Category: encryption

Posted on by Leave a comment

Exploring the Concept of Virtual Identity: A Technical Analysis

Virtual Identity Explained

With the increasing use of technology, the concept of virtual identity has become a popular topic of discussion. Virtual identity refers to the digital representation of an individual, which includes personal information, behavior, and interactions in the online world. This article explores the technical aspects of virtual identity and its role in various digital platforms.

The Technical Aspects of Virtual Identity

Virtual identity is a complex concept that involves technical aspects such as data encryption, user authentication, and digital signatures. Data encryption is used to ensure that personal information is kept secure during transmission across networks. User authentication is the process of confirming the identity of an individual using a username and password, biometric verification, or other identification methods. Digital signatures are used to verify the authenticity of electronic documents and transactions.

Virtual Identity: The Role of Authentication

Authentication is a critical component of virtual identity, as it ensures that only authorized individuals have access to personal information and digital resources. In addition to usernames and passwords, modern authentication methods include multi-factor authentication, biometric verification, and behavioral analysis. Multi-factor authentication involves using more than one form of identification, such as a password and a security token. Biometric verification uses physical characteristics, such as fingerprints or facial recognition, to identify individuals. Behavioral analysis uses machine learning algorithms to analyze user behavior and detect anomalies that may indicate fraudulent activity.

Virtual Identity vs. Real Identity: A Comparison

Virtual identity differs from real identity in several ways. Real identity refers to an individual’s physical characteristics and personal information, such as name, date of birth, and address. Virtual identity includes this information, as well as online behavior, interactions, and preferences. Virtual identity can be more fluid than real identity, as individuals can create multiple virtual identities or change their online persona to fit different contexts.

Privacy Concerns in Virtual Identity

Privacy is a major concern in virtual identity, as personal information can be easily accessed and exploited in the online world. Individuals must be aware of the risks associated with sharing personal information online and take steps to protect their virtual identity. This includes using strong passwords, limiting the amount of personal information shared online, and being cautious when interacting with unknown individuals or sites.

Digital Footprint: Building Virtual Identity

A digital footprint is the trail of data left behind by an individual’s online activity. This includes social media posts, search engine queries, and website visits. A digital footprint can be used to build a virtual identity, as it provides insight into an individual’s behavior and interests. It is important for individuals to manage their digital footprint and ensure that it accurately represents their values and beliefs.

The Importance of Virtual Identity Management

Virtual identity management involves controlling and maintaining an individual’s online presence. This includes monitoring online behavior, managing privacy settings, and responding to negative content or reviews. Virtual identity management is important for individuals, businesses, and organizations to maintain a positive image and protect against reputation damage.

Virtual Identity and Cybersecurity

Virtual identity is closely tied to cybersecurity, as the protection of personal information and digital resources is essential to maintaining virtual identity. Cybersecurity involves protecting against unauthorized access, cyber-attacks, and data breaches. Individuals and businesses must implement strong security measures, such as firewalls, encryption, and intrusion detection systems, to protect against cyber threats.

Virtual Identity in Social Media

Social media platforms are a major component of virtual identity, as they provide a space for individuals to express themselves and interact with others online. Social media profiles can be used to build a virtual identity, showcase skills and accomplishments, and connect with others in a professional or personal capacity. It is important for individuals to be mindful of their social media activity and ensure that it aligns with their desired virtual identity.

Virtual Identities in Gaming: A Technical Discussion

Virtual identities are also prevalent in the gaming world, where individuals can create avatars and interact with others in virtual environments. Gaming platforms must implement strong security measures to protect against hacking, cheating, and other forms of abuse. Virtual identities can be used to enhance the gaming experience, as players can customize their avatars and build relationships with other players.

Virtual Reality and Virtual Identity

Virtual reality technology allows individuals to immerse themselves in virtual environments and interact with others in a more realistic way. Virtual reality can enhance virtual identity by allowing individuals to create more realistic avatars and interact with others in a more natural way. It is important for individuals to be aware of the privacy risks associated with virtual reality and take steps to protect their personal information.

The Future of Virtual Identity

As technology continues to evolve, the concept of virtual identity will become increasingly important. It is up to individuals, businesses, and organizations to manage virtual identity effectively and protect against cyber threats. By understanding the technical aspects of virtual identity and implementing strong security measures, individuals can build a positive online presence and protect their personal information in the digital world.

Posted on by Leave a comment

Blockchain: Fortifying Identity, Finance, and Privacy

The Power of Blockchain Technology

Blockchain technology has emerged as a game-changer in the digital landscape, transforming the way we manage identity, finance, and privacy. At its core, blockchain is a decentralized, immutable, and transparent ledger that enables secure and instant transactions without the need for intermediaries or centralized authorities. This revolutionary technology has the potential to disrupt traditional industries, boost innovation, and empower individuals and communities.

In this article, we will explore how blockchain is fortifying identity, finance, and privacy, and its real-world applications, challenges, and future prospects. We will also discuss the legal, cybersecurity, and social impact implications of blockchain, and how it can contribute to a more equitable and sustainable world.

Blockchain and Identity: A New Era of Digital Identity Management

Identity is a fundamental aspect of our lives, both online and offline. However, traditional identity management systems are often fragmented, insecure, and vulnerable to data breaches and identity theft. Blockchain offers a new paradigm for digital identity management, based on decentralized and self-sovereign identity (SSI) principles.

