A RESTful Privacy-Aware and Mutable Decentralized Ledger

Abstract

During the last decade, blockchain technology has gained massive attention due to its decentralized, transparent, and verifiable features. However, data stored on the blockchain is publicly available, immutable, and may link to the data owner, thus making privacy management and data modification major challenges. In this paper, we present a RESTful decentralized storage framework that provides data privacy and mutability. To do so, it combines blockchain with distributed hash table, role-based access control, ring signature, and multiple encryption mechanisms. We designed a protocol that exploits metadata and pointers stored on the blockchain, while corresponding encrypted data are stored off-chain, so that data owners are able to control their data. Each peer in our framework offers RESTful APIs to operate, thus ensuring interoperability over the Web. In this paper, we present the operation of our framework and its components that enable data protection at run-time. We also evaluate its performance with time measurements from our proof-of-concept implementation.