Article

Enigma: Decentralized Computation Platform with Guaranteed Privacy

Authors:
To read the full-text of this research, you can request a copy directly from the authors.

Abstract

A peer-to-peer network, enabling different parties to jointly store and run computations on data while keeping the data completely private. Enigma's computational model is based on a highly optimized version of secure multi-party computation, guaranteed by a verifiable secret-sharing scheme. For storage, we use a modified distributed hashtable for holding secret-shared data. An external blockchain is utilized as the controller of the network, manages access control, identities and serves as a tamper-proof log of events. Security deposits and fees incentivize operation, correctness and fairness of the system. Similar to Bitcoin, Enigma removes the need for a trusted third party, enabling autonomous control of personal data. For the first time, users are able to share their data with cryptographic guarantees regarding their privacy.

No full-text available

Request Full-text Paper PDF

To read the full-text of this research,
you can request a copy directly from the authors.

... Proof of Stake (PoS) consensus mechanisms for public blockchains like Ethereum 2.0 [45] with Casper [46] or Cardano [47] with Ouroboros [48] which are more energy efficient than proof-of-work (PoW). Blockchain privacy projects: Aztec [49], Enigma [50], and the Baseline protocol [51]. Blockchain interoperability projects: Cosmos [52], Interledger [53], Polkadot [54], Quant [55], or APIs and Oracles [56]. ...
... It is naturally easier to achieve privacy with private blockchains, whereas it is a key challenge for public blockchains to enable private transactions. Achieving complete privacy on public blockchain networks appears counter-intuitive; however, privacy protocols like Aztec [49] using zero-knowledge proofs, Enigma [50], the Baseline protocol [51], or encryption mechanisms could be leveraged. Finally, interoperability between blockchains is a key technological (T) factor affecting BCT adoption in the BECOM industry due to the possibility of many stakeholders using blockchain applications built on different blockchain networks but that still require transacting together. ...
... for public blockchains to enable private transactions. Achieving complete privacy on public blockchain networks appears counter-intuitive; however, privacy protocols like Aztec [49] using zero-knowledge proofs, Enigma [50], the Baseline protocol [51], or encryption mechanisms could be leveraged. Finally, interoperability between blockchains is a key technological (T) factor affecting BCT adoption in the BECOM industry due to the possibility of many stakeholders using blockchain applications built on different blockchain networks but that still require transacting together. ...
Article
Full-text available
The key challenges of the building, engineering, construction, operations, and mining (BECOM) industries are the lack of trust, inefficiencies, and the fragmentation of the information value chain into vulnerable data silos throughout the lifecycle of projects. This paper aims to develop a novel conceptual model for the implementation of blockchain technology (BCT) for digital twin(s) (DT) in the BECOM industry 4.0 to improve trust, cyber security, efficiencies, information management, information sharing, and sustainability. A PESTELS approach is used to review the literature and identify the key challenges affecting BCT adoption for the BECOM industry 4.0. A review of the technical literature on BCT combined with the findings from PESTELS analysis permitted researchers to identify the key technological factors affecting BCT adoption in the industry. This allowed offering a technological framework—namely, the decentralized digital twin cycle (DDTC)—that leverages BCT to address the key technological factors and to ultimately enhance trust, security, decentralization, efficiency, traceability, and transparency of information throughout projects’ lifecycles. The study also identifies the gaps in the integration of BCT with key technologies of industry 4.0, including the internet of things (IoT), building information modeling (BIM), and DT. The framework offered addresses key technological factors and narrows key gaps around network governance, scalability, decentralization, interoperability, energy efficiency, computational requirements, and BCT integration with IoT, BIM, and DT throughout projects’ lifecycles. The model also considers the regulatory aspect and the environmental aspect, and the circular economy (CE). The theoretical framework provides key technological building blocks for industry practitioners to develop the DDTC concept further and implement it through experimental works. Finally, the paper provides an industry-specific analysis and technological approach facilitating BCT adoption through DT to address the key challenges and improve sustainability for the BECOM industry 4.0.
... Fairness is one of the key requirements for Blockchain applications to achieve trust between different industries and the proposed security models [90,147,140]. In other words, fairness is achieved by providing middleman agreements, that is smart contracts, which comply with the rules and conditions in order to facilitate the communication process between sender and receiver [148]. ...
... Completeness, as a design requirement, aims to ensure users' specific needs and requirements in order to complete any application. In Blockchain-based applications, the security and privacy models are deemed complete if they prove the satisfactory computational requirement and comprehensive security analysis, using multiple proofs and logic [90,147]. ...
... The advantage of using multi-party encryption in secure computations is that it can prevent the attacker from obtaining the secret information of any targeted users in the network. To illustrate this concept, [147] utilise multi-party computation to provide users' guaranteed security and privacy in the decentralised Blockchain network. ...
Preprint
Full-text available
Blockchain technology has taken on a leading role in today's industrial applications by providing salient features and showing significant performance since its beginning. Blockchain began its journey from the concept of cryptocurrency and is now part of a range of core applications to achieve resilience and automation between various tasks. With the integration of Blockchain technology into different industrial applications, many application designs, security and privacy challenges present themselves, posing serious threats to users and their data. Although several approaches have been proposed to address the specific security and privacy needs of targeted applications with functional parameters, there is still a need for a research study on the application, security and privacy challenges, and requirements of Blockchain-based industrial applications, along with possible security threats and countermeasures. This study presents a state-of-the-art survey of Blockchain-based Industry 4.0 applications, focusing on crucial application and security and privacy requirements, as well as corresponding attacks on Blockchain systems with potential countermeasures. We also analyse and provide the classification of different security and privacy techniques used in these applications to enhance the advancement of security features. Furthermore, we highlight some open issues in industrial applications that help to design secure Blockchain-based applications as future directions.
... These concepts found their application in cloud computing, volunteer computing projects, and blockchain technology. For example, the Enigma [6] project, a decentralized computing platform with guaranteed privacy, uses MPC to jointly work on data while maintaining privacy. The Folding@home project [7], a distributed computing platform that aims to develop new treatments for a variety of diseases by simulating protein dynamics, uses a simple technique of verification by replication to check the correctness of results. ...
