Privacy & Security in Reppo

Reppo’s privacy model has evolved across versions.

Commit-reveal was part of Reppo V1. It is not part of Reppo V2.

This page separates that legacy voting mechanism from the current privacy and security model used across the network.

---

1. Legacy Privacy Mechanism: Commit-Reveal in Reppo V1

Reppo uses a commit-reveal scheme to prevent bias, bribery, or vote manipulation during emissions and evaluation cycles.

1. Commit Phase

   • Voters generate a hash of their vote combined with a secret salt: commit = hash(vote + salt)

   • This commit is published on-chain. No one can infer the actual vote or voter preference at this stage.

2. Reveal Phase

   • After the commit window closes, voters reveal both their original vote and salt.

   • The system verifies that hash(vote + salt) matches the earlier commit.

   • Only valid reveals are counted toward results and emissions.

3. Advantages

   • Prevents early disclosure of results.

   • Ensures votes cannot be changed after committing.

   • Keeps voting anonymous and verifiable.

Example Flow: User → commit("positive", salt123) → stored hash on-chain → later reveals ("positive", salt123) → system verifies → reward distribution.

This process preserves fairness while anchoring a public proof of participation on the blockchain.

---

2. Current Privacy & Security Model

The current Reppo model does not rely on commit-reveal.

Instead, privacy and security come from minimizing on-chain exposure, controlling access to sensitive data, and making important actions auditable without exposing underlying content.

Data Retention and Minimization

• On-chain data: Only essential cryptographic proofs, balances, and participation records are stored permanently. In V1, this included vote hashes. No human-readable content or PII ever touches the blockchain.

• Off-chain data: Content and metadata live in distributed storage (e.g., IPFS, Arweave, datanet databases) for the minimum time required for verification or audits.

• Expiry policy: Once emissions and disputes are settled, off-chain data may be pruned or re-encrypted to remove wallet linkability.

---

Access Controls for Restricted Datanets

Restricted-access datanets allow organizations and creators to maintain full control over sensitive datasets.

• Role-based access: Datanet owners define who can read, write, and vote. Access is enforced by wallet allowlists or role tokens.

• Encryption: All private data is encrypted at rest and in transit. Only datanet owners or their delegates hold the decryption keys.

• Verifiable audits: Each access or update emits a lightweight on-chain proof, ensuring transparency without revealing underlying data.

---

Compliance & Legal Alignment

Reppo aligns with major global privacy standards while remaining fully decentralized.

• GDPR / CCPA principles

  • Data minimization: store only essential metadata on-chain.

  • Right to erasure: datanet owners can rotate or revoke encryption keys to render data inaccessible.

  • Purpose limitation: data gathered for model training can’t be repurposed or resold without new consent.

• PII boundaries: Personally identifiable information should never be uploaded. Content must be anonymized or pseudonymized before submission.

• Regional storage: Enterprise datanets can choose regional or jurisdiction-specific storage endpoints to comply with data-localization laws.

---

Security Best Practices

• Smart contracts are minimal and audited by Pashov Group, reducing attack surfaces.

• Sensitive operations such as key management, encryption, and verification workflows are handled off-chain under cryptographic proof where appropriate.

• Reppo supports community bug-bounties and third-party security audits to maintain transparency and trust.

• Wallet authentication replaces centralized user accounts, ensuring full key custody by participants.

---

Summary

Reppo’s privacy design balances transparency and confidentiality:

• Sensitive activity is verifiable without exposing raw user data.

• Data is verifiable but not exposed.

• Users retain control of their information.

In V1, commit-reveal protected ballot privacy during voting.

In the current model, privacy and security rely on minimizing on-chain exposure, controlling access to sensitive data, and making verification auditable without making underlying content public.