Blockchain, and the accompanying web3 decentralized infrastructure, by definition provides a “trustless” mechanism for storage of public information only (with full transparency). However, for a lot of real-life use-cases, besides the transparent data-integrity provided by blockchain, we also need a mechanism to protect the confidentiality of any private user content that can not be made public, and make sure content owners themselves stay in control of their private data all the time (and without having to rely on a trusted centralized service, which would otherwise defeat the whole purpose of decentralization).

In the web2 world, data confidentiality has traditionally been achieved by using centralized authentication and authorization services hosted on trusted servers. However the decentralized and trustless nature of blockchains simply makes that model incompatible with web3. Lacking this basic data privacy & confidentiality, all the current use-cases of web3 have been either trivial, revolving around Bored Ape type public content only, or/and just become a privacy & security nightmare (e.g. https://www.wired.com/story/nfts-privacy-security-nightmare/). And this applies to not just the NFTs, but literally all content in web3 due to its public nature by definition, including even the user crypto-wallets themselves (e.g. https://techcrunch.com/2022/01/31/success-of-web3-hinges-on-remedying-its-security-challenges/). So its not a surprise that the universal gateways to web3 themselves are well known to be a security nightmare! No wonder that even the current leaders in web3 world, including the likes of Coinbase, Opensea, etc are all using old-fashioned centralized mechanisms to keep confidential content private (including the custodial wallets, and the recent launch of NFT marketplace by Coinbase). So, even though the potential of blockchain & web3 is enormous, a substantial part of this supposedly decentralized & trustless world is still a mirage, mired in contradictions! E.g. we don't want to trust banks, but it’s okay to trust Coinbase with our custodial wallet where the consequences of a hack can be much more disastrous. We don’t want to trust government recorder’s office for deed of our digital property, but it’s okay to trust Opensea's centralized platform where consequences of a scam can be much more dire.

For web3 to go beyond pure speculation & vanity, and attack some serious real-life problems in healthcare, real-estate, or social media, etc (and many more, in order to realize its true potential) this data security issue must be solved first. So web3 security is not only behind web2, but due to its public and trustless nature, it actually needs to jump ahead instead where even web2 doesn’t have a solution. We discuss a simple mechanism that can enable developers of these web3 applications to not only secure their user’s crypto-wallets easily, but also enforce arbitrary access controls on user data without having to rely on any trusted centralized services - thus opening-up use of NFTs and web3 to some serious utilitarian use-cases in healthcare, real-estate etc, to realize its true potential.