For “our tech blog” on Skylight page.

Tag Archive for: Skylight

Top Burning Questions Q3: What do cryptocurrencies have to do with data privacy?

Question: What do cryptocurrencies have to do with data privacy?

There is no shortage of news around cryptocurrencies today, especially given the collapse of FTX, the crypto exchange company, earlier this year. Now more than ever, a question that we are getting is how cryptocurrencies are relevant to our Web3 data privacy platform.

What astute readers know is that the “crypto” in “cryptocurrencies” is for cryptography. The tech stack in the blockchain ecosystem related to encryption, privacy, and security is evolving faster than the technology of any single company. This is the main reason that VIA is committed to leveraging crypto technologies in our data privacy solutions.

Zero-knowledge proofs (ZKPs) are a good example of this. Long-time VIA blog readers will be very familiar with ZKPs. While their mathematical origin goes back to 1982, the first widespread application came from verifying cryptocurrency transactions. Here’s a quick example:

Imagine a disagreement between Adam trying to buy one bitcoin from Eve. Eve says she sent it. Adam says he never received it. In a traditional banking transaction, Adam and Eve would know each other’s names, bank details, and there would be at least one bank that can verify what happened. In the case of a cryptocurrency like bitcoin, the whole point is anonymous (so Adam and Eve don’t know each other) and peer-to-peer (so there’s no independent middleman to verify) transactions. That’s where ZKPs come in. They are a software mechanism to verify a transaction of a digital asset while maintaining the anonymity of each party, and without the need for a middleman.

That neat trick of verifying a digital transaction between two direct parties and maintaining the privacy of each one is hugely valuable in more than just bitcoin. In VIA’s case we made a choice to leverage ZKPs in energy and data transactions rather than try and invent a new technology. ZKPs are just one of the many digital asset privacy and protection mechanisms we use at VIA from the crypto world. 

Of course, don’t just take our word for it. Large, established institutions are formally embracing Web3 technologies.

“The DoD believes that Web 3.0 Blockchain technology can be leveraged to build systems that focus on protecting the data independently of the systems that store, transport, and process it through decentralization.”

That’s a recent quote from the CIO of the U.S. Department of Defense. In the past few months we’ve seen a significant uptick in the number of large companies that are asking us more sophisticated questions about our blockchain and Web3 technologies to embed with their own Web3 teams and initiatives. We see a bright future in blockchain and Web3 for those interested in the best in data privacy technology. 

Top Burning Questions Q2: Why do we work with the DoD, and what does it mean to have a top secret cybersecurity accreditation?

Question: Why do we work with the U.S. Department of Defense, and what does it mean to have a top secret cybersecurity accreditation?

In short, our work with the U.S. Department of Defense (DoD) is in direct support of our mission. Long-time readers will be familiar with our core mission to make communities cleaner, safer, and more equitable.

Of course, the DoD provides humanitarian assistance ranging from providing food and shelter to individuals impacted by natural disasters to evacuating refugees from war-torn regions.

Air Force personnel load a supply of rice and soy-based meals for shipment to Guatemala. Photo by U.S. Air Force.

There is also a strong tie to energy, where we focus almost all of our commercial solutions. As a nation, the U.S. is the single largest consumer of energy on the planet. Moreover, a whopping 77%1 of the energy consumption of the entire U.S. Government is by the U.S. DoD. In our view, if we aim to accelerate clean energy, then working with entities like the U.S. Air Force to adopt electric vehicles and move to renewables is a must.

In addition, working with DoD installations on the topic of electrification helps us learn about how we can support civilian communities. A military base is like a city, with tens of thousands of people, thousands of buildings, roads, and vehicles. How we make a base more efficient directly helps us make urban environments cleaner.

Last, but not least, there’s the cybersecurity element. The standards required for our Web3 platform to run at the DoD include things like zero-trust architecture, hardened containers, and continuous vulnerability checks. Everything we do at the DoD can be brought to our commercial customers who are equally concerned about cybersecurity attacks. In our view, there is no higher standard for cybersecurity, and therefore no better way to make our communities safer.

We’re just beginning our work at the DoD. We look forward to a long relationship to support the DoD’s mission and, at the same time, bring our knowledge to improve the lives of residents in local communities.

Are you a community transitioning to clean energy and electric vehicles? We’d love to hear from you regarding your journey and share your learning with others.

Mastery Monday: Extra! Excerpt! 90 second summary of VIA CEO’s presentation at Chainlink SmartCon 2022

VIA’s CEO Colin Gounden was hand selected to present at this year’s “must attend” Web3 event, SmartCon 2022, held in New York City, NY. Though most of our dedicated Mastery Monday blog readers may not have been in attendance, we’re bringing you a 90 second video of Colin’s talk in this summary blog. 

