Dealing with Privacy in Smart Contract-based Insurances
In a previous article, we have highlighted the advantages the blockchain can bring to insurance products, including transparency. It is certainly the case that the insurance industry could benefit from more transparency. However, there are some trade-offs to be made in the name of privacy.
After all, would you really like information on how much jewelry you have insured in your home to be publically readable in an insurance policy written up in a smart contract? Why not cross-reference this information with the travel insurance for your upcoming holiday to let potential robbers know when your home will empty?
Clearly, some things are not meant to be public.
Whitelist to the Black ICO now, to secure a bonus!
On a Public Blockchain Everything is Public
The problem with public blockchains is that it is extremely hard to keep secrets. All data stored on the blockchain and all transactions executed are visible to anyone. Ethereum’s solidity language, which is commonly used to implement smart contracts, may provide a keyword for declaring private variables, but this is a cosmetic high-level language feature. The underlying Ethereum virtual machine has no concept of private storage. Anyone can read the content of a private variable from directly from storage. If you have the MetaMask wallet installed, you can even do this from the JavaScript console of your browser. The web3.eth.getStorageAt()function can read the storage of any contract deployed on the Ethereum network.
Permissioned Blockchains
Permissioned blockchains, also called consortium blockchains, are blockchains that only authorized participants can access. Apart from authentication mechanisms, blockchains following this paradigm, such as Hyperledger Fabric, also provide primitives for private data and private transactions. This means transactions and data can be made visible to relevant participants, whilst being protected from public access.
Hybrid Approaches
So how can Black Insurance provide both, transparency of the insurance industry, and privacy for policyholders? The answer is using two blockchains, a permissioned blockchain and the public Ethereum blockchain. Brokers, investors and insurers interact in private transaction on a Hyperledger Fabric-based blockchain. This private chain which is interfaced with the public Ethereum blockchain.
The Black Platform token exists on both chains and users can move their tokens between these chains.
Cross Blockchain Asset Transfers
For this hybrid approach to work, it is necessary to allow cross blockchain interoperability to enable assets to be moved across different platforms.
The facility of moving assets across different blockchains is known as atomic swaps. The usual scenario is trading an asset on one chain for an asset on another. Let’s say I want to sell 1 Bitcoin to someone for 12 Ether without going through a centralized exchange. My chosen buyer and I would have to perform an atomic swap. This is usually achieved by time-locked smart contracts into which the assets must be delivered within a certain timeframe by both parties. The exchange is said to be atomic because either the assets on both chains are exchanged or neither transfer is completed.
The Black Insurance case is slightly different. Whereas in the above example assets on both chains change owner, in this scenario the same asset is moved from one chain to the other. The balance of the owner should decrease on one chain and increase on the other.
To this end, the tokens that are deducted from the owner’s balance on one chain are locked into a Gateway Oracle, which acts as a vault. On the other chain, the same number of tokens are released from the corresponding gateway oracle. Together these matching oracles form the Token Gateway. The sum of free tokens on either chain always remains constant. Similarly, the total number of locked up tokens on the two chains also remains the same and should match the number of free tokens.
This may sound trivial, but it is surprisingly difficult to implement such a scheme providing atomic cross-chain movements and maintain integrity between the chains. Fortunately, interfacing two different ledgers consistently is not a new problem. Financial applications have had to deal with this type of challenges since many years before the blockchain existed. Therefore, there is a wealth of knowledge out there that has been adapted to blockchain technology.
The Interledger Protocol has been specifically designed for providing interoperability between blockchains. The Black Insurance system interconnects the above mentioned oracle vaults on each chain using the Hyperledger Quilt implementation of the Interledger Protocol.
Conclusion
Privacy in insurance products has to be taken as seriously as transparency. Public blockchains are very good at transparency but perform poorly in terms of privacy. For this reason, Black Insurance implements privacy critical functionalities in a permissioned blockchain but interfaces this system with the public Ethereum network. Assets can be moved from the private chain to the public chain and vice versa.
