We’re excited to introduce two new privacy-preserving capabilities of the Chainlink Platform, and an update to an existing capability, that enables financial institutions to maintain data confidentiality, data integrity, and support regulatory compliance when transacting across the multi-chain economy.

The Blockchain Privacy Manager allows institutions to integrate their private blockchain networks with existing systems, such as traditional enterprise backends, while limiting onchain data exposure. This capability enables private chains to be integrated with the public Chainlink Platform, providing access to crucial offchain data such as Proof of Reserve (PoR), Net Asset Value (NAV), market prices, and identity data, without exposing sensitive private chain data to third parties. Institutions can also leverage the public CCIP network to connect private blockchains to other public or private chains, while only revealing the onchain information that is selected by the institution as being necessary to process each transaction.

Using the Blockchain Privacy Manager, CCIP Private Transactions leverages a novel onchain encryption/decryption protocol to enable institutions to transact across multiple private blockchains using the public CCIP network, while keeping the transaction details fully confidential. End-to-end encryption prevents Chainlink node operators or other third parties from accessing the sensitive content of institutional cross-chain transactions, including token amounts, sender/receiver addresses, and data instructions. Encryption keys are generated and held by institutional users and can be selectively shared with authorized parties of their choice, such as counterparties, compliance auditors, or financial regulators.

Using the Blockchain Privacy Manager, CCIP Private Transactions enable confidential transfers between private blockchains using the public CCIP network.

Chainlink’s new privacy-preserving capabilities are already being piloted by major financial institutions for the cross-chain settlement of tokenized assets. If your organization is interested in adopting the Blockchain Privacy Manager and/or CCIP Private Transactions, reach out to an expert below.

The Blockchain Privacy Manager and CCIP Private Transactions complement the Chainlink Platform’s existing privacy-preserving capabilities, including DECO—a novel ZK-oracle technology for authenticating web data in a privacy-preserving manner. In the very near future, we plan to make the DECO Sandbox publicly accessible, offering pre-configured use cases that showcase DECO’s privacy-preserving capabilities.

In aggregate, the Chainlink Platform enables institutions to maintain privacy over sensitive data stored on private blockchain networks and in offchain systems (privacy for data-at-rest), as well as maintain privacy when transacting across blockchain networks (privacy for data-in-transit).

The Institutional Need For Privacy In Cross-Chain Transactions

The adoption of blockchain networks within the global capital markets presents an immense opportunity to redefine how financial assets of all kinds are issued, transacted, and settled. With the market for tokenized assets projected to reach upwards of $16 trillion by 2030, we see financial institutions actively moving from proof-of-concept to pilot programs to in-production applications, ranging from cross-border payments with stablecoins to DvP settlement of tokenized securities. 

In parallel, the cost and friction of launching a new blockchain network continues to decrease, leading to a fragmentation of public and private blockchains. In order to properly realize the benefits of onchain finance and tokenized assets, institutions require the ability to transact both data and value between all of the public/private blockchain networks that their users and counterparties have adopted.

However, the lack of secure cross-chain privacy has hindered the ability of financial institutions to meaningfully transact across blockchain environments in a way that meets regulatory requirements such as the EU’s General Data Protection Regulation (GDPR) and Markets in Financial Instruments Directive II (MiFID II). These institutional requirements include the need for complete end-to-end privacy for private chain to private chain transactions, as well as limiting data exposure for private chain to public chain transactions. 

At Chainlink Labs, our discussions with numerous Financial Market Infrastructures (FMIs), Central Securities Depositories (CSDs), central banks, commercial banks, and other financial market participants have revealed overwhelming consensus that cross-chain privacy is a not a nice-to-have, but a core requirement for countless onchain finance use cases.

To address these long-standing compliance and confidentiality challenges around institutional blockchain interoperability, we have enhanced the Chainlink Platform with two privacy-preserving capabilities.

Chainlink Blockchain Privacy Manager

The Chainlink Platform enhances the utility and functionality of blockchain networks by providing access to onchain data, offchain compute, and cross-chain interoperability solutions. As a blockchain-agnostic protocol, Chainlink has been successfully integrated across 20+ public blockchain networks, having enabled over $16+ trillion in transactional value and bringing 15+ billion verified messages onchain.

Expanding the Chainlink Platform’s availability to financial institutions means enabling integration with private blockchain networks. Unlike public (permissionless) blockchains where anyone can read/write to the chain’s ledger, private (permissioned) blockchains only allow selected and verified network participants to read/write to the chain’s ledger. These properties make private blockchains the preferred solution by many institutions for maintaining data confidentiality and supporting regulatory compliance.

In order to facilitate this connectivity, we developed the Blockchain Privacy Manager—offchain infrastructure run by private chain operators that establishes strict, fine-grained read/write access policies for private blockchains, as well as flexible data redaction capabilities at the Remote Procedure Call (RPC) level, ensuring sensitive onchain data is not exposed to third parties. The offchain infrastructure is fully configurable by institutional users, allowing for granular control over which RPC requests and responses are authorized based on the relevant use case.

While this new offchain infrastructure is key to unlocking the ability for private blockchain networks to integrate with the public Chainlink platform, the Blockchain Privacy Manager is functionally system-agnostic and can be used by institutions to connect any offchain system to private chain networks, such as traditional enterprise backend systems, while limiting onchain data exposure. 

The Blockchain Privacy Manager enables institutions to connect their existing systems to private blockchain networks, while limiting onchain data exposure.

To facilitate connectivity between the public Chainlink Platform and private blockchain networks, the Blockchain Privacy Manager allows institutions to authorize specific Chainlink oracle networks to write data to specific oracle smart contracts on a private blockchain, without the ability for Chainlink node operators to read/write any other data or smart contract logic located on that private chain. 

This unlocks the ability for private chain smart contracts to securely access offchain data that has been validated by the public Chainlink Platform such as Proof of Reserve (PoR), Net Asset Value (NAV), market prices, and identity data, without revealing any sensitive or unrelated data contained on the private chain’s ledger to Chainlink node operators or third parties, supporting compliance with data protection regulations.

The Blockchain Privacy Manager enables smart contracts on private blockchain networks to access external data resources via the public Chainlink Platform.

Additionally, the Blockchain Privacy Manager enables financial institutions to leverage the public Chainlink CCIP network to connect private blockchain networks to other public and private chain environments, while only revealing the onchain information that is selected by the institution as being strictly necessary to process each cross-chain transaction. This approach to cross-chain interoperability means institutions do not need to build or operate their own security-sensitive cross-chain infrastructure or bridging software, significantly reducing operational costs and infrastructure footprint when transacting cross-chain. 

The Blockchain Privacy Manager enables institutions to connect private chains to public chains using the public CCIP network.

Chainlink CCIP Private Transactions

Building upon the new Blockchain Privacy Manager, CCIP Private Transactions takes the Chainlink Platform’s privacy capabilities a step further by introducing a novel onchain symmetric encryption/decryption protocol—designed and developed by the Chainlink Labs research team—to enable fully confidential cross-chain transfers between private blockchain networks using the public CCIP network. 

The use of end-to-end encryption, with the keys generated and held by institutional users, prevents Chainlink node operators or any unwanted third parties from either viewing or tampering with the contents of cross-chain transactions, including token amounts, sender/receiver addresses, and data instructions. Institutions can also choose to share their encryption key with authorized parties of their choice, such as counterparties, compliance auditors, or financial regulators.

CCIP Private Transactions works by deploying an onchain smart contract to each private blockchain network, which is responsible for encrypting sensitive information in outbound CCIP messages before they leave the blockchain, and decrypting sensitive information in inbound CCIP messages as soon as they are processed on the blockchain. Encryption/decryption keys are unique to each chain-lane, meaning institutions can use different encryption keys for each of their different counterparties across different private chain networks. Combined with the Blockchain Privacy Manager, institutions can keep both data-at-rest and data-in-transit entirely confidential, or revealed exclusively on a strict need-to-know basis. 

CCIP Private Transactions use a novel onchain encryption protocol to enable confidential transfers between multiple private chains.

CCIP Private Transactions can be viewed on the public CCIP explorer, but with sensitive transaction information hidden due to the use of end-to-end encryption.

Chainlink DECO Sandbox

In addition to the Blockchain Privacy Manager and CCIP Private Transactions, the Chainlink Platform also offers an advanced privacy-preserving data verification system in the form of DECO, which uses zero-knowledge proofs (ZKPs) and existing web infrastructure to enable financial institutions, enterprises, and web3 developers to verify sensitive information without exposing the underlying data. For a deeper look at DECO’s technology, check out our DECO Introduction blog and the DECO research paper.

In the very near future, we plan to make the DECO Sandbox publicly accessible, offering pre-configured use cases that showcase DECO’s privacy-preserving capabilities such as identity verification, proof of funds verification, and sanctions screenings verifications, while maintaining the privacy of sensitive data. 

The DECO technology is unique in that it requires no modifications at the data source and can be easily integrated into existing workflows and legacy tech stacks. DECO supports multiple methods of generating attestations about offchain data that can be consumed both onchain and offchain in a privacy-preserving manner. We look forward to sharing more information with the launch of the DECO Sandbox.

DECO enables assertions about API data to be proved in a privacy-preserving and provenance-enabled manner.

Scaling The Multi-Chain Economy Through Secure, Private Cross-Chain Connectivity

Through the Chainlink Platform’s enhanced privacy-preserving capabilities, financial institutions can directly leverage Chainlink’s battle-tested Decentralized Oracle Network (DON) infrastructure for a variety of use case situations.

If you are interested in integrating your private blockchain network with existing systems via the Blockchain Privacy Manager and/or enabling confidential cross-chain transfers via CCIP Private Transactions, connect with an expert