April 10, 2024

Last Updated on December 5, 2024

Distributed ledger technology (DLT) is a digital approach to recording transactions in a decentralized database without recourse to a trusted intermediary. Blockchain is the most widely used form of DLT today, and its best-known use cases involve cryptocurrencies like Bitcoin and Ethereum. The Hedera Network is another type of DLT that does not use the blockchain model.

By eliminating intermediaries and letting participants retain control of their data, DLTs can reverse the current trend for personal data to aggregate in the hands of a few major tech companies. But DLT potentially introduces its own set of privacy challenges.

This article overviews the major privacy issues with DLTs and explains how Hedera approaches solving these challenges.

 

What are the major privacy compliance issues with DLT networks?

As one of the most disruptive innovations in computing, DLT has the potential to transform financial transactions and other human interactions on a massive scale. A major reason for DLT’s growing popularity is that it represents a more egalitarian way of recording and sharing data.

DLTs let participants retain more control of their data and thus share power more equally. Distributed ledgers generally are decentralized, transparently visible to all authorized participants, and depend on all transaction data remaining unchanged once written to the ledger.

But the common DLT model of recording data immutably and sharing it universally across the network could jeopardize compliance with privacy rights, especially by:

  • Making it harder to modify and delete personal data under the EU’s General Data Protection Regulation (GDPR) and other privacy laws.
  • Distributing or replicating personal data to geographies where it is no longer protected by privacy laws.

Privacy regulations and other compliance obligations will most likely continue to increase in scope and complexity. This puts the onus on DLT networks and applications to ensure they can efficiently meet this growing body of requirements while providing all the necessary information.

 

‍What is Hedera?

Hedera is the only open-source public distributed ledger that uses hashgraph consensus, said to be a faster, more secure, and more privacy-friendly alternative to current blockchain consensus algorithms. In the words of its developers, “Hedera has an audacious but simple vision: to build a trusted, secure, and empowered digital future for all.”

The Hedera network offers a wide range of services and features, including:

  • Asset tokenization that makes digital or physical assets “liquid, fractional, and transparent”
  • Nonfungible token (NFT) support
  • Native tokenization and consensus services for building decentralized applications
  • Solidity-based smart contracts
  • Tools for decentralized identity management
  • Decentralized, scalable, and publicly verifiable data logs
  • Secure, real-time and low-cost payment settlement using your choice of cryptocurrency
  • A growing ecosystem of applications and developer tools, including user-friendly native tokenization and consensus service APIs

The Hedera public network also has its own native cryptocurrency, HBAR. Participants use HBARs to pay application transaction fees and cover other network services that consume network bandwidth, compute power, and/or storage.

Hedera claims to be “the most sustainable public network” with an average of 0.000003kWh of energy consumed per transaction—1,000 times more efficient than the Visa payments network and 3,300 times more efficient than Ethereum. To achieve its commitment to be carbon-negative, Hedera purchases carbon credits to offset the emissions from its public-facing infrastructure.

 

What is hashgraph consensus?

The hashgraph consensus mechanism is the brainchild of Leemon Baird, Hedera’s co-founder and chief scientist. Hashgraph enables the Hedera network to achieve a high throughput of 10,000-plus transaction per second, with transaction verification in a few seconds.

These exponentially improved metrics versus most blockchain networks stem from hashgraph’s gossip about gossip protocol (to propagate transactions) and virtual voting algorithm (to order transactions). Each node helps calculate an event’s consensus timestamp by independently calculating the median of the times that the network’s nodes received that event.

The following table illustrates some of the key differences between hashgraph consensus and most blockchain consensus models:

 

  Hedera Hashgraph Blockchain
Open source? Yes Yes
Consensus mechanism Proof-of-work, proof-of-stake, proof of elapsed time gossip about gossip, virtual voting
Performance 100 to 1,000 transaction per second 500,000 transactions per second
Energy efficiency No mining means less energy Mining processes can be energy-intensive
Scalability Massive due to high throughput and parallel transaction processing Scalability hampered by slow confirmation times and block size issues
Security Highly resistant to fraud, tampering, collusion, etc. May be vulnerable to 51% attacks
Governance Decentralized Hedera Governing Council
Cryptocurrency Bitcoin, Ethereum, Binance Coin, Solana, XRP HBAR

 

What are Hedera’s top advantages?

The Hedera DLT model offers several benefits over typical blockchain networks. These include:

  • Faster transaction throughput and reduced verification time or time to finality. Hashgraph can theoretically scale to handle millions of transactions per second with minimal delay, making the network well suited for real-time transactional use cases or for micropayment applications.
  • Stronger security through Hedera’s unique governance system. Traditional proof-of-work blockchains, especially smaller networks, are vulnerable to 51% attacks, aka majority attacks. Hedera’s hashgraph consensus algorithm and weighted voting among nodes greatly decreases the already low likelihood of a majority type attack.
  • Collusion-resistant governance. Hedera is governed by “a fully decentralized and transparent governing body of independent, global organizations” consisting of “up to 39” enterprises (e.g., Google, Wipro, Deutsche Telekom), universities, and Web3 projects. The idea is that no single entity can gain excessive influence or control over the network.
  • Lower fees than many other DLT networks ($0.0001 per network transaction regardless of the HBAR price or other factors).
  • Energy efficiency through lower power requirements and carbon offsetting practices, making the network “carbon negative” overall.
  • Compatibility with popular Ethereum-based distributed applications and Solidity-based smart contracts, effectively increasing the size of the Hedera ecosystem.

 

How does the Hedera Network address privacy compliance?

Hedera states that its hashgraph consensus approach that not only helps solve DLT privacy compliance challenges, but also makes possible new data privacy compliance mechanisms that give users power and control over how their personal data and “identity attributes” are amassed, stored, handled, and shared. “Separation of duties” within Hedera’s network architecture can support compliance with data privacy regulatory principles while still providing a high level of decentralized trust to users.

Many DLTs approach privacy compliance by instantiating private and permissioned (restricted access) networks versus public, permissionless (unrestricted) networks, because the participants are known and fewer, thus simplifying the compliance picture. However, a private and permissioned network inherently offers reduced decentralized trust.

An emerging trend to deliver the best of both worlds is to use a private permissioned ledger, but also record key snapshots of the private ledger’s state to a permissionless public ledger. This model attempts to show legally identifiable entities meeting privacy and data protection requirements on one hand while cryptographically protecting personal data on the other.

Hedera currently embraces this model. It enables private permissioned business application networks to store, analyze, and share personal data internally while offering the trust and transparency of the larger, public Hedera Network. In this way, personal data stays with the entities who legitimately need it.

At the Hedera Network level, for example, personal data is encrypted before being submitted to the consensus mechanism. Some nodes may store the encrypted data but lack the keys to decrypt it. Only the business application network members should have both the data and the encryption keys.

This makes key deletion equivalent to data deletion and also allows editing of personal data. Similarly, the business application network members can control what entities in what geographies can access unencrypted personal data, ideally ensuring it is always subject to robust privacy laws.

 

What’s next?

For more guidance on this topic, listen to Episode 135 of The Virtual CISO Podcast with guest Zenobia Godschalk, Senior Vice President at Hedera.