Tokenization, Digital Identities and “Selective Privacy”

In the guest post, Gilbert Fridgen, Reilly Smethurst and Johannes Sedlmeier explain the possibilities that tokenization offers investors.

Tokenization offers new opportunities for investors

Companies, institutions and citizens can conveniently exchange information via the Internet without necessarily having to rely on intermediaries. For a long time, however, the transfer of property rights to scarce resources, such as money, via the Internet was only possible with the involvement of intermediaries – for example with the help of banks or other financial service providers. Since the invention of Bitcoin, everyone has the opportunity to exchange “fungible” tokens in the form of units of the cryptocurrency without the involvement of an intermediary. “Fungibility” means that a Bitcoin is exchangeable with every other Bitcoin (even if this only partially withstands closer examination, since Bitcoin tokens, for example, have a history and thus their value depends entirely on the previous transactions in which they were involved. may depend).

Other blockchains or distributed ledger platforms such as Ethereum enable the transfer of ownership rights to other digital assets without intermediaries. This also includes so-called “non-fungible tokens” (NFT), which represent unique objects. NFT enable, for example, trading in electronic (tweets, digital works of art, music) or non-electronic (e.g. real estate, art values, antique furniture, vintage cars, historical instruments, rare books, collectibles, brands, machines or limited edition fashion items) objects. NFT thus offer new opportunities for marketing these “alternative assets”.

“Fractional ownership”, ie the proportionate ownership of NFT, can diversify portfolios and significantly increase liquidity in previously illiquid markets such as the art market. NFT-based property rights can also be used to generate returns by renting or lending tokenized objects. This includes forms of investment with a long-term focus on value creation as well as structures for remuneration for R&D and innovation, so that NFTs can also be drivers of sustainable development. Overall, fungible tokens and NFTs create tradable, digital property rights for a variety of alternative assets; this concept is known as “tokenization” or “token economy”.

Tokenization requirements

With the significant potential of tokens, there are also a number of challenges associated with it. For example, investors in alternative assets typically place a high value on their privacy. On the other hand, your transactions must also follow the fifth anti-money laundering directive of the European Union and the MiCa regulation on markets for crypto assets. Since public blockchains are difficult to regulate, regulators have so far specifically targeted companies that act as intermediaries to make it easier for their customers to access token services. These platforms often organize the creation and trading of NFT or related indices. You are therefore made responsible by authorities for compliance with regulations, such as the identity management of investors through the implementation of know-your-customer processes (KYC) or the safekeeping of NFTs and ensuring their authenticity.

The “bridge” between the blockchain and the real world is therefore currently being carried out by third-party providers who specifically create lock-in effects. This can reduce the degree of interoperability and thus result in increased transaction costs, whereby the cost reductions and network effects hoped for as part of tokenization and thus also the economic potential decrease. In any case, there is also a tension between the requirements of regulatory authorities on the one hand and the data protection needs of users on the other. In order for an NFT platform to be sustainably successful, it must ensure a balance between transparency and data protection: This applies to verifiable connections between NFT-based property rights and the associated assets, the clear identifiability of market participants and the exchange of documents that are necessary for investors of Significance are such as certificates of authenticity and origin, credentials, contracts or title deeds.

Self-Sovereign Identity

Efforts are currently being made worldwide and especially in Germany to implement standardized and certificate-based digital identity management – also known as self-sovereign identity. This is intended to store digital evidence from the public and private sector in a single “wallet” app on the users’ end devices and thus enable a higher level of efficiency and security as well as data protection. In Germany, the large consortia ID-Ideal, IDunion and ONCE are currently testing such digital identities in shop window projects. The Federal Chancellery is currently pushing ahead with further pilot projects in which, for example, a digital ID card and vaccination passports are being tested in the digital wallet. The digital certificates, so-called Verifiable Credentials (VCs), also prove to be a good technical way to achieve a goal that could be paraphrased with the term “Selective Privacy”: It is possible to show only parts of such VCs, so that data minimization or even anonymity is guaranteed, but specific properties can still be checked, such as age of majority or issued authorizations.