... Enigma [6] proposed a decentralized computation platform with guaranteed privacy based on MPC using blockchain for identities, access control and storage for verifiable trails. However, the originally proposed MPC protocol was impractical due to the computational overhead, so Enigma initially only supported TEEs for their secret contracts and deferred the implementation of MPC to future releases. ...
Article
Full-text available
From weak clients outsourcing computational tasks to more powerful machines, to distributed blockchain nodes needing to agree on the state of the ledger in the presence of adversarial nodes, there is a growing need to efficiently verify the results of computations delegated to untrusted third parties. Verifiable computing is a new and interesting research area that addresses this problem. Recently, new applications of verifiable computing techniques have emerged in blockchain technology for secure key management, sybil-resistance and distributed consensus, and smart contracts, while providing desired performance and privacy guarantees. In this paper, we provide an overview of common methods for verifying computation and present how they are applied to blockchain technology. We group the presented verifiable computing applications into five main application areas, i.e., multiparty approval for secure key management, sybil-resistance and consensus, smart contracts and oracles, scalability, and privacy. The main contribution of this survey is to answer two research questions: 1) what are the main application areas of verifiable computing in blockchain technology, and 2) how are verifiable computing techniques used in major blockchain projects today.
... Their protocols guarantee the fairness of honest users in the presence of dishonest users. Another typical application of MPC in the blockchain is a decentralized SMP computing platform called Enigma, which is designed in 2015 [36]. Enigma combines blockchain technology, secure multi-party computing technology and other security technologies to achieve highlevel security and privacy. ...
... While the consensus nodes that are not equipped with trusted hardware are only used to maintain the normal operation of the blockchain system. Moreover, Enigma [36] uses TEE in its current improved version, supporting users to develop privacy smart contracts. ...
Preprint
Healthcare blockchains provide an innovative way to store healthcare information, execute healthcare transactions, and build trust for healthcare data sharing and data integration in a decentralized open healthcare network environment. Although the healthcare blockchain technology has attracted broad interests and attention in industry, government and academia, the security and privacy concerns remain the focus of debate when deploying blockchains for information sharing in the healthcare sector from business operation to research collaboration. This paper focuses on the security and privacy requirements for medical data sharing using blockchain, and provides a comprehensive analysis of the security and privacy risks and requirements, accompanied by technical solution techniques and strategies. First, we discuss the security and privacy requirements and attributes required for electronic medical data sharing by deploying the healthcare blockchain. Second, we categorize existing efforts into three reference blockchain usage scenarios for electronic medical data sharing, and discuss the technologies for implementing these security and privacy properties in the three categories of usage scenarios for healthcare blockchain, such as anonymous signatures, attribute-based encryption, zero-knowledge proofs, verification techniques for smart contract security. Finally, we discuss other potential blockchain application scenarios in healthcare sector. We conjecture that this survey will help healthcare professionals, decision makers, and healthcare service developers to gain technical and intuitive insights into the security and privacy of healthcare blockchains in terms of concepts, risks, requirements, development and deployment technologies and systems.
... The authors in (Zyskind, et al., 2015a) have proposed a decentralized personal data management system that ensures users own and control their data. Enigma, which is an extension of blockchain technology, is a decentralized computation platform with guaranteed privacy (Zyskind et al., 2015b). Storj is a peer-to-peer cloud storage network and claims to be the ''most secure and private cloud (Shrier et al., 2016;Storj, 2017). ...
Article
Full-text available
After the acceptance of blockchain technology, there have been applications which aim to use blockchain in their fields. Various approaches have been proposed in past to build a secure Identity Management (IdM) System. This is a novel systematic literature mapping of IdM in blockchain. This paper provides an extensive review on IdM with emphasis on how the emergence of blockchain has addressed the IdM challenges faced over the years. A thorough study has been done on the existing literature. The primary and secondary “search string” were identified and search was conducted on five databases; and after screening the analysis was done. Out of the total studied literature, 30 primary studies published from 2009- 2020 were selected. Through this paper, the researchers will be able to: 1) find out the research trends in IdM using blockchain, 2) understand the challenges in IdM and report whether blockchain can solve the IdM challenges, 3) scrutinize and understand how the different frameworks of IdM would deal with security, integrity and privacy problems, 4) know about initiatives taken for IdM using blockchain, 5) which consensus algorithms are popular among blockchains, 6) know about the research projects going on in the field of IdM using blockchain.
... Zyskind et al. [73] proposed a decentralized computation platform, called Enigma, that enables users to store data and to perform computations on data without leaking any useful information about data. While data is stored as encrypted in a modified version of the Kademlia distributed hash table protocol that serves as an off-chain network, an external blockchain is employed as a controller layer to manage access control and to keep the tamper-proof log records. ...
Article
Full-text available
Privacy of blockchains has been a matter of discussion since the inception of Bitcoin. Various techniques with a varying degree of privacy protection and complexity have been proposed over the past decade. In this survey, we present a systematic analysis of these proposals in four categories: (i) identity, (ii) transaction, (iii) consensus, and (iv) smart contract privacy. Each of these categories have privacy requirements of its own, and various solutions have been proposed to meet these requirements. Almost every technique in the literature of privacy enhancing technologies have been applied to blockchains: mix networks, zero-knowledge proofs, blind signatures, ring signatures, secure MPC, homomorphic encryption, to name just a few. We analyze each category separately in the paper. We first define the related privacy issues, and then review the proposed solutions. The limitations of each solution and the attacks discovered are also discussed along with the proposals.
... Despite this limitation, several approaches based on cryptographic techniques such as homomorphic encryption, zero-knowledge proofs [14], and secure Multi-Party Computation (MPC) [15] have been proposed to address transactional privacy in blockchains. Broadly speaking, these techniques enable specific computations to be performed without revealing the inputs and outputs of those computations. ...
