“A few years ago, users of Internet services began to realize that when an online service is free,” explains Apple CEO Tim Cook, “you’re not the customer. You’re the product.” This quote, and ones just like it, has been attributed to many sources, but the message is always clear: when companies don’t charge users, they’re profiting on those users somehow. The data users generate online has grown into a multi-billion dollar advertising industry, with the free platforms people use every day, for often hours each day, monetizing their user data. This comes across to users in the form of “targeted” or “promoted” posts and advertisements which claim to be personalized for the user based on their demographic information.
Data-based Marketing
Let’s look from the point of businesses that have to pay to Google, Amazon, or Facebook for these ads. Would you, as a business, pay more to show an advertisement for a car, to a person who is searching for a new car and had a lease car that just expired? Would you, as a business, pay more to show an advertisement for new running shoes to a person who buys new shoes every 4 months because he is a runner and it is recommended to change your running shoes every 500 miles? Would you, as a business, pay more to show ad for ski boots to a person who is searching for a new ski boots after purchasing a new pair of skis? Would that added knowledge about potential customers’ purchasing and browsing history make directing your marketing efforts more efficient?
The answer is yes. Businesses will pay more and currently business is paying more to these third-party ad networks, sometimes over $40 per click, just to reach the “right” people. So your personal information has value, but what do users get from this value today? Nothing. Bitclave is changing this paradigm. You own your personal information. You decide what, when, and to whom to reveal from your personal information and you get incentivized for revealing it. Sounds great but is this even possible? Lets run through some simple scenarios to emphasize the challenges and solutions that BitClave is planning to implement.
Getting Started with BASE
Let’s start with the registration process. You are the customer in these scenarios. You will have to register and provide some personal information as part of the registration process. You can decide what information to provide and you can add more information later once you get more confidence in BASE ecosystem. All information that you provide is encrypted and is stored on the blockchain. BitClave will optionally verify your information and sign it with its private key. Signed information will give more confidence to business that it is authentic. So while information is written in open blockchain and anyone can see it, no one can actually understand your personal information.
Now let’s search for a new car. You are still the customer. You enter your search query and you get some offers. But so far you did not reveal any of your personal information. Now you decide that you want to reveal some of your personal information to a specific business that you trust so you get a better offer from that business.
This is how this could happen:
Along with your search query, you can include a list of encrypted values, protected using a symmetric key that nobody else knows. This is an example of what is called a cryptographic commitment, because it doesn’t reveal any of the information, but binds each piece of information to the search. For example, this list could contain values like
Ek1(info1), Ek2(info2), … , Ekn(infon),
where Ek denotes encryption with a symmetric key k and each piece of information infoi is encrypted using a different key ki. If I later want to reveal a specific piece of information to a retailer, such as my purchasing history or some demographic details, I can simply give them a copy of the corresponding key ki, secretly of course. For example, message like
EPKj(Ki)
where EPKj denotes encryption with public key of business j of the symmetric key Ki , can be opened only by business j
This action (referred to as opening the commitment) allows the retailer to access my private information without changing any past commitment, since the blockchain prevents modifying past data.
That’s great. So you revealed your personal information to a business that you trust and got a better offer as a result of it. You also got paid higher rewards for just viewing this offer (and as we established above, business will pay higher prices for better potential buyers). So, you like it and start using the system for more and more searches.
There are quite a few problems with the above scheme. Remember you are in control of your personal information, you do not want to expose to anyone anything unless you intentionally decided to expose it. So, in the above scheme, anyone by looking at the transactions on blockchain, will see that these transactions came from the same address. This was not your intent. So let’s see how we solve this one.
Anonymous & Personalized Searching
Instead of allowing everyone to link together all your searches into a public search history, you can create multiple personas (also called pseudonyms) on the blockchain and use different ones for different searches. You can choose to reuse a pseudonym for searches that are related to each other (for example, using the same pseudonym when I search for shoes every few months), or you can use a different pseudonym for every search. In either case, creating a new pseudonym is as easy as creating a new blockchain wallet and corresponding public/private key pair, all of which can be managed in a friendly way by your wallet app.
Now, every transaction as is seen on the block chain looks like it came from a different person, meaning your true identity is perfectly obscured. You have created different identity each time you make a transaction. This presents a new problem. Remember the runner who is buying the running shoes every 500 miles? He wants to benefit from the fact that he buys shoes periodically. But how can he prove it to anyone? Every transaction you posted came from a different identity.
Suppose you have been shopping for shoes periodically under one of your pseudonymous identities IDshoes, but you want to prove to a retailer that both this and your real identity IDreal correspond to you. There are many ways to do this, starting with the previous example where pieces of information can be encrypted and committed to the search. In particular, when searching using pseudonym IDshoes, you can include an encrypted version Ek(IDreal) of your real identity that you can reveal at a later time by secretly sharing the key k (as well as other relevant information) with another party. If you want to link together multiple pseudonyms (for example, if you did each search for shoes using a different one), you can share a list of transactions and their corresponding keys to allow the other party to link them all to your true identity, all without anyone else knowing this linking exists.
However, with this type of exchange using pseudonyms instead of true identities, it’s probably the case that an identity is more sensitive than other types of information, so we may want to provide even stronger guarantees. In fact, just encrypting the ID as above has weaknesses, namely that the commitment isn’t actually bound to the real identity, since IDreal is probably a publicly-known value. Instead, we can build a stronger cryptographic commitment that binds each pseudonym to a real identity in a verified way. Instead of including the encrypted identity Ek(IDreal) along with the pseudonym, you can construct a signature pair that uses both asymmetric private/secret keys SKshoes and SKreal to prove you control both identities. One possible way to do this would be to include the signature pair
S = [sigSKshoes(k), sigSKreal(k)]
inside the search when using the pseudonym IDshoes, using a similar random value k as the input to the signature function for each secret key. When you later want to prove to another party that you control both IDshoes and IDreal, you can secretly share the value k corresponding to that specific search, and the other party can validate both signatures in S using your two public keys PKshoes and PKreal.
Virtual Identities
This is what all of that means when you put it together. You decide what personal information to reveal and to whom, you have a new, virtual identity for every transaction performed so your purchase history is hidden until you want to prove to someone that you performed these purchases in the past (or a subset of transactions — it is up to you) and you get better offers/incentives comparing to the case where you do not reveal this information.
But what’s preventing the businesses that you’ve trusted in the past from deciding to sell your personal information or gets hacked? How can you prove to businesses that you were buying these running shoes for 2 years, every 4 month without actually revealing your transaction and personal information, so on one end you get the better offer but on the other hand you keep your privacy? Is it even possible? Fortunately, cryptography offers a solution.
Zero-Knowledge-Proofs. In cryptography, a zero-knowledge proof or zero-knowledge protocol is a method by which one party (the prover) can prove to another party (the verifier) that a given statement is true, without conveying any information apart from the fact that the statement is indeed true. This technology is in use in blockchains like ZCash and is coming as part of Ethereum Metropolis release as ZK-SNARKS. This adds an additional layer of encryption and data obfuscation, meaning users can have total confidence in the data privacy offered by BitClave.
