Media

The Blockpass Identity Lab 6 Months On - Research Focus and Goals

May 02, 2019




In September 2018, Blockpass and Edinburgh Napier University celebrated the launch of the Blockpass Identity Lab (BIL) - an endeavour dedicated to conducting research and development around cryptography and blockchain technology intended to lead to groundbreaking applications for use in identity solutions.

Located in the Merchiston Campus of Edinburgh Napier University, the lab currently sees a team of PhD students led by Liam Bell, Research Fellow and Lab Coordinator, who are working on a number of areas that are intended to provide key possibilities for the Blockpass Mobile Application as well as future Blockpass products.

The main application of the research carried out at the BIL is how it can transform identity and verification techniques - specifically how blockchain technology and cryptography can protect personal data from the typical threats it comes up against today with online hackers and malicious actors. Combined with this, the technology is also intended to eventually provide full privacy and control of data to the user, rather than to companies as is common in the current models.

The BIL recently celebrated the 6 month anniversary of its inauguration and members of the research team - including Liam Bell, Adam Hall and Will Abramson - kindly took some time to discuss the innovative work that is being carried out in the heart of Edinburgh.

Over the course of the following weeks and months we will be discussing points of interest from the BIL, from what is being worked on currently to who the lab is working with, and wider implications of the research being carried out to how you can get in touch and work with the university.

 

Current Research
We will start off by looking at some of the areas that are currently being researched at the BIL. There are many different topics being worked on but some of the main ones include Homomorphic Encryption, Zero-Knowledge Proofs, Federated Learning, Differential Privacy and Anonymous Credentials. To give an insight into what these are and the potential they hold we will take a closer look at each of these.

 

Zero-Knowledge Proofs
Showing that someone has knowledge of a piece of data is usually simple - you ask them for a piece of information and then check that the information is accurate; however, in doing so, there is no potential to keep that data private, which can be an issue when dealing with sensitive or private information. To solve this, zero-knowledge proofs (ZKPs) are used to verify information without revealing the information. When using a zero-knowledge protocol, a person can prove that they know piece of data, without giving away any information about the data other than the fact that they know it. It is like knowing a secret and proving that you know the secret, without revealing the secret. This allows people to keep information confidential whilst still using it for verification purposes, including proving that the relevant data falls in a given data range when required (e.g. when proving age or eligibility to vote). To be a ‘zero-knowledge’ proof, this information must be ratified without exposing the information.

The idea of ZKP is often explained by analogies such as ‘Ali Baba’s Cave’ or the ‘Coloured Balls’ or the ‘Counting Leaves Superpower’. In the counting leaves analogy, the premise concerns someone (Bob) claiming they have a super-human ability to instantly count the number of leaves on a tree. Someone (James) could test this claim by selecting a tree with a large number of leaves and asking Bob to count them (Bob doesn’t say how many leaves are on the tree). In order to test Bob’s super-human ability claim, James can tell Bob to cover his eyes and then add or remove a leaf from the tree. Once he has changed the number of leaves, James can ask Bob if there are a greater or fewer number of leaves. If Bob answers correctly then James might believe he has the super-human ability to instantly count the number of leaves on a tree but of course as it is a 50/50 chance of him guessing, James would need to repeat the adding/removal of a leaf a number of times before he was sure Bob wasn’t just getting lucky with his guesses. Thus, Bob can reveal his super-human ability - and the fact that he knows the number of leaves on the tree, without revealing how many leaves are actually on the tree.

The potential of ZKP is wide-ranging, particularly for ensuring data privacy as Blockpass intends to use it, and Liam Bell is currently working on how ZKP can be used to prove both the retrievability of data, and the deletion of data. For Blockpass applications proof of deletion would mean that users would know that any data they shared was removed when they requested - in accordance with GDPR standards maintaining the ‘right to be forgotten’.

 

Homomorphic Encryption
Like ZKP, homomorphic encryption allows data to be kept private whilst still allowing it to be used for a variety of purposes. With homomorphic encryption, data that has been encrypted can still be analysed - without being decrypted or having the un-encrypted data revealed. When some form of computation or analysis has been carried out on encrypted information, it generates an encrypted result which can then be decrypted to show the results as if the computation or analysis had been carried out on the un-encrypted raw data.

This kind of confidential analysis - using encrypted data but providing readable outcomes whilst preserving the privacy of the underlying information - has applications across all kinds of fields including financial, healthcare and advertising but is of particular interest to those regulated industries where the sharing of un-encrypted private information would be prohibited.

Adam Hall has been focusing on the privacy-preserving potential of homomorphic encryption and its ability to perform computational analysis on a set of data whilst still encrypted, preventing any personal data from being read whilst maintaining the ability to use it for verification purposes. Adam is investigating using federated learning and differential privacy to the same ends.

 

Federated Learning
The idea behind federated learning is to enable high quality machine learning by amalgamating data from sources with unreliable or slow networks. The sources contributing to the federated learning can be mobile devices or remote computers but typically would not be capable of providing the computational power or amount of information required for machine learning when taken individually. These sources could process their data and send it to a central server where algorithms would combine this disparate data to enable machine learning. Essentially this process is spreading the computational power for machine learning over a network of less reliable ro suitable devices than a large, powerful, centralised machine - fitting with the nature of distributed ledgers and operating in a somewhat similar manner.

 

Differential Privacy
Another privacy-centric topic, differential privacy is concerned with the impact of personal data being present in a database and whether it is possible to maintain privacy of the personal information when analysed. With differential privacy, the effect of a person’s data on an analysis of a database can be determined. If an analyser is willing to include some randomised data to prevent personal data being singled out, and if the personal data doesn’t have too significant of an impact on the analysis results, then the data can be considered to have maintained its privacy despite being analysed.

 

Anonymous Credentials and CL Signatures
The main research focus for Will Abramson at the moment is anonymous credentials - protecting the identity and privacy of those using digital signatures and also linked to ZKP - and contrasting the cryptographic theory with the World Wide Web Consortium’s standards for Verifiable Credentials and Decentralised Identifiers. Will has also been looking into Camenisch-Lysyanskaya signatures (CL Signatures) which are used to restrict the amount of information that has to be revealed when validating credentials.

Will has a blog where he talks about his experiences and work at the BIL -  his explanation of CL signatures can be found there: https://misterwip.uk/cl-signatures