Blockchain and distributed ledger technology

Blockchain enables us to keep tamper-proof data without relying on a centralised authority.


Together with Surrey's Centre for Vision, Speech and Signal Processing, we are leading the way in Distributed Ledger Technology (DLT) research for the public good, with a broad portfolio of projects to enable greater trust online.


VOLT (Voting On Ledger Technologies)

The fact that many elections are still run using paper ballots demonstrates that, despite the convenience and efficiency of electronic elections, there are unresolved security challenges around voting systems that could be vulnerable to malicious attack.

This VOLT project explores the use of DLTs to enhance trust in electronic voting by providing transparency and an agreed tamper- proof record of the election. We are developing and piloting end-to-end verifiability into online voting, and also applying smart contracts to the management of voting rights for shareholders in the corporate environment – particularly for crowdfunded businesses.

  • Budget: £615,000
  • Funding body: EPSRC
  • Centre lead: Professor Steve Schneider
  • Partners: Kings College London, Electoral Reform Services, Crowdcube, Monax Industries
  • Timeframe: 2017-2020.

    Boosting charitable donations

    Surrey is currently collaborating with companies Streeva and Creditcall on Swiftaid – an Innovate UK-funded project which is using DLT to enable Gift Aid to be automatically added on to any card donation made on banking apps. This could significantly increase the amount of money charities are able to collect.

    Our key objectives are:

    • Create a demonstrator running on a live payment system that submits live Gift Aid claims to HMRC on behalf of a charity and complies with all HMRC requirements.
    • Create a formal model of the system.
    • Investigate future distributed nature of the underlying blockchain.

    Areas of focus include:

    • Digital receipting linked to payments
    • Blockchain
    • Live payment system integration

    With Swiftaid, a donor will sign up, register their card and authorise Swiftaid to generate the Gift Aid declaration on their behalf. All gifts then made by that card, Gift Aid will be automatically attached. The donor would remain in control, allowing them to manage and view all donations while staying anonymous to the charity. We are well aware that there will need to be a great value to both the charity and the donor in order for them to sign up for Swiftaid. The main benefits include:

    • Swiftaid handles the compliance with HMRC regarding record keeping and auditing, removing the burden from the charity.
    • Removes tax processing burden of both charity and donor making Gift Aid accessible to the smallest charities.
    • No personal data passed to charity so can keep GDPR compliance to the minimum.
    • Full donation reporting for donors, simplifying the process for higher rate taxpayers and tax rebates.

    Blockchain is an obvious choice for such an application as it provides an immutable ledger, ensuring the six years of auditable records are available to HMRC, along with smart contracts, to guarantee the whole end-to- end process stays in lock step. By fully automating the Gift Aid process using blockchain it allows claiming Gift Aid on even the smallest donations to remain economical and results in increasing the money charities receive without costing the donors more.

    TAPESTRY (Trust, Authentication and Privacy over a DeCentralised Social Registry)

    TAPESTRY aims to investigate, develop and demonstrate new ways to enable people, businesses and services to connect safely online, exploiting the complex ‘tapestry’ of multi-modal signals woven by their everyday digital connections. Using a de-centralised registry, users will be able to share portions of their digital activity to prove they are trustworthy without giving away excessive information that violates their privacy.

    The aim of TAPESTRY is to investigate, develop and demonstrate transformational new technologies to enable people, businesses and digital services to connect safely online, exploiting the complex "tapestry" of multi-modal signals woven by their everyday digital interactions; their digital personhood. In this way we will de-risk the digital economy, delivering completely new ways of determining or engendering trust online, and enabling users and businesses to make better decisions about who they trust online.

    Online fraud and scams cost the UK economy £670m each year; crimes often perpetrated through false identities. It is difficult to make good decisions about who to trust when the digital identities of people and services are presented through pseudonyms or addresses. How can we trust that the identity we are interacting with today wasn't created out of thin air yesterday to pull a scam? Or whether the service we are registering our personal data with is trustworthy? In an era of users curating multiple digital identities that evolve over their physical lifespan, and the coming ability to migrate identities between providers (most of whom reside outside the EU), there is an urgent need for decentralised technologies to enable proofs of trust between people and services wishing to interact safely within the digital economy.

    TAPESTRY will co-create and evaluate prototype services with end-users to determine how online behaviour and attitudes to trust could evolve in the presence of a trusted decentralised technology to prove the veracity of online identities. TAPESTRY proposes to collect, on an opt-in basis, digital trails of users' interactions (photos shared, comments left, posts 'liked', internet of things devices interacted with) as encrypted trust evidence within a decentralised database (blockchain). Users grant third parties access to trust evidence for a given time period and at a given granularity, in order to prove trustworthiness of their identity via their digital personhood. For example, a crowdfunder might invite new backers to submit two years' history of regular social media interactions to guard against fraudulent pledging from transient identities. Community forums are becoming increasingly important for emotional support and well-being. A similar check could safeguard against trolling, or an identity posting advice could collect positive ratings within their blockchain, enabling vetting of their reputation. Deviations from behavioural norms could also be detectable within TAPESTRY to alert users to their digital identity being hacked.

