‘Privacy preserving’ smart contracts

Posted by on Jul 13, 2018

Blockchain computer programs are pretty smart—that’s why we call them smart contracts—but they’re also pretty weak. If they’re going to achieve many of the lofty, world-changing goals that blockchain proponents say they will, like revolutionize healthcare and the energy industry, and give people back control of their personal data online, they’re going to need a revolution in how they’re run. That’s where Dawn Song’s new startup, Oasis Labs, comes in.

Song says Oasis Labs has developed new “privacy preserving” smart contract technology that overcomes fundamental limitations of today’s most popular smart contract platform, Ethereum. She and several colleagues described a major component of the system in a recently published research paper (PDF).

Ethereum and similar smart contract systems have limited utility for two main reasons, according to Song. First, the network’s rules generally require that every node execute every smart contract—that’s how the network reaches consensus. Second, today’s smart contracts can’t assure the confidentiality of sensitive data. Blockchains were built to be transparent. That’s why so many theoretical blockchain applications are still stuck on the drawing board.

Health care organizations, for example, are interested in using blockchains to make patients’ medical information more easily shared and accessible to researchers. Smart contracts could be used to encode privacy-related terms of use, and let users selectively dole out access to their data. That would go a long way toward simplifying what is today a cumbersome process. But some of the most interesting ways that medical researchers want to use sensitive health data—for example, in sophisticated analytics and machine learning models—require high-performance computing and fool-proof confidentiality.

How will Oasis pull off this cryptographic sorcery? Contracts will run inside an isolated piece of hardware called a secure enclave. The enclave acts like a black box, keeping the computation private from a computer’s other applications, its operating system, and its owner. It also generates cryptographic proof that the programs were executed correctly—and that proof goes on the blockchain.

I am curious about those projects, since one thing is obvious: without a trusted privacy backbone, blockchains will not realize their full potential.