Web 3.0, is an emerging new model for the internet economy that is calling for redistribution and democratization of value flowing on the internet. Web 3.0 revolution has brought us many interesting concepts and products. For instance, decentralized finance (DeFi) allows any user to have an access to sophisticated financial services without the need of opening a bank account. As the size of the cryptocurrency market grows, we expect many traditional institutions to join the DeFi market in the near future. A natural requirement of institutional money is regulatory compliance. Due to the sensitive nature of know-your-client (KYC) information, users, especially newcomers to DeFi are usually reluctant to give out their private information to the DeFi apps mostly due to the fear of losing control of their private data. On the other hand, the traditional financial (TradFi) system has gathered tremendous KYC information regarding its customers. How to leverage this private information while addressing the users’ privacy concerns so that more TradFi users can join the sphere of DeFi has become a central challenge. As a matter of fact, many traditional institutions such as HSBC or Lloyds have already joined the open banking movement, in which consumers are able to grant their KYC data to third-party providers in a fine-grained manner. A private data sharing mechanism between TradFi institutions and DeFi apps that enables the users to have fine-grained access control on their private data will be in high demand as the regulatory compliance requirement for DeFi grows.
Another interesting concept that represents the spirit of Web 3.0, non-fungible token (NFT), first as a new way of monetizing digital artwork, has gradually been transformed into a new frontier of redefining decentralized identifiers (DID). NFT can play various roles in decentralized projects. For instance, numerous decentralized projects have issued NFTs to represent how involved a particular community member is with the project. An artist can issue an NFT as an exclusive membership token for his/her fans. In many cases, the ownership of an NFT also signifies one’s identity or status. As a matter of fact, there is a growing trend using NFT as a premise for gated access to either digital or physical experience [nftGatedAccess]. For instance, imagine you wish to attend an NFT-gated online concert on a Metaverse platform. You could only attend the concert if you are either the owner of at least one Crypto Punk or at least two Bored Apes. Here the online concert could be replaced with an art exhibition in the Metaverse or a DAO zoom meeting, and it could also be a physical service such as renting a bike [pavemotors]. The access policy could be any logical formula that connects all kinds of NFT tokens.
Compared with traditional public-key encryption where the message receiver gets either nothing or all, functional encryption allows the message sender to precisely define what information on the encrypted message is allowed to be revealed to the receiver. In fact, functional encryption was originally proposed as a tool to enforce fine-grained access control over encrypted data [GPSW2006]. Therefore, it is a natural solution to all the aforementioned access control problems. Take the gated NFT case as an example, the access key to the online concert could be encrypted under the policy “1 Crypto Punk & 2 Bored apes”. Only those who have a secret key corresponding to at least two Bored apes or 1 Crypto Punk is able to decrypt the secret key entering the concert. Similarly, functional encryption can also serve as a handy tool for the private data-sharing platform between TradFi and DeFi.
In this context, Ruby will design and implement a fine-grained personal data management framework, which would serve as a second-layer/middleware protocol interacting with the multi- chain ecosystem. The framework will enable a data owner or an entity representing the owners to enforce a fine-grained access control policy over the encrypted private data using Functional Encryption (FE). The access control policy will be built into the smart contracts, and the relevant monetary transaction will also be executed via the smart contracts. This is why this solution is defined as a second-layer/middleware protocol.
The major technical contributions of this project will be:
- We build a private data management framework by leveraging the power of functional encryption and smart contracts. The proposed system will enable a fine-grained data management layer for the multi-chain world and Web 3.0, including a private data sharing platform be- tween TradFi and DeFi, NFT-gated access, etc. A Fine-grained access control policy layer is proposed so that it can be built into the smart contracts to be deployed in multi-chain. The policy layer will be instrumental to satisfy the need of the regulatory compliance requirement and NFT-gated access control.
- We devise an access control mechanism to ensure that legitimate buyers, on receiving the data owner’s permission, can get access to the target data, be it the private KYC data in the case of private data sharing between TradFi and DeFi, or the access token of NFT-gated access system.
- We introduce a payment system, which will not only enforce payment privacy when needed but allow the accrue of value transferred among different parties in the system. We also introduce a review mechanism, with incentivization to buyers, to attract more sellers and buyers to our platform, and to motivate them to behave honestly.
- We employ a digital watermarking technique to guarantee the traceability of the encrypted data, which will add an additional guarantee on the authenticity of the users’ private data.