The module leverages Semantic SBT and Lit Protocol to enable privacy-preserving data sharing, with users being able to share their private data with addresses meeting certain conditions.
In this mechanism, Lit Protocol is used to encrypt and decrypt data. Afterwards, Arweave will store the encrypted data, encrypted key, and conditions for data sharing. Then, Semantic SBT will be used to store the hash pointing to Arweave and define the conditions for data sharing.
The conditions for data sharing can be defined as:
EOA addresses
Users with certain NFT collections
Users with certain SBTs
Users owning a certain amount of a specified ERC20 token.
Schema
The schema for privacy content sharing works as follows: The schema is stored on Arweave in the form of a ttl with the transaction hash as the schemaURI to be passed to the contract during its initialization stage. For example:
:Soul a rdfs:Class ;
rdfs:label "Soul" ;
rdfs:comment "A soul." .
Predicate
The predicate p:privacyData describes private data.
p:privacyContent a rdf:Property ;
rdfs:label "privacyContent" ;
rdfs:comment "The privacy content." ;
rdfs:domain :Soul ;
rdfs:range xsd:string .
Contract
interfaceIPrivacyContentisISemanticSBT {/** * Prepare a tokenId. * @return tokenId */functionprepareToken() externalreturns (uint256);/** * Query the prepared tokenId. * @param owner * @return tokenId */functionownedPrepareToken(address owner) externalviewreturns (uint256);/** * Post a content. * @param content The content should be the hash on Arweave. The actual encrypted content and authorization records are stored on Arweave.
*/functionpost(stringmemory content) external;/** * Whether the address is authorized to be the view of the token. * @param viewer * @param tokenId * @param isViewer */functionisViewerOf(address viewer,uint256 tokenId) externalviewreturns (bool);/** * View the hash on Arweave corresponding to the token * @param tokenId * @return content */functioncontentOf(uint256 tokenId) externalviewreturns (stringmemory);}
For a complete contract implementation, please refer to:
The private data awaiting sharing should be encrypted via Lit Protocol. The result (accessCondition,encryptedSymmetricKey,encryptedObject) should then be sealed as the "encryptMetaData" and uploaded to a storage layer (like Arweave), generating a address for the "encryptMetaData".
The encryptMetaData has a following format:
{"encryptionBy":"lit-protocol","accessCondition": [ {"contractAddress":"${contract address of Semantic SBT}","standardContractType":"ERC721","chain":"polygon","method":"isViewerOf","parameters": [":userAddress","${tokenId}" ],"returnValueTest": {"comparator":"=","value":true } } ], "encryptedSymmetricKey": "a hex string that LIT will use to decrypt your content as long as you satisfy the conditions",
// encrypted content"encryptedObject":"AhgXUao1QU2iQg34UsCw0-ptkoy_fhifEoqEs3_Zj1s="}
Minting a privacy-preserving SBT
A PrivacySemanticSBT contract is built based on the Semantic SBT specification. We are to mint a privacy-preserving SBT, with its RDF object as the address on Arweave/ipfs.
How to call the method of the SemanticSBTPrivacy contract:
Users who want to decrypt the private data should obtain the "encryptMetaData" from SBT's object. By calling LitProtocol's Decryption process, they can decrypt the data and obtain the object in plain-text.
AccessConditions
Different conditions can be set to control users' access to private data.
User owns a specific wallet address
Users owning certain addresses can decrypt the private data.
