Proof of Privacy: Why Web3’s Future Needs Blind Badges

PUBLISHED

12.16.2024

AUTHOR

CATEGORY

Ecosystem

Trust has been broken between applications and their users. Whether it’s a web2 or a web3 app, you’re often forced to take the developer’s word about its security, privacy, and decentralization. We’re fixing that.

Today we’re launching the Blind Badge system – a transparent, visual standard that measures the extent to which an application leverages Nillion’s full functionality, an indicator of how trustless the application’s architecture design really is. No more marketing buzzwords. No more vague promises. Just clear, measurable metrics that tell you how your data is accessed, stored and computed.

Why this matters

Every application makes different tradeoffs between security, privacy, and usability. Some apps claim to be “fully decentralized” while keeping control of your encryption keys. Others advertise “military-grade encryption” but process your data in plaintext. The Blind Badge cuts through the noise by showing you exactly how each application uses the Nillion Network and its privacy and security benefits through a simple color-coded system.

In the same way that blockchains may start off more centralized and then decentralize over time, consumer applications may start out with more trust assumptions and move further down the trustlessness spectrum over time. The Blind Badge allows these applications’ users to monitor and track their progress in this regard, and celebrate them when they achieve trustlessness milestones.

How the Blind Badge Works

The Blind Badge evaluates applications across six key dimensions, visually represented through a color-coded system where green indicates the highest level of trustlessness.

Core Metrics
  • Access Control:
    • Low Score: No Access Control: Sensitive data is accessed without the user’s permission or any other form of access control.
    • Medium Score: Centralized Access Control (Web2): Access is managed by a centralized entity, as is common in traditional web services.
    • High Score: Decentralized Access Control: Access is managed through decentralized mechanisms, granting users full sovereignty over their data.
  • Storage:
    • Low Score: No Encryption: Sensitive data is stored in plaintext, either on a public decentralized network or a private centralized server. It can be accessed by the central entity and anyone who manages to breach the system.
    • Medium Score: Centralized Encryption (Web2): Sensitive data is encrypted, but the decryption keys are held by a single central entity.
    • High Score: Decentralized Encryption: Sensitive data is safeguarded using secret-sharing, encryption, or other cryptographic methods where decryption keys are managed in a decentralized manner, improving security and privacy.

 

  • Compute:
    • Low Score: In Plaintext: Computations are performed directly on unencrypted data.
    • Medium Score: Hardware Privacy-Enhancing Technologies (TEEs): Hardware-based PETs are used for computations, but the data itself remains unencrypted.
    • High Score: Software Privacy-Enhancing Technologies (MPC, FHE, etc.): Software-based PETs enable computations on encrypted data, ensuring privacy throughout the process.
Advanced Level of Trustlessness

Beyond the three metrics described above, we will eventually also evaluate apps on:

 

  • Accountability:
    • No Accountability: Semi-Honest Security: Assumes participants follow the protocol, though they may still try to learn extra information. There are no mechanisms to detect or penalize any hidden intentions.
    • Hybrid Accountability: Cluster Level: If a participant deviates from the protocol, the system detects that a violation occurred without identifying the specific node. Instead, the cluster is held accountable to some degree.
    • Full Accountability: Malicious Security: Assumes participants may actively break rules, engage in fraud, or attempt deception. The system not only detects misbehavior but also identifies the malicious nodes and holds them accountable through enforceable penalties (like slashing assets).

 

  • Integrity:
    • No Integrity: No mechanisms exist to detect when nodes attempt to modify information in an unauthorized way.
    • Detection: Ability to detect when nodes modify information in an unauthorized way
    • Correction: Ability to detect which nodes have engaged in unauthorized modifications and apply measures that preserve the accuracy of the final outcome, effectively neutralizing their misconduct.

 

  • Verification:
    • No Verification: No proof mechanism ensures that computations have been performed as claimed.
    • HW Attestation: Hardware-based proof that computations were executed as claimed.
    • SW Proof: Software-based proofs for computation veracity, ensuring that what is claimed about computations is true.

 

The Blind Badge system represents our commitment to transparency and continuous improvements in decentralized technology. As security and privacy standards continue to evolve, so too will our evaluation criteria and badge system.