Privacy-Preserving Data Storage and Use
A key pillar of Humanity Protocol’s self-sovereign identity (SSI) framework is the use of an identity and data oracle platform that decentrally manages and stores user data and VCs, and leverages zero-knowledge cryptography to keep personally identifiable information (PII) and sensitive data private. The platform gives users full control of whether/how their data are accessed by other third-party applications.
Protection 1: Data Encryption & Private Key Management
An issued user VC is bound to the user’s wallet with the associated user data encrypted using AES-GCM quantum-resistant symmetric encryption. Encryption keys are divided via a multi-party computation (MPC) mechanism, and stored across decentralized nodes on a key-share network (e.g. Lit Protocol), removing the dependence on centralized key custodians. Users have full ownership of and control over the access of the keys.
Protection 2: Data Atomization & Decentralized Storage
All encrypted user data are atomized and stored on a decentralized, off-chain storage network (e.g. based on IPFS), improving deduplication, piecewise transfer, and data seeking. Data is addressed by its contents (i.e. content addressing), rather than a location, such as an IP address (i.e. location addressing).
Protection 3: Privacy-Preserving Data Use
Decrypted user data is accessed only through user authorization, ensuring a fully privacy-preserving environment. Two methods of 'use-access' are implemented:
Direct sharing of non-PII VC (e.g. status of being a unique human being)
Indirect sharing of PII data in the form of zero-knowledge-based verifiable presentations (VPs): Applications can query HP's data and identity oracles for additional information, with zero-knowledge proofs to ensure accuracy and validity. The query-return never contains unencrypted PII or data, maintaining user privacy.
Last updated