Data Access Control - MultiChain

Question

Hello!

Given any participating node can access any transaction or block through the standard API from the CLI, what is the suggested method to control or restrict data access across nodes.

Here is a scenario : if consumer/customer private information are stored on streams on a chain.There are two or more participating nodes run by different business enterprises. All the business enterprises can access all data through transaction id and the block id , even if the businesses don't have access to all streams.

How do i restrict the individual nodes to particular type of data . This may sound similar to row level security in RDBMS.

What are your plans for the product with respect to restricted data access through improved data access control structures.

 

Thanks

Answer 1

The way to restrict data access on a blockchain is via encryption of that data, because by design every node has a copy of every piece of data. Even if we were to limit read access to unencrypted data through the MultiChain API, it would not provide genuine privacy, because the data itself is sitting on the node's hard disk drive.

Streams provide a natural way to support encrypted data on a blockchain, as follows: (taken from this blog post)

1. One stream is used by participants to distribute their public keys for any public-key cryptography scheme.
2. A second stream is used to publish data, where each piece of data is encrypted using symmetric cryptography with a unique key.
3. A third stream provides data access. For each participant who should see a piece of data, a stream entry is created which contains that data’s secret key, encrypted using that participant’s public key.

This provides an efficient way to archive data on a blockchain, while making it visible only to certain participants.