Tel Aviv-based QED-it, the trustless audit platform, is one of the best kept secrets in startup land. It uses zero knowledge proofs to enable business partners to share information about their business processes without revealing the underlying data.
The product, which has been in stealth mode until now, combines advanced cryptography, parallel computing and blockchain technology. Its developers say it should be of interest to any bank or enterprise with a blockchain team.
It has been said blockchains are not about solving a technology problem for banks, but rather a game theoretical problem: how they can collaborate without ending up owning one another.
There are some data that firms are simply not going to risk sharing, even in encrypted form. This has driven intense interest within the enterprise blockchain world for data privacy solutions, like zero knowledge proofs and homomorphic encryption.
One problem with those sorts of privacy solutions is the amount of computation they use up, which mean they don't scale to the level required in most industrial use cases. QED-it specialises in algorithm-heavy ZKP, accelerating computations through parallel systems to meet businesses' scalability needs when it comes to distributed ledgers.
Jonathan S. Rouach, CEO, QED-it, said: "We're seeing huge interest in zero knowledge proofs (ZKP) as a solution to confidentiality on blockchains from every single actor we talked to, and we've met many leading teams.
"The regulators especially, can enforce rules in real time, without the need to concentrate the confidential data from participants. The company took a bet on efficiently solving the privacy paradox - how can you reach a consensus on a distributed ledger without sending the information to all the peers.
"Today the challenge is accompanying the industry to integrate ZKP technology itself and understand how to adapt ZKP to different use cases."
He said the notion of self-audit has been a compelling one. Players will perform a self-audit on their confidential data, generating a proof that the audit happened correctly, and sharing it with other actors. These actors will verify the validity of the proof without having access to the confidential data. This mechanism is replacing today's "full transparency" blockchains, where data is sent in the clear, and parties perform the validation on this open data.
Rouach referred to solutions that offer only notarisation of contracts using a hash on the blockchain. "Actors notarise contracts in pairs, but there is no global consensus," he said. "You could notarise two conflicting facts or contracts with two different actors. Notarisation is just there for you to anchor your agreements. Only if there's a legal need, parties audit the data, when it's too late. A global consensus on the underlying data is a preferable solution."
The QED-it solution allows users to process their own data in a proving circuit, generating proofs; the blockchain becomes a blockchain of proofs rather than data. This allows other actors to verify in real-time that you followed the rules, while your data remains confidential.
Rouach provided the example of a bank financing the construction of an aircraft, which is the collateral for the financing. The airline that will operate this aircraft stores a detailed maintenance and operations log in its IT systems. This log reflects many commercial aspects of the airline's operations, and can't be shared with the bank. How can the bank follow the value of its collateral if it does not have access to the maintenance log?
"The bank will provide the valuation formula, and the airline will run it locally in its IT system. Using QED-it Zero Knowledge Proof technology, the bank can ensure that the correct formula was applied, and trust the results," he said.
"This is also useful for regulators because it offers a proof, in real-time, that the aircraft follows the regulator's rules.
"We demonstrated our technology to leading actors in the industry, and our first partners are already using and testing our tools across several interesting use-cases, without compromising on confidentiality."