Check out the video and transcript below!


Transcript of the summary video above:

War in the Ukraine, extreme weather in western Europe and throughout the United States, waning grid infrastructure are three of the Ws that are driving skyrocketing energy prices and causing food prices, transportation prices, and your home energy bill to soar.

At VIA, we’re using Web3 to help solve and address these issues.

Your energy data is a digital asset. It may not necessarily be as pretty or as fun to look at as your screensaver, but it’s probably much more valuable.

At VIA, we’re using Web3 in three specific ways.

One, we’re using NFTs to help give consumers clear and definitive ownership of their energy data.

Two, we’re using smart contracts to be able to compensate consumers for the insights from their data and for taking actions that contribute to mitigating climate change.

And three, we’re using zero-knowledge proofs to validate and verify that consumers took the actions they said they would, whether that’s turning down the thermostat or selling back their rooftop solar.

Reach out on Telegram or Linkedin or on even good ol’ email to join us in our efforts.

Top Burning Questions Q1: What’s the connection between the DoD and Web3?

With all the buzz around Web3 and our soon-to-be officially launched Skylight application, it’s no wonder customers and partners have asked some incredibly thoughtful questions. So, we’re sharing our answers in a multi-part series with the best readership out there: YOU! 

Let’s get right to it!


Question: You do a lot of work with the U.S. Department of Defense (DoD). That seems at odds with Web3’s decentralized and individual value. What’s the connection between the DoD and Web3?

That’s a fair question. It turns out that a lot of what is happening in the Web3 world is directly related to defense and vice versa. 

In short, both consumers and the DoD have increasing data privacy and anonymity concerns. The DoD accepting our technology is great validation for consumers. If you can make the technology work for consumers, you can make it easy to use and scalable for the DoD.

People forget that the “crypto” in “cryptocurrency” is short for cryptography. So instead of thinking of a peer-to-peer financial transaction (e.g., you and me trading bitcoin directly) think of data as the asset using many of the same technologies.

A blockchain can store the record of the transaction. Smart contracts control under what conditions data is exchanged or analyzed. Zero-knowledge proofs verify anonymously that the data is what people say it is.

So, any time you want to keep data private and compartmentalized but also verify that it’s real, Web3 technologies have a huge advantage here.

An example is: you have 30 countries in NATO all of whom, now more than ever, need to share information about a conflict right on their doorstep … but … they don’t have integrated systems and, frankly, don’t even want to share all information with each other.

If you can securely share insights across 30 million users anonymously with Web3 technologies, then 30 intelligence agencies is not an issue at all.

In summary, we’re leveraging Web3 technologies to help consumers and validating the security and privacy elements with our DoD customers.

Appreciate the summary, but need to know more? Check out our Skylight page or better yet, send us a note: info@solvewithvia.com.

 

Open Source Monday: zk-SNARKs for Meter Data

For the fourth installment of our “Open Source Monday” blog series, we provide a demonstration of a mathematical proof called zk-SNARK (an emerging Web3 standard) for energy data.


Today’s Open Source Monday blog is the culmination of a number of previous Web3 open source releases and blog posts.

First, frequent blog readers will know that we’re long-time believers in the potential of Web3 and its ability to accelerate the adoption of clean energy. Our blogs below make that clear:

These blog posts are in line with VIA’s mission to make communities cleaner, safer, and more equitable.

Second, we’ve been committed to creating the best tech stack that (1) supports the transition to clean energy and, at the same time, (2) maintains data privacy:

Finally, it’s clear that the “time is now” for the clean energy transition.

So, now that you’re caught up on the importance of Web3 at VIA, let’s get to the good stuff.

Today, we’re demonstrating a zk-SNARK version of our proof for meter data. For those zk-SNARK fans out there, we’ve got a short video for you that shows step-by-step the contracts and code we have created to verify consumer electricity meter data and maintain strict data privacy.

With the integration of this proof, VIA’s Skylight application enables energy consumers to profit from interest in their data, while keeping their identities completely anonymous. We’re excited that Skylight is ready to support consumers and power providers globally. Stay tuned for more exciting commercial announcements in the next month on this topic. In the meantime, you can find more details in our Skylight white paper.

Open Source Monday: Zero-Knowledge Proofs

For the third installment of our “Open Source Monday” blog series, we provide a demonstration and example code of how Zero-Knowledge Proofs can be applied to clean energy applications.


