4C/ 5 Types of Privacy on DLT

From IIW

5 Types of DLT Privacy

Wednesday 4C

Convener: Timothy Ruff, Evernym

Notes-taker(s): Colin Jaccino

Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:

DLT - Distributed Ledger Technology

5 Types of Privacy for DLT-Identity

  1. Decryption
  2. Correlation
  3. Leakage
  4. Revocation
  5. Future-Proof

This list will grow

What do you call a block chain with no blocks and no proofs of work?

“We believe” that there should be a ledger for the whole world that is publicly available, immutable.

High stakes because if you screw up the privacy, you screw up for everyone.

- Some schools of thought that everything should be on the ledger

Evernym’s thought - nothing that is private should be on the ledger. (for future proof)

Privacy is much more than encryption.

Decryption - If you use an encrypted, hashed ID to work with multiple parties, those parties can get together to deanonymize your ID.

Correlation - 

Leakage - Disclosing more than you need to.  If your college gives you a detailed transcript.  Lots of info on there.  They may give it as one verifiable claim.  What if someone asks “did you really run the 100m in under 12s?”  And buried in that transcript is that info.  If I don’t have a way to convey that info that prevents leakage, I have to share the whole basket of info in that transcript.  I don’t want to give more than I have to.

Revocation - The 

Future-proof - What goes on the ledger and what doesn’t?

A public ledger that is there for the whole world to look up forever.

In the future, we will have really really really fast computers that might decrypt anything.  So we don’t put anything that might be subject to decryption or correlation risk.

Comment: Maybe future proofing is something you would want to build into all of your privacy protections.

Timothy:  Pair-wise identifiers.

  Scenario:  Sign into Facebook.  Under the hood, an identifier is generated for logging into other web sites.  Because of this, the web sites logged into by the user could correlate the logins and deanonymize the user.  Facebook began using a different ID for each site.

    But if users volunteer their information to each web site, it’s fine.  We can’t stop them.  BUT

On a global, permanent, immutable ledger, we DON’T want to put corrrelatable data on the ledger.


Will privacy make a comeback?  Timothy thinks so.

Audience contribution:  Marketers aren’t going to like this.

Timothy Scenario:

  Suppose I can raise three flags to the world anonymously.

    - I have an $800k house to refinance.

    - I have $1M net worth, attested cryptographically by a trustworthy third party.

    - I have a 5-star rating for buying what I say I’m going to buy.


 - People may not accept or trust this DLT and these DLT-enabled services.

 - People don’t think it’s spam if it matches the needs.

Internet of Things is a huge security problem.  Tim thinks it’s an Identity problem.  How do I know it’s really my car that is calling me to tell me to it needs an oil change.

Scenario:  The pairwise ID problem.  If you have a unique ID with each relationship, especially with IOT, you will have thousands of pairwise IDs.  But the costs may be significant.  Using the bitcoin transaction fee of ~$1, this means thousands of dollars in management costs.

A solution is the DLT-based ID management method that sovrin is advocating