A story of how the Oasis Network maintains confidentiality and integrity of data.
Alice is excited. She’s just a few steps away from buying her first home. The house is a beautiful craftsman a few blocks from the UC Berkeley campus, but before she can make the purchase, Alice needs to be approved for a loan. She’s heard of a local credit union, PrivateLoans, that recently made an app powered by a new type of confidential blockchain technology.
Being the privacy-conscious, digitally savvy individual that she is, Alice signs up for the credit union’s service, punches in her social security number and other personal information, and applies for a loan. Within moments, Alice is approved and ready to buy a home. Yet in those few moments, between when Alice hits submit and she receives her approval, Alice’s transaction goes on a journey through a system designed to keep her data secure, confidential, and unaltered — a system called the Oasis Network.
The Oasis Network
The Oasis Network is a privacy-first, proof-of-stake, decentralized network. Its main goal is to help give users control and ownership of their data. This includes supporting new privacy focused applications and use cases like PrivateLoans’ lending service. In short, the Oasis Network acts as a confidential backend for apps and services looking to better respect the privacy of their users.
The network is designed to have two distinct layers: the Consensus Layer and the ParaTime Layer. The ParaTime layer is made up of multiple parallel runtimes (ParaTimes) that handle execution and computation. This structure allows the network to easily scale and ParaTimes to be configured to meet a broad range of needs — all the while providing strong integrity of actions and a distributed, immutable ledger.
Down the Rabbit Hole
Alice hits submit in the PrivateLoans app and sends her data off for analysis. Down the proverbial rabbit hole, and into the Oasis Network. Meanwhile, PrivateLoans’ application is deployed on the Oasis Network and a key manager, provisioned by the confidential ParaTime, is used to generate a key for the application’s confidential state and a key pair to encrypt data sent by Alice to the application. The state is encrypted and stored in the Oasis ledger. Her data is directed towards the application in a confidential ParaTime, packaged and encrypted using PrivateLoans’ public key the public key provisioned by the key manager to keep it protected. This transaction isn’t just a token transfer but rather a capsule of encrypted data that’s intended to be processed by PrivateLoans’ application. The network is designed such that no other application is able to decrypt Alice’s data — only the contract specified by PrivateLoans can process her transaction. Alice’s data is incredibly sensitive — her social security number, salary, etc. — and thus her transaction requires the use of a confidential ParaTime using a trusted execution environment (TEE), such as Intel’s SGX or the Keystone Enclave, that can keep data protected and private during computation.
The Consensus Layer — a decentralized collection of about 100 validator nodes that maintain a ledger and provide operational services to the network — has already randomly selected a committee of compute nodes ready to receive Alice’s transaction. The Consensus Layer periodically changes this compute committee and checks that each compute node executing PrivateLoans’ application is using the appropriate confidential hardware — in this case, a TEE.
Alice’s transaction is passed to each compute node in her committee, which loads it into a trusted execution environment along with PrivateLoans’ application. Once inside, the key manager verifies that the application inside the enclave is in fact PrivateLoans’ application and not altered in any way. In this case everything looks good — no one has tampered with the code — and the key manager releases the private key to decrypt Alice’s data inside the secure enclave. PrivateLoans’ application can then analyze Alice’s information, run the appropriate checks, and process a result for her loan. Her final results are encrypted for Alice within the secure enclave to ensure they remain confidential to everyone but Alice.
This entire process of provisioning keys and processing Alice’s data doesn’t happen just once, but instead many times — once for each compute node in the committee. When the results are passed outside the enclave, a verification process compares a summary of the encrypted computation results to ensure they are identical. If any discrepancy is discovered, the Consensus Layer recruits additional compute nodes to perform the computation, and uses a supermajority rule to choose a single result. To learn more about how the network handles discrepancies, check out our whitepaper here.
Now that computation is complete and verified, Alice’s encrypted transaction is stored in a new block on the Oasis ledger, a record of all actions taken by the network and maintained by each node in the Consensus Layer. The ledger is persisted indefinitely and due to its decentralized nature cannot be altered — allowing Alice to audit what’s been done with her data at any time.
Finally, Alice’s results are returned to her in the PrivateLoans’ app, where she can see that she has been approved for the loan. With the Oasis Network, Alice can get strong guarantees that her data remains private and isn’t misused — while still receiving the lending services of PrivateLoans.
Back to Reality
There are many nuances to properly managing user data and, for that matter, correctly issuing loans. While this post glosses over some the details of how issuing loans in a confidential environment might work, we hope it provides a useful example of how one might leverage the Oasis Network to build a privacy-preserving application that respects Alice’s — or any user’s — privacy.
With the Oasis Network, and the Foundation fostering its growth, our aim is to provide the structural tools needed for businesses to build privacy-preserving applications and services designed to protect an individual’s right to privacy and data ownership. This starts with a decentralized, privacy-preserving network like the Oasis Network, but it must also include higher level abstractions, policies, and user experiences that allow individuals to harness the power of this technology. If you’re passionate about privacy and data ownership, or if you have a project in mind visit oasisprotocol.org to read network documentation, apply for a grant, and more.