Zero-Knowledge Proofs (ZKPs) will be very familiar to blockchain experts and cryptocurrency enthusiasts. As we described last week, there are also non-financial applications for ZKPs in the clean energy sector. 

Imagine that you are an electric vehicle charging station company. You collect data from charging stations that have a huge amount of individual information. You collect and centralize that data for billing and maintenance. Some of the data could even be considered personally identifiable information. That is, time, location, vehicle type, etc. could be pieced together to identify an individual even without having a specific name of a person. 

In summary, your data is valuable. Others ask for it. The local utility wants access to help plan grid upgrades. The local government wants to use it to plan public transportation. Community groups want access to learn the impact on the environment. Do you hand over your data to them? A better approach would be to enable them to ask questions of your data in an anonymized way without you physically transferring the data. Fewer copies means less risk.

As an energy planner (e.g., utility, government, community group) how do I know the data is real if I never see it? This is where ZKPs come in. ZKPs can prove that the data is as expected without having to reveal the actual data itself. 

The video below shows an example of some of the steps to accomplish this. 

What you’ll see is:

  1. Two different “customer” datasets are provided to form a single dataset. Continuing the analogy above, this is like the EV charging station company storing two different customers’ data in the company’s database.
  2. That data is off-chain. A central Oracle creates a non-interactive proof.
  3. The Oracle also converts the proof into an image.
    The data is an array and each value in the array
    is represented by a proof in the form of a grayscale pixel.
  4. A new ZKP verification ERC721 compatible smart contract is created and an NFT of the image is minted.
  5. Using Truffle, a smart contract can be called to execute the validation of data without revealing the identity of the individual.

For our implementation, we take advantage of some recent advances in ZKPs. In particular, many ZKPs rely on some interaction with a prover and a verifier. They ask each other a series of questions to validate the data. Here, we apply an approach inspired by zk-SNARKs. The “N” in SNARK is for Non-Interactive. The genius behind this approach is that all the proof can be provided in a single message to the verifier, eliminating the traditional back and forth. There is a LOT of math behind this which is out of scope for our example. You can learn more about the math and how it works thanks to Zcash. For simplicity in this example (see GitHub), we use a simple hash implementation rather than a full zk-SNARK.

One other addition that we made here is that since the proof is a simple message, we can codify it as an image. We can then mint the image as an NFT. The big advantage of this approach is that proofs are visible to everyone and searchable by anyone on a platform like OpenSea or Coinbase without revealing any individual data. This removes a transaction headache for the data owner. They don’t need a new system or special hosting, etc. to handle inquiries about their data. 

And, the last addition, is that we have an example Polygon smart contract that enables an individual to validate their own dataset. What the validation code enables is that the EV charging company and / or energy planners who incentivize data owners to validate data get greater assurance that the data is real. This is a great use case of data privacy enabled through crypto.

The basic principles here can be applied to many sectors where there is centralized off-chain data, strict data privacy needs, and a need to prove the data is valid. Next week, you’ll see an expansion of this proof to leverage more of the zk-SNARK stack.

Mastery Monday: Why You Should Care About Zero-Knowledge Proofs

This is the second installment of our blog series, “Mastery Monday with VIA” where we share with you some of the inside details of our technology and math in 5 minutes or less. So, are you ready to become a master?


Math impacts everything we do. You never really see the math, but you experience it.

AI is the math that helps us control our TVs with our voice and drive our Teslas. We watch Netflix and listen to Spotify, courtesy of compression algorithms that send more and more data through increasingly crowded bandwidth.

One of the invisible math innovations that is changing the world is Zero-Knowledge Proofs or ZKPs. 

If you’re not familiar with ZKPs, these videos from UCLA Professor Amit Sahai and Up and Atom do an excellent job of explaining the concept easily. We particularly like how Prof. Sahai gets a 5 year old and a 13 year old to repeat back his definition of a ZKP, after he explains it. It’s a testament to great teaching.

So, why should you care about ZKPs?

The short answer is that if you care about privacy and fairness, then you care about ZKPs. It’s the math for you.

For example, ZKPs are used every day by millions of people in bitcoin and other cryptocurrency trading. It’s how two parties who don’t know each other can verify that the right amount of funds were transferred from one to another without the need of an intermediary like a bank. There are other, non-financial uses of ZKPs, as well. 

Given VIA’s mission to enable cleaner, safer, and more equitable communities, let’s use an example from the clean energy sector. VIA blog readers will know that our software platform enables energy data to be analyzed in such a way that an analyst will never see the source data (read more about that here).

This has obvious data privacy benefits to the data owner. Data owners don’t have to physically transfer their data to anyone or let an analyst see it in any way.