Chapter
Privacy in blockchains is rather complicated as it contradicts with some highly praised properties of blockchain such as immutability. Immutability is considered a cornerstone of blockchains’ security and, therefore, an indisputable property according to which transactional blockchain data cannot be edited nor deleted. However, blockchain’s immutability is being called into question lately in the light of the new erasing requirements imposed by the GDPR’s “Right to be Forgotten (RtbF)” provision. Given that the RtbF compels data stored in blockchains to be editable so as restricted content redactions, modifications or deletions to be carried out when requested, blockchains’ alignment with the regulation is indeed challenging, if not unfeasible. Towards resolving this discrepancy, in this Chapter we first discuss the privacy challenges faced by blockchain technology, and we then explore blockchain’s contradiction with the RtbF erasing provisions of the GDPR. In this respect, we provide a comprehensive review on the state-of-the-art approaches, technical methods and workarounds and advanced cryptographic techniques that have been put forward to resolve this contradiction, and we discuss their potentials and limitations when applied at large to either permissioned or permissionless blockchains.
... Another project is the Enigma (rebranded Secret) data marketplace (Zyskind et al., 2015). It vision to complement a blockchain of any kind with an off-chain data network. ...
Conference Paper
Full-text available
In the upcoming era of distributed technological integration known as Web3, the built environment will need to adapt. Solving the most significant social, environmental and economic challenges will likely require new approaches to data sharing and efficient data management. This will need to occur within organizations, across software tools, and between partners. However, today’s approach of data fragmentation and a scattered system of data islands prevent efficient data usage in the construction industry.The question that now arises is whether the decentralized marketplace approach has the potential to make construction data sets more uniform, efficient,and usable for all stakeholders through distributed technological integration.Therefore, this paper’s contribution isto provide a conceptual starting point and possible research stream approach towards thisquestion. Doing so by outlining current data management challenges and discussing themin comparison with already existing web3 approaches in research and industry.
... Homomorphic encryption (performing operations directly on encrypted data), the Enigma project [47], or the Zerocash project [48], are potential solutions, but I see this problem as closely connected to the previous two, i.e., scalability and security. ...
Research
The current state of Blockchain and Artificial Intelligence technology has ushered in a new age of governance and government. Human inconsistencies and limits can be eliminated from governance and government systems. This article examined the feasibility of constructing a Decentralized Automated Direct Government system using Blockchain and Artificial Intelligence and various political and legal ideas through an exhaustive analysis of the literature. It is then transformed into an architectural model of a Decentralized Automated Direct Government System. Stakeholders or people vote, propose, and make decisions without the participation of a management body or representatives. Numerous machine learning techniques are used to organize and analyze data. Finally, the analysis and development of this system are explored from the viewpoints of implementability, automaticity, transparency, decentralization, security, and performance.
... Blockchain-based solution techniques for facilitating trustworthy and authorized identity registration. (Friese et al., 2014) (Mahalle et al., 2010) (Otte et al., 2017) Management of access and control to data Immutable log of events and management of access control to data (Conoscenti et al., 2016) (Zyskind et al., 2015) Trading of IoT data Issues of trading of collected IoT-based information systems data (Zhang & Wen, 2015) (Worner & von Bomhard, 2014) IoT device identity management Technical issues of symmetric and asymmetric key management for IoT devices (Axon, 2015) (Formkecht et al., 2014 Industrial IoT application Cloud service and blockchain-based industrial IoT (IIoT) application. (Bahga & Madisetti, 2016) Smart contracts Industrial applications of blockchain smart contracts to IoT-based applications. ...
Book
Full-text available
The Internet of Things (IoT) enables communication environments to support a wide range of applications when equipped with 5G connectivity. As a concern mode of communication to security and privacy, it is susceptible to a variety of distinct kinds of potential assaults, for example, replay, impersonation, password reckoning, physical device stealing, session key computation, privileged-insider, malware, manin-the-middle, malicious routing, etc. Protecting the infrastructure of a 5G-enabled Internet of Things communication environment against assaults of this kind is thus of the utmost importance. The factors that influence these challenges are coverage, dependability, range, reliability, scalability, security, speed, etc. Because of this, the researchers working in this field are required to come up with a variety of different security protocols that fall under various categories, such as key management, user authentication/device authentication, access control/user access control, and intrusion detection. Therefore, the proposed book effectively helps academicians, researchers, computer professionals, industry people, and valued users. The influence of next-generation wireless networks, technology and the telecom sector is remarkable on modern society. Sensor networks have become such a critical component in contemporary science and technology; many tasks would not even be possible without them. IoT is a truly interdisciplinary subject that draws from synergistic developments involving many disciplines and is used in the intelligent environment, telecommunication, computer network vision, and many other fields. In addition to this, a variety of security needs and probable threats in this communication environment are described. The subsequent step is the preparation of the various kinds and categories of security procedures. Additionally structured are the many kinds of analyses of the current security protocols in the setting of 5G-enabled Internet of Things devices. It has gained momentum and popularity as it has become a key research topic in wireless networks. This book has put a thrust on this vital area. This book focuses on information security practices for the internet of things, 5G, and next-generation wireless networks and its analysis for final-year undergraduate or first-year postgraduate students with a background in engineering, computer intelligence, remote sensing, radiologic sciences or physics. Designed for readers who will become “end users” of wireless communication in various domains, it emphasizes the conceptual framework and the effective use of 5G communication tools. It uses mathematics as a tool, minimizing the advanced mathematical development of other textbooks. Security and privacy for the internet of things, 5G, and next-generation wireless networks, this book is ideally designed for communication engineers, computer engineers, professionals, academicians, researchers, and students seeking coverage on problem-oriented processing techniques and sensor technologies. The book is an essential reference source that discusses information security practices for the internet of things, 5G, and next-generation wireless networks. This book is intended to give the recent trends on IoT enable 5G communication for information security and blockchain applications and to understand and study different application areas. This book mainly focuses on stepwise discussion, exhaustive literature review, detailed analysis and discussion, rigorous experimentation results and an application-oriented approach.
... Recently, off-chain measurement has emerged as a direct way to increase community blockchains performance. For instance, a bitcoin flashlight system [7] tries in the public leader to solve the problem of reported delays by launching a system of payment system channels or off-blockchain business channels. It deals with the security issues associated with off-chain dealings by by means of a new confusion to permit meltability besides public transmission in the case of a disco operative time clock's member. ...
