DUZK | Devpost

Inspiration

Did you know that over the last 14 years healthcare data breach statistics show a clear upward trend? In 2023 alone, over 133 million medical records were exposed or impermissibly released through data breaches. The Department of Health and Human Services Office of Civil Rights publishes all of the instances of data breaches on medical records. These disclosures show that in 2023 alone, there was over a 230% increase in hacking related data breaches. In fact, in one incident in 2024, Change Health Incorporated got hit by a ransomware attack that resulting the the breach of over 190 million individuals' medical records. This put 2024 at record breaking high of 274 million individuals records being breached, including an estimated 1 in every 2 Americans.

This has severe consequences for individuals all across the world. UnitedHealth, the parent company to Change Health, stated they can't specify what data was compromised for each individual, but a notice on their website said that the compromised data could include Social Security and passport numbers, patient diagnoses, medical records, billing information and health insurance plan data. Additionally, the data breach halted medical claims processing, payment platforms and pharmacy network services.

Between devastating negative consequences and the waxing nature of the frequency and severity of these data breaches, we knew that this was a major problem in the current health services industry. Conversely, decentralized blockchain networks have been consistently shown on the cutting-edge of data security. Therefore, we created DUZK, a decentralized system that allows for the secure storage and usage of individual's medical records.

What it does

DUZK Utilizes Midnight, a data-protection blockchain to safeguard medical records for our users. Midnight allows DUZK to facilitate confidential interactions, view sensitive medical information, and maintain patient medical record's integrity. Midnights signature feature is it's ability to validate user data without ever having to share it. It does this through what's called a ZK Snark. ZK Snark is a type of zero-knowledge proof that stands for zero-knowledge succinct non-interactive argument of knowledge. All forms of zero-knowledge proofs are used to verify user data without sharing anything, but some unique advantages of the ZK snark specifically are its succinctness and the fact that its non-interactive. Succinctness allows us to have a proof size that remains constant, regardless of the complexity or size of the statement being proved, and the non-interactive aspect allows us to skip multiple rounds of communication with the verifier. DUZK uses these functions to allow a user or hospital to have secure access to location on the blockchain where a patients medical records can be retrieved. It accomplishes all this without sharing any user data over the network.

Now, once a user has been verified, we have additional levels of security in place around the retrieval of the medical files. We elected to use Pinata to securely store the files. When a file is uploaded by DUZK to Pinata, Pinata returns a hash CID string that DUZK stores on the blockchain along with a hash of the patient's private key. The key feature here allowed by ZK Snarks is the fact that the user's private key is never shared to the network. Additionally, because Pinata returns CID as a hash, Pinata does not care about the format of the files being stored, making the system completely data-agnostic. Pinata contains protocols that allow us to pull a selected file with a IPFS gateway, API key, and the public CID. Pinata keeps the API key and the gateway private and passes out the CID every time a file is added or updated. As long as the modifying party is the hospital, verified by their unique hospital key, Midnight will store the new CID to the blockchain.

How we built it

Using Midnight's documentation and model, we created our own model of a smart contract that would be used by both patients and hospitals to adhere to HIPAA data safety. After modeling how patients and hospitals would use Midnight, we were starting to hit a wall in how data would be stored when a friend from KU Blockchain Institute told us about Pinata. Pinata's data agnostic and accessible framework fit perfectly with the nature of our project, so making it work with DUZK was a "gimme". After working for hours through Midnight's maze of documentation and libraries, we finally had a few basic working examples. Shifting the examples to our will was a Herculean task of Javascript packaging, but after getting our contract modeled properly, we were able to make a simple interface that can upload files via Pinata to get our final minimal viable product of DUZK bringing the best of the two worlds of Midnight and Pinata together.

Challenges we ran into

The first and most blatant challenge we faced was the one we brought with us. No one on our team had any experience working with blockchains at all, much less Midnight or Pinata. While we chose our project with this in mind with the hopes of vastly increasing our knowledge base on the topic, we grossly underestimated the rate the concepts involved can be abstracted. The most notable example is exemplified in a two hour conversation we had on how to construct a smart contract that would allow unique permissions to be granted to patients and hospitals. After that extensive deliberation, we created an opportunity to more easily integrate our system with hospitals' current systems. The system currently works to grant hospitals access to the blockchain where they can pass read-only access to their patients

Midnight was an uphill battle almost the entire time. From not having access to the wallet extension to trying to get the smart contract to compile, Midnight's documentation density was almost impossible to parse through. We overcame this issue through force of sheer will. After approximately 3 hours of throwing various codes and fixes at the compiler it eventually stuck.

Accomplishments that we're proud of

One clear accomplishment to us is the fact that it works. One of the main benefits in tackling the challenges offered by this project was the knowledge we'd all gain considering our lack of prior experience. We are incredibly proud of how far our practical knowledge has grown this weekend and were incredibly excited to possess tangible evidence of that in a working project.

Deciphering the API and the CLI examples given by Midnight to engineer our project was another point of pride for us. None of us were as experienced as we wished in Javascript, so trying to understand the processes that were occurring was no small challenge. Due the complexity of the resources Midnight provided against our prior experience, we were thrilled to come out the other side with a fruitful product

What we learned

Considering our shared lack of knowledge on this topic, this whole weekend was full of learning experiences for us. We collectively went from never having heard of a zero-knowledge proof to implementing its functionality within a smart contract that updates a blockchain. This required of us to be quick studies in both TypeScript and concepts of blockchain architecture. We also learned Compact, a language unique to Midnight that is used exclusively to write smart contracts. A significant proficiency was necessary to achieve some of the features we wanted, allowing us significantly bolster our understanding of smart contracts and the potential features possible with them. One of our members had never used Linux or Github before, and for them the knowledge gained was incomprehensible. He learned how to work within Github repositories as well as how to navigate around a Linux terminal. By the end of the project he had a working knowledge of all the elements of the project.

What's next for DUZK

We want to add a secure indexing system for doctors to track and access specific patient medical data. We also talked about implementing a biometric aspect to the project that allows the patients to have a unique private key, such as some form of hash of their fingerprint. This would allow patients anywhere to have read only access to all their medical records. One of our main interests in improving on is our UI, we hope to have a more user friendly interfaces that makes it as easy as possible for hospitals to integrate our software.

Built With

blockchain
compact
javascript
midnight
pinata
typescript

Submitted to

HackKU25
- Winner Best Use of Midnight || JBL Tune 510BT Wireless Headphones

Created by

I worked mostly on the smart contract and API implementations. I spent a lot of time learning about smart contracts, understanding Midnight's implementation, and reading errors :(

delster1 Wright
learned about blockchain and how to work within that environment. Modified the CLI file from the examples provided by Midnight. Researched into and wrote about the real world impacts of our project. I also bought the team canes

spulch20 Vore
I helped figure out the way data would be kept safe and HIPAA compliant in Midnight's Compact smart contract (as well as figuring out the documentation). I also helped set up the backend for Pinatas API and how it will integrate with Midnight.

Dylan Kneidel