Smart Contracts and Sensitive Data

Public Networks

A public network is a network that ANYONE can join. No permission is needed (permissionless public network). An example is the ethereum main network.

Permissioned Public Networks

Permissions (for a blockchain network) could be in the form of an access control list, or simply a requirement placed on users to enable them to join a network.

An example of a public, permissioned blockchain, could take the form of a public proof of stake network, in which STAKING is required in exchange for permission to participate in the network (as a validator). The bitcoin network does not require staking to act as a validator (though the lightning network does).

The need for Privacy on Public Networks (for B2B or B2C transactions)

In addition to any business-to-business (B2B) interactions between the companies themselves, it’s possible the network would involve some form of business-to-customer (B2C) interaction , which require privacy.

How can Sensitive Data be protected?

The contents of a transaction, as well as the code and data associated with a smart contract, are publicly viewable.

Though a smart contract’s code is compiled to bytecode, bytecode can be decompile fairly easily. As such, sensitive information should neither be hardcoded into a contract nor sent to it as part of a transaction.

What can be done, however, is to encrypt any sensitive data off-chain before sending it to the network. Using public-key cryptography:

1. The sensitive data is encrypted with the recipient’s public key  (which could be published either on- or off-chain)
2. The encrypted data is sent either to a smart contract (which has a way to receive it), or in the data field of a normal transaction
3. The received data is decrypted using the recipient’s private key

Using PKI, one can thus encrypt sensitive data on a public, permissionless chain.