SSI allows individuals to own, control, and share their identity information securely and selectively, without relying on third-party intermediaries or central authorities. By using blockchain-based identity solutions, individuals can authenticate themselves seamlessly, access services and resources, and protect their privacy and security.

For instance, the Sovrin Network provides a decentralized identity infrastructure that enables trusted and verifiable digital identities, based on open standards and interoperability. Other blockchain-based identity platforms include uPort, Civic, and SelfKey, which offer similar features and benefits.

Blockchain and Finance: Towards a More Transparent and Secure Financial System

Finance is another area where blockchain is making significant strides, by enabling more transparent, efficient, and secure transactions. Blockchain-based finance, also known as decentralized finance (DeFi), is a rapidly growing ecosystem that offers a range of financial services, such as lending, borrowing, trading, and investing, without relying on traditional intermediaries or centralized authorities.

DeFi leverages blockchain’s features, such as smart contracts, tokenization, and interoperability, to provide more accessible and inclusive financial services, especially for underserved and unbanked populations. For example, stablecoins, which are blockchain-based digital currencies pegged to traditional assets, can provide a stable store of value and a more reliable means of exchange, especially in volatile markets.

Other DeFi applications include decentralized exchanges (DEXs), which allow peer-to-peer trading of digital assets without intermediaries, and yield farming, which enables users to earn interest on their crypto holdings by providing liquidity to DeFi protocols. However, DeFi is not without risks, such as smart contract vulnerabilities, liquidity issues, and regulatory challenges.

Blockchain and Privacy: Protecting Personal Data in a Decentralized World

Privacy is a critical aspect of digital life, as it enables individuals to control their personal information and prevent unauthorized access, misuse, or exploitation. However, traditional privacy solutions, such as centralized databases or encryption, have limitations and vulnerabilities that can be exploited by cybercriminals or surveillance agencies.

Blockchain offers a new approach to privacy, based on cryptographic techniques and distributed storage. By using blockchain-based privacy solutions, individuals can protect their data from unauthorized access, maintain anonymity, and ensure data integrity and immutability.

For example, zero-knowledge proofs (ZKPs) are cryptographic protocols that enable parties to prove the validity of a statement without revealing any additional information. ZKPs can be used to authenticate identities, verify transactions, and protect sensitive data without compromising privacy.

Other blockchain-based privacy solutions include homomorphic encryption, ring signatures, and multi-party computation, which offer different levels of privacy and security. However, privacy is not absolute, and there are trade-offs between privacy, usability, and scalability.

How Blockchain Works: The Fundamentals of Distributed Ledgers and Cryptography

To understand how blockchain works, we need to delve into its fundamental principles and components. At its core, blockchain is a distributed ledger that maintains a record of transactions, verified by a network of nodes, without the need for trust or intermediaries.

Each block in the blockchain contains a cryptographic hash of the previous block, creating an immutable and tamper-evident chain of blocks. Transactions are validated and added to the blockchain through consensus mechanisms, such as proof-of-work (PoW) or proof-of-stake (PoS), which incentivize nodes to contribute computing power and verify transactions.

Blockchain also relies on various cryptographic techniques, such as public-key cryptography, hash functions, and digital signatures, to ensure data confidentiality, integrity, and authenticity. These techniques enable secure and transparent transactions, without revealing sensitive information or compromising privacy.

Blockchain technology is not limited to cryptocurrency transactions, but can also be applied to various use cases, such as supply chain management, voting systems, and intellectual property management.

Blockchain Use Cases: Real-World Examples of Blockchain Applications

Blockchain has already demonstrated its potential to transform various industries and domains, from finance and identity to healthcare and energy. Some notable blockchain use cases include:

  • Supply chain management: Blockchain can provide end-to-end visibility and traceability of products, from raw materials to distribution, ensuring authenticity, quality, and compliance.
  • Healthcare: Blockchain can enable secure and interoperable sharing of patient data, as well as tracking of medical supplies and drugs, reducing errors, fraud, and inefficiencies.
  • Energy: Blockchain can facilitate peer-to-peer energy trading, renewable energy certificates, and carbon credits, enabling more sustainable and decentralized energy systems.
  • Gaming: Blockchain can enable secure and transparent ownership, transfer, and trading of in-game assets, as well as provably fair gaming outcomes, enhancing player experience and trust.

These are just a few examples of how blockchain is disrupting traditional industries and enabling new business models and opportunities.

Blockchain Challenges: Overcoming Scalability, Interoperability, and Adoption Hurdles

Despite its potential and benefits, blockchain also faces various challenges and limitations that hinder its widespread adoption and scalability. Some of these challenges include:

  • Scalability: Blockchain’s limited processing power and storage capacity can limit its throughput and transaction speed, especially for large-scale applications.
  • Interoperability: Blockchain’s fragmentation and lack of standardization can hinder its compatibility and integration with other systems and platforms, causing data silos and inefficiencies.
  • Adoption: Blockchain’s complexity and unfamiliarity can deter users and organizations from adopting it, especially in regulated industries or conservative environments.

