We’ve discussed two different approaches to data privacy in smart contracts — zero-knowledge proofs, including zk-SNARKs, and private blockchains.

zk-SNARKs allow smart contracts to offload data privacy to users, while requiring them to prove that their computations are valid by the rules of the contract. Private blockchains, on the other hand, change the rules of the game — allowing application data privacy while forfeiting the benefits of a public blockchain.

zk-SNARKs are a powerful tool toward building privacy-aware systems on public blockchains, but they aren’t enough for many organizations to abandon private ledgers. That’s because in many business cases, there’s not a correspondence between users and data access.

Let’s talk about one such case.

Killing Equifax

Recently, Equifax suffered a horrible security incident, exposing up to 143 million people’s personal information, including Social Security, driver’s license, and credit card numbers.

Actually, that’s not quite right. Because Equifax’s business doesn’t rely on consumer trust, they haven’t suffered yet — though the 143 million people affected certainly will. The scope of the attack is difficult to understate, and it’s left many questioning whether large, disinterested corporations like Equifax can be trusted with so much of our personal information.

The problem the Equifax hack exposes is structural to our economy. When a consumer applies for a loan, or opens a new credit card, the potential lender wants to make sure the consumer is credit-worthy. Because there are many lenders, they can’t ask every other lender whether the consumer missed a payment. In fact, those other lenders are their competitors, and aren’t interested in helping them assess risk.

To solve this problem, consumer credit reporting agencies — the most well-known of which are Equifax, Experian, and TransUnion — collect information from past lenders, landlords, utilities, and other parties to compile a consumer’s credit report. Lenders can pay for this report to decide whether to extend a loan, and even pay for access to high-scoring individuals to whom they can advertise their services.

Unfortunately, in this system, credit agencies’ incentives are aligned almost exclusively with their customers — the lenders. They don’t have a strong incentive to protect consumers’ personal information.

A step-by-step guide to replacing your credit agency

The credit agency problem sounds like a good fit for a blockchain. There are competing parties — lender vs consumer, lender vs lender, and consumer vs hacker. Lenders want information on consumers, but don’t want to help competitors assess risk. Consumers want access to credit, but don’t want their personal information to fall into the wrong hands.

In situations like this, blockchains can act as arbiters. But without delegated computation, consumer privacy needs fall to the wayside.

Imagine for a moment we have the privacy technology we need. Contracts can offload access to private data, and request computations over that data. With this new tool, we can build an autonomous credit agency.

1. Identity

We need a way for consumers to assert their identities. A system like Civic means consumers can keep private information on their mobile devices. Identity verifiers request access to that information, which consumers grant via a mobile app. The verifiers then assert that the mobile device and associated public key are, indeed, owned by the person the consumer claims to be.

In this system, more verifiers means better security. The power company can assert you live at an address, based on billing and account history. The Social Security Administration, the State Department, or your local DMV can assert other facts about your identity based on verifying ID cards. While any one verifier might be hacked, it’s unlikely they all will.

2. Credit history

Now that we have a strong identity framework, we can tackle credit history. Lenders can assert facts about their interactions with a consumer. These assertions may or may not be true — even the best-intentioned lender could have a mix-up — but they’re a best effort.

3. Dispute resolution

Consumers can challenge assertions. In the case of a challenge, the assertion goes to arbitration. Lenders must substantiate their claims. For consumers, most disputes will be simple— if a lender can’t substantiate their claim, or they don’t bother, the assertion is struck.

Assertions about a consumer’s credit shouldn’t be public. Lenders commit to an assertion on the blockchain, and encrypt assertions with a consumer’s public assertion key.

Congratulations, we’ve imagined the pieces of a decentralized credit system. But how can lenders use this system for risk assessment?

4. Replacing credit reports

A lender considers a loan application. They have the borrower’s public key, as well as records linking their public key and their real-world identity.

The lender wants to review the borrower’s history, using their own in-house risk assessment function to decide whether to back the loan. But the borrower doesn’t want to expose their entire credit history to the lender — not only could they lose it to hackers, but the details are none of the lender’s damn business.

By delegating the computation to another party, the lender can be sure the data has been properly evaluated, scoring the borrower for a loan, and the borrower can get their loan, only exposing their credit history to the non-lending party.

Now we’ve found the crux of this whole scheme. We’re ready to knock this mother down, and replace consumer credit agencies with a fairer, more secure alternative. We just need to find a way for the lender and borrower to delegate computation without exposing the borrower’s credit history to prying eyes, or the lender’s scoring function to competitors.

Multi-party computation