Refinements of Notions
Xenia Bogomolec - https://github.com/XeniaGabriela
Refinements of Notions
TiiQu technologies rely on other technologies, such as internet protocols, cryptographic standards, operating systems and hardware. We want to refine the notions and explanations from the white paper for tech experts.
- The Concept of Trustlessness
- Legacy Methods of Establishing Trust
- TiiQu Aims
- Performance of Ethereum
- Dependency on the Ethereum Network
- Byzantine Fault Tolerance
- Data Protection and GDPR Compliance
The Concept of Trustlessness
The concept of trustlessness in the TiiQu blockchain is fulfilled under the assumption that no private key of any account holder or TiiQu ethereum node is stolen or accessed by an unauthorized party.
A private key of an account holder can be stolen or accessed by an unauthorized party
if an attacker gets hold of a device of an account holder and manages to get access to it (easy with non encrypted hard drives, especially on Window OS)
via a remote exploitation with access to the location of the private key or the buffer storage during its utilization
Legacy Methods of Establishing Trust
We can ensure the integrity of the data after it is uploaded to our platform. It cannot be controlled by any technology that human beings confirm untrue or subjectively impressed statements. Building a value before being uploaded to the TiiQu platform is out of control of the TiiQu organization. Discovered untrue statements will be punished with a negative impact on the trust score.
Give individuals direct control over their data
We will only upload anomymous data to the TiiQu blockchain. As data cannot be erased from a blockchain, this is the perfect way to give users control over their data and be GDPR compliant in regard to "right to erasure". The data can only be assigned to natural persons by linking it to informations saved in accounts. Accounts live on user's and member organizations machines.
If person related data will also be transferred to other accounts, a member must have the possibility to trigger deletion of this data unless there is no retention time having priority over it. Retention time can be applied to smart contracts in the same manner as in conventional contracts.
A university certificate for example has to be kept for many years (50 years in Bremen, Germany). The TiiQu member certification verification method does not reveal any personal information about the alumnus to anybody else than the alumnus and the university itself.
Blockchain Based Claim Verification
The TiiQu organization will implement mechanisms including verification of data saved in accounts. Those verifiers, which are uploaded to the TiiQu platform, can be considered anonymous. They are computed by hash functions, which cannot be inverted. Verifying data from an account is easy, but recomputing data from an account with such a verifier from the TiiQu platform would take years.
Performance of Ethereum
Classical Blockchain based applications are slow in performance and use a lot of storage space. Those two setbacks are the price which is paid for extra security features like protection from DDOS attacks and multiple copies of data of verifiable integrity.
While the performance question is important for purely financially motivated platforms which might have to compete with Visa or Direct Banking, it is secondary for the TiiQu platform whose focus is on smart contracts.
The TiiQu organization has decided to take part in the official Ethereum network for the benefit of being up-to-date with the current developments regarding performance and security. Shall the TiiQu platform foresee a loss of performance due to a faster growing Ethereum community than the technology evolves, an own blockchain can still be taken into focus.
Dependency on the Ethereum Network
Blockchain technology is built to be highly resistant to outage or destruction. But even if for some reason the Ethereum network went down one day, the TiiQu platform wouldn't be lost. We only upload verifiers of data to the Ethereum blockchain, not the data itself. So the data and the infrastructure to produce verfiers are independent from the Ethereum Network. We could as well use another blockchain or even alternative databases for the storage of the verifiers.
Byzantine Fault Tolerance
BFT, acronym for Byzantine Fault Tolerance, in the context of blockchain based protocols means that while figuring out order of transactions, there is a moment in time, when everybody in the network knows, that a consensus has been reached. In completely open blockchain networks, 100% certainty of a confirmed transaction can never be reached. A malicious firewall for example could allow the development of two separate branches with contradictionary informations.
How closely you can statistically get to 100% confirmation certainty of a transaction with the currently implemented consensus mechanisms on Ethereum depends on many factors. In the Ethereum community it is common to accept 6 confirmations of a transaction as full certainty.
Various approaches to solve those challenges are continuously worked and researched on in the blockchain community. Alternative technologies like hashgraph, which can reach asynchronous BFT, are considered to be integrated into existing platforms.
Data Protection and GDPR Compliance
It is our goal to build a GDPR compliant platform. The requirement to fulfill the Right to Erasure in the context of blockchain based applications is not finally officially clarified yet though. It has been decided 05/2014 (WP 216) that hashing will generally be considered a pseudonymisation technique, not an anonymisation technique. TiiQu does not upload simply hashed data to the Ethereum chain. We upload hashed encrypted data to the blockchain. So the question remains if hashed encrypted data is considered anonymous.
TiiQu also investigates the usage of zero knowledge proofs as verification technique.
Further requirements like
- Right Of Revocation
- Blocking of Data
- Right to Portability
will be considered in the integrative planning of the platform.