To overcome these challenges, blockchain developers and researchers are exploring various solutions, such as sharding, sidechains, and interoperability protocols, as well as user-friendly interfaces and educational resources.

The Future of Blockchain: Beyond Cryptocurrencies and Initial Coin Offerings

Blockchain is still at an early stage of development, and its potential is far from fully realized. In the future, blockchain is likely to evolve and expand beyond its current applications and use cases, enabling new forms of value creation, governance, and social impact.

Some possible future developments of blockchain technology include:

  • Decentralized autonomous organizations (DAOs): DAOs are organizations that operate on blockchain-based smart contracts and are governed by their members. DAOs can enable more transparent and democratic decision-making, as well as more efficient and resilient organizations.
  • Internet of Things (IoT): Blockchain can provide secure and decentralized communication and data sharing among IoT devices, enabling more efficient and trustworthy IoT applications, such as smart homes, cities, and factories.
  • Artificial intelligence (AI): Blockchain can enable more secure and transparent training, validation, and deployment of AI models, as well as more accountable and ethical AI systems.

These are just some of the potential future applications of blockchain technology, and the possibilities are limited only by our imagination and creativity.

Blockchain Regulation: Navigating the Legal Landscape of Digital Assets

Blockchain’s decentralized and borderless nature poses significant challenges for regulatory frameworks and compliance measures. However, blockchain also offers opportunities for more efficient and effective regulation, based on transparency, accountability, and innovation.

The regulation of blockchain and digital assets varies across countries and jurisdictions, reflecting different legal, cultural, and economic contexts. Some countries, such as Malta, Switzerland, and Singapore, have adopted blockchain-friendly regulatory frameworks and attracted blockchain startups and investments.

Other countries, such as China and India, have adopted more restrictive policies and regulations, limiting the growth of blockchain and digital assets. However, the global trend is towards more regulatory clarity and convergence, as blockchain becomes more mainstream and recognized as a legitimate technology and asset class.

Blockchain and Cybersecurity: Enhancing Data Protection and Threat Detection

Cybersecurity is a critical aspect of blockchain, as it enables secure and trustworthy transactions and protects users from various threats, such as hacking, phishing, and malware. However, blockchain itself is not immune to cybersecurity risks and vulnerabilities, such as 51% attacks, smart contract bugs, and social engineering.

To enhance blockchain cybersecurity, various measures and solutions are being developed and deployed, such as:

  • Multi-factor authentication: This requires multiple forms of authentication, such as passwords, biometrics, and tokens, to access blockchain accounts and wallets.
  • Cold storage: This refers to storing cryptocurrencies and assets offline, in physical devices or paper wallets, to reduce the risk of online attacks.
  • Anti-money laundering (AML) and know-your-customer (KYC) regulations: These require blockchain-based businesses and exchanges to verify the identity and source of funds of their users, to prevent money laundering and terrorism financing.
  • Cyber threat intelligence (CTI): This involves collecting and analyzing data on cyber threats and vulnerabilities, to proactively detect and prevent attacks on blockchain networks and applications.

Blockchain and Social Impact: Empowering Communities and Reducing Inequality

Blockchain has the potential to contribute to social impact and sustainability goals, by enabling more democratic, transparent, and inclusive systems and applications. Blockchain-based solutions can empower marginalized communities, reduce inequalities, and promote social innovation and entrepreneurship.

For example, blockchain can enable:

  • Financial inclusion: Blockchain-based financial services, such as microlending, can provide access to capital for underserved and unbanked populations, reducing poverty and inequality.
  • Digital
Posted on by Leave a comment

Decentralized Autonomous Organization (DAO)

 
 

What Was the Decentralized Autonomous Organization (DAO)?

One of the major features of digital currencies is that they are decentralized. This means they are not controlled by a single institution like a government or central bank, but instead are divided among a variety of computers, networks, and nodes. In many cases, virtual currencies make use of this decentralized status to attain levels of privacy and security that are typically unavailable to standard currencies and their transactions.

 

Inspired by the decentralization of cryptocurrencies, a group of developers came up with the idea for a decentralized autonomous organization, or DAO, in 2016.1

 

KEY TAKEAWAYS

  • The DAO was an organization created by developers to automate decisions and facilitate cryptocurrency transactions.
  • In June 2016, due to programming errors and attack vectors, hackers attacked the DAO, accessing 3.6 million ETH.
  • Digital exchange currencies de-listed the DAO token in September 2016.

Understanding the Decentralized Autonomous Organization (DAO)

The DAO was an organization that was designed to be automated and decentralized. It acted as a form of venture capital fund, based on open-source code and without a typical management structure or board of directors. To be fully decentralized, the DAO was unaffiliated with any particular nation-state, though it made use of the ethereum network. 

 

Why make an organization like the DAO? The developers of the DAO believed they could eliminate human error or manipulation of investor funds by placing decision-making power into the hands of an automated system and a crowdsourced process. Fueled by ether, the DAO was designed to allow investors to send money from anywhere in the world anonymously. The DAO would then provide those owners tokens, allowing them voting rights on possible projects.

 

The DAO launched in late April 2016 thanks to a month-long crowdsale of tokens that raised more than $150 million in funds.2 At the time, the launch was the largest crowdfunding fundraising campaign of all time.