Article
Full-text available
Blockchain has recently become an essential tool which enables sensitive cloud services without the need for central confidence. For example, several different cryptocurrencies were permitted with public blockchains. Unfortunately, confidential details may be exposed on current public blockchain and smart contracts implemented there. Whilst some continuous work is under way to resolve these insecure knowledge leakage problems using advanced cryptography, they need major improvements on current and common Blockchain technology such as Ethereum and are typically costly in computing. On the other hand, blockchain applications were proposed to allow the data exchange among the pre accepted nodes/participants to be more efficient and privacy-preserving. While private blockchains respond to certain challenges of privacy by allowing only the particular community of participants to view sensitive data, they do not allow public transparency for communications because businesses are accepted by a known number of users also cannot be freely viewed. One natural problem is whether we should use public and private Blockchain networks in order to allow effective, improve privacy and accountable applications in view of these findings? In this work, we try in connection with digital auctions to face this challenge. In specific, we provide a newly designed blockchain architecture combined with private and open blockchains which enables sensitive offers to be opened up on a secluded blockchain so solitary the merchant can study the offers, and none of others. We also use shared blockchains to report the public sale winner and to make transfers responsible. Moreover, we demonstrate how we can promote sincere activity among auction participants by using intelligent contracts on public blockchains. Our detailed analytical findings suggest that it’s more cost effective compared to pure public auction implementations based on blockchain.
... Fair access utilizes brilliant agreements, and IoT clients can utilize keen agreements to specifically relate job-based benefits with clients who solicitation access to information in return for cash or administration motivating forces. Another [71,72] has comparative tokenization strategies that award requesters and depend on the judgment of the IoT information proprietor. The IoT information for these techniques is stored off-chain on a decentralized hash table. ...
Article
Technological advancements have always been influencing our lives. Recently, the Internet of Things (IoT) and Blockchain (BC) are emerging as potentially disruptive technologies. Whereby, the IoT is a system of inter-related devices with unique identifiers for data sharing and device management and control. IoT is based on the integration of traditional technologies including embedded systems, wireless sensor networks, control systems, and automation. While, the concept of IoT is continuously evolving with the convergence of multiple technologies including real-time analytics, machine learning, commodity sensor, and embedded systems. On the other hand, BC technology is a distributed ledger used to maintain the transaction logs of a network, and it has started revolutionizing data provenance, storage, secure, and traceable transaction management systems. There is limited use of blockchain technology for a fully decentralized, untrusted, and secure environment in the field of IoT. This article reviews the current state-of-art blockchain technology and its current utilization in different application domains of IoT. Furthermore, it presents the use of blockchain technology with digital ledger technology (DLT) and IoT. Similarly, the notable challenges of BC and IoT integration are presented. To the best of our knowledge, there is no such SLR available that provides a comprehensive review in this domain. Applying blockchain to solve IoT problems improves IoT security. Moreover, a taxonomy of application domains is presented, which can be integrated with BC and IoT. The article identifies and discusses open research issues and challenges that need to be addressed to harness the potential of BC technology for IoT.
... Finally, an outlook on the future direction of blockchain privacy protection technologies was provided, indicating the issues that need to be addressed in focus. Keywords: blockchain, privacy protection, cryptographic primitives, modern cryptography, post-quantum [11] ,却依旧 无法解决单点攻击产生的隐私风险。 近些年,为进一步改进中心化混币协议, BlindCoin [12] 利用盲签名对隐私泄露进行防范,同 时降低了交易的时间开销。此外,为解决中心化 混币技术的信任问题, 涌现出 CoinParty [13] 、 Xim [14] 等分布式混币技术。然而,这些技术并不完美, 在计算开销、通信复杂度以及交易隐私性等问题 上仍留有缺口,对比如表 1 所示。此外,一些反 匿名攻击将用户身份的解密转变为对其行为的聚 类分析 [15][16] , 不仅包括网络流量的 IP 地址聚类 [1-2] , 还包括交易数据的地址聚类 [17] 、交易行为的启发 式模型学习 [18] Figure 3 The workflow of DECO protocol [23] 。此外,共识计算成本高,可被委托链外的 隐私计算能力受人青睐。例如,Ekiden 隐私计算平 台将计算与共识进行分离,利用 Intel SGX 处理 器 [24] 在链下委托计算合约隐私数据, 再向区块链提 供数据形式的确切证明。类似地,还有 Enigma [25] 隐私模型,为支持去中心化应用开发,利用特殊合 约处理隐私数据,使公开数据处理在链上执行,隐 私数据处理在链下执行。为了提升区块链性能吞吐 量并实现细粒度的隐私保护,双链形式下包含合约 级别的联盟链隐私架构 [26] 是现阶段可行的隐私保 护方式之一。总体来说,虽然合约隐私技术在不断 突破,并且隐私研究与应用越来越受到关注,但合 约上隐私安全问题的要因还需要注意以下几点。 1) 缺少审查。合约逻辑的审计是必不可少 的,规范化合约能够助推合约的法理性研究,如 考虑匿名性检测 [27] 、隐私威胁预警 [28] 、脆弱性检 测 [29][30] 、漏洞挖掘 [31][32] 等。 2) 缺乏形式化证明 [33][34] STARK 在证明方算数复杂度上优于 SNARK,在 验证方算数复杂度上优于 BulletProof,同时是一 种后量子安全的算法,但以太坊 gas 开销偏大。 除了上述提及的零知识证明算法,一些新型零知 识证明技术也在不断涌现。Sonic [72] 和 PLONK [73] 是基于 zk-SNARK 算法的零知识证明扩展版本, 虽仍需要进行可信设置,但设置的数据信息广且 可重用,因而可拓展性高。最近发布的密码学工 具 DARK Proof [74] ...
