We would like to thank Prof. Takefuji for his interest in our publication. We agree in principle with the issues raised in the correspondence: security is important to guard against malicious attacks and to protect research partner data.

However, Dwarna does not use the Proof-of-Work (PoW) consensus mechanism. This is made amply clear when we discuss Hyperledger Composer in the Related Work Section. Later, in the Implementation section, we explain how we are using Hyperledger Composer.

Hyperledger Composer is based on the Hyperledger Fabric blockchain: a permissioned blockchain that requires network peers to be authenticated before effecting any transactions. Thus, instead of the PoW consensus mechanism, Hyperledger Fabric adopts a less intensive workflow using X.509 certificates [1,2,3,4].

This avoids the security threats associated with PoW that are listed in Prof. Takefuji’s correspondence. As noted, the X.509 protocol is used ubiquitously (e.g., in protocols TLS/SSL, HTTPS, S/MIME, EAP-TLS, used for WI-FI connectivity, email, ecommerce, secure web browsing, etc.), placing it under rigorous scrutiny. It should be noted that ref. [5], mentioned in Prof. Takefuji’s correspondence, flags an issue not with X.509 itself, but with certificate parsing in certain versions of the Python programming language. This vulnerability has no relevance to the Dwarna system we described.

As explained more thoroughly in the article, we take additional measures to ensure data privacy and security. Hyperledger Fabric network peers are only created in the backend. As explained in our article, Hyperledger Composer identities for research partners can only be issued through the REST API, itself only accessible from the WordPress plugin.

Furthermore, we discuss other security and privacy challenges (STRIDE and LINDDUN models) and how Dwarna tackles them in the manuscript’s Supplementary information.