Privacy in Litentry I: Implications and Design

“I care about my data. It’s crucial to be able to hide certain aspects.” — an anonymous web3 user.

Privacy plays a crucial role in the design of the Litentry Protocol. However, this isn’t always the case in web3 projects, as people often conflate anonymity with privacy, or misunderstand that we must compromise privacy for trust.

In this article we will talk about the philosophical foundations of privacy in Web3, and how that informs the privacy preserving designs in the Litentry Protocol.

What privacy means in the Web3 space

In 1993, Cypherpunk Manifesto laid out the statement “Privacy is necessary for an open society in the electronic age.” Indeed, the Cypherpunk movement advocates the use of cryptography and other privacy-preserving technologies to facilitate social and political change.

Privacy is hard to define, which makes legal policy-making and privacy paradigms difficult to design and implement. In “the Right to Privacy”, one of the most influential privacy-focused essays in the history of American law, privacy is defined as “the right to be alone.” In the aforementioned Cypherpunk Manifesto, privacy is “the power to selectively reveal oneself.” GDPR adopts the “informed consent” model, where users must be given sufficient information and understanding before making decisions about their data.

Maybe one of the most prevailing theories of privacy in Web3 is the theory of Contextual Integrity. As defined by Helen Nissenbaum in her book Privacy in Context, privacy concerns an appropriate information flow, where appropriateness, in turn, is defined as conformance with legitimate, informational norms specific to social contexts.

Based on Nissenbaum’s work, the authors of Decentralized Society: Finding Web3’s Soul (DeSoc) proposed seeing privacy as a “programmable, loosely coupled bundle of rights to permission access, alter or profit from information.” rather than simply as a right to private property. Despite the intersected, shared nature of data ownership, the design of blockchain allows data to be transparent, for which we’ll never fully possess our on-chain data. We never had full control over who can see, access, or leverage our data, and it is questionable to say it is desirable to achieve this level of data control.

Privacy in the Litentry Protocol

Our philosophy of privacy

At its core, privacy is about controlling personal data. Understanding the self-sovereignty of personal data is essential before understanding our view of privacy.

To us, ownership or self-sovereignty of data represents the right to

• View and manage data,
• Define permissions, and
• Profit from or exchange value with data

As you may see, the above rights don’t guarantee that your data is fully concealed, but they restrict others from any unwarranted access or use. This speaks to the difference between secrecy and privacy: while secrecy conceals a part of yourself completely, privacy allows you to reveal yourself selectively. Such that others can still see you, but in a way that you are comfortable with and have consented to.

In the spectrum of public, private, and secret, we are dedicated to enabling the user control of the flow, the preservation, and the computation of private data, which is the part of data you’d wish to selectively reveal to others. As you can see in the graphic below, at one end of the spectrum, we have blockchain’s radical transparency; making data open to view for the public. On the other end, we have complete anonymity, making it hard to accumulate reputation or trust online.

We operate in the ‘private’ area of the spectrum, hoping to unlock the benefits of pseudo-anonymity, and in the process, enabling new identity-based markets in the process.

Secret-Private-Public

Our Technological Approach to preserving privacy

During data’s lifespan, they usually go through the path of generation, storage, query, computation, transmission, verification, and more. The ‘privacy problem’ can happen at any stage of the data’s lifespan.

Keeping this in mind, Litentry’s privacy designs aim to preserve privacy during the query, computation, transmission, and verification stages. Given that the nature of blockchain determines that on-chain data is public and attainable, it means that the generation and storage of raw data are not our concern. However, it is worth mentioning that some processed forms of data, under a data owner’s request, will be stored in a trusted environment. At the same time, it is difficult for us to control if the verifier will subsequently expose the information received by the verifier to unwanted third parties. Thankfully, our technology ensures that only a minimum, or rather context-specific information is provided to the verifier.

The (Incomplete) Data Lifespan

We believe that it is important to achieve a programmable, retro-manageable revelation of private data. Amid the absence of data sharing standards, data owners remain the ultimate judge to decide how, where, when, and to whom the flow of personal data is appropriate. To achieve this, we use the following design:

• Trusted Execution Environment (TEE) Sidechain/Off-chain. The TEE sidechain/off-chain ensures that private data can be stored, computed, and transported in a secure and private manner.
• The separation of local storage and central storage. Making good use of local storage from the user end gives users authority over the management of their data, as well as eschewing potential data leaks from traditional central storage.
• Verifiable Credentials (VC). A W3C standard for verifying a personal claim to a third party by revealing a selective piece of information. The VC standard is flexible and can be encrypted. It is used to prove a private statement or grant access to a certain scope of information to facilitate trust between the VC sender and receiver.

Three major privacy designs in Litentry

Let’s wrap up this article with a summary:

• Based on Nissenbaum’s privacy-in-context theory, the DeSoc paper proposed seeing privacy as a “programmable, loosely coupled bundle of rights to permission access, alter or profit from information.”
• We believe that self-sovereignty does not give you full control over data, but rather the right to view, manage, permission access and exchange value with data.
• Litentry’s privacy designs aim to preserve privacy during the query, computation, transmission, and verification stages of the data lifespan.
• We believe that it is important to achieve a programmable, retro-manageable revelation of private data. Our current privacy design is constituted of the TEE sidechain/offchain, separation of local and central storage, and use of verifiable credentials.

Special thanks to Patrick Cajina Cortez and Minqi Wang for reviewing and contributing to this piece!

Here are links to read the next publications to better understand the novel solution we are building at Litentry:

• Privacy in Litentry II: Trusted Execution Environment Explained
• Privacy in Litentry III: TEE Sidechain

What do you think about privacy in Web3? Why do you care about privacy? Let us know in the comments!