<aside> ℹ️ TLIP: 0006 Authors: Romain [email protected] & Kirsten [email protected] Status: Draft Created: 2023-05-29 Types: Architecture Description: How to manage user private data in an open protocol?

</aside>

Summary

Objectives

⭐  Ensure users have data custody and sovereignty

⭐  Enable obfuscation and permissioning of data that users do not want to be public on ipfs

⭐  Enable private data to be shared amongst participants in the protocol (platforms, hirers, workers, etc) in an interoperable manner

⭐  Ensure GDPR compliance for platforms, and optimally, the entire protocol

Study

After exploring various options for data permissioning, we’ve determined that Lit Protocol has sufficient capabilities to achieve our vision.

Discovering Lit Protocol

What is Lit?

• A decentralized access control protocol
• Powering conditional decryption and programmatic signing.
• On a fundamental level, Lit is an attempt to decentralize public/private key cryptography.
• This allows two main things:
  • Encryption: store information so that it can only be accessed by authorized parties (encryption and access control).
    • Data is encrypted with the public key of the authorized party
    • The authorized party decrypts the data with his private key
  • Digital signatures: verifying the authenticity and integrity of digital messages
    • The sender signs message with his private key
    • The receiver verifies the message with the public key of the sender
• The programmable part:
  • Programmable Key Pairs (PKPs): keypairs generated collectively by participating validators. Lit is a peer to peer network of nodes where each nodes hold a key share
  • Each node can run a code linked to a PKP called lit actions:
    • immutable JavaScript functions stored on IPFS
• Powered by threshold cryptography:
  • So in the Lit network no node ever holds “executive authority”, so an entire private key.
  • Nodes hold a piece of a private key, and a consensus between a pre-defined threshold of nodes must be reached.
• So concretely, you can:
  • Let Alice encrypt data client-side and let Bob decrypt data client-side based on Alice’s rules. The rules could be: having a work together in progress on TL or having a proposal send by Alice to Bob.
    • For ex: Alice is ok with revealing her CV information only to the employer she made a proposal
    • Bob as an employer is ok to reveal job information and shared document only to the one he chooses to work with