0

I'm working on an idea of a DApp that measures some information from Clients mobile phones and send it to validators on a consortium blockchain network.Actually i can't figure out how to secure the transaction, and more specifically prove that the data was measured with the sensors of the mobile where the application is installed, or just from the application.

I'm a beginner blockchain developper with some experience in Hyperledger Sawtooth and cryptography based algorithms. When i searched for the problem, i saw that there are some possibilities like running code in a Trusted Execution environment ( Intel SGX for example ) or embed a private key in the code to - in addition of client transaction signing - prove that the measures were realized with my app ( And not someone faking the data and sending it with curl or something ). But those solutions are not exactly convenient in my case.

Adam Mabrouk
  • 1
  • What have you found so-far. Are talking about trusting the transmission from some 'oracle' to your frontend to then submit on the blockchain, or your phone app submitting right to the validator? – Frank C. Sep 14 '19 at 09:37
  • Yes in this case oracle is my smartphone, and sensor data can be like Actual temperature , gps coordinates etc, What i'm looking for is a way ( Maybe with cryptography ) to ensure data was sensed froma this particular smartphone and not another , which is in a way binding identity to the oracle – Adam Mabrouk Sep 24 '19 at 08:15
  • Cryptography is the way to go. We were using Diffie Hellman (see https://doubleoctopus.com/security-wiki/encryption-and-cryptography/diffie-hellman-algorithm/) and library for decrypting in the REST-API app we created which submitted the transactions to the verifier for updating the data on the chain. We also used ZKSNARK for the actual content of exchanges. – Frank C. Sep 24 '19 at 10:00
  • Thank you for your response,but i just don't see how Zero knowledge proof could fit in this case, because i'm trying to send along with the transaction, a proof that the measurments were executed by the sensors in the appropriate mobile phone ( Kind of like a hardware signature ). A simple use case will be an app where you are paid to share sensitive informations about your location, and i'm assuming that the user have a way to know the private key which is embedded in his client App, what will prevent him for creating a mock application and send false data to the rest api routes ? – Adam Mabrouk Sep 24 '19 at 15:28
  • Just telling you what we did. – Frank C. Sep 25 '19 at 08:48

0 Answers0