User-Mintable, Privacy-Enabled NFTs on Ethereum

Sharing the technical paper behind Centrifuge’s Business NFTs

Public blockchain infrastructure is well-suited to freely create and exchange unique digital representations of anything in forms of tokens. The term non-fungible token (NFT) with the ERC-721 standard on Ethereum gained wide popularity earlier in 2018.

So far the use-cases for ERC-721 have mostly been for (crypto-)collectibles (like cats) and other on-chain assets (like virtual land parcels). By combining decentralized, private off-chain data with an on-chain NFT registry, it is possible to tokenize those private data sets. “Tokenizing” is the act of creating a unique, tradeable, trackable representation. Following a standard like ERC-721 immediately opens a broad ecosystem of wallets and exchanges to handle these tokens across a single project’s boundaries.

We already wrote about “business documents as NFTs” and are excited to now share the technical paper that describes the underlying mechanisms to mint on-chain NFTs with off-chain, private data in a decentralized way.

In this paper, we describe using an on-chain token registry, following ERC-721, with a custom mint-method, and a pointer to the off-chain asset via an NFT’s metadata. The NFT registry’s mint-method allows anyone to create a token that represents the off-chain document, who can prove their rightful ownership of the off-chain data. What “ownership” means is up to the NFT registry itself. One example, as in Centrifuge OS, of original ownership could be the proof that the token creator is the supplier that is registered on an invoice. The supplier is the original “owner” of the invoice and is the only one who can register the on-chain representation.

In the case of Centrifuge OS, one example of an NFT-registry is the one holding the tokenized representation of payment obligations of invoices. Other examples include purchase orders or sets of private company data like a company’s address. In each case, the on-chain registry enforces specific rules of who can mint a token that represents the respective data set and which conditions need to be met to create the token in the first place.

Any owner of a previously minted privacy-enabled NFT can sign requests for the off-chain data with the private key of the account that currently holds a particular token. The off-chain data store then allows the current NFT owner to interact with the private data.

While the paper describes our implementation in Centrifuge OS, the process of minting the token and providing off-chain data access can be generalized and applied to any off-chain assets and data stores.

As always we are excited to receive feedback and find ways to improve our approach and implementation. Please find the paper here and send a note to hello@centrifuge.io with any thoughts you might have.


We would like to thank the people who took the time to read our early version of the paper, share their thoughts, proofread the document, and help us to improve our thinking and approach. A big thank you to Demian Brener, Yannick Roux, Esteban Ordano, Ha Duong, and Maximilian Fiege.