Creating evidence in a public blockchain… is that compatible with protecting the confidentiality of my data?
Some notions of public blockchain and anchoring
Blockchain technologies are a very powerful way to create proofs of existence. Woleet chose Bitcoin because it is now the only blockchain that has been able to demonstrate its resilience and neutrality for more than 10 years.
Bitcoin’s intrinsic properties, integrity, immutability, resistance to censorship, are perfectly suited to the need for evidence. In addition, public access to the blockchain allows anyone to view the blockchain and verify its contents, without compromising its integrity.
In order to be able to write evidence into the blockchain, without leaving confidential data in it, there is a standard anchoring mechanism, which consists in writing the digital hash of the data, and not the data itself, into a free field (OP_RETURN) of a Bitcoin transaction. Woleet implements technical layer mutualizing for you the anchoring of potentially several million data hashes in only one Bitcoin transaction sent periodically to the network.
How does this protect my data?
The anchoring mechanism only handles cryptographic data hash. Your data remains in your information system, where you calculate the hash. Their confidentiality is completely preserved.
For each hash, Woleet returns a proof receipt, which is used to verify the validity of the proof. Using the original data, the hash is recalculated, and with the proof receipt, you can prove the cryptographic link with another hash contained in a public blockchain transaction. . Verification is therefore possible for any holder of the original data and the proof receipt. An open source proof verifier is available here.
What about proof of signature?
Electronic signatures are the result of sensitive processes where each signatory makes a personal commitment. The need for evidence is therefore particularly strong. Evidence must not only demonstrate the existence of the signature, the date and the data concerned, but also the identity of the signatory.
Woleet always guarantees the confidentiality of signed data, using the same anchoring mechanism as for proof of existence.
However, the identity data of the signatories must be collected, verified and linked to the proofs of signature. They are therefore stored by Woleet for the duration of the retention period. Woleet implements data protection measures, in compliance with the GDPR: encryption of identity data, access restriction, secure deletion.