ING Bank Proposes Security and Privacy Trade-Off for Corda Blockchain

Published at: Oct. 23, 2019

ING announced that researchers at the financial services firm have solved a security and privacy issue on blockchain software firm R3’s Corda blockchain.

On Oct. 23, ING’s distributed ledger technology team presented its white paper, called “Solutions for the Corda security and privacy trade-off: having your cake and eating it,” where it reportedly found a solution to improve the security and privacy trade-off on Corda, an open-source blockchain platform.

Zero-knowledge proofs allow for greater privacy and security

The white paper states that currently, the content of each transaction on the Corda blockchain is revealed to a validating notary to be able to achieve consensus. Being able to observe the content of transactions may raise privacy concerns. ING director Mariana Gomez de la Villa explained:

“In the case of the validating one, the notary sees the contents of a transaction before it determines if the information is correct, which means participants lose privacy. [...] A non-validating notary doesn’t see a transaction’s content, which creates a security risk where the notary could sign off the wrong transaction if a malicious participant builds an invalid transaction. However it protects participants against double-spends, an attack where someone could spend the same asset twice, as does the validating notary.”

ING’s solution introduces a zero-knowledge proof (ZKP) notary service to validate transactions, that can purportedly evaluate the validity of a transaction without compromising on safety and without revealing any private contents.

In the cryptography world, ZKP is known as a method that allows one party to prove to another party that a statement is true without giving up any additional information. Zero-knowledge proofs were defined for the first time in a 1988 paper published by researchers from MIT and the University of Toronto as “those proofs that convey no additional knowledge other than the correctness of the proposition in questions.”

ZKPs allow for greater privacy on public blockchains and could fuel growth in blockchain adoption by reducing the expensive and time-consuming process of setting up private networks.

ING CEO says the bank might cut ties with Facebook

Cointelegraph reported previously that ING CEO Ralph Hamers stated that banks may be inclined to stop working with social media giant Facebook if the firm goes ahead with the planned launch of its Libra stablecoin. Hamers explained that banks such as his have a rather low-risk approach:

“We are such a large, regulated institution that you don’t want to risk anything. [...] We’ve said we’ll take a look and see how this develops.”

Tags
Blockchain
Privacy
Banks
Security
Related Posts
FX Settlement Provider CLS Begins Final Testing for Blockchain Payment Banking Service
Forex exchange (FX) settlement giant CLS is in the final stages of testing its blockchain payment service for banks, Financial News reported July 27. The service is reportedly set to be launched later this summer, with at least seven banks expected to sign on to the system in the early months. CLS, the New York-based global multi-currency cash settlement system, has been working with tech company IBM to introduce the blockchain-powered payment netting service. The system is set to be incorporated in banking IT systems to boost the level of standardization in the global FX markets, as well as reduce …
Blockchain / July 29, 2018
Blockchains Are an Excellent Solution for Privacy, Part 3
Some entrepreneurs have been trying to increase data privacy by combining encryption and blockchain technology. There are projects like Oasis Labs and Enigma that focus entirely on preserving users’ privacy. Meanwhile, others have been focusing on preventing data retention by companies. Thus, there is no way to guarantee that personal data is deleted in a company’s data system. Blockchain technology’s reliable consensus ensures that people’s data is used correctly. Protection against software and hardware attacks Companies like Oasis Labs, which designed the Ekiden system, run smart contracts outside the blockchain within a Trusted Execution Environment, or TEE, node to enable …
Blockchain / June 22, 2020
Zoom Will Offer End-to-End Encryption to All Users
On June 17, the popular video conference app, Zoom, officially announced that end-to-end encryption, or E2EE, has finally arrived for their software. It will be provided to both free and paid users, so long as their account has passed the company’s verification process. According to the announcement, during the beta phase that will start from July, users should verify their phone numbers via a text message. The aim of this step is to prevent the mass creation of abusive accounts. Zoom commented: “We are confident that by implementing risk-based authentication, in combination with our current mix of tools - including …
Technology / June 17, 2020
Big banks think new furniture is innovation, but they are wrong
When banks finally come to improve their technology experience, they go no deeper than changing the front end. They’ll make a button blue instead of green or create rounded edges on buttons instead of square ones. They think in terms of their interfaces, not the back end. If a bank were to truly innovate its technology, it’d dig deeper into the back end and transform its legacy technical infrastructure, which has been the same for decades. Few today even know how to work on those old programming languages of yesteryear, such as COBOL, so they’re stuck with upgrades that turn …
Technology / Nov. 28, 2020
ESET Flags New Latin American Banking Trojan That Targets Crypto
Major Slovakia-based antivirus software provider ESET has discovered a banking trojan that can steal cryptocurrencies and is especially widespread in Latin America. Primary targets Known as “Casbaneiro” or “Metamorfo,” the newly found malware family targets banks and cryptocurrency services located in Brazil and Mexico, ESET’s editorial arm WeLiveSecurity reports Oct. 3. According to the report, Casbaneiro uses a social engineering execution method, which displays fake pop-up windows misleading potential victims to enter sensitive information. The capabilities of the malware are typical of Latin American banking trojans that can take screenshots and send them to command and control server, simulate keyboard …
Blockchain / Oct. 3, 2019