 

Criticisms of the DAO

By May 2016, the DAO held a massive percentage of all ether tokens that had been issued up to that point (up to 14%, according to reporting by The Economist).3 At roughly the same time, however, a paper was published which addressed several potential security vulnerabilities, cautioning investors from voting on future investment projects until those issues had been resolved.

 

Later, in June 2016, hackers attacked the DAO based on these vulnerabilities. The hackers gained access to 3.6 million ETH, worth about $50 million at the time.4 This prompted a massive and contentious argument among DAO investors, with some individuals suggesting various ways of addressing the hack and others calling for the DAO to be permanently disbanded. This incident also figured prominently in the hard forking of ethereum that took place shortly thereafter.

 

According to IEEE Spectrum, the DAO was vulnerable to programming errors and attack vectors.5 The fact that the organization was charting new territory in terms of regulation and corporate law likely did not make the process any easier. The ramifications of the structure of the organization were potentially numerous: investors were concerned that they would be held liable for actions taken by the DAO as a broader organization.

 

The DAO operated in murky territory about whether or not it was selling securities, as well. Further, there were long-standing issues regarding the way that the DAO would function in the real world. Investors and contractors alike needed to convert ETH into fiat currencies, and this could have impacted the value of ether.

 

Following the contentious argument over the DAO's future and the massive hacking incident of earlier in the summer, in September 2016, several prominent digital currency exchanges de-listed the DAO token, marking the effective end for the DAO as it was initially envisioned.67

 

In July 2017, the Securities and Exchange Commission (SEC) issued a report, which determined that the DAO sold securities in the form of tokens on the ethereum blockchain, violating portions of US securities law.8

Future of the DAO

What does the future hold for the DAO? The DAO as originally envisioned had not returned as of mid-2020. Nonetheless, interest in decentralized autonomous organizations as a broader group continues to grow. In 2021, The Maker Foundation, an icon in the crypto industry as the original champion of DAO, announced that it was officially turning operations over to MakerDAO (creator of the DAI stablecoin) and would dissolve by the end of the year.9

 

While there are many lingering concerns and potential issues regarding legality, security, and structure, some analysts and investors believe that this type of organization will eventually come to prominence, perhaps even replacing traditionally structured businesses.

 

Dash

The popular digital currency Dash is an example of a decentralized autonomous organization because of the way it is governed and the way its budgeting system is structured. It may only be a matter of time before additional DAOs enter the field.

 

Investing in cryptocurrencies and other Initial Coin Offerings ("ICOs") is highly risky and speculative, and this article is not a recommendation by Investopedia or the writer to invest in cryptocurrencies or other ICOs. Since each individual's situation is unique, a qualified professional should always be consulted before making any financial decisions. Investopedia makes no representations or warranties as to the accuracy or timeliness of the information contained herein. As of the date that this article was written, the author owns cryptocurrencies.

 

By 

NATHAN REIFF

 
Updated September 24, 2021

Reviewed by 

ERIKA RASURE

 

decentralized autonomous organization (DAO), sometimes called a decentralized autonomous corporation (DAC),[a] is an organization represented by rules encoded as a computer program that is transparent, controlled by the organization members and not influenced by a central government, in other words they are member-owned communities without centralized leadership.[1][2] A DAO's financial transaction record and program rules are maintained on a blockchain.[3][4][5] The precise legal status of this type of business organization is unclear.[6]

A well-known example, intended for venture capital funding, was The DAO, which amassed $150 million in crowdfunding in May 2016, and was hacked and drained of US$50 million in cryptocurrency weeks later.[7] The hack was reversed in the following weeks, and the money restored, via a hard fork of the Ethereum blockchain. Most Ethereum miners and clients switched to the new fork while the original chain became Ethereum Classic.

Background

Decentralized autonomous organizations are typified by the use of blockchain technology to provide a secure digital ledger to track digital interactions across the internet, hardened against forgery by trusted timestamping and dissemination of a distributed database.[3][4][8] This approach eliminates the need to involve a mutually acceptable trusted third party in any decentralized digital interaction or cryptocurrency transaction.[4] The costs of a blockchain-enabled transaction and of the associated data reporting may be substantially offset by the elimination of both the trusted third party and of the need for repetitive recording of contract exchanges in different records. For example, the blockchain data could, in principle and if regulatory structures permit it, replace public documents such as deeds and titles.[3]: 42 [4] In theory, a blockchain approach allows multiple cloud computing users to enter a loosely coupled peer-to-peer smart contract collaboration.[3]: 42 [9]

Vitalik Buterin proposed that after a DAO is launched, it might be organized to run without human managerial interactivity, provided the smart contracts are supported by a Turing-complete platform. Ethereum, built on a blockchain and launched in 2015, has been described as meeting that Turing threshold, thus enabling such DAOs.[3][10][11] Decentralized autonomous organizations aim to be open platforms through which individuals control their identities and their personal data.[12]

Governance

DAO governance is coordinated using tokens or NFTs that grant voting powers. Admission to a DAO is limited to people who have a confirmed ownership of these governance tokens in a cryptocurrency wallet, and membership may be exchanged. Governance is conducted through a series of proposals that members vote on through the blockchain, and the possession of more governance tokens often translates to greater voting power. Contributions from members towards the organizational goals of a DAO can sometimes be tracked and internally compensated. Inactive holders of governance tokens can be a major obstacle for DAO governance,[5] which has led to implementations of allowing voting power to be delegated to other parties.