Article
Full-text available
In recent years, the issue of data privacy has attracted increased attention, and how to achieve effective privacy protection in blockchain is a new research hotspot.In view of the current research status and development trend of blockchain in privacy protection, the privacy protection methods of blockchain in transaction address,prophecy machine and smart contract were explained, and the privacy strategies of blockchain in the protection of basic elements were summarized.Based on high-level literature at home and abroad, two types of blockchain cryptographic protection methods and usage scenarios were analyzed, including special cryptographic primitives and post-quantum cryptography.The advantages and disadvantages of seven cryptographic techniques applicable to current blockchain privacy protection were also reviewed, including attribute-based encryption, special data signature, homomorphic encryption, secure multi-party computation, zero-knowledge proofs, and lattice ciphers.It was concluded that the privacy protection of blockchain applications cannot be achieved without cryptographic technology.Meanwhile, the blockchain privacy protection technologies were analyzed in terms of both basic element protection and cryptographic protection.It was concluded that it was difficult to effectively solve the privacy problem only from the application and contract layers of the blockchain, and various cryptographic technologies should be used to complement each other according to different needs and application scenarios.In addition, according to the current development status of blockchain privacy cryptography, the narrative was developed from blockchain basic element protection and cryptography-based protection.From the perspectives of both endogenous basic element security and exogenous cryptographic privacy security, basic element privacy protection should be studied first, followed by an in-depth analysis of cryptographic protection techniques for blockchain privacy.The strengths and weaknesses and the potential value of the privacy handling aspects of the corresponding safeguards should be measured in terms of the development of technology in conjunction with practical applications, while considering the timeliness of the technology.Finally, an outlook on the future direction of blockchain privacy protection technologies was provided, indicating the issues that need to be addressed in focus. Cite: 刘峰, 杨杰, 齐佳音. 区块链密码学隐私保护技术综述[J]. 网络与信息安全学报, 2022, 8(4): 29-44.doi: 10.11959/j.issn.2096-109x.2022054 Feng LIU, Jie YANG, Jiayin QI. Survey on blockchain privacy protection techniques in cryptography[J]. Chinese Journal of Network and Information Security, 2022, 8(4): 29-44.doi: 10.11959/j.issn.2096-109x.2022054
... The advantages of blockchain-based frameworks are more storage for data, less energy consumption, more speed and efficiency [135]. Blockchain can facilitate various areas of applications within finance, such as handling payments, managing loans, cryptocurrencies, etc. [136,137]. Blockchain promotes the working of the users on a transparent platform at a low cost of operations. Moreover, there is no need for any third-party intervention, thus eliminating any vulnerabilities from the system. ...
Article
Full-text available
Blockchain technology plays a significant role in the industrial development. Many industries can potentially benefit from the innovations blockchain decentralization technology and privacy protocols offer with regard to securing, data access, auditing and managing transactions within digital platforms. Blockchain is based on distributed and secure decentralized protocols in which there is no single authority, and no single point of control; the data blocks are generated, added, and validated by the nodes of the network themselves. This article provides insights into the current developments within blockchain technology and explores its ability to revolutionize the multiple industrial application areas such as supply chain industry, Internet of Things (IoT), healthcare, governance, finance and manufacturing. It investigates and provides insights into the security issues and threats related to the blockchain implementations by assessing the research through a systematic literature review. This article proposes possible solutions in detail for enhancing the security of the blockchain for industrial applications along with significant directions for future explorations. The study further suggests how in recent years the adoption of blockchain technology by multiple industrial sectors has gained momentum while in the finance sector it is touching new heights day by day.
... • Data privacy: data in the Blockchain can be encrypted using multiple types of encryptions. Some examples are: Hawk [57], Enigma project [147], Quorum [16], Multichain [128], Rockchain [50]. ...
Article
Full-text available
The term Internet of Things (IoT) represents all communicating countless heterogeneous devices to share data and resources via the internet. The speedy advance of IoT devices proposes limitless benefits, but it also brings new challenges regarding security and forensics. Likewise, IoT devices can generate a massive amount of data that desires integrity and security during its handling and processing in an efficient way. IoT devices and data can be vulnerable to various types of cyber-crimes at each IoT layer. For combating these cyber-crimes in IoT infrastructure, IoT forensic term has shown up. The IoT forensic is the process of performing digital forensic investigation in the IoT environment in a forensically sound and timely fashion manner. Sundry challenges face the IoT forensics that requires urgent solutions and mitigation methods; digital evidence needs to be collected, preserved, analyzed, processed, and reported in a trusted manner to be acceptable for presenting in the court of law. Preserving the evidence unchanged or tampered with is the most critical challenge in digital forensics. Authentication is another challenge facing digital forensics; who is allowed to deal with the evidence? One of the most recent solutions for supporting IoT forensics is the use of Blockchain. Using Blockchain in digital forensics guarantees data integrity, immutability, scalability, and security. Therefore, this paper presents a comprehensive review of IoT security and forensics with the integration with Blockchain technology. It begins by providing an inclusive discussion of IoT security, as well as the need for IoT forensics, and the concepts of Blockchain. Then, a review of Blockchain-based IoT security and forensics issues is presented. Finally, a discussion of open research directions is provided.
... A reviewed research contribution on Blockchain-based privacy mechanisms for Internet of Things is presented in Table II. Several abbreviations are used ahead in Table II and Table III, which are described in Table I. (Zyskind et al., 2015) The proposed models offer applications for database management which focuses on Decentralized Hash Tables (DHT) and information received from the decentralized Blockchain blocks. This model finetunes the access control policies which confines the users to manipulate data. ...
Article
Full-text available
Blockchain Technology, the fundamental technology behind Bitcoin, has drawn considerable recognition ever since its origin. Its potential has gained significant interest in various applications, varying from the music industry, financial services, Internet-of-Things (IoT), smart grid, edge computing, cybersecurity, and the healthcare industry. However, the information is divided amongst several intermediaries involved with adverse impacts on data quality in the healthcare domain. In the near future, blockchain technology can reshape the way the healthcare industry works by providing personalized and reliable patient data management, reforming the traditional healthcare practices, secure mechanisms for data sharing, efficient pharmaceutical supply chain management, and drug traceability and many more. In this study, an extensive literature review has been provided that includes the different prospects of using blockchain technology in healthcare. The review investigates the work done to enable the amalgamation of IoT and Blockchain in the health ecosystem. Significant blockchain-based healthcare use cases such as data storage, data sharing, drug traceability, clinical trials, and remote patient monitoring are investigated. Further, the Internet of Things and blockchain technology-based SWOT (Strength, Weakness, Opportunity, and Threat) analysis and the challenges linked in the healthcare domain because of the enactment of IoT and blockchain technology are discussed to support advanced studies in this domain.