An essential part of many implementations of VCs are so-called Zero-Knowledge Proofs (ZKPs) – cryptographic procedures with the help of which one proving party has private data (in this case the digital signature of the issuing party on the VC) and another verifying party one can prove certain fact about this data (for example “the VC is signed by the Bundesdruckerei and the registered date of birth is at least 18 years in the past”) without disclosing additional information. The verification of such statements on a blockchain in smart contracts could therefore also offer great added value in connection with tokenization, especially because checking and storing personal data on blockchains is always particularly problematic for data protection reasons: an approach for tokenization with “selective privacy” .

In addition to being used in VCs to prove that certain attributes have been signed by a trustworthy party without, for example, having to show the strongly correlating digital signature itself (which corresponds to a globally unique ID), ZKPs are often used in cryptographic protocols to ensure correct behavior force, although a calculation and the associated sensitive data are not shown. In addition, the verification of this evidence requires very little computational effort, even if the underlying calculation was very complex. Thanks to these properties, ZKPs can address both scalability and data protection problems that arise in connection with the replicated processing and checking of data in blockchains and are already used for the privacy crypto currency Z-Cash and in numerous innovative blockchain projects on Ethereum.

ZKPs could also be used, for example, to prove that the purchase of tokens was already taxed as part of the transaction or that a confirmation in the form of a VC was issued in a bilateral interaction with the tax office without processing personal data on the blockchain have to.

With VC-based digital identity management for users and “Selective Privacy” by ZKP, it is possible to implement uniform and interoperable authentication of users for the authorization of their transactions and, if necessary, other processes based on this on a blockchain, taking data protection and regulatory requirements into account. “Selective Privacy”, made possible by VCs and ZKPs, thus represents a promising, decentralized approach to mastering the above-mentioned challenges, but also raises many questions regarding sensible standards and architecture designs, security, performance and legal aspects. Collective decisions about tokenized objects while preserving the privacy of the owner also offer interesting possibilities, for example when investors decide to lend a tokenized work of art to an exhibition.

Based on VCs in connection with ZKPs, for example, proof of eligibility to vote and the recognition of multiple votes can be provided without revealing the identity of those entitled to vote. Another important question arises with regard to ensuring exclusive ownership rights for physical or digital objects, i.e. preventing multiple tokenization in independent ecosystems. Overall, the data protection-friendly and regulatory-compliant implementation of marketplaces for tokens without lock-in effects requires interdisciplinary research on economic, regulatory and technical aspects of tokenization.

Tokenization also promises innovations in other areas

Many of the potentials and challenges addressed in connection with tokenization – such as programmability, efficiency, data protection needs of users and transparency requirements of the regulator – and the corresponding regulations (GDPR, AML & CFT, MiCA, MiFIDII, PDS2, ESG, etc.) also play a role for the “digital euro”, which will possibly be implemented on the basis of blockchain technology, plays a decisive role. In this context, for example, a recent survey by the ECB revealed a strong public desire for privacy when paying with the digital euro.

Therefore, experiences gained in the context of tokenization in connection with “Selective Privacy” could also support the development of a digital euro in a later phase. On the other hand, the possibility for the transfer of property in the emerging ecosystems for digital identities has so far hardly been considered. A universal wallet app that can store portable, verifiable proof of identity (VCs) as well as financial assets (cryptocurrencies, NFT and even the digital euro) could significantly advance the digital transformation in many areas. New mechanisms for verifiable and private collective decision-making by investors in NFT could also represent a significant step towards digital voting.


Prof. Dr. Gilbert Fridgen is a member of the scientific advisory board of Boerse Stuttgart Digital Ventures GmbH.

The author thanks Johannes Sedlmeir (University of Bayreuth) and Reilly Smethurst (University of Luxembourg) for their support in preparing this article.