Issues

Social

Inactive or non-voting shareholders in DAOs often disrupt the organization's possible functionality.[5]

Legal status, liability, and regulation

The precise legal status of this type of business organization is generally unclear,[8] and may vary by jurisdiction. On July 1, 2021, Wyoming became the first US state to recognize DAOs as a legal entity.[13] American CryptoFed DAO became the first business entity so recognized.[14] Some previous approaches to blockchain based companies have been regarded by the U.S. Securities and Exchange Commission as illegal offers of unregistered securities.[6][15] Although often of uncertain legal standing, a DAO may functionally be a corporation without legal status as a corporation: a general partnership.[16] Known participants, or those at the interface between a DAO and regulated financial systems, may be targets of regulatory enforcement or civil actions only if they are out of compliance with the law.[16]

Security

A DAO's code is difficult to alter once the system is up and running, including bug fixes that would be otherwise trivial in centralized code. Corrections to a DAO require writing new code and agreement to migrate all the funds. Although the code is visible to all, it is hard to repair, thus leaving known security holes open to exploitation unless a moratorium is called to enable bug fixing.[17]

In 2016, a specific DAO, "The DAO", set a record for the largest crowdfunding campaign to date.[18][19] Researchers pointed out multiple problems with The DAO's code. The DAO's operational procedure allowed investors to withdraw at will any money that had not yet been committed to a project; the funds could thus deplete quickly.[5] Although safeguards aimed to prevent gaming shareholders' votes to win investments,[6] there were a "number of security vulnerabilities".[20] These enabled an attempted large withdrawal of funds from The DAO to be initiated in mid-June 2016.[21][22] On July 20, 2016, the Ethereum blockchain was forked to bail out the original contract.

DAOs can be subject to coups or hostile takeovers that upend its voting structures especially if the voting power is based upon the number of tokens one owns. An example of this occurred in 2022, when Build Finance DAO suffered a coup in which one person amassed enough tokens to get a vote passed, then voted to give themselves full control of the DAO, then, using this power, they drained all of the money from the DAO.[23]

List of notable DAOs

This is a dynamic list and may never be able to satisfy particular standards for completeness. You can help by adding missing items with reliable sources.
 
Name Token Use cases Network Launch Status
Dash DASH Governance, fund allocation [24] Dash (cryptocurrency) May 2015[25] Operational since 2015[26][27][28]
Steem STEEM Data distribution, Social media, Name services, Industrial Steem March 2016 Operational
The DAO DAO Venture capital Ethereum April 2016 Defunct late 2016 due to hack[29]
Augur REP Prediction marketSports bettingOption (finance)Insurance Ethereum July 2018 Operational
Uniswap UNI Exchange, Automated Market Making Ethereum November 2018 Operational[30]
BitDAO BitDAO Build the future of finance in a decentralized way. Ethereum August 2021 Operational[31]
ConstitutionDAO PEOPLE Purchasing an original copy of the Constitution of the United States Ethereum November 2021[32] Defunct[33]
AssangeDAO $JUSTICE[34] Purchased Clock, an NFT artwork by Pak, to fund legal defense of WikiLeaks' founder Julian Assange Ethereum February 2022[35] Operational

See also

Notes

  1. ^ Depending on English dialect, it may also be spelled decentralised autonomous organisation. The terms decentralized autonomous companydistributed autonomous organization, etc., have also been used.

