DATA PRIVACY TECHNOLOGY CONFIDENTIAL DATA EXCHANGE

ENRICHED DATA INSIGHT AND EXCHANGE
ACROSS COMPLEX INFORMATION BORDERS WITH
MINIMAL REGULATORY AND SECURITY RISKS

ZERO-TRUST ENVIRONMENTS

The hyper-connected world requires new, dynamic security
based on changing parameters and scenarios

THE HEART OF THE DGT PLATFORM

The Premise

The modern economy is the data economy. Customer data has become the “new oil” that is the quintessence of building modern digital ecosystems. Horizontal and vertical integration increases among enterprises and this hyper-connected world is leading to new cybersecurity threats beyond just one organization’s borders.

Privacy is a big concern of our era. According to McKinsey & Company’s survey, no industry has reached a trust rating of 50%+ for data protection. Meanwhile, according to the same source, 87% of consumers would not to business with a company if they had data security concerns. The regulators are strict as well. In Europe, the General Data Protection Regulation stipulates a fine of up to 4% of global revenues in case a company neglects consumer privacy; in one case, a company was fined $180 million USD.

It is necessary to form new zero-trust-security models in order to protect sensitive information that is
(1) divided among various sources and organizations;
(2) mutually enriching with other datasets thus breaching security;
(3) vulnerable to hacking, leaking, spyware, and other attacks.
It is essential in both centralized and decentralized systems for exchanging data among enterprises.

These new models must expand beyond the old focus of data storage and retrieval and protect data exchange in the complex business systems that exist today. It is necessary to move to dynamic security based on changing parameters and scenarios and with consideration for context and characteristics of the data itself.

ABOUT DATA PRIVACY ON THE DGT NETWORK

Enterprise ecosystems rely on data sharing to generate benefit. But sharing confidential data on blockchain is unsafe and often illegal.


DGT uses Zero Knowledge Proof (ZKP) and Secure Multi-Party Computation (SMPC) to secure three core operating processes:
(1) data exchange;
(2) decentralized identity management; and
(3) off-chain calculations through notary node ORACLES.

DGT Zero Knowledge Proof (ZKP)

ZKP is a cryptographic method by which one party (the prover) can prove to another party (the verifier) that a given statement is true, while the prover avoids conveying any additional information.

DGT supports the following:

Succinct non-interactive arguments (SNARG), such as “Bulletproofs”;

Interactive ZKP methods for proofing on-chain data with off-chain information without the ability to directly compare the two (through notaries);

Classic k-Anonymity, l-Diversity, t-Closeness for identity management;

Shamir Secret Sharing-based method for tokenization.

DGT Secure Multi-Party Computation (SMPC)

SMPC reaches a compromise between confidentiality and utility of data, while alleviating the risks of leaks or malicious use during data collection. It shows final analysis results without disclosing the intermediary information used for the calculations. It is one of the less resource costly and most secure methods for confidential calculations.

DGT uses:

A proprietary PSI/SMPC protocol based on the Diffie-Hellman exchange protocol, BFV HE scheme, Cuckoo hasing, and Oblivious Pseudorandom Function (OPRF);

Calculation is done in two phases: preliminary calculation (offline), then executing intersection (online phase).

Some of the Resolved Risk Scenarios

Contextual enrichment. Blockchain startup distributes coins to team and investors. Approximating ownership can identify public key to person. From then on, all their transactions and contacts can be tracked.

KYC. Submitting personal ID documents for KYC often discloses public key <-> person to private providers, exchanges, and start-ups; all of which are not bound by banking confidentiality.

Smart Contracts. Tokenizing assets leaves metadata. Because of the uniqueness of assets, further k-anonymity approaches can easily reidentify connected people & objects.

Identification. Necessary for AML, security laws, but placing information on-chain is visible to all and illegal under privacy laws. Accessing off-chain information is expensive.

Data Integration. Corporations benefit from combining financial, geo-tagged, marketing data. Unprecedented cross-selling opportunities arise. But exchanging this data is unsafe and often illegal.


DGT’s ZKP and SMPC mechanisms provided the additional layers of security and confidentiality of data, making sensitive information invisible to individuals and companies, while still providing the necessary insight and verification.