A Hybrid Framework for Enhancing Privacy in Blockchain-Based Personal Data Sharing using Off-Chain Storage and Zero-Knowledge Proofs
DOI:
https://doi.org/10.51519/journalisi.v7i2.1119Keywords:
Blockchain Technology, Zero-Knowledge Proof, IPFS, GDPR, Scalability, Hybrid Framework, Data PrivacyAbstract
Blockchain technology presents transformative opportunities for secure personal data sharing, particularly in healthcare, finance, and identity management. However, its widespread adoption is constrained by challenges such as limited scalability, privacy concerns, and conflicts with regulatory frameworks like the General Data Protection Regulation (GDPR). This study introduces a novel hybrid framework that integrates the InterPlanetary File System (IPFS) for off-chain storage with Zero-Knowledge Proofs (ZKPs) to enhance privacy, ensure regulatory compliance, and reduce on-chain storage demands. Employing a Design Science Research (DSR) methodology, the framework was developed and validated using Ethereum and Hyperledger Fabric, guided by insights from a systematic review of 180 studies from 2018 to 2023. Empirical evaluations revealed a 75% reduction in blockchain storage, 98% GDPR compliance, and zk-SNARK proof verification times below one second. The framework also enables GDPR-compliant erasure by removing encrypted off-chain data while preserving on-chain auditability. Despite challenges such as IPFS latency and trusted setup complexities, the solution offers a scalable and privacy-preserving architecture applicable to real-world domains, especially in privacy-critical environments like healthcare and finance by resolving blockchain’s GDPR compliance paradox.
Downloads
References
A. E. Johnson, M. Smith, and L. Wang, ‘Blockchain for Electronic Health Records: A Survey’, Healthcare Informatics, vol. 8, no. 3, pp. 112–130, 2021.
M. H. Miraz and M. Ali, ‘Applications of Blockchain Technology Beyond Cryptocurrency’, Annals of Emerging Technologies in Computing, vol. 2, no. 1, pp. 1–6, 2018.
B. K. Mohanta, D. Jena, S. Ramasubbareddy, M. Daneshmand, and A. H. Gandomi, ‘Addressing Security and Privacy Issues of IoT Using Blockchain Technology’, IEEE Internet of Things Journal, vol. 8, no. 2, pp. 881–888, 2021.
Z. Zhang, Y. Liu, and M. Wang, ‘Access Control in Blockchain Systems’, IEEE Transactions on Dependable and Secure Computing, vol. 16, no. 4, pp. 1–14, 2019.
X. Wang, L. Chen, and K. Li, ‘Attribute-Based Encryption for Blockchain Access Control’, Journal of Network and Computer Applications, vol. 154, p. 102535, 2020.
S. Nakamoto, ‘Bitcoin: A Peer-to-Peer Electronic Cash System’. 2008.
A. Chiesa, M. Green, and E. Tromer, ‘Zero-Knowledge Proofs for Privacy’, in Proceedings of the IEEE Symposium on Security and Privacy, 2021, pp. 1–20.
X. Li, J. Zhang, and Y. Zhao, ‘Secure Data Sharing in IoT via Blockchain’, IEEE Internet of Things Journal, vol. 8, no. 16, pp. 13056–13075, 2021.
H. F. Atlam and G. B. Wills, ‘Blockchain-IoT Integration for Smart Cities’, Sustainable Cities and Society, vol. 61, p. 102328, 2020.
B. Bünz, J. Bootle, D. Boneh, A. Poelstra, P. Wuille, and G. Maxwell, ‘Bulletproofs: Short Proofs for Confidential Transactions and More’, in Proceedings of the IEEE Symposium on Security and Privacy, 2018, pp. 315–334.
A. Allian, ‘GDPR Compliance in Blockchain’, Journal of Privacy and Security, vol. 15, no. 2, pp. 45–67, 2019.
J. Benet, ‘IPFS: A Decentralized Web’, arXiv preprint arXiv:1807.11201, 2018.
S. R. Shashidhara, R. C. Nair, and P. K. Panakalapati, ‘Promise of Zero-Knowledge Proofs (ZKPs) for Blockchain Privacy and Security: Opportunities, Challenges, and Future Directions’, Security and Privacy, vol. 3, no. 4, pp. 1–15, 2024.
A. R. Hevner, S. T. March, J. Park, and S. Ram, ‘Design Science Research in Blockchain’, MIS Quarterly, vol. 44, no. 1, pp. 1–25, 2020.