References

  1. ^ Prusty, Narayan (27 April 2017). Building Blockchain Projects. Birmingham, UK: Packt. p. 9. ISBN 9781787125339.
  2. ^ The Decentralized Autonomous Organization and Governance Issues Regulation of Financial Institutions Journal: Social Science Research Network (SSRN). 5 December 2017.
  3. Jump up to:a b c d e Vigna, P.; Casey, M. J. (27 January 2015). The Age of Cryptocurrency: How Bitcoin and the Blockchain Are Challenging the Global Economic Order. St. Martin's Press. ISBN 9781250065636.
  4. Jump up to:a b c d Hodson, H. (20 November 2013). "Bitcoin moves beyond mere money"New Scientist.
  5. Jump up to:a b c d "The DAO of accrue: A new, automated investment fund has attracted stacks of digital money"The Economist. 21 May 2016.
  6. Jump up to:a b c Popper, N. (21 May 2016). "A Venture Fund with Plenty of Virtual Capital, but No Capitalist"New York Times.
  7. ^ Price, Rob (17 June 2016). "Digital currency Ethereum is cratering amid claims of a $50 million hack"Business Insider. Retrieved 17 June 2016.
  8. Jump up to:a b Wright, A; De Filippi, P. (10 March 2015). "Decentralized Blockchain Technology and the Rise of Lex Cryptographia". SSRN 2580664.
  9. ^ Norta, A. (18 August 2015). "Creation of Smart-Contracting Collaborations for Decentralized Autonomous Organizations". Perspectives in Business Informatics Research. Lecture Notes in Business Information Processing. Vol. 229. pp. 3–17.
  10. ^ Pangburn, D. J. (19 June 2015). "The Humans Who Dream of Companies That Won't Need Us"FastCompany.
  11. ^ Evans, J. (1 August 2015). "Vapor No More: Ethereum Has Launched"TechCrunch.
  12. ^ Deegan, P. (2014). "Chapter 14—The Relational Matrix: The Free and Emergent Organizations of Digital Groups and Identities". In Clippinger, J. H.; Bollier, D. (eds.). From Bitcoin to Burning Man and Beyond: The Quest for Identity and Autonomy in a Digital Society. Amherst, Massachusetts: Institute for Institutional Innovation. pp. 160–176. ISBN 978-1-937146-58-0creating an operational and autonomous Trust Framework [that can i]ntegrate with a secure discovery service in the form of a Decentralized Autonomous Organization ...
  13. ^ "Decentralized Autonomous Organizations Find a Home in Wyoming"JD Supra. Retrieved 9 July 2021.
  14. ^ "Wyoming becomes first US state to legally recognise DAO"finance.yahoo.com. Retrieved 9 July 2021.
  15. ^ "SEC Charges Bitcoin Entrepreneur With Offering Unregistered Securities"US Securities and Exchange Commission. 3 June 2014.
  16. Jump up to:a b Levine, M. (17 May 2016). "Blockchain Company Wants to Reinvent Companies". Bloomberg View: Wall Street. Bloomberg News.
  17. ^ Peck, M. (28 May 2016). "Ethereum's $150-million Blockchain-powered Fund Opens Just as Researchers Call For a Halt"IEEE SpectrumInstitute of Electrical and Electronics Engineers.
  18. ^ Vigna, P. (16 May 2016). "Chiefless Company Rakes in More Than $100 Million"Wall Street Journal.
  19. ^ Waters, R. (17 May 2016). "Automated company raises equivalent of $120M in digital currency"Financial Times.
  20. ^ Popper, N. (27 May 2016). "Paper Points Up Flaws in Venture Fund Based on Virtual Money"The New York Times.
  21. ^ Popper, N. (17 June 2016). "Hacker May Have Taken $50 Million From Cybercurrency Project"New York Times.
  22. ^ Price, R. (17 June 2016). "Digital currency Ethereum is cratering amid claims of a $50 million hack"Business Insider. Retrieved 17 June 2016.
  23. ^ "Democratic DAO Suffers Coup, New Leader Steals Everything - VICE"www.vice.com. Retrieved 16 February 2022.
  24. ^ Duffield, Evan (22 April 2015). "Self-sustainable Decentralized Governance by Blockchain"dash.org/forum.
  25. ^ Duffield, Evan (14 May 2015). "GitHub commit adding Dash DAO feature"github.com/dashpay. Retrieved 7 April 2021.
  26. ^ Duffield, Evan (28 August 2015). "Budgets Are Live"dash.org/forum.
  27. ^ Engelhorn, Philipp (7 September 2015). "First 3 Superblocks!"dash.org/forum. Retrieved 7 April 2021.
  28. ^ "First Blockchain DAO payout"blockchair.com/dash. 7 September 2015. Retrieved 7 April 2021.
  29. ^ Finley, Klint (18 June 2016). "Someone Just Stole $50 Million from the Biggest Crowdfunded Project Ever (Humans Can't Be Trusted)"WiredISSN 1059-1028. Retrieved 16 November 2019.
  30. ^ "OpenOrgs.info"openorgs.info. Retrieved 15 January 2022.
  31. ^ "BitDAO price today, BIT to USD live, marketcap and chart"CoinMarketCap. Retrieved 20 April 2022.
  32. ^ Roose, Kevin (17 November 2021). "They Love Crypto. They're Trying to Buy the Constitution"The New York TimesISSN 0362-4331. Retrieved 17 November 2021.
  33. ^ Fox, Matthew (19 January 2022). "Tokens of the defunct DAO that failed to buy a copy of the constitution are worth $300 million even after disbanding"news.yahoo.com. Retrieved 28 January 2022.
  34. ^ "Justice Token". AssangeDAO. Retrieved 14 April 2022.
  35. ^ Reuters (9 February 2022). "'Cypherpunks have rallied to Assange': NFT auction raises $52m for WikiLeaks founder"The Guardian.
Posted on by Leave a comment

An extreme form of encryption could solve big data’s privacy problem

Fully homomorphic encryption allows us to run analysis on data without ever seeing the contents. It could help us reap the full benefits of big data, from fighting financial fraud to catching diseases early

LIKE any doctor, Jacques Fellay wants to give his patients the best care possible. But his instrument of choice is no scalpel or stethoscope, it is far more powerful than that. Hidden inside each of us are genetic markers that can tell doctors like Fellay which individuals are susceptible to diseases such as AIDS, hepatitis and more. If he can learn to read these clues, then Fellay would have advance warning of who requires early treatment.

This could be life-saving. The trouble is, teasing out the relationships between genetic markers and diseases requires an awful lot of data, more than any one hospital has on its own. You might think hospitals could pool their information, but it isn’t so simple. Genetic data contains all sorts of sensitive details about people that could lead to embarrassment, discrimination or worse. Ethical worries of this sort are a serious roadblock for Fellay, who is based at Lausanne University Hospital in Switzerland. “We have the technology, we have the ideas,” he says. “But putting together a large enough data set is more often than not the limiting factor.”

