ING innovation solves privacy-security trade-offs in blockchain transactions

On 23 October, ING’s distributed ledger technology (DLT) team introduced its zero knowledge proof notary service, a blockchain breakthrough that improves the privacy and security of transactions on Corda, an open source blockchain platform. The service evaluates the validity of a transaction without revealing anything about it, except that it’s valid.

Like a notary whose job is to witness the signing of documents to validate them, the zero knowledge proof notary evaluates whether a blockchain transaction is valid or not, but without seeing its contents.

Corda’s current notary services provide two options: a validating and a non-validating notary. “In the case of the validating one, the notary sees the contents of a transaction before it determines if the information is correct, which means participants lose privacy,” explains Mariana Gomez de la Villa, programme director of ING’s blockchain team.

“A non-validating notary doesn’t see a transaction’s content, which creates a security risk where the notary could sign off the wrong transaction if a malicious participant builds an invalid transaction. However it protects participants against double-spends, an attack where someone could spend the same asset twice, as does the validating notary.”

ING’s zero knowledge proof notary addresses both the privacy and security issue.


Zero knowledge range proofs

The proof of concept is the fourth in a series of zero knowledge solutions. Launched in 2017, zero knowledge range proof (ZKRP) allows a blockchain network to validate that a secret number is within known limits without disclosing it. For example, a mortgage applicant could prove that their salary sits within a certain range without revealing the exact figure.

A year later, ING took the solution a step further and introduced zero knowledge set memberships (ZKSM), going beyond numerical data to include other types of information, like locations and names. This made the new code, ZKSM, more powerful. For instance, banks could validate that a new client lives in a country that belongs to the European Union, without revealing the country.