    From a technological standpoint, the project will develop the decentralised infrastructure necessary to make sense of the vast number of digital interactions using multimodal signals aggregated via machine learning from social media and internet of things interactions. Additionally, new cryptographic strategies will be needed to secure the privacy of trust evidence and to disseminate access on a granular basis. From a HCI and co-design perspective, the development of trust services and the shift to use of the digital personhood and interaction history as trust evidence will break new ground, fundamentally altering the way users think about identity and interaction online.

    To undertake this adventurous and ambitious project we have formed a strategic multi-disciplinary partnership uniting world-leading groups in multi-modal signal processing and machine learning (CVSSP), a BIS/GCHQ recognised centre of excellence for cyber security (SCCS), the UK's first and only 5G test-bed for next-gen mobile and internet of things (ICS/5GIC), and reflecting the importance of co-designing and evaluating technology in tight integration with end-users, two leading UK groups for socio-digital interaction (DJCAD) and interaction design (UNN).

    End-user partners participating in the co-design and evaluation of TAPESTRY span the technology, legal, social reform, health and well-being and commercial sectors.

    Trusted and transparent voting systems

    This project aims to explore applications of distributed ledger technologies (DLT) in domains involving voting and collective decision making. There are many domains in which some form of balloting is required, such as voting on proposals or electing in charities, professional organisations, clubs, trades unions, political parties, and private companies. It is important to run such ballots in a way that the result is accepted by all parties even where they do not trust each other.

    Current election systems require trusted individuals or third party organisations to run the ballot, which places reliance on their honesty and also on their ability to secure the election against any form of malicious attack. The fact that many such elections are still run using paper ballots demonstrates that this remains a real concern for organisations despite the advantages of convenience, cost and efficiency that electronic elections may bring. Given the associated security issues around the management of electronic votes, it is natural to consider the use of DLT platforms to provide a trustworthy basis for such systems in recording and aggregating votes, since they can provide transparency and an agreed tamper-proof record of the election. The project will investigate how this can be achieved while maintaining the necessary levels of security, and in particular how this is impacted by the underlying design of any particular choice of distributed ledger technology.

    The introduction of DLT into the voting domain also enables new possibilities for voting schemes. Political systems around the world have evolved complex election systems, for example single transferable vote, where the results are cumbersome and time-consuming to calculate, but where the result is considered to better reflect the will of the electorate and hence worthy of this effort. However for non-political elections run with paper ballots this effort is generally prohibitive. Social choice theory within Political Science considers how different voting systems can affect how choices are made, and the ability to support such systems electronically enables the viability of schemes whose tallying mechanisms are more complex but which may give results which match more closely the collective choice of the voters. Hence the project will also investigate the potential impact on organisations and their governance and decision making processes through the variation of voting schemes.

    DLT also supports the management of more complex voting rights held by individuals. In many private company applications, particular shareholdings have specific rights and privileges. For example, the originating shareholders of a company may have pre-emption rights over the sale of shares by later shareholders, or priority rights to compensation in the event of a bankruptcy of the company. At present, for privately-held companies, shareholdings and the rights associated to them are generally recorded in written contracts and the relevant information held only in spreadsheets. At least in principle, DLTs could readily support voting in such contexts, with the specific rights accruing to particular shareholders being encoded in agreed smart contracts - i.e., automated (self-executing) performance scripts that also sit on the distributed ledger. A strand of this project will aim to explore the practicality of such ideas.

    Although the project is not investigating political or statutory elections at this stage, a strand of the project will consider the longer term roadmap for the technology. As well as considering the longer term impact on organisations through new governance and decision making possibilities, this will include consideration of how DLT may play a part in emerging designs for electronic voting systems for political elections.

    CUREX (CUREX: seCUre and pRivate hEalth data eXchange)

    The Health sector’s increasing dependence on digital information and communication infrastructures renders it vulnerable to threats to privacy and cybersecurity, especially as the theft of health data has become particularly lucrative for cyber criminals. At the same time, a breach of integrity of health data can have dramatic consequences for the patients affected.

    CUREX addresses comprehensively the protection of the confidentiality and integrity of health data by producing a novel, flexible and scalable situational awareness-oriented platform. It allows a healthcare provider to assess the realistic cybersecurity and privacy risks they are exposed to and suggest mathematically optimal strategies for addressing these risks with safeguards tailored specifically for each business case and application.

    CUREX is fully GDPR compliant by design. At its core, a decentralised architecture enhanced with a private blockchain infrastructure ensures the integrity of the risk assessment process and of all data transactions that occur between the diverse range of stakeholders involved. Crucially, CUREX expands beyond technical measures and places emphasis on improving cyber hygiene through training and raising awareness activities for a healthcare institutions personnel.

    Its validation focuses on the highly challenging condition of (cross-border) health data exchange, spanning patient cross-border mobility, remote healthcare, and data exchange for research. CUREX consortium will also utilise the outcomes of the well-known MyHealthMyData project in a dedicated demonstration that will use their blockchain-enabled platform which will control the actual data exchange.

    We envisage that CUREX will impact the European market developing one of the first blockchain platforms for risk assessment management under the GDPR.

    Contact us

    Find us

    Secure Systems Research Group
    University of Surrey
    GU2 7XH