Understand BAVO zkFHE Network
Overview
The value of data is increasingly recognized by both enterprises and individuals. People's everyday behavioral data contributes to the improvement of technology products, generating both economic value and social impact. However, effectively extracting value from data while minimizing privacy violations remains a significant challenge in the process of data monetization.
Current systems, whether based on zero-knowledge proofs, multi-party computations, or other privacy-enhancing technologies, fail to completely resolve the tension between privacy protection and the utilization of sensitive data. Additionally, there are ongoing challenges related to ensuring the integrity of data processing.
PADO’s zkFHE protocol addresses these issues by combining blockchain-like traceability and programmability, offering an open infrastructure that enables verifiable and confidential data processing. It allows developers—whether individuals or organizations—to contribute to the network by enhancing security, scalability, or efficiency.
The strength of zkFHE lies in its ability to use both zero-knowledge proofs and fully homomorphic encryption to perform customizable computations on encrypted data. Its correctness is ensured by validity proofs that cover the entire computation process. These proofs establish cryptographic and computational trustlessness, meeting the critical security needs of modern applications.
Roles in BAVO Network
Data Provider
A data provider refers to an individual or organization that supplies computing data to the BAVO Network. This data is encrypted using the FHE algorithm before being stored on decentralized storage blockchains like Arweave and Filecoin. In return for the use of their data in computations, data providers are eligible to receive a portion of the computation fees.
Worker
A worker is a node within the BAVO Network that provides computing resources and runs the zkFHE algorithm on encrypted data, ensuring a secure and confidential computing environment. While performing computations, the worker must generate a zero-knowledge proof to verify the integrity of the process.
Additionally, a worker is responsible for providing a Data Encryption Public Key to the data provider for encrypting data. After completing the computations, the worker must re-encrypt the results so that only the caller can decrypt them.
The zkFHE algorithm inherently ensures both data confidentiality and computation integrity. Workers are compensated with computation fees for successfully executing computation tasks.
Caller
A caller is an individual or organization that utilizes the computation capabilities and data resources of the BAVO Network. The caller can select encrypted data provided by a data provider to initiate a computation task and receive the results from the task execution. In return for using the computation service, the caller is required to pay a fee.
Network Architecture
With a focus on decentralization, security, and scalability, the BAVO Network is designed to separate consensus from computation to enhance scalability. Workers primarily use the zkFHE algorithm to perform confidential computations and generate proofs to ensure integrity. These proofs are verified by BAVO contracts. The BAVO contracts also manage various modules, including worker management, data management, task management, fee management, and worker incentives, creating a comprehensive framework for efficient network operation.
Components of BAVO Network
Worker
As outlined, workers are crucial components that facilitate confidential computation tasks, ensuring the network's liveness.
BAVO Contracts
BAVO Contracts are a suite of blockchain-based smart contracts deployed across various blockchains, including Ethereum, Layer 2 solutions, AO, and more. These contracts manage several key modules, such as worker management, data management, task management, fee management, and worker incentives, to support the network’s operations.
BAVO SDK
The BAVO SDK is a set of developer tools that enables developers to tap into the verifiable, confidential computation capabilities of the BAVO Network. Using the SDK, developers can create and deploy privacy-centric applications that operate seamlessly within the BAVO Network.
BAVO Scan
BAVO Scan is a user-friendly interface that allows users to explore detailed information about the BAVO Network. It provides insights into workers, computable data, tasks, and more.
Logical Architecture
The following diagrams represent the logical architecture of the BAVO Network, highlighting its structure and the interaction between its components.
Workflow
According to the classification of data encryption keys, Fully Homomorphic Encryption (FHE) can be categorized into three types:
Threshold FHE: Data is encrypted using a shared public key generated by multiple workers.
Single-Key FHE: Data is encrypted using the user’s own encryption key.
Multi-Key FHE: Data is encrypted using the public keys of multiple workers.
The core workflow of FHE can be divided into three corresponding categories based on these encryption methods.
Threshold FHE Core Workflow
Worker Registration
An eligible worker must be registered through the worker management module of BAVO contracts. Confidential computation tasks are assigned exclusively to successfully registered workers. The registration details include the worker's name, description, owner address, machine resources, RPC address and port, public key, and other relevant information.
Task Submission and Data Encryption Public Key Generation
A caller can submit a confidential computing task through an application built using the BAVO SDK. To initiate a confidential computation task, the caller must pay the necessary fees for computation and data resources. Upon task submission, the caller publishes their public key, ensuring that the final encrypted result can only be decrypted with the private key paired to that public key.
The BAVO SDK then forwards the submit_task request to the task management module. The module selects one group of workers to generate the data encryption public keys and another group to execute the task, although in practice, these groups can be the same. The first group of workers returns the data encryption public keys to the task management contract.
Data Upload
A data provider utilizes the BAVO SDK to retrieve the data encryption public keys required for the task from the task management module. Using these public keys, the data provider encrypts the data with the FHE algorithm and then uploads the resulting ciphertexts to a decentralized storage blockchain, such as Arweave.
zkFHE Computation
The workers designated to execute the task retrieve the task information from the task management module and access the encrypted data from the storage blockchain. They perform the zkFHE computation, producing both the encrypted result and a validity proof to ensure the correctness and integrity of the computation.
Re-encryption of Result
The workers responsible for generating the data encryption public keys must re-encrypt the encrypted result after task execution using the caller's public key. This ensures that only the caller can correctly decrypt and access the final result.
Proof Verification and Fee Settlement After task execution, the workers upload the encrypted result along with the validity proof to the task management module. Once the task management module verifies the proof successfully, it triggers the fee management module for fee settlement. The fees are then distributed to the data providers and workers based on the terms specified in the task.
Decryption of Result The caller uses their private key with the FHE algorithm through the BAVO SDK to decrypt the data and retrieve the raw result.
Single-Key FHE Core Workflow
The Single-Key FHE core workflow is similar to the Threshold FHE workflow, with the following key differences:
The caller and data provider are the same individual or entity.
When selecting workers, only those responsible for executing the task are needed, as there is no requirement for workers to generate a data encryption key. This is because the Single-Key FHE uses the user’s own encryption key.
The result re-encryption process is unnecessary since the data was encrypted using the user’s own key from the start.
The Single-Key FHE core workflow is illustrated in the figure below:
Multi-Key FHE Core Workflow
Register Worker
The Multi-Key FHE register worker process is the same as Threshold FHE Register Worker.
Get Workers Public Keys and Upload Data
The Data Provider submits a data upload request to the Task Management module of the BAVO contracts. The Task Management module selects the public keys of the workers that will be used to encrypt the data, and these workers will be responsible for executing tasks based on the encrypted data.
The Data Provider then uses the BAVO SDK to obtain the selected workers' public keys from the Task Management module. Using the FHE algorithm in the BAVO SDK and the workers' public keys, the Data Provider encrypts the data and uploads the ciphertext to a storage blockchain, such as Arweave or Filecoin.
Submit Task
A caller can submit a confidential computing task through an application built using the BAVO SDK. To initiate the task, the caller must pay the required computing and data fees. When the task is initiated, the caller provides their public key, ensuring that the final encrypted computation result can only be decrypted using the private key corresponding to that public key.
zkFHE Computing
The Multi-Key zkFHE computing process follows the same structure as the Threshold zkFHE computing process, but it utilizes a different zkFHE algorithm.
Proof Verify and Fee Settlement
The Multi-Key FHE proof verification and fee settlement process is identical to the Threshold FHE proof verification and fee settlement process.
Decrypt Result
The Multi-Key FHE decryption process is the same as the Threshold FHE decryption process.
Last updated