Chapter
The use of blockchain-based smart contracts in procurement is an emerging research area with potentially significant implications in both practical and scientific terms. The new technology seems to have the potential to alter the way cross-company procurement processes are designed and executed. In theory, the blockchain can enable a pure peer-to-peer network without a need for third parties, while smart contracts can automatically execute predefined actions based on contractual clauses. This could increase the trustworthiness between supply chain partners and provide secure and traceable audit trails of all transactions. However, these potential benefits face a variety of challenges. These include, in particular, technological shortcomings, legal issues, and functional requirements. This paper analyzes the current state of the art of smart contracts in the context of procurement based on a systematic literature review and evaluates the technology’s maturity using the Technology Readiness Level model. For this purpose, critical characteristics, application areas, as well as technological, legal, and functional aspects of smart contracts are examined. In this way, this paper lays a foundation for future research, provides valuable insight for procurement practitioners, and offers approaches for the further development of smart contracts.
Article
Full-text available
Smart and shared mobility, from e-scooters to pool-riding services, reshape mobility in cities worldwide. While there is wide scope for new business opportunity in mobility, administrations remain unclear of how to manage and organize shared mobility and the big data underpinning shared mobility to serve the public good, in particular by reducing congestion and greenhouse gas emissions. Here, we suggest that management of smart mobility data constitutes a new layer of urban infrastructure that is integral to reaching sustainability goals. We investigate how integrated data management can realize the benefits of big data applications, while effectively managing risks, exemplifying our argument for the case of shared mobility in Israel. We argue that shared mobility and associated data management is neither necessary nor sufficient condition for sustainable mobility. However, given the current trend towards digitalization, data rentiership and surveillance capitalism, we suggest that institutionalizing data management of smart and shared mobility as a public good is a wise move that protects mobility users and facilitates efforts to steer shared mobility systems to low-carbon, low-congestion, and inclusive mobility. We develop a typology of six data platforms and find that integrated data platforms offer an opportunity to leverage benefits if three key design principles are followed: (1) open (but not necessarily free) data access; (2) maintaining the privacy, agency and participation of individuals, users, and the public; and (3) tailoring mobility services to meet well-defined goals of public policy.
Article
The blockchain has been considered as a new decentralized computing paradigm that has great potential to meet various computing needs. Considering a private network where incentive mechanisms are not required, this paper innovatively remolds the transaction-recording blockchain for decentralized data processing. In our design, workers have different processing capacity and tasks have different resource requirements. Workers first get task information from the blockchain and then process tasks locally, and next perform the proof of useful work (PoUW) consensus to compete for a scheduler, according to the number of the consumed CPU instructions in data processing. The scheduler is responsible for dispatching task information to the blockchain. A salient feature of our decentralized data processing is that workers actively select tasks, instead of passively receiving tasks as in a centralized framework. This will lead to collisions (i.e., multiple workers select the same task). To alleviate the collisions and provide the max-min fairness of data-processing, we propose a modified fair queue (called M-FQ) algorithm for the scheduler, as well as a fair task selection with collision avoidance (called Fair-CA) scheme for workers. Extensive simulations verify that our framework can well balance the fairness and the collision.
Chapter
Blockchain-based technology is becoming increasingly popular and is now used to solve a wide range of tasks. And it's not all about cryptocurrencies. Even though it's based on secure technology, a blockchain needs protection as well. The risks of exploits, targeted attacks, or unauthorized access can be mitigated by the instant incident response and system recovery. Blockchain technology relies on a ledger to keep track of all financial transactions. Ordinarily, this kind of master ledger would be a glaring point of vulnerability. Another tenet of security is the chain itself. Configuration flaws, as well as insecure data storage and transfers, may cause leaks of sensitive information. This is even more dangerous when there are centralized components within the platform. In this chapter, the authors will demonstrate where the disadvantages of security and privacy in blockchain are currently and discuss how blockchain technology can improve these disadvantages and outlines the requirements for future solution.
Chapter
Cyber-attacks mean those attacks launched on online users who are not security conscious either by using a computer network (spamming, phishing, etc.) Or as a tool to engage in criminal activities (cyberstalking or inside man, etc.). Cyber-attacks are on the increase thereby making cybersecurity a challenging task in this digital age. The Healthcare industry, been one of the largest industry has been facing a lot of cyber-attacks challenges ranging from malware attacks, Distributed Denial-of-Service (DDoS) attacks, and so on thereby leading to identity theft, data manipulation from an unauthorized entity. Electronic healthcare records are sensitive information that contains patient's personal information like name medication histories, lab reports, payment details, contact and home address which have to be shared among healthcare providers need to be efficiently secured from attacks. But the standard cybersecurity platform which is currently used by the healthcare industry to preserve information has a lot of flaws thereby rendering medical records venerable to cyber-attack. To address this problem there is a need to change the standard cybersecurity platform on the healthcare industry to blockchain-based security, which is one of the best solutions to cyber-attacks. We have done an in-depth analysis of cyber-attacks in the context of four stages and types of cyber-attacks threats. Blockchain technology can transform the healthcare industry by engaging with its Hyperledger fabric technology which will guarantee optimal security against all sorts of cyber-attacks. This paper will highlight how blockchain will transform cyber-attacks on the healthcare industry and with the recommendation of blockchain technology as a solution to cyber-attacks
Article
Full-text available
The energy system is becoming increasingly decentralized. This development requires integrating and coordinating a rising number of actors and small units in a complex system. Blockchain could provide a base infrastructure for new tools and platforms that address these tasks in various aspects—ranging from dispatch optimization or dynamic load adaption to (local) market mechanisms. Many of these applications are currently in development and subject to research projects. In decentralized energy markets especially, the optimized allocation of energy products demands complex computation. Combining these with distributed ledger technologies leads to bottlenecks and challenges regarding privacy requirements and performance due to limited storage and computational resources. Verifiable computation techniques promise a solution to these issues. This paper presents an overview of verifiable computation technologies, including trusted oracles, zkSNARKs, and multi-party computation. We further analyze their application in blockchain environments with a focus on energy-related applications. Applied to a distinct optimization problem of renewable energy certificates, we have evaluated these solution approaches and finally demonstrate an implementation of a Simplex-Optimization using zkSNARKs as a case study. We conclude with an assessment of the applicability of the described verifiable computation techniques and address limitations for large-scale deployment, followed by an outlook on current development trends.