But, what about the analysts? How do they know that the data is legit? 

Well, one way is that an analyst could just trust the data owner. That works well if you both know the data owner and believe that they are reputable. For example, if you know the data owner is your public utility, and trust them, then as an analyst, you may say, “the data must be OK.”

What if the data owner isn’t someone you trust? They don’t necessarily have to be “untrustworthy.” You just don’t know them. So, the new energy retailer in your neighborhood, or the EV charging station start-up, or the microgrid operator may be perfectly legitimate. But, how do you know? How can you make sure they are playing fair?

This is where ZKPs come in. You don’t have to know. You don’t have to trust them. With ZKPs, you can mathematically verify that the data stored by the utility corresponds to the data offered to the analyst. Also, ZKPs, given a verifier, enable us to validate that the values of the data provided by the utility are indeed what the verifier is expecting. 

To take the example even further, think about consumer data. Energy is decentralizing rapidly to the individual level (e.g., rooftop solar and EVs). Your energy data is literally personally identifiable information so data privacy is paramount. At the same, you can’t possibly know and trust every other individual consumer as a data owner. ZKPs can address this.

So, is there a ZKP for energy data that energy analysts can use? Stay tuned for next week’s post …

 

Open Source Monday: Homomorphic Encryption Meets NFT

For the second installment of our “Open Source Monday” blog series, we are offering up a smart contract-based homomorphic encryption example. Check it out below!


Since you’re reading today’s blog, we’re betting you’ll have seen the fun math video we shared last week explaining how homomorphic encryption (HE) works. And, if you’re a long-time VIA follower, you will recall that we first released our own HE library back in 2020*.

Moving from math to code, here is an example of how to use the library using a smart contract. The great thing about this particular example is that you can use a standard ERC-1155 token. 

In summary, here’s what you’ll see:

  1. Two NFTs (bird images) that have one encrypted number each in their metadata.
    a. The NFTs are hosted on IPFS and searchable on OpenSea.
    b. The metadata also includes the public key and a sequence of coordinates on an elliptical curve.
    c. VIA uses NIST-compliant, 2048-bit RSA equivalent, elliptic curve cryptography (ECC).
  2. Polygon is used to create a standard ERC-1155 contract and mint all NFTs. The sum of the encrypted number NFT is represented as a third image (an egg).
  3. For this example, a Polygon scanner was used to enter the encrypted numbers and then sum them with VIA’s HE library. NOTE: In a live setting we would use an Oracle to execute the computation programmatically. 
  4. The encrypted sum gets placed in the metadata of a new NFT and minted. 
  5. The sum can be decrypted by the private key owner as verified by an Oracle.

OpenSea has the NFTs with encrypted data. For everyone’s reference, here are the unencrypted NFTs.

Of course, NFTs don’t have to be the source of the addition. This illustration, however, should resonate with Web3 game designers and NFT minters alike. For example, you could offer treasury chest NFTs based on breeding and only provide the reward, decrypted value, to the owner of the NFT.

You can also substitute another HE library, other than VIA’s, if you prefer. The VIA library has a number of advantages that we described in our original 2020 post.

Some of the key advantages of VIA’s HE library include:

  • NIST-compliant ECC
  • No limit on digits for addition
  • Fixed point calculations
  • Benchmarked as significantly faster than many other HE libraries

Reach out if you’d like to learn more about the VIA library.

Weigh in!

We’re considering hosting an Oracle to enable this functionality in general for anyone on a public blockchain. Would this be of interest to you? If so, Support this post (via LinkedIn) and RT (via Twitter).

*As one update to the 2020 HE post, VIA was issued patents on its homomorphic encryption approach in 2021 and additional patents in February 2022.

Mastery Monday: Homomorphic Encryption

This is the first installment of our blog series, “Mastery Monday with VIA” where we share with you some of the inside details of our technology and math in 5 minutes or less. So, are you ready to become a master?


So, what is homomorphic encryption (HE)? 

HE is a way to compute something without knowing what the numbers are (i.e., keeping them encrypted). For example, adding two numbers or multiplying two numbers and learning the exact result while keeping each of the two input numbers secret.

Why does it matter? 

Unencrypted data is unsafe. With cybersecurity increasing, the last remaining case where data routinely remains unencrypted is during computations. Encryption is already commonly used when data is stored and when it’s sent from one place to another. 

When would you use it? 

Anytime you use math. Which is everywhere. A simple example is a census. I want to know how many people live in a town without knowing how many people live on any single street, in a particular building, or in their own home. AI is all math. So, voice and face recognition while the data is private is a more complicated example.