N. B. Truong, K. Sun, G. M. Lee, and Y. Guo, ‘GDPR-Compliant Personal Data Management: A Blockchain-Based Solution’, in Proc. IEEE International Conference on Cloud Computing Technology and Science, 2019, pp. 1–8.
J. Groth, ‘On the Size of Pairing-Based Non-Interactive Arguments’, in Advances in Cryptology – EUROCRYPT 2016, 2016, pp. 305–326.
E. Androulaki and others, ‘Hyperledger Fabric: A Distributed Operating System for Permissioned Blockchains’, in Proceedings of the 13th EuroSys Conference, 2018, pp. 1–15.
D. Hellwig, G. Karlic, and A. Huchzermeier, ‘Build Your Own Blockchain’, in Proceedings of the International Conference on Business Information Systems, 2020, pp. 1–12.
E. Ben-Sasson, A. Chiesa, D. Genkin, E. Tromer, and M. Virza, ‘Zerocash: Decentralized Anonymous Payments from Bitcoin’, in Proceedings of the IEEE Symposium on Security and Privacy, 2014, pp. 459–474.
J. Eberhardt and S. Tai, ‘Zokrates—Scalable Privacy-Preserving Off-Chain Computations’, in Proceedings of the IEEE International Conference on Internet of Things, 2018, pp. 1084–1091.
H. Dai, Z. Zheng, and Y. Zhang, ‘Blockchain for Internet of Things: A Survey’, IEEE Internet of Things Journal, vol. 6, no. 5, pp. 8076–8094, 2019.
B. Waters, ‘Ciphertext-Policy Attribute-Based Encryption: An Expressive, Efficient, and Provably Secure Realization’, in International Workshop on Public Key Cryptography, 2011, pp. 53–70.
A. Lewko and B. Waters, ‘Decentralizing Attribute-Based Encryption’, in Advances in Cryptology – EUROCRYPT 2011, 2011, pp. 568–588.
T. Feng, H. Pei, R. Ma, and Y. Tian, ‘Blockchain Data Privacy Access Control Based on Searchable Attribute Encryption’, Computer Materials & Continua, vol. 66, no. 1, pp. 871–890, 2020.
M. Berberich and M. Steiner, ‘Blockchain Technology and the GDPR: How to Reconcile Privacy and Distributed Ledgers?’, European Data Protection Law Review, vol. 2, no. 4, pp. 422–426, 2016.
M. Dworkin, ‘Post-Quantum Cryptography Standards’, NIST, 2020.
R. S. Wahby, S. Setty, Z. Ren, A. J. Blumberg, and M. Walfish, ‘Efficient RAM and Control Flow in Verifiable Outsourced Computation’, in Proceedings of the Network and Distributed System Security Symposium, 2015, pp. 1–16.
D. J. Bernstein, ‘Post-Quantum Cryptography’, Communications of the ACM, vol. 62, no. 4, pp. 120–129, 2019.
S. Xu, C. Guo, R. Q. Hu, and Y. Qian, ‘Blockchain-Inspired Secure Computation Offloading in a Vehicular Cloud Network’, IEEE Internet of Things Journal, vol. 9, no. 16, pp. 14723–14740, 2022.
S. S. Panda and others, ‘Secure and Auditable Private Data Sharing Scheme for Smart Grid Based on Blockchain’, IEEE Transactions on Industrial Informatics, vol. 17, no. 11, pp. 7688–7699, 2021.
Downloads
Published
Issue
Section
License
Authors Declaration
- The Authors certify that they have read, understood, and agreed to the Journal of Information Systems and Informatics (JournalISI) submission guidelines, policies, and submission declaration. The submission has been prepared using the provided template.
- The Authors certify that all authors have approved the publication of this manuscript and that there is no conflict of interest.
- The Authors confirm that the manuscript is their original work, has not received prior publication, is not under consideration for publication elsewhere, and has not been previously published.
- The Authors confirm that all authors listed on the title page have contributed significantly to the work, have read the manuscript, attest to the validity and legitimacy of the data and its interpretation, and agree to its submission.
- The Authors confirm that the manuscript is not copied from or plagiarized from any other published work.
- The Authors declare that the manuscript will not be submitted for publication in any other journal or magazine until a decision is made by the journal editors.
- If the manuscript is finally accepted for publication, the Authors confirm that they will either proceed with publication immediately or withdraw the manuscript in accordance with the journal’s withdrawal policies.
- The Authors agree that, upon publication of the manuscript in this journal, they transfer copyright or assign exclusive rights to the publisher, including commercial rights
