Galaxy DeFi index. Our mixed methods approach draws on Ethereum-based data about the distribution, trading, and staking of voting rights tokens, as well as project documentation and archival records. Our findings contribute knowledge about the entitlements of DeFi’s voting rights tokens, the initial distribution strategies, and the actual voting and delegation activity. Our principal finding is that DeFi’s voting rights are highly concentrated, and the exercise of these rights is very low. Our theoretical contribution is descriptive: minority rule is the probable consequence of tradable voting rights plus the lack of applicable anti-concentration or anti-monopoly laws. We interpret DeFi’s minority rule as timocratic and acknowledge its possible transition to oligarchy. [less ▲]

A serverless distributed ledger for enterprises

in Proceedings of the 55th Hawaii International Conference on System Sciences (2022, January 04)

Enterprises have been attracted by the capability of blockchains to provide a single source of truth for workloads that span companies, geographies, and clouds while retaining the independence of each ... [more ▼]

Enterprises have been attracted by the capability of blockchains to provide a single source of truth for workloads that span companies, geographies, and clouds while retaining the independence of each party’s IT operations. However, so far production applications have remained rare, stymied by technical limitations of existing blockchain technologies and challenges with their integration into enterprises’ IT systems. In this paper, we collect enterprises’ requirements on distributed ledgers for data sharing and integration from a technical perspective, argue that they are not sufficiently addressed by available blockchain frameworks, and propose a novel distributed ledger design that is “serverless”, i.e., built on cloud-native resources. We evaluate its qualitative and quantitative properties and give evidence that enterprises already heavily reliant on cloud service providers would consider such an approach acceptable, particularly if it offers ease of deployment, low transactional cost structure, and a combination of latency and scalability aligned with real-time IT application needs. [less ▲]

With or Without Blockchain? Towards a Decentralized, SSI-based eRoaming Architecture

in Proceedings of the 55th Hawaii International Conference on System Sciences (HICSS) (2022)

Fragmentation and limited accessibility of charging infrastructure impede the adoption of electric vehicles. To improve the availability of charging infrastructure independent of providers, eRoaming ... [more ▼]

Fragmentation and limited accessibility of charging infrastructure impede the adoption of electric vehicles. To improve the availability of charging infrastructure independent of providers, eRoaming offers a promising solution. Yet, current eRoaming systems are typically centralized, which raises concerns of market power concentration. While the use of blockchain technology can obviate such concerns, it comes with significant privacy challenges. To address these challenges, we explore a combination of blockchain with self-sovereign identity. Specifically, we apply a design science research approach, which helps us to identify requirements, derive a conceptual architecture, and deduce design principles for decentralized eRoaming and beyond. We find that blockchain may best leverage its benefits when it takes a backseat as a public registry for legal entities. Moreover, we find that the use of self-sovereign identities could improve compliance with privacy regulations, but they should not be overused. [less ▲]

The transparency challenge of blockchain in organizations

in Electronic Markets (2022), 32(3), 1779--1794

This position paper discusses the challenges of blockchain applications in businesses and the public sector related to an excessive degree of transparency. We first point out the types of sensitive data ... [more ▼]

This position paper discusses the challenges of blockchain applications in businesses and the public sector related to an excessive degree of transparency. We first point out the types of sensitive data involved in different patterns of blockchain use cases. We then argue that the implications of blockchains’ information exposure caused by replicated transaction storage and execution go well beyond the often-mentioned conflicts with the GDPR’s “right to be forgotten” and may be more problematic than anticipated. In particular, we illustrate the trade-off between protecting sensitive information and increasing process efficiency through smart contracts. We also explore to which extent permissioned blockchains and novel applications of cryptographic technologies such as self-sovereign identities and zero-knowledge proofs can help overcome the transparency challenge and thus act as catalysts for blockchain adoption and diffusion in organizations. [less ▲]