Deloitte Adds Privacy Tech to Its Education-Credentials Blockchain

Deloitte_Consensus_Flickr
29 October 2019

Professional services giant Deloitte has added zero-knowledge proof privacy tech to its enterprise blockchain offering.

Announced Tuesday at the ZKProof Community Event in Amsterdam, Deloitte has teamed up with Israeli zero-knowledge proof experts QEDIT, to help users control how a blockchain shares data about the certificates and qualifications they have earned.

Deloitte’s Eduscrypt platform allows organizations to track, share and validate qualifications, using a private, permissioned version of ethereum. But there are instances where it is critically important to have control over what is shared, and with whom. This could be the case in Europe where the General Data Protection Regulation (GDPR) forbids information about individuals being shared willy-nilly.

One way around this is by avoiding putting data on a blockchain at all and instead replacing it with proofs about that data. This is what zero-knowledge proof technology does: one party (the prover) can prove to another party (the verifier) that they know some secret information, without conveying anything at all about the information.  

“You can have a person prove their credentials and reveal them to the right people and fully retain control of who gets to learn what, and still have that in a notarised blockchain with all the security that it provides,” said Jonathan Rouach, co-founder and CEO at QEDIT.

Antonio Senatore, chief technology officer of Deloitte’s EMEA Blockchain Lab, said that validating, managing and recording the education qualifications of staff and prospective hires can be a very onerous and costly process for most organizations, with regulatory fines for non-compliance. 

“Integrating QEDIT’s Zero-Knowledge Proof privacy solution ensures that organizations can trust in the authenticity of qualifications, while preserving the full privacy of the underlying data, and upholding regulatory compliance,” he said in a statement.

Need-to-know basis

As well as complying with GDPR, Rouach pointed to particular instances where ZKP would be helpful, such as an individual who has switched careers might want to be selective in what information can be shared about them. 

“For example, a person is going to prove that they have a security certification from some IT school, but then they also learned statistics for gamblers. So when they go to apply to a bank, they would like to show that they are proficient in security but not anything else they might have acquired in their education,” Rouach said. 

The event in Amsterdam, billed as Europe’s first dedicated zero-knowledge event, is being organized by QEDIT and Deloitte and taking place in the latter’s offices. Also appearing are the likes of ING Bank and Facebook’s Calibra. 

The goal is to bring the ZKP community together with industries looking to use the technology and drive standards.  

“ZKPs are moving fast and companies that want to deploy it don’t have experts to say what are the most mature and trusted implementations,” Rouach said.

Image via CoinDesk archives