Fellay’s concerns are a microcosm of one of the world’s biggest technological problems. The inability to safely share data hampers progress in all kinds of other spheres too, from detecting financial crime to responding to disasters and governing nations effectively. Now, a new kind of encryption is making it possible to wring the juice out of data without anyone ever actually seeing it. This could help end big data’s big privacy problem – and Fellay’s patients could be some of the first to benefit.

It was more than 15 years ago that we first heard that “data is the new oil”, a phrase coined by the British mathematician and marketing expert Clive Humby. Today, we are used to the idea that personal data is valuable. Companies like Meta, which owns Facebook, and Google’s owner Alphabet grew into multibillion-dollar behemoths by collecting information about us and using it to sell targeted advertising.

Data could do good for all of us too. Fellay’s work is one example of how medical data might be used to make us healthier. Plus, Meta shares anonymised user data with aid organisations to help plan responses to floods and wildfires, in a project called Disaster Maps. And in the US, around 1400 colleges analyse academic records to spot students who are likely to drop out and provide them with extra support. These are just a few examples out of many – data is a currency that helps make the modern world go around.

Getting such insights often means publishing or sharing the data. That way, more people can look at it and conduct analyses, potentially drawing out unforeseen conclusions. Those who collect the data often don’t have the skills or advanced AI tools to make the best use of it, either, so it pays to share it with firms or organisations that do. Even if no outside analysis is happening, the data has to be kept somewhere, which often means on a cloud storage server, owned by an external company.

You can’t share raw data unthinkingly. It will typically contain sensitive personal details, anything from names and addresses to voting records and medical information. There is an obligation to keep this information private, not just because it is the right thing to do, but because of stringent privacy laws, such as the European Union’s General Data Protection Regulation (GDPR). Breaches can see big fines.

Over the past few decades, we have come up with ways of trying to preserve people’s privacy while sharing data. The traditional approach is to remove information that could identify someone or make these details less precise, says privacy expert Yves-Alexandre de Montjoye at Imperial College London. You might replace dates of birth with an age bracket, for example. But that is no longer enough. “It was OK in the 90s, but it doesn’t really work any more,” says de Montjoye. There is an enormous amount of information available about people online, so even seemingly insignificant nuggets can be cross-referenced with public information to identify individuals.

One significant case of reidentification from 2021 involves apparently anonymised data sold to a data broker by the dating app Grindr, which is used by gay people among others. A media outlet called The Pillar obtained it and correlated the location pings of a particular mobile phone represented in the data with the known movements of a high-ranking US priest, showing that the phone popped up regularly near his home and at the locations of multiple meetings he had attended. The implication was that this priest had used Grindr, and a scandal ensued because Catholic priests are required to abstain from sexual relationships and the church considers homosexual activity a sin.

A more sophisticated way of maintaining people’s privacy has emerged recently, called differential privacy. In this approach, the manager of a database never shares the whole thing. Instead, they allow people to ask questions about the statistical properties of the data – for example, “what proportion of people have cancer?” – and provide answers. Yet if enough clever questions are asked, this can still lead to private details being triangulated. So the database manager also uses statistical techniques to inject errors into the answers, for example recording the wrong cancer status for some people when totting up totals. Done carefully, this doesn’t affect the statistical validity of the data, but it does make it much harder to identify individuals. The US Census Bureau adopted this method when the time came to release statistics based on its 2020 census.

Trust no one

Still, differential privacy has its limits. It only provides statistical patterns and can’t flag up specific records – for instance to highlight someone at risk of disease, as Fellay would like to do. And while the idea is “beautiful”, says de Montjoye, getting it to work in practice is hard.

There is a completely different and more extreme solution, however, one with origins going back 40 years. What if you could encrypt and share data in such a way that others could analyse it and perform calculations on it, but never actually see it? It would be a bit like placing a precious gemstone in a glovebox, the chambers in labs used for handling hazardous material. You could invite people to put their arms into the gloves and handle the gem. But they wouldn’t have free access and could never steal anything.

This was the thought that occurred to Ronald Rivest, Len Adleman and Michael Dertouzos at the Massachusetts Institute of Technology in 1978. They devised a theoretical way of making the equivalent of a secure glovebox to protect data. It rested on a mathematical idea called a homomorphism, which refers to the ability to map data from one form to another without changing its underlying structure. Much of this hinges on using algebra to represent the same numbers in different ways.

Imagine you want to share a database with an AI analytics company, but it contains private information. The AI firm won’t give you the algorithm it uses to analyse data because it is commercially sensitive. So, to get around this, you homomorphically encrypt the data and send it to the company. It has no key to decrypt the data. But the firm can analyse the data and get a result, which itself is encrypted. Although the firm has no idea what it means, it can send it back to you. Crucially, you can now simply decrypt the result and it will make total sense.

“The promise is massive,” says Tom Rondeau at the US Defense Advanced Research Projects Agency (DARPA), which is one of many organisations investigating the technology. “It’s almost hard to put a bound to what we can do if we have this kind of technology.”

