Dutch multinational lender ING says it has solved a problem embedded in R3’s Corda blockchain, designed for enterprise use.
In a white paper entitled “Solutions for the Corda Security and Privacy Trade-off: Having Your Cake and Eating It,” published Wednesday, the bank introduced a “zero-knowledge proof” (a cryptographic technique) notary, which it claims resolves a pivotal tradeoff between security and privacy on the Corda network.
Unlike Bitcoin and Ethereum, Corda doesn’t use miners to validate transactions. Instead it offers two options: a “validating notary” that checks the contents of individual transactions to check their accuracy, and a “non-validating notary” that accepts them at face value, which speeds the process up.
Each approach has a down side. Validating notaries invade users’ privacy, and non-validating notaries can do little to prevent against fraudulent transactions.
ING, which joined R3 in 2015, considered this a problem. Speaking to Coindesk, ING staffer Andrei Ilchenko suggested that users of its forthcoming Corda-based trading platform, Marco Polo, could slip transactions “owned by another participant” past the validators. Like stealing from another’s shopping basket.
Now the bank says it has struck the perfect middle ground: a validation system that is able to glean the contents of a transaction without observing the data itself. To achieve this it uses a “zero-knowledge proof,” which converts the transactional data to a meaningless alphanumeric string of numbers that can be used to verify the data it represents without revealing it.
This would allow ING to put transactions through the validating notary—that checks if they are accurate—but crucially, it wouldn’t be able to see any of the transaction information. So it would allow for secure transactions that are private too. An elusive mix.