Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

NIST IR 8475 (Initial Public Draft)

A Security Perspective on the Web3 Paradigm

Date Published: April 11, 2024
Comments Due: May 27, 2024 (public comment period is CLOSED)
Email Questions to:


Dylan Yaga (NIST), Peter Mell (NIST)


Since its inception, the internet has constantly developed and improved, moving beyond simple text- and image-based informational websites to a fully interactive and powerful social, collaborative, and communication platform. However, the basis for much of the internet has remained rooted in a client/server-based paradigm, where organizations provide services and applications in exchange for ownership — partial or whole — of the user data posted to those systems.

A growing number of people are exploring what the internet could look like if it were a decentralized system in which users own, manage, and store their own data and collectively participate in hosting and running applications. Many have taken to calling this shift in internet paradigms “Web3.”

This publication:

  • Provides a brief background on the internet
  • Explores some of the concepts behind Web3
  • Explores some of the proposed technologies that could be used
  • Describes some security and privacy concerns that should be kept in mind as Web3 is explored

NIST requests feedback on the technical descriptions, proposed technologies, and security and privacy analyses of Web3. The public comment period is open through May 27, 2024. See the publication details for a copy of the draft and instructions for submitting comments.

NOTE: A call for patent claims is included on page ii of this draft. For additional information, see the Information Technology Laboratory (ITL) Patent Policy – Inclusion of Patents in ITL Publications.



blockchain; cryptocurrency; data; decentralized; decentralized identity; non-fungible tokens; smart contracts; tokens; Web3
Control Families

None selected


Download URL

Supplemental Material:
None available

Document History:
04/11/24: IR 8475 (Draft)


Security and Privacy

general security & privacy, identity & access management


blockchain, internet