Hi all! I’ve been excitedly reading the Midnight docs this morning trying to figure out whether my hackathon idea is promising…
I’d like to try to make a dApp where you build up a private dataset (I’m thinking a Merkle tree of generic observation objects, but concretely some kind of quantified self data for the demo: resting heart rate, daily steps etc). Then the interesting feature would be that you can reveal a random sample of it. It could be used as part of a “citizen science DAO” idea I’ve been kicking around for a while, and also presumably in lots of commercial situations where people want to sample data they’ll be buying.
Based on a cursory reading of the docs and asking the AI assistant, I think building up a dataset should be totally doable, but sampling might be an issue? I didn’t see any way to get a verifiable random number, and the whole point would be that neither party can cherry pick which data points to reveal.
Assuming that part works, the chosen data points would be disclosed along with proofs of their position in the Merkle tree. The root hash could be public if needed to make that work. Disclosure could be public or encrypted to someone’s key–whatever’s easier to start with.
It feels perhaps a bit biased of me to reply and weigh in re: whether or not it’s a good idea (I work at Midnight Foundation and we’re sponsoring the hack) … but I WILL say that I think this would be a verryyyy interesting use case! I can imagine a lot of reasons why ppl might want to protect this sort of data, but also moments when they want to partially disclose some of it as well.
@jefdaj hey, interesting idea. The problem is that there’s currently no documentation on VRFs (Verifiable Random Functions), at least not in the documentation. I might be wrong, but this is what I see. Surely the Midnight team is working on a solution for this.
Thanks for looking @luislucena ! And @lolocoding for the encouragement! Yeah that was my conclusion too: no VRF yet. I have a few thoughts about how to get around it:
Just wait a little while. It’s exciting being in the first round of new pioneer developers and all, but I have a fund13 project I’m behind on the milestones for and need to make sure I’m not neglecting that.
Clunky but sounds secure? The two parties (data seller/owner and buyer/auditor) each have to commit to + reveal a number and the contract merges them.
Hackier temporary sources of randomness. I could build the rest of the dApp and just mention that it’s waiting on a VRF to be truly secure. I wonder if there are hashes in the chain state that would be suitable? I remember reading that Ourobouros relies on its own built-in VRF to make sure leader elections are random and prevent stake grinding attacks, so if I can read the Cardano chain state that would be good enough. Maybe not needed though depending on what the Midnight chain state looks like. The contract could have logic saying something like “if the sample request is submitted in block N, use the hashes of block N..N+3 for the random seed”. Waiting long enough that it’s implausible anyone could control all the hashes.
I can imagine a lot of reasons why ppl might want to protect this sort of data, but also moments when they want to partially disclose some of it as well.