Security And Privacy Trade-Off: ING Bank’s Corda Blockchain Proposal
The Netherland's leading bank ING has made history with extra privacy measures for blockchain enterprises. Specifically they have come up with a solution for the Corda distributed ledger system which was built by R3. This was done in a bid to ensure that security policies were current before upcoming trading.
Announcements were made at the annual developer conference CordaCon that ING had helped to solve security/privacy trade-offs in their system. An issue that has been prominent for Corda users for quite some time now. ING’s blockchain team resolved the issue by instituting Zero-Knowledge Proofs to Corda’s notary system. What this means is the network will now verify the uniqueness of each transaction, negating double spending.
While other blockchains broadcast data among nodes, R3’s Corda controls data, limits the information shared. Corda’s notary service offers two options; using validating notaries or non-validating notaries. The validating notary undermines security while it looks up the information pertaining to the transaction. The non-validating option opens the transaction up to malicious actors writing invalid transactions.
What ING has done is institute zero-knowledge proofs. These prove whether something is true without compromising or revealing information about the transaction. This means that transactions can be verified without knowledge of their contents. A massive step in the right direction to fixing the security issues.
Trade Finance Case Studies
ING’s use of Corda for business and trading is imminent and issues with privacy concerns needed to be addressed quickly and accurately.
Their Global head of IT said that ING had invested in a number of Corda apps. This included trade finance projects Marco Polo and Voltron. While they are currently using the non validating notary hosted by Corda. Ilchenko, the head of IT said that although the scenario was highly unlikely it was still a possibility that someone could try to make use of working capital, only to be denied. To fix this court process and physical finance would need to be used which defeated the object of blockchain. And this is why they implemented ZKP’s.
When using zero-knowledge proofs, blockchains are usually slowed down by their high demand in data. ING’s ZPK transactions which are sent to Corda notaries have shown to take less time than regular fiat currency transactions. Ilchenko said that the solution would be instituted across the entire Corda Network.
ING has worked on a wide variety of ZPK’s using versions of ethereum like Quorum, JP Morgan banks solution. While R3 has worked tirelessly to modify Intel’s trusted execution environment solution to fit with Corda’s requirements. With the bank readily instituting its knowledge gained from banking giants like JP Morgan it isn’t difficult to see that ING’s decision was a well thought through one.