An introduction to encrypted blockchain and off-chain messages for developers.
BitBoost Marketplace is designed from the ground up to protect user privacy. We don’t collect any personal data, no email address or other user information is required to register, and we encrypt all messages between users at all times. Messages critical to a sale are recorded on the blockchain; all other messages are exchanged off-chain to minimise any risk of a future attack.
While we believe this is the right approach anyway, our implementation takes place within the context of the new GDPR laws, with which sellers within the EU must be compliant. These include the ‘right to erasure’; under the new EU laws, users have the right to demand that web services delete their personal data under various circumstances – including simply when the individual withdraws their consent for the company to hold it.
This has proven controversial in the case of blockchain-based platforms, which permanently store all the data held on them. At the same time, they are decentralised platforms with nodes all over the world and – in most cases – cannot exactly said to be owned by a company. Moreover, there’s uncertainty about what ‘erasure’ means in these circumstances. While it’s not possible to remove data, strong encryption places it out of reach of all but the owner(s) of the private key used to encode the message. Hogan Lovells’ Guide to blockchain and data protection comments, ‘Some data protection authorities have found that irreversible encryption constitutes erasure. In a blockchain environment, erasure is technically impossible because the system is designed to prevent it. However, smart contracts will contain mechanisms governing access rights. Therefore the smart contract can be used to revoke all access rights, thereby making the content invisible to others, albeit not erased.’
For BBM, access to encrypted blockchain messages are governed by smart contracts and cryptography. Buyers and sellers can both access messages they have exchanged and, if required, grant access to an arbiter. Thus the data is available only to those who have created it.
Public key encryption and shared secrets
In practice, communications are encrypted using ‘shared secrets’, which in our case are securely generated using the two parties’ public and private keys. It’s a neat feature of the Curve25519 cryptography that a common number can be generated without the two users sharing any sensitive information: Alice can use her private key and Bob’s public key to generate the same shared secret that Bob generates with his private key and Alice’s public key. This shared secret can now be used to encrypt messages between Alice and Bob, so that only the two of them can read the content. Where third parties like arbiters may be involved, a one-time private key is generated so that buyer and seller can communicate with the third party without revealing their own private keys. The private keys used for both wallet generation and encrypted communications are the same, and are securely stored in the user data folder as a JSON file, encrypted with a password.
In this way, BBM provides robust privacy for both encrypted blockchain messages and off-chain communication.