I'm developing an application that should be able to store encrypted user information and also prove ownership / timestamp of that information.
The problem is that the information is private therefore i don't think there is a way of storing it on the blockchain, We could encrypt the text and put write to the chain but then in the future a super fast computer would be able to decrypt the content just by reading the blockchain !?
In order to "workaround" the "everything is public on the blockchain" problem, i'm thinking about storing the encrypted file somewhere else and keep track of where they are stored in a private database, so the only way to have access to the files would be to gain access to my database which then would just have a link to the encrypted files, so hopefully this would be extra security compared to all the content encrypted on the blockchain.
I'm relatively new to the blockchain ( compared to programming and databases ), so i'm afraid i might have not understood some "basic web3 law" or that i'm thinking it "the old way", so please feel free to tell me i'm absolutely wrong.
How i imaged things working:
- User upload private information, the system encrypt it and store it somewhere decentralised and get the URL of where it was sotred, the md5 of the uploaded content store in a private database, which will yield unique id for that file.
Proof of upload:
- Write to the blockchain a "receipt" which basically includes the id of user that uploaded the content, the unique id of the file and the md5 hash of the content and the timestamp.
Retrieving the file:
- Query my contract to find which files the user has access then query my database to find the file URL's and then deliver the encrypted file to my user, which will then decrypt with his own key.
How could the end user prove ownership of that private content?
- The only way would be the user to login on the system, download and decrypt the file with his key. The system would also be able to tell the ID of the receipt on the blockchain, which will contain the md5 of the file and the timestamp of the upload.
- The md5 on the blockchain would be used to prove the downloaded ( encrypted ) file is actually the one our private database was pointing to ( and that nobody with access to our private database has changed the link to a new uploaded file ).
Does that make any sense at all?
Any input is highly appreciated!