How to secure Sensitive data on an Ethereum Smart contract?
Have you ever writen a smart contract in Solidity and deployed to Ethereum network? It is very exciting that you can program and put your logic on the blockchain right? Anyway, Solidity itself still is in development and there are a lot of drawbacks we need to solve when working with Solidity and smart contracts. One of the drawback is secure our sensitive data on the smart contract.
So today we are discussing about how to secure your sensitive data on the smart contract you are going to deploy. We will go through some methods and verify if we can truely secure our data on a smart contract or not.
But wait! Why we need to hide our data?
So you may ask this question. Can you remember what are the important properties of blockchain? Decentralized, Trustless, Permanent, Transparency,… And yes, Transparency! Why we want to hide something when we want Transparency on the blockchain?
The answer is simple, let’s imagine you deploy a smart contract for a QUIZ which store the secret answer for a question and deploy it with a reward, anyone could guess the secret word will get the reward. Of course we need to hide the answer so we can get the QUIZ game work. What transparent here is the logic: “Sending reward to whoever can guess the secret word correctly”. And that should be the Transparency we want to achieve.
So smart contract open us a very open world and help us to do anything we want, that’s why at some points you will meet the situation when you want to hide something as described above. And how we could really hide our secret word in the challenge? Let’s go throught some methods.
Private variable?
Yeah, programatically, we can declare a private variable in our smart contract. Just simple like this:
string private secret;Setting variable to private is a way of ensuring changes will only go through some specific methods. But in term of ‘private’ for the data, it is illusory. Basically everything on the Ethereum smart contracts are on the hard drive of all nodes (all miners and participants), private variable is just to make it inconvenient to read but doesn’t mean impossible. It is insufficient to safeguard your sensitive information from a determined adversary.
More over at some point, you may want to publish your source code and people can read the secret in your smart contract easily.
Put in the sensitive data later
So what if we don’t put the sensitive data at the begining in the source code but implement a function to put the message in later? Below is a simple smart contract
contract SecretMessage {
string private secret;
function SetSecret(string _secret) public {
secret = _secret;
}
}Asume that we already deploy the smart contract and we use the SetSecret function to put the message in (of course in product we need to protect this function with owned modifier to make sure only us can call this function.
So what happen when we call the function with our secret?
Let’s open ethereum wallet and try to call the function, put the secret word “hello” and send it:
When you click the send button, we can se the raw data to send to the smart contract:
568656c6c6f000…And if you notice, that is the string hello written in hexa code. Which is public for everyone!
0x5 - length of the string
0x68 - h (ASCII code 104)
0x65 - e
0x6c - l
0x6c - l
0x6f - oThis also the way a string is presented in Solidity.
You can see that when we call the function, the data we sent is public on the Ethereum network and anyone can read it. This solution is no better than putting the secret directly in the smart contract. This also the same as deploy the smart contract with the secret in the arguments of the constructor function.
ENCRYPTING or HASING THE SECRET?!
You can see everything we put on the blockchain is visible to everyone else, so how we can secure our sensitive data? The simple way to do: Encrypt or Hash the secret! And this seems to be the best solution so far for us.
We have 2 ways:
1) We can encrypt our data and put the secret key secured somewhere off-chain. When we want the smart contract to get the real secret to do the needed logic, we need to send the key for the smart contract. This has 2 drawbacks: The private key will be published to everyone at the time we send it to the smartcontract; Asymmetric encryption function is not supported yet in Solidity (and implement the funciton directly in the smartcontract seems impossible)
2) We can simply hash the secret key and put the hash on the blockchain. Then everytime someone answer, we just need to hash their answer and compare with the hashed secret key. Solidity already has some hash function which we can use: Keccak256 (SHA-3 by Ethereum), SHA256, RIPEMD-160 (http://solidity.readthedocs.io/en/latest/units-and-global-variables.html#mathematical-and-cryptographic-functions)
Let’s do a demo for our QUIZ above with the hashing solution:
contract WordguessQuiz {
// This is the hashed of word 'hello' using SHA256
bytes32 private hashedSecret = 0x2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824;
// This map is used to track if user answered correctly
mapping (address => bool) public answeredCorrectly;
function Answer(string word) public {
bytes32 hashedWord = sha256(word);
if (hashedWord == hashedSecret) {
answeredCorrectly[msg.sender] = true;
// TODO: Send reward to this user
}
}
}Deploy the function and guess an account, call it with the word we guess hello and check if we answered correctly or not using the map answeredCorrectly
Conclusion
So the best solution right now is encrypt / hash our sensitive data on the blockchain. Of course Ethereum is still in its development and we may have a better solution in the future when we only need to put the variable private and noone can read it, this is actually one of the problem being described in the Ethereum Wiki (https://github.com/ethereum/wiki/wiki/Problems#4-code-obfuscation). Until then we need to go with the encrypt/hash solution althought it could make our decentralized solution more or less centralized.
Anyway, in my opinion, we can accept this solution for now. Cause at least we can maintain the Transparency, e.g. people can see we actually send reward to the one who answer the word correctly and no one could cheat to stole the reward (they can do some bruteforce attack to guess the word but we can have some simple solution to take care of it).
Blockchain is new and everything is still at their early state. What we could do is adapt this new technology and find more applications for it. That’s what we trying to do with TALO — a Decentralized Talent Optimization Protocol. Come and join us at https://talo.io if you want to know more about us!