Conference Paper
In recent times, technological advancements have resulted in dramatic change in the health sector. The Internet of Things, Cloud Computing, Block chain, lab-on-a-chip, non-invasive and percutaneous operations, and other innovations have made treating a variety of ailments much easier. Both research and the healthcare business have benefited greatly from these emerging innovations. Miniaturized healthcare sensors driven by IoT can be used for clinical tests and self-health tracking. They assist professionals in remote regions who weren't in direct communication with clients with immediate diagnostic and treatment recommendations. Controlling access mechanisms and uneven security policies were a hurdle in meeting the security standards of these data. A blockchain-based intelligent contract and an enterprise-distributed record architecture can be used to track the patient's condition. This permits patients' medical information, and an irreversible and lengthy history log, to be retrieved worldwide at whatever time. The suggested system gives greater monitoring, increased connectivity, and higher data security if compared to standard patient monitoring devices.
Article
Internet of Things (IoT) refers to the concept of connecting non-traditional computers and related sources with the help of the internet. This includes incorporating basic computing and communication technologies for daily use into Physical things. Security and Confidentiality are two major challenges in IoT. In the current security mechanisms available for IoT, the limitations in the memory, energy resources, and CPU of IoT devices compromises the critical security specifications in IoT devices. Also, the centralized architectures for security are not appropriate for IoT because of a Single attack point. It is costly to defend against attacks targeted on centralized infrastructure. Therefore, it is important to decentralize the IoT security architecture to meet the requirements of resource constraints. Blockchain is a decentralized encryption system with a large number of uses. However, because of its high computational complexity and poor scalability, the Traditional Blockchain environment is not suitable for IoT applications. So, we introduce a Sliding window protocol to the traditional blockchain so that it will better suit the applications in the IoT environment. Changing the conventional blockchain and introducing a sliding window to it makes it use previous blocks in proof of work to shape the next hash block. SWBC's results are analyzed on a data stream generated from an IoT testbed (Smart Home) in real-time. The results show that the proposed sliding window protocol improves security and reduces memory overhead and consumes fewer resources for Security.
Chapter
In recent decades, the industrial applications of the internet of things (IoT) have been attracting massive motivation for research and improvement of industrial operations. The IoT technology integrates various smart objects (or things) to form a network, share data among the connected objects, store data, and process data to support business applications. It is challenging to find a univocal architecture as a reference for different business applications, which can relate to many sensors, intelligence devices, networks, and protocols for operations. Moreover, some of the IoT infrastructural components are a shortage of computational processing power, locally saving ability, and data communication capacity, and these components are very vulnerable to privacy and security attacks. This chapter presents an overview of different IoT-based architectures and security-related issues. Finally, the chapter discusses the challenges of cryptography and blockchain-based solutions after reviewing the threats of IoT-based industry-specific business cases.
Chapter
Popular public blockchains face many problems due to their catastrophic blockchain sizes and verification time, e.g., lack of peer scalability, high computational fees, and impractical overheads for syncing. The origin of these problems is preserving everything that comes with the architecture of “append-only” blockchains, e.g., Bitcoin, Ethereum, Hyperledger, etc. Zero-history blockchains like Origami address the root of these problems by removing the history. We propose two Origami confidential chains, classical and quantum-safe, with zero-knowledge contracts. This paper demonstrates that zero-history blockchains should be the new normal blockchain structure due to their high scalability even with post-quantum settings and zero-knowledge contracts.KeywordsScalabilityConfidential transactionPost-quantum cryptographyZero-knowledge proofs
Chapter
Since Satoshi Nakamoto first introduced the blockchain as an open-source project for secure financial transactions, it has attracted the scientific community’s interest, paving the way for addressing problems in domains other than cryptocurrencies, one of them being the Internet of Things (IoT). However, to demonstrate this potential, a clear understanding of blockchain technology and its suitability to meet the IoT’s underlying security requirements is required. To accomplish this goal, this study intends to provide a coherent and comprehensive survey on blockchain integration with IoT identifying the limitations and benefits of Blockchain in IoT applications. The survey presented an overview of blockchain and IoT and illustrated their principal architecture. The state-of-the-art blockchain efforts in different IoT domains are also reviewed. Then presents the current challenges of integrating blockchain and IoT and looks at the recently proposed solutions. Finally, the potential future research directions for integrating blockchain and IoT is discussed. Based on the study’s findings, it is hoped that this survey will serve as a reference and source of motivation for future research directions in this area.KeywordsBlockchain technologyIoTSurveyIntegration of blockchain and IoT
Chapter
The emergence of digital platforms and the new application economy are transforming healthcare and creating new opportunities and risks for all stakeholders in the medical ecosystem. Many of these developments rely heavily on data and AI algorithms to prevent, diagnose, treat, and monitor diseases and other health conditions. A broad range of medical, ethical and legal knowledge is now required to navigate this highly complex and fast-changing space. This collection brings together scholars from medicine and law, but also ethics, management, philosophy, and computer science, to examine current and future technological, policy and regulatory issues. In particular, the book addresses the challenge of integrating data protection and privacy concerns into the design of emerging healthcare products and services. With a number of comparative case studies, the book offers a high-level, global, and interdisciplinary perspective on the normative and policy dilemmas raised by the proliferation of information technologies in a healthcare context.
Article
The emergence of digital platforms and the new application economy are transforming healthcare and creating new opportunities and risks for all stakeholders in the medical ecosystem. Many of these developments rely heavily on data and AI algorithms to prevent, diagnose, treat, and monitor diseases and other health conditions. A broad range of medical, ethical and legal knowledge is now required to navigate this highly complex and fast-changing space. This collection brings together scholars from medicine and law, but also ethics, management, philosophy, and computer science, to examine current and future technological, policy and regulatory issues. In particular, the book addresses the challenge of integrating data protection and privacy concerns into the design of emerging healthcare products and services. With a number of comparative case studies, the book offers a high-level, global, and interdisciplinary perspective on the normative and policy dilemmas raised by the proliferation of information technologies in a healthcare context.
Chapter
Internet of things (IoT) is ready to change human life and release tremendous financial benefits. It may be that lack of information security and the belief of the current IoT are actually restricting its selection. Blockchain changes in an appropriated and secure record holds reliable records of information in various areas and possibly resolves information security concerns in the IoT system. This chapter presents a thorough review on the existing blockchain progress with an accent on IoT applications. The authors first give an overview of blockchain architecture including blockchain technologies and key characteristics of blockchain. The authors then discuss the blockchain for the internet of things including blockchain for IoT: technologies. Furthermore, they list some challenges and problems that will hinder blockchain development and summarize some existing approaches for solving these problems. Some possible future directions are also discussed. Future research bearings are ordered for a viable mix of blockchains in the IoT system.
