Data Security in Web3: Trust and a Heuristic

Share This Post

πŸ‘‹πŸ½ In the wild world of Web3, where blockchains handle our digital assets and dreams, one big challenge stands out: how do we keep everything safe when data from the real world gets involved? At Usher Labs, we’re all about using zero-knowledge cryptography to build secure data tools for Web3 businesses. Let’s explore trusted data β€” what it is, how we ensure it’s reliable, and how our Verity system helps secure the future of Web3.

What is Trust Minimisation?

Trust minimisation might sound like a puzzle. After all, how can you “minimise” trust without losing it? It’s not about getting rid of trust entirely; it’s about shifting where trust lives to make things safer and more reliable.

In simple terms, trust is your belief that something will work out as expected, based on what you know. In Web3, blockchains decentralise trust by spreading it across a network of independent operators. No single person or company calls the shots; instead, everyone checks the work openly. This means you don’t have to trust a brand. You trust the tech.

But here’s the twist: even in a “trustless” system like a blockchain, some trust sneaks in. For example, users might trust developers and auditors to produce safe smart contracts.

usherlabs verity problem min.jpg?auto=format%2Ccompress&ixlib=php 3.3

Trust minimisation uses cryptography to prove facts without revealing secrets, giving you clear evidence to rely on. For example, zero-knowledge proofs (ZK) confirm data was processed exactly as intended, without showing private details, removing risks of malicious tampering.

Why call it minimisation? It’s a bit of a paradox because we’re not erasing trust, we’re making it smarter. Think of it like this: in traditional banking, you trust the bank with your money. In Web3, cryptography lets you verify transactions yourself, minimising the trust you place in others.

Why Use This Term? Examples from Web3

The term “trust minimisation” pops up because Web3 is full of risks where blind trust can lead to big losses. Hacks, scams, and data tampering happen when we assume too much about people or systems.

Take smart contracts: early ones were simple and static, like basic rules etched in stone. But now, they’re dynamic, pulling in real-world data for things like loans or games. If that data is dodgy, the whole system crumbles. Decentralised oracle networks (DONs) like Chainlink minimise trust by gathering data from many sources and averaging it out. This works great for public info like crypto prices, but falls short for private or unique data.

Another example: real-world assets (RWAs) on-chain. You might tokenise a house or stock, but how do you know the data about it hasn’t been faked? Trust minimisation steps in with proofs that trace the data’s journey, proving the asset is owned by the correct entity and that it’s unchanged from a reliable source.

At Usher Labs, we see this paradox in action. Trust isn’t gone β€” it’s relocated to verifiable facts. Our Verity tech uses zkTLS (zero-knowledge Transport Layer Security) to prove data comes from trusted APIs without exposing secrets, minimising risks in data pipelines.

usherlabs verity solution min.jpg?auto=format%2Ccompress&fit=crop&ixlib=php 3.3

What is Trusted Data?

Trusted data is information you can rely on because it’s accurate, untampered, and from a solid source. In Web3, where money moves fast and mistakes are permanent, trusted data is key to keeping assets safe.

What makes data “trusted”? It’s not just any info. It’s data that’s been sourced securely, processed fairly, and verified cryptographically. For instance, government APIs or bank records count as trusted because they’re official and regulated. On the flip side, random social media posts? Not so much, unless proven otherwise.

Trusted data ensures integrity throughout its flow: from origin (like an API) to blockchain. It stays private when needed but verifiable always. Technologies like zkTLS combine zero-knowledge proofs with multi-party computation to confirm data’s authenticity without leaks.

How Do We Know Data is Trusted? A Simple Heuristic

To check if data is trusted, we use a straightforward set of logical checks. These look at the source’s purpose, value, and stakes. It’s like a scorecard for reliability, based on market forces, company size, and motivations.

Here are the three main conditions:

  1. Core Purpose and Direct Sourcing: Does the source’s main job involve providing accurate data, and is it first-hand info? Examples: Government APIs for stats, big banks for financial records, or specialists like CoreLogic for real estate data. These entities exist to deliver precise info straight from the source.
  2. Value Tied to Accuracy: Is the source’s success directly linked to getting data right? High-stakes fields like finance or health need spot-on data. Think Coingecko for crypto prices. If they’re wrong, they lose customers fast. Low-stakes ones, like general analytics tools, can afford some errors.
  3. Capital and Incentives: Is the source well-funded enough that faking data would cost them more than it’s worth? Big players like Stripe or Binance have huge reputations (and money) at risk. Penalties for bad behaviour, like fines or lost trust, keep them honest. In Web3, this is like staking in Proof of Stake where operators bond assets as “skin in the game.”

A source is solid if it hits at least two of these. For users, like in a lending app, your transaction data fits because it’s direct and tied to your actions. In decentralised networks (DePINs), operators stake gear or tokens, aligning incentives.

This heuristic helps spot risks early.

heuristic graph.jpg?auto=format%2Ccompress&fit=crop&ixlib=php 3.3
Illustrating how trust in data varies based on whether it is first-party or third-party and its source context. The graph highlights how transparency, especially when verified, minimises the trust required in technological outcomes, thereby enhancing user trust in those outcomes.

Technologies That Manage Trust in Web3

Securing Web3 means using tech to minimise trust while maximising safety. Here’s how:

  • Decentralised Oracles: Networks like Chainlink gather data from multiple spots for public info, reducing single-point failures.
  • Verity zkTLS: zkTLS proves data from TLS-secured APIs (like HTTPS) is real and unchanged, using ZK and multi-party computation. Verity scales this to enable verifiable pipelines. It handles private data, aggregates proofs and data, and delivers them to blockchains via tools like our Rust SDK or managed services.
  • Zero-Knowledge Virtual Machines (zkVMs): These verify computations privately, perfect for sensitive data processing.

Examples in action:

  • Truflation plans for Verity to prove economic data authenticity for their decentralised database network β€” Truf Network.
  • ChainSight lets you build custom oracles with zkTLS-verified data.
  • Rooch Network embeds zkTLS in Move smart contracts for secure social and AI features.
  • Internet Computer allows zkTLS as a cost-efficient alternative to their native oracle for indexing big data.

These tools shift trust from people to code and sources, making Web3 tougher against tampering.

verity simplified diagram min.jpg?auto=format%2Ccompress&fit=crop&ixlib=php 3.3

Why This Matters for Web3’s Future

As Web3 grows into 2025 and beyond, trusted data will power everything from RWAs to AI-driven apps. By minimising trust through verifiable pipelines, we cut risks like hacks or fraud. At Usher Labs, Verity is our way to make data protocols easy.

Ready to build with trusted data? Check out our docs or join us on Discord for tips.

Care to see the original post?

Subscribe To Our Newsletter

Get updates about our research in Web3 technology and new partnerships

Newsletter

Join the Community

Join us on Discord
Follow on Twitter
For Partners
Learn More
Alpha Pass
Open Partner App
For Brands
Learn More
Get Started