Opacity provides a transparency-enhancing tool in the form of a cryptographic scheme that enables companies to inform end-users about the actual data processing that takes place on their personal data.

This is done by storing and serving encrypted meta-data, generated by those companies, about the data processing, in a secure and verifiable way.  By removing any link between stored data, we go beyond traditional solutions. The result is transparency with maximal privacy for both the individual and the organization or commercial entity.

The technology was developed to handle large volumes,  have a minimal impact on existing company processes and is easy to implement.


Core components:

  • Sender
    The company’s applications interact with the sender to store descriptions for users. The sender component transforms these descriptions for users into events, which are encrypted and made unlinkable, to be stored at the log server.

    Forking allows companies to distribute their processes with other parties that also implement Opacity where the end-user can still get his entire history over all these parties.
  • Log Server
    The log server stores the events  from the sender.  Later-on, it provides the events to the recipient component together with cryptographic proofs, which ensure that the events once stored at the log server cannot be tampered with without being detectable.
  • Recipient
    The recipient retrieves events from the log server and checks the proofs. For a specific user, the recipient can retrieve the relevant events (restoring the link) and decrypt these. The output will then be the description together with cryptographic proofs that show that the event was intended for this user and contains the given description.

Secondary components:

  • Key Management
    Key management is about managing the cryptographic keys for users needed for encrypting the descriptions (available to the sender) and decrypting the events (available to the recipient); and for making events unlinkable (sender) and linkable again (recipient). 

  • Time Stamping Service
    The time stamping service allows to lock events into time. We provide two options, which are easy to interchange:
    • an innovative usage of the Bitcoin network, where  the trust comes from the highly distributed nature of this network. This allows to get a timing granualarity in the order of 2-3 hours.
    • usage of classical time stamping authority for split second timings, e.g., algorithmic trading.
  • Visualizer/CLI (command line interface)
    Users and auditors interact with the visualizer/CLI component that in turn interacts with the recipient. This component visualizes the output to the recipient.

Optional component:

  • Monitor
    The monitor component downloads all events from the log server through the recipient. This component certifies that the events at the log server have not been tampered with and can also serve as a backup for the log server.

Subscribe to our newsletter