How does it work?

Check out this less than 4 minute video below! 

Please note: this video was filmed in VIA’s new office space, hence considerable echo. We recommend using the closed captions.

Want to learn more?

VIA holds several issued patents in homomorphic encryption. 

Other details related to VIA’s approach to HE are available from VIA’s earlier blog from 2020.

Next week, we’ll be sharing some code and a use for HE.

 


Below is a transcript of the “Homomorphic Encryption Explained” video.

Everybody, everywhere is asking about homomorphic encryption.

Said no one ever.

It’s not actually a thing that anyone ever asks about, but it’s super important, nonetheless.

And the reason is because keeping our data safe is super important.

So, the idea that we keep data safe when it’s at rest – that happens. Where the data is not safe is when you actually try to do some math on numbers.

For example, you have some data or information [Becky] and you have some data or information [Sam] and you want to do a comparison.

So, both of you have kitten collectible porcelain statues. And now we want to know which one of you has more without either of you revealing your own number because your porcelain kitten collection data is intensely personal.

[Becky] How did you know? 

[Sam] True.

As a person who’s doing, you know, high academic research, I’m really interested in the total sum of kitty collectors in this world and how many porcelain kitties there are in the world. That’s my thing! I’m super interested in it.

Don’t judge me.

Okay, so here’s what we’re going to do. We’re going to now add up the number of porcelain kitties in your collection [Becky] and the number of porcelain kitties in your collection [Sam]. And Becky, you’re not going to tell Sam how many. And Sam, you’re not going to tell Becky. And neither of you are going to tell me. And, even so, as a world-class researcher, I am going to be able to tell how many there are in the world without knowing either of those things.

And that’s one definition of homomorphic encryption, which is the ability to add up or multiply or divide or subtract or be able do some math without ever actually revealing any individual number.

So, the way that we are going to do that is we’re going to pretend this is my homomorphic encryption specialist device.

It’s actually my calculator on my phone here.

And as an example, what I’m going to do first is type in a number that is only visible to me, the researcher. And to you, the audience, only. So just let’s keep it between us. 

And now, I’m going to pass this to Becky. Add to whatever number I sent you. I want you to type it in and add the number of porcelain kitties that are in your collection.

Now you’re going to pass that to Sam.

Sam, I want you to add how many are in your collection.

Ok, now you’re going to pass it back to me.

And just to be clear, Becky, do you know how many porcelain kitties Sam has?

[Becky] No idea.

[Sam] Do you know how many porcelain kitties Becky has? (shakes head)

And, I don’t know how many they have either individually but I do know that together we have 24 is my guess. But is that true? That’s what I have in my calculator. Let’s see.

Becky, how many were in your collection actually? 

[Becky] 8.

And how many were in your collection?

[Sam] 16.

So 8 and 16, I’m pretty sure is 24. So we got the number! Even though neither of you knew each other’s numbers and I didn’t know what your numbers were.

And, there’s a lot of things you can do together to continue to obfuscate and hide the original numbers.

And we’ll talk later about some use cases.

We have an upcoming piece just on a use case of homomorphic encryption and NFTs in gaming. So, we’ll look forward to sharing some code and why that may be useful next time.

But, here was a little bit of a theory of homomorphic encryption particularly applied to addition.

Thanks for watching!

Open Source Monday: How to Spot Malware in Your NFT

Like the internet and GPS that we use every day, VIA’s data privacy and security platform was first tested at scale by the U.S. Department of Defense.

A major U.S. intelligence agency has been actively testing the ability of VIA’s blockchain platform to detect potential cyber threats to data sources. 

We can’t disclose much that we did in detail. Actually, we can’t disclose anything in detail. After six months and well over 350 tests, there is one insight, however, that we feel is important to share publicly:

It’s ridiculously easy to inject malware into a file that can then be downloaded as an NFT!

As NFTs have exploded in popularity (23% of millennials in the U.S. collect them), adding malware to an NFT is an easy and fast way for malicious users to spread chaos.

So, today, VIA is making a malware check for NFTs code available for free, for anyone: https://github.com/viascience/nftscan. Special thanks to the steganography open source community for their help to create this NFT vulnerability scanner.

This initial version on GitHub has three separate malware checks. There are instructions on how to submit a pull request for you to add your own additional malware checks. If you’re interested in using the code on your website, write to us at info@solvewithvia.com

Want to learn more about how hidden text and malware code can be easily transferred when not checked? Watch this 43 second video.

If you’re interested in making the NFT community safer, please share this blog with your networks!

Stay safe out there everyone!