Professional Documents
Culture Documents
2
need to be constructed 100% right in one shot, able to withstand years of security attacks with code [one]
can’t really modify.”xi To account for privity, smart contracts must be built free of human error and with
the primary goal of excluding all non-authorized parties without fail.
IV. Maintaining Control
The second element of smart contract privity is maintaining control of the code. By restricting
unauthorized third parties from modifying the coding, a smart contract remains in privity only to the
authorized parties. Maintaining absolute control of the code can be a difficult task, though, when a code
is stored and verified on a public ledger. Furthermore, once a code is “live” on the blockchain, it is
irreversible, meaning there is no way to simply fix a mistake or update the code. In other words, the
smart contract has to be perfect in its first iteration.xii
Maintaining control of the smart contract is essential. In the DAO Hack, the only remedy to
correct for the mistake was creating a fork in the blockchain, effectively creating a “classic version” of
the blockchain with the old code and a new fork without the coding error. This solution was not simple
and likely cannot be replicated, meaning coders must initially ensure protections are in place to prevent
infiltration. In order to maintain control over the code, privity is required as a foundational element of
the coding and relationship between the parties to prevent access by third parties. Without privity
through tight control, smart contracts are vulnerable to malicious parties.
Potential Solutions
Privity remains an issue for smart contracts due to the public nature of blockchain
ledgers, continued attacks on the code underlying each smart contract, and the inability to
maintain control of the contract. However, while some commentators have deemed smart
contracts impossible to fully satisfy the need for privity, there are several proposed solutions that
aim to make smart contracts more secure, confidential and viable for discrete transactions.
A. On-Chain Encryption
Several on-chain solutions have been identified to allow for privity by including greater
privacy and confidentiality. Solutions such as cryptographic key definition functions (KDFs)
generate a new “key” for each transaction rather than using the same key that can be traced to the
holding party.xiii This allows for greater privacy, less transparency and more secure transactions.
Another on-chain solution is a confidential transaction (CT) protocol which encrypts the
actual transaction amount being exchanged between the parties in order to obfuscate the
transactions.xiv Without key portions of the transactions, it is difficult for a third party to
determine what is being exchanged between the parties and how to exploit that information.
3
the payout to the respective parties, while the public smart contract contracts the exchange of the
transaction and the recording of that transfer.xvi This allows the smart contract to operate
efficiently on a distributed blockchain network while also keeping the parties’ information
secure.
Conclusion
Security will always be a concern for parties utilizing smart contracts to automatically
execute certain transactions. While blockchain technology represents a leap forward in how
contracts can be handled between untrusting parties, smart contracts still have numerous issues to
resolve before wide spread adopting, including privity. Tune in next week for the fourth and
final article of this series, Part IV: Enforceability.
Jared Arcari is a third year law student at Fordham University School of Law. Jared currently
serves as the president of two student organizations, the Fordham Business & Law Association
and the Entrepreneur Law Society. He is also a Notes & Articles Editor at the Fordham Journal
of Corporate and Financial Law. When he isn’t writing about blockchain-related legal issues,
Jared enjoys serving as a research assistant to prof. Bernice Grant researching entrepreneurial
topics including non-compete alternatives and improving access to capital. To contact the author,
please email him at jarcari@law.fordham.edu.
Disclaimer
Any information contained in this post is for informational purposes only. The information,
opinions and commentary contained herein does not constitute legal advice. It also does not
constitute tax advice. This post is not a complete overview or analysis of the topics presented and
may contain information that varies in different jurisdictions. The transmission of information to
the reader does not create a lawyer-client relationship. The reader should not rely upon this post
or treat it as a substitute for legal advice. The reader should consult a lawyer familiar with their
particular circumstances and licensed in the proper jurisdiction for legal advice.
i
Nick Szabo, Smart Contracts: Building Blocks for Digital
Markets (1996), http://www.fon.hum.uva.nl/rob/Courses/InformationInSpeech/CDROM/Literature/LOTw
interschool2006/szabo.best.vwh.net/smart_contracts_2.html (last visited July 10, 2018).
ii
Paul Humbert, What You Need to Know about Privity of Contract, CONTRACTING EXCELLENT J. (Feb.
8, 2018), https://journal.iaccm.com/contracting-excellence-journal/-what-you-need-to-know-
about-privity-of-contract.
iii
See Logan-Baldwin vs. L.S.M. Gen. Contr., Inc., 942 N.Y.S. 2d 718 (N.Y. App. Div. 2012).
iv
See Ahmed Kosba, Ander Miller, Charalampos Papamanthou, Elaine Shi & Zikai Wen, Hawk:
The Blockchain Model of Cryptography and Privacy-Preserving Smart Contracts, INST. OF
ELECTRICAL & ELECTRONIC ENGINEERS 839, 839 (2016)
https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7546538.
v
Seth Grimes, Privacy vs. Confidentiality vs. Anonymity: What you Need to Know (Apr. 14,
2017), https://breakthroughanalysis.com/2017/04/14/privacy-vs-confidentiality-vs-anonymity-
who-knows/.
vi
Michael Smolenski, Smart Contracts: Privacy vs. Confidentiality, HACKERNOON (Oct. 14, 2017),
https://hackernoon.com/smart-contracts-privacy-vs-confidentiality-645b6e9c6e5a.
vii
See id.
viii
Id.
ix
See id.
x
See Matthew Leising, The Ether Thief, BLOOMBERG LP (June 23, 2017),
https://www.bloomberg.com/features/2017-the-ether-thief/.
xi
A Short History of Smart Contract Hacks on Ethereum, New Alchemy (Feb. 7, 2018),
https://medium.com/new-alchemy/a-short-history-of-smart-contract-hacks-on-ethereum-
1a30020b5fd.
xii
See Alyssa Hertig, Trust No One: Ethereum Smart Contract Security is Advancing, COINDESK
(Nov. 3, 2017), https://www.coindesk.com/paranoia-rules-ethereum-smart-contract-security-
advancing/.
xiii
See Stuart Popejoy, Confidentiality in Private Blockchain 2 (Aug. 2016),
http://kadena.io/docs/Kadena-ConfidentialityWhitepaper-Aug2016.pdf.
xiv
See id.
xv
Kosba et. al., supra note iv, 2.
xvi
See id.