Data Privacy

The Waves Enterprise Blockchain Platform provides confidential data transfer and storage between participants interacting on the network. The protection of confidential data during its transfer and storage is provided by a set of groups, which contain a list of participants that can interact with private data.

The Waves Enterprise platform supports two options for storing confidential data:


Access groups

Access groups are created by network participants who need to arrange a private data exchange. Any participant can create an access group and add into it any number of other participants. Only nodes can exchange information within a group.

The group contains the following parameters:

  • name (policyName);

  • description (Description);

  • the list of confidential data recipients (Recipients);

  • the list of the policy owners with editing rights (Owners).

The access group is created by sending a CreatePolicy transaction (type = 112, group creation) to the blockchain.

Owners can change the access group by sending the UpdatePolicy transaction (type = 113, group editing) to the blockchain.

For external access and getting the information about groups there are using specified API Node requests: GET /privacy/{policy}/recipients, GET /privacy/{policy}/getHashes, GET /privacy/getInfo/{hash}.

Sending and receiving the data

The data is sent via POST /privacy/sendData request through its own node of the organization, which checks whether the sender is a member of the specified group. If that check is successful, the data is written to the node store, and the PolicyDataHash transaction (type = 114, sending the data hash) is initiated with the calculated hash sum of the data. The size limit for transferring data to the network is 20 MB.

When a receiving party receives a transaction with the hash sum from the transmitted data, it checks whether the blockchain node is involved in the group specified in the transaction. If the participant belongs to the group, the getPrivateData request for confidential data is executed at the network address of the group participant via P2P connection. To ensure the security of data transmission over an unprotected communication channel the Diffey-Hellman cryptographic protocol is used.