Understand BAVO zkFHE Network

Overview

The potential value of data is increasingly recognized by enterprises and individuals. People's daily behavioral data provides corrections and feedback for different technology products, creating economic value and social impact. The effective mining of data value and the avoidance of individual privacy violations as much as possible are the main pain points in the process of data monetization.

Existing systems built from either zero-knowledge proofs, multi-party computations or other privacy-enhancing techniques cannot fully resolve the paradox of privacy protection and utilization of sensitive data, and various computational issues during data processing require further reliable integrity measures.

Leveraging the benefits of traceability and programmability from blockchain-like techniques, BAVO’s zkFHE protocol enables an open infrastructure for librating data value with verifiable and confidential data processes while individual and organization developers can selectively contribute with either security, functional scalability and effectivity to the network.

The core advantages of zkFHE lie in its natural abilities from both zero-knowledge proofs and fully homomorphic encryptions, to perform customizable computations on encrypted data, with the correctness guaranteed by validity proofs for the whole computation circuits. The validity proofs solids the whole computation framework with cryptographic and computational trustlessness to facilitate the necessary security requirements of applications.

Roles in BAVO Network

Data Provider

A data provider is an individual or organization that provides computing data to BAVO Network. The data from the data provider is encrypted by the FHE algorithm and then uploaded to decentralized storage blockchains such as Arweave and Filecoin. A data provider can receive a portion of the computation fee for the data usage.

Worker

A worker is a node of BAVO Network, providing computing resources, running the zkFHE algorithm on encrypted data, and providing BAVO Network with a confidential computing environment and resources. A worker needs to generate a zero-knowledge proof while computing.

A worker also needs to provide the Data Encryption Public Key to a data provider to encrypt the data, and meanwhile, it needs to re-encrypt the confidential computation results into results that only the caller can decrypt.

zkFHE algorithm naturally guarantees data confidentiality and computation integrity. Workers can earn computation fees from the successful execution of a computation task.

Caller

A caller is an individual or organization that uses the computation capability and data resources of BAVO network. The caller can specify the encrypted data uploaded by the data provider to initiate a computation task and obtain the result from the task execution. Caller shall pay for the computation service.

Network Architecture

With comprehensive consideration of decentralization, security and scalability, BAVO Network is designed to separate consensus and computation for scalability. Workers mainly use the zkFHE algorithm to run confidential computations and generate proofs for integrity assurance. The proofs are verified through BAVO contracts. Meanwhile, multiple modules including worker management, data management, task management, fee management, and worker incentives, compose BAVO contracts.

Components of BAVO Network

Worker

As mentioned here, workers are the key components that support confidential computation tasks to maintain the network liveness.

BAVO Contracts

BAVO Contracts are a collection of blockchain-like smart contracts deployed in multiple blockchains, including Ethereum, L2s, AO, and others. BAVO Contracts consist of multiple modules including worker management, data management, task management, fee management, worker incentives, etc.

BAVO SDK

BAVO SDK is a collection of developer tools. Developers can leverage the verifiable confidential computation capability of BAVO Network through this SDK and implement various privacy-centric applications that can be alive in BAVO Network.

BAVO Scan

BAVO Scan is a user interface for exploring the information of BAVO network. Through BAVO Scan, one can find the details about workers, computable data, tasks, etc.

Logical Architecture

The following figures show the logical architecture within BAVO network.

Workflow

According to the classification of data encryption keys, FHE can be divided into the following three categories:

  • Threshold FHE: Use the shared public generated by multiple Workers to encrypt data.

  • Single-Key FHE: Use the user's own key to encrypt data.

  • Multi-Key FHE: Use the public keys of multiple Workers to encrypt data.

Core workflow can be divided into three categories accordingly.

Threshold FHE Core Workflow

Worker Registration

An eligible worker must be registered with the worker management module of BAVO contracts. Confidential computation tasks shall only be dispatched to successfully registered workers. The registered information includes name, description, owner address, machine resources, RPC address and port, worker's public key, etc.

Task Submission and Data Encryption Public Key Generation

A caller can submit a confidential computing task through an application developed based on BAVO SDK. To launch a confidential computation task, it is essential to pay the required fees for the computation and data resources. When a caller initiates a task, he shall publish his own public key, for which the final encrypted computation result is only derivable with regard to the private key paired to that public key.

Then the BAVO SDK forwards the `submit_task request to the task management module. The task management module selects a group of workers who generate the data encryption public keys, and another group of workers who execute the task. In practice, the two worker groups can be the same. The first group of workers returns the data encryption public keys to the task management contract.

Data Upload

A data provider uses BAVO SDK to obtain the data encryption public keys required by the task from the task management module. The data provider uses the FHE algorithm with those data encryption public keys to encrypt the data and upload the ciphertexts to a storage blockchain such as Arweave.

zkFHE Computation

The Workers who are designated to execute the task shall get the task information from the task management module, and also retrieve the encrypted data from the storage blockchain. They execute the zkFHE computation and output both the encrypted result and a validity proof.

Re-encryption of Result

The Workers who generate the data encryption public keys shall re-encrypt the encrypted result after the task execution, using the caller's public key, so that only the caller can decrypt the result correctly.

Proof Verification and Fee Settlement After the task execution, workers upload the encrypted result with the validity proof to the task management module. After the task management module successfully verifies the proof, it will invoke the fee management module for fee settlement. The fee will be distributed to the data providers and workers according to the requirements specified in the task.

Decryption of Result The caller uses its own private key through the FHE algorithm of BAVO SDK for decryption, and obtains the raw result.

Single-Key FHE Core Workflow

Single-Key FHE core workflow is similar to the Threshold FHE core workflow, with the following main differences:

  • The Caller and Data Provider are the same person.

  • When selecting Workers, you only need to select the Workers that execute the task, not the Workers that generate the data encryption key. This is because the Single-Key FHE uses the user's own key to encrypt data.

  • The Result Re-encryption process is not required because the data is encrypted using its own key.

The Single-Key FHE core workflow is shown in the figure below:

Multi-Key FHE Core Workflow

Register Worker

The Multi-Key FHE register worker process is the same as Threshold FHE Register Worker.

Get Workers Public Keys and Upload Data

Data Provider submits data upload request to Task Management of BAVO contracts. The Task Management selects which Workers' public keys will be used to encrypt the data, and these workers will be responsible for executing tasks based on this data.

And Data Provider uses BAVO SDK to obtain the Workers' public keys required by the data upload request from Task Management of BAVO contacts.

Then Data Provider use the FHE algorithm of BAVO SDK and the Workers' public keys to encrypt the data and upload it to Storage Blockchain such as Arweave and Filecoin.

Submit Task

Caller can submit a confidential computing task through an application developed based on BAVO SDK. Initiating a confidential computing task requires paying a certain amount of computing and data fees. When Caller initiates a task, it will pass its own Caller Public Key, and the final encrypted computation result is only the private key corresponding to the Caller Public Key can be decrypted.

zkFHE Computing

The Multi-Key zkFHE Computing process is the same as Threshold zkFHE Computing, but run different zkFHE algorithms.

Proof Verify and Fee Settlement

The Multi-Key FHE Proof Verify and Fee Settlement process is the same as Threshold FHE Proof Verify and Fee Settlement.

Decrypt Result

The Multi-Key FHE Decrypt Result process is the same as Threshold FHE Decrypt Result.

Last updated