ING announced that researchers at the financial services firm have solved a security and privacy issue on blockchain software firm R3’s Corda blockchain.
On Oct. 23, ING’s distributed ledger technology team presented its white paper, called “Solutions for the Corda security and privacy trade-off: having your cake and eating it,” where it reportedly found a solution to improve the security and privacy trade-off on Corda, an open-source blockchain platform.
The white paper states that currently, the content of each transaction on the Corda blockchain is revealed to a validating notary to be able to achieve consensus. Being able to observe the content of transactions may raise privacy concerns. ING director Mariana Gomez de la Villa explained: In the case of the validating one, the notary sees the contents of a transaction before it determines if the information is correct, which means participants lose privacy. A non-validating notary doesn’t see a transaction’s content, which creates a security risk where the notary could sign off the wrong transaction if a malicious participant builds an invalid transaction. However, it protects participants against double-spends, an attack where someone could spend the same asset twice, as does the validating notary.”
ING’s solution introduces a zero-knowledge proof (ZKP) notary service to validate transactions, that can purportedly evaluate the validity of a transaction without compromising on safety and without revealing any private contents.
In the cryptography world, ZKP is known as a method that allows one party to prove to another party that a statement is true without giving up any additional information. Zero-knowledge proofs were defined for the first time in a 1988 paper published by researchers from MIT and the University of Toronto as “those proofs that convey no additional knowledge other than the correctness of the proposition in questions.”
ZKPs allow for greater privacy on public blockchains and could fuel growth in blockchain adoption by reducing the expensive and time-consuming process of setting up private networks.