Performing calculations on private data (e.g. Birthdate)?

domschdomsch Member Posts: 11
Is it possible to create a contract that receives data and then performs some calculations on this data and outputs either a True or False (depending on the data).

I'm currently working on an Identity project and I've been working on a prototype (with the Bitcoin Blockchain) for the past few days. I'm just a bit confused on the Ethereum side and if what I want to achieve is even possible. An example to what I want to achieve: the smart contract receives a birthdate and then determines whether the person is over 18 or not. If the output is True, a certain area in the website gets unlocked. The importance here is of course to keep the data secretive so that nobody can see the users birthdate except for the contract.

Some tips on how to approach this are greatly appreciated :)

Comments

  • ledgerwatchledgerwatch Member Posts: 57
    All computations performed by ethereum contracts are public, because they need to be repeated by all the nodes of the network. That being said, you can, of course, use some form of homomorphic encryption (https://en.wikipedia.org/wiki/Homomorphic_encryption#Partially_homomorphic_cryptosystems) or Zero-knowledge proofs (a bit more involved) to securely deal with private data.
    However, performing computations like that is not what Ethereum contracts are good or efficient for. The real strength of contracts is the ability to store, process, and generate commitments. For your application, you might want to look at the hybrid approaches, i.e. store some of the information privately, and only give the contract commitments to such information.
  • domschdomsch Member Posts: 11
    edited August 2015

    All computations performed by ethereum contracts are public, because they need to be repeated by all the nodes of the network. That being said, you can, of course, use some form of homomorphic encryption (https://en.wikipedia.org/wiki/Homomorphic_encryption#Partially_homomorphic_cryptosystems) or Zero-knowledge proofs (a bit more involved) to securely deal with private data.
    However, performing computations like that is not what Ethereum contracts are good or efficient for. The real strength of contracts is the ability to store, process, and generate commitments. For your application, you might want to look at the hybrid approaches, i.e. store some of the information privately, and only give the contract commitments to such information.

    Hey thanks for your help. yeh I did some research and came to the same results, but was hoping that there is perhaps a work around.

    So the only solution for this would it be to upload the date of birth to a public website from where the contract gets the data. This would mean that I will have to randomize the data entries and only the user himself can link himself to the data and its output (True or False).

    Also " i.e. store some of the information privately, and only give the contract commitments to such information." this is exactly what I want to achieve. The user will store his identity locally which contains the date of birth. The user would then give access to the contract (on a per case basis) to the date of birth entry, the contract then performs the calculation and outputs True or False.
  • ledgerwatchledgerwatch Member Posts: 57
    edited August 2015
    You can imagine such protocol (though it is not necessarily what you want):
    your web-site accepts entries from users, using its own identification and authentication, and stores records for each user privately. The records are then individually hashed by a cryptographic hash function (you can choose sha3-256bit, because there is such opcode in EVM), and then composed into a Merkle tree. The root of the tree is given to the contract and saved in its storage. Whenever user data changes, your web-site updates the merkle tree root in the contract.
    Now, the users can privately request from your web-site the proof that their records are in the merkle tree. Then they can present that proof to the contract (who can verify it, because it has the root), and simultaneously create an association between their record on your web-site and their ethereum address, which then later can be used for payouts (triggered by the call from your web-site).
  • ledgerwatchledgerwatch Member Posts: 57
    Actually the protocol I described is not really secure - anyone can intercept the merkle proof and associated it with the wrong address. So it is just an idea :)
  • domschdomsch Member Posts: 11
    Yeh I'm really just trying to create a small prototype, so the aspects of security are not "that" important. Although what I fear is that implementing such a system with a merkle tree will be too time consuming to implement. I will think of another setup to see how I can best present this ;)
  • MetalMetal Member Posts: 17
    One thing to keep in mind is that contract methods can be called in two very different ways:

    - As a transaction, a contract call is indeed public. It becomes part of the blockchain. This is necessary for methods that modify the state of a contract.

    - As a constant call however, the call never leaves the node it runs on. No trace of it appears on the blockchain and no state change is possible in those calls.

    Now the use case you describe sounds like you'd want to use the latter type of calls. If all you need is a method that takes some input, validates it against the contract logic and possibly some of its pre-existing state, and returns a true/false answer, you don't want a transaction generated for every call, and as a consequence of using constant calls, the data you pass to that method will be kept on your local ethereum node and go no further.
Sign In or Register to comment.