ING Bank Devises Privacy Fix for R3's Corda Blockchain

ING, the Dutch megabank, has come up with a privacy fix for R3's Corda blockchain.

AccessTimeIconOct 23, 2019 at 7:30 a.m. UTC
Updated Aug 18, 2021 at 12:14 p.m. UTC

Presented By Icon

Election 2024 coverage presented by

Stand with crypto

ING, the Netherlands megabank blazing a trail with extra privacy measures for enterprise blockchains, has come up with such a solution for the Corda distributed ledger system built by R3.

To be announced Wednesday at the annual developer conference CordaCon, ING has helped solve a security/privacy trade-off that currently bedevils Corda users. The bank's blockchain team did so by applying zero-knowledge proofs (ZKPs) to the Corda notary service, the means by which the network verifies the uniqueness of transactions and prevents double-spending.

  • Bitcoin Mining in the U.S. Will Become 'a Lot More Decentralized': Core Scientific CEO
    13:18
    Bitcoin Mining in the U.S. Will Become 'a Lot More Decentralized': Core Scientific CEO
  • Binance to Discontinue Its Nigerian Naira Services After Government Scrutiny
    05:10
    Binance to Discontinue Its Nigerian Naira Services After Government Scrutiny
  • The first video of the year 2024
    04:07
    The first video of the year 2024
  • The last regression video of the year 3.67.0
    40:07
    The last regression video of the year 3.67.0
  • Unlike most blockchains that broadcast data among all participating nodes, R3 designed Corda to control data and limit the amount of information that needs to be shared. The Corda notary service offers a choice between using validating notaries, which can view transactions to check they are legit, and non-validating notaries which have no such visibility but instead just keep a record.

    The validating notary compromises privacy by looking into the content of transactions, while the non-validating approach presents a security weakness since a malicious actor could knowingly write an invalid transaction.

    If all that makes your head spin, think of being frisked and having your bag searched when entering a building compared to just signing in at the front desk. The former is intrusive for you; the latter is riskier for the building.

    To thread this needle, ING has applied zero-knowledge proofs, which can prove something is true without revealing any information about it, to Corda’s validating notary function. This allows transactions to be verified without specific knowledge of their contents.

    Trade finance use case

    ING is addressing the privacy problem out of self-interest as it's about to start using Corda for business.

    Andrei Ilchenko, the bank's global head of IT wholesale banking channels, said a number of Corda apps it has invested in, such as the trade finance projects Marco Polo and Voltron, will soon see the light of day.

    These are currently relying on the non-validating notary which is hosted by Corda network, he said. But this posed risks:

    “We started to notice some edge cases. For example, with Marco Polo, what would happen if there was a malicious participant to this particular business network, who would attempt to send to the non-validating notary a transaction that has an input state (e.g. an invoice) that is owned by another participant?”

    Although it’s not a likely scenario, said Ilchenko, it could turn out that one party could attempt to spend some working capital and be denied.

    “To resolve the matter it would need to start going to court and start running the physical world processes,” he said. But that would defeat the purpose of the blockchain. Hence the impetus to apply ZKPs.

    Surprisingly fast

    Normally, people think of zero-knowledge proofs as being so demanding, computationally speaking, that they slow blockchains right down. A somewhat surprising bonus discovered by ING is that ZKP transactions sent to Corda notaries take less time to verify than regular transactions (of which the entire content is visible).

    Asked whether the proposed solution is for the Corda Network, the open-source community, or whether it is only being applied to the commercial version used by ING, Ilchenko said:

    “Actually both. So far, the majority of CorDapps I know rely on non-validating notary run by the Corda Network Foundation and all CorDapps that ING plans to start using in production do.”

    ZKPs are not the only way of solving Corda’s privacy trade-off; R3 has worked hard to modify Intel’s trusted execution environment solution SGX to fit with Corda’s requirements.

    ING has worked on a range of variations of ZKPs, but always using enterprise versions of ethereum like Quorum, developed by mega-bank JPMorgan. At the start of this year, the bank started looking at applying its learnings to Corda.

    ING image via Shutterstock

    Disclosure

    Please note that our privacy policy, terms of use, cookies, and do not sell my personal information have been updated.

    CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. CoinDesk has adopted a set of principles aimed at ensuring the integrity, editorial independence and freedom from bias of its publications. CoinDesk is part of the Bullish group, which owns and invests in digital asset businesses and digital assets. CoinDesk employees, including journalists, may receive Bullish group equity-based compensation. Bullish was incubated by technology investor Block.one.


    Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.