Towards Application Portability on Blockchains

We discuss the issue of what we call {\em incentive mismatch}, a fundamental problem with public blockchains supported by economic incentives. This is an open problem, but one potential solution is to make application portable. Portability is desirable for applications on private blockchains. Then, we present examples of middleware designs that enable application portability and, in particular, support migration between blockchains.Comment: Proc. IEEE HotICN 2018, August 201

Applying Software Quality Criteria to Blockchain Applications: A Criteria Catalog

The selection of the suitable blockchain software ecosystem has become very complex, given the growing market. More and more products with different functionality (mainly consensus algorithms and smart contracts) are available on the market. To identify the correct blockchain system for the respective application, a catalog of criteria with a focus on software quality is developed in this work. This catalog supports the selection of the right application and can be individually weighted

The GDPR-Blockchain Paradox: Exempting Permissioned Blockchains from the GDPR

When considering the legal landscape emerging after the General Data Protection Regulation went into effect on May 25, 2018, the uncertainty surrounding the Regulation reaches its peak when it is applied to blockchain technology. While the goals of storing personal data on permissioned blockchains may align with the goals of accuracy and transparency emulated by the GDPR, the language of the Regulation makes it likely that blockchain technology, as a whole, violates the GDPR. Permissioned blockchains have promising use cases and developments that have not only streamlined data storage, but also allowed users to have increased control over who accesses their data. Accordingly, this Note proposes that to ensure innovation and technological growth of permissioned blockchains are not stifled, the GDPR must release guidance that exempts permissioned blockchains that store personal data from the daunting violation fines of the GDPR. First, this Note discusses the background of blockchain technology, highlighting the benefits of permissioned blockchains. This Note then discusses the relevant regulations of the GDPR, focusing on the right to rectification, the right to be forgotten, and the right to data portability. Next, this Note discusses how blockchain technology violates users’ data access rights. The last part of this Note discusses why permissioned blockchains should be exempt from the GDPR and proposes solutions on how to facilitate this exemption, concluding that the most efficient way to ensure that the technological growth of permissioned blockchains is not stifled is immediate guidance from the GDPR that interprets definitions from the Regulation in a way that exempt permissioned blockchains from violations

The Horcrux Protocol: A Method for Decentralized Biometric-based Self-sovereign Identity

Most user authentication methods and identity proving systems rely on a centralized database. Such information storage presents a single point of compromise from a security perspective. If this system is compromised it poses a direct threat to users' digital identities. This paper proposes a decentralized authentication method, called the Horcrux protocol, in which there is no such single point of compromise. The protocol relies on decentralized identifiers (DIDs) under development by the W3C Verifiable Claims Community Group and the concept of self-sovereign identity. To accomplish this, we propose specification and implementation of a decentralized biometric credential storage option via blockchains using DIDs and DID documents within the IEEE 2410-2017 Biometric Open Protocol Standard (BOPS)

A Systematic Literature Review of the Tension between the GDPR and Public Blockchain Systems

The blockchain technology has been rapidly growing since Bitcoin was invented in 2008. The most common type of blockchain systems, public (permisionless) blockchain systems have some unique features that lead to a tension with European Union's General Data Protection Regulation (GDPR) and other similar data protection laws. In this paper, we report the results of a systematic literature review (SLR) on 114 research papers discussing and/or addressing such a tension. To be the best of our know, our SLR is the most comprehensive review of this topic, leading a more in-depth and broader analysis of related research work on this important topic. Our results revealed that three main types of issues: (i) difficulties in exercising data subjects' rights such as the `right to be forgotten' (RTBF) due to the immutable nature of public blockchains; (ii) difficulties in identifying roles and responsibilities in the public blockchain data processing ecosystem (particularly on the identification of data controllers and data processors); (iii) ambiguities regarding the application of the relevant law(s) due to the distributed nature of blockchains. Our work also led to a better understanding of solutions for improving the GDPR compliance of public blockchain systems. Our work can help inform not only blockchain researchers and developers, but also policy makers and law markers to consider how to reconcile the tension between public blockchain systems and data protection laws (the GDPR and beyond)