In the 30 years since the method was proposed, researchers devised homomorphic encryption schemes that allowed them to carry out a restricted set of operations, for instance only additions or multiplications. Yet fully homomorphic encryption, or FHE, which would let you run any program on the encrypted data, remained elusive. “FHE was what we thought of as being the holy grail in those days,” says Marten van Dijk at CWI, the national research institute for mathematics and computer science in the Netherlands. “It was kind of unimaginable.”

One approach to homomorphic encryption at the time involved an idea called lattice cryptography. This encrypts ordinary numbers by mapping them onto a grid with many more dimensions than the standard two. It worked – but only up to a point. Each computation ended up adding randomness to the data. As a result, doing anything more than a simple computation led to so much randomness building up that the answer became unreadable.

In 2009, Craig Gentry, then a PhD student at Stanford University in California, made a breakthroughHis brilliant solution was to periodically remove this randomness by decrypting the data under a secondary covering of encryption. If that sounds paradoxical, imagine that glovebox with the gem inside. Gentry’s scheme was like putting one glovebox inside another, so that the first one could be opened while still encased in a layer of security. This provided a workable FHE scheme for the first time.

Workable, but still slow: computations on the FHE-encrypted data could take millions of times longer than identical ones on raw data. Gentry went on to work at IBM, and over the next decade, he and others toiled to make the process quicker by improving the underlying mathematics. But lately the focus has shifted, says Michael Osborne at IBM Research in Zurich, Switzerland. There is a growing realisation that massive speed enhancements can be achieved by optimising the way cryptography is applied for specific uses. “We’re getting orders of magnitudes improvements,” says Osborne.

IBM now has a suite of FHE tools that can run AI and other analyses on encrypted data. Its researchers have shown they can detect fraudulent transactions in encrypted credit card data using an artificial neural network that can crunch 4000 records per second. They also demonstrated that they could use the same kind of analysis to scour the encrypted CT scans of more than 1500 people’s lungs to detect signs of covid-19 infection.

Also in the works are real-world, proof-of-concept projects with a variety of customers. In 2020, IBM revealed the results of a pilot study conducted with the Brazilian bank Banco Bradesco. Privacy concerns and regulations often prevent banks from sharing sensitive data either internally or externally. But in the study, IBM showed it could use machine learning to analyse encrypted financial transactions from the bank’s customers to predict if they were likely to take out a loan. The system was able to make predictions for more than 16,500 customers in 10 seconds and it performed just as accurately as the same analysis performed on unencrypted data.

Suspicious activity

Other companies are keen on this extreme form of encryption too. Computer scientist Shafi Goldwasser, a co-founder of privacy technology start-up Duality, says the firm is achieving significantly faster speeds by helping customers better structure their data and tailoring tools to their problems. Duality’s encryption tech has already been integrated into the software systems that technology giant Oracle uses to detect financial crimes, where it is assisting banks in sharing data to detect suspicious activity.

Still, for most applications, FHE processing remains at least 100,000 times slower compared with unencrypted data, says Rondeau. This is why, in 2020, DARPA launched a programme called Data Protection in Virtual Environments to create specialised chips designed to run FHE. Lattice-encrypted data comes in much larger chunks than normal chips are used to dealing with. So several research teams involved in the project, including one led by Duality, are investigating ways to alter circuits to efficiently process, store and move this kind of data. The goal is to analyse any FHE-encrypted data just 10 times slower than usual, says Rondeau, who is managing the programme.

Even if it were lightning fast, FHE wouldn’t be flawless. Van Dijk says it doesn’t work well with certain kinds of program, such as those that contain branching logic made up of “if this, do that” operations. Meanwhile, information security researcher Martin Albrecht at Royal Holloway, University of London, points out that the justification for FHE is based on the need to share data so it can be analysed. But a lot of routine data analysis isn’t that complicated – doing it yourself might sometimes be simpler than getting to grips with FHE.

For his part, de Montjoye is a proponent of privacy engineering: not relying on one technology to protect people’s data, but combining several approaches in a defensive package. FHE is a great addition to that toolbox, he reckons, but not a standalone winner.

This is exactly the approach that Fellay and his colleagues have taken to smooth the sharing of medical data. Fellay worked with computer scientists at the Swiss Federal Institute of Technology in Lausanne who created a scheme combining FHE with another privacy-preserving tactic called secure multiparty computation (SMC). This sees the different organisations join up chunks of their data in such a way that none of the private details from any organisation can be retrieved.

In a paper published in October 2021, the team used a combination of FHE and SMC to securely pool data from multiple sources and use it to predict the efficacy of cancer treatments or identify specific variations in people’s genomes that predict the progression of HIV infection. The trial was so successful that the team has now deployed the technology to allow Switzerland’s five university hospitals to share patient data, both for medical research and to help doctors personalise treatments. “We’re implementing it in real life,” says Fellay, “making the data of the Swiss hospitals shareable to answer any research question as long as the data exists.”

If data is the new oil, then it seems the world’s thirst for it isn’t letting up. FHE could be akin to a new mining technology, one that will open up some of the most valuable but currently inaccessible deposits. Its slow speed may be a stumbling block. But, as Goldwasser says, comparing the technology with completely unencrypted processing makes no sense. “If you believe that security is not a plus, but it’s a must,” she says, “then in some sense there is no overhead.”

NewScientist

6 April 2022

By Edd Gent

Virtual Identity
0