Article
Data is streamed from sensors, through fog devices, and onto a centralized Cloud server in traditional Internet of Things (IoT) ecosystems. Issues that arise include privacy concerns due to third-party management of Cloud servers, single points of failure, a bottleneck in data flows, and difficulties in regularly updating firmware for millions of smart devices from a point of security and maintenance perspective. Blockchain, the underlying technology of Bitcoin, was initially primarily intended for the transfer of monetary value. Nevertheless, researchers and security analysts from all over the world are focusing on the blockchain to address the security and privacy issues of IoT due to its decentralized architecture, fault tolerance, and cryptographic security benefits like pseudonymous identities, data integrity, and authentication. Blockchain technology protects users by avoiding reliable third parties. This has inspired researchers to investigate blockchain’s adoption into the IoT ecosystem. In this paper, let us understand more about blockchain, its application in IoT, challenges while handling IoT data on the blockchain, and its security solutions.
Article
Federated learning (FL) allows a number of parties collectively train models without revealing private datasets. There is a possibility of extracting personal or confidential data from the shared models even-though sharing of raw data is prevented by federated learning. Secure Multi Party Computation (MPC) is leveraged to aggregate the locally-trained models in a privacy preserving manner. However, it results in high communication cost and poor scalability in a decentralized environment. We design a novel communication-efficient MPC enabled federated learning called CE-Fed. In particular, the proposed CE-Fed is a hierarchical mechanism which forms model aggregation committee with a small number of members and aggregates the global model only among committee members, instead of all participants. We develop a prototype and demonstrate the effectiveness of our mechanism with different datasets. Our proposed CE-Fed achieves high accuracy, communication efficiency and scalability without compromising privacy.
Article
The present security systems encounter vulnerable surveillance and protection breaches in financial domains day by day. These systems compromise the privacy of the users in such a way that their personal data are collected and controlled by the third-parties. In this regard, Bitcoin has been implemented in the financial space. It has made possible the trusted and auditable computing via decentralized network associated with a public ledger. This work proposes a decentralized personal data management system for banking sector using block chain which makes sure that the user can control their personal data in their own .It presents a Privacy-Protected Blockchain network in which all data is encoded within a controlled time period. Despite the fact that the data is available in the past, this design can successfully preserve user privacy and protect from deceivers, providing the data more stable and healthier. Blockchain has its advantages over features such as transparency, decentralization and immutability. In the proposed model, a protocol is implemented which converts the blockchain into automated access control manager. There is no need for a third party to be trusted for the implementation of this model. In the proposed system, the transactions are not limited to financial transactions like Bitcoin, it also includes data storing, sharing and querying. Hence, the use of blockchain could reduce the overly concern about securing and compartmentalizing the data.
Article
Enterprise systems are becoming more complex with an interconnected network of large heterogeneous devices. These systems generate, process and store large volumes of data (including Personally Identifiable Information (PII)). Securing such a large infrastructure from adversaries is a humongous task for enterprise organizations. Adversaries can exploit the inherent vulnerabilities in the enterprise systems and mount various attacks such as ransomware, malware, phishing, and so on, with goals to steal the data, take control of the system, etc., thus causing huge financial and reputation loss. Further, with stringent privacy regulations such as GDPR, organizations can end up with large penalty payouts to local Governments and their affected people due to data breaches. Thus, to safeguard enterprise systems from data breaches, organizations deploy Data Leakage Prevention (DLP) systems with encryption and authentication mechanisms. While these techniques provide privacy and protection of data at-rest and in-transit scenarios, for data in use scenarios, data leakage is still possible (Since data needs to be available in plaintext form for several applications, the attacker can steal the data by exploiting the vulnerability in the access control system, authentication, or other vulnerabilities during the run-time execution of the application). Hence, in this paper, we discuss various challenges encountered by organizations in enabling privacy and data protection for data in-use. Next, we discuss how privacy enabled computation techniques such as Fully Homomorphic Encryption and Secure Multiparty Computation can be used to provide data in-use protection along with their pros and cons in real life deployment scenarios.
Article
Full-text available
The smart grid idea was implemented as a modern interpretation of the traditional power grid to find out the most efficient way to combine renewable energy and storage technologies. Throughout this way, big data and the Internet always provide a revolutionary solution for ensuring that electrical energy linked intelligent grid, also known as the energy Internet. The blockchain has some significant features, making it an applicable technology for smart grid standards to solve the security issues and trust challenges. This study will present a rigorous review of blockchain implementations with the cyber security perception and energy data protections in smart grids. As a result, we describe the major security issues of smart grid scenarios that big data and blockchain can solve. Then, we identify a variety of recent blockchain-based research works published in various literature and discuss security concerns on smart grid systems. We also discuss numerous similar practical designs, experiments, and items that have recently been developed. Finally, we go through some of the most important research problems and possible directions for using blockchain to address smart grid security concerns.
Preprint
Banking sectors commit modern working frameworks and models smooth development based on decentralization with keeping money confront in unused ranges and differing activities. Consortium Blockchain Privacy becomes a major concern and the challenge of Most of banking sectors.Development without being hampered being a major concern it can store confirmed, Data privacy includes assuring protection for both insider ad outsider threats therefore access control of Ring signature could help to secure Privacy of inside and outside threats by secure process by RSBAC using CIA triad privacy Confidentiality, Availability, Integrity.This paper proposes a ring signature-based on access control mechanism for determining who a user is and then regulating that person's access to and use of a system's resources. In a nutshell, access control restricts who has access to a system. It also restricts access to system resources to users who have been identified as having the necessary privileges and permissions. The proposed paradigm satisfies the needs of both workflow and non-workflow systems in an enterprise setting. The traits of the conditional purposes, roles, responsibilities, and policies provide the foundation for it. It ensures that internal risks such as database administrators are protected.Finally, it provides the necessary protection in the event that the data is published.
Article
Ngày nay, nhiều ứng dụng của hