CONFETTY: A Tool for Enforcement and Data Confidentiality on Blockchain-Based Processes

TL;DR

CONFETTY is an open-source platform that combines blockchain smart contracts with attribute-based encryption to enable confidential yet transparent process execution on public blockchains.

Contribution

It introduces a novel approach integrating smart contracts with attribute-based encryption to preserve data confidentiality in blockchain-based processes.

Findings

Successfully balances transparency and confidentiality in blockchain processes.

Uses attribute-based encryption for fine-grained access control.

Provides an open-source web application for practical implementation.

Abstract

Blockchain technology enforces the security, robustness, and traceability of operations of Process-Aware Information Systems (PAISs). In particular, transparency ensures that all data is publicly available, fostering trust among participants in the system. Although this is a crucial property to enable notarization and auditing, it hinders the adoption of blockchain in scenarios where confidentiality is required, as sensitive data is handled. Current solutions rely on cryptographic techniques or consortium blockchains, hindering the enforcement capabilities of smart contracts and the public verifiability of transactions. This work presents the CONFETTY open-source web application, a platform for public-blockchain based process execution that preserves data confidentiality and operational transparency. We use smart contracts to enact, enforce, and store public interactions, while we adopt attribute-based encryption techniques for fine-grained access to confidential information. This approach effectively balances the transparency inherent in public blockchains with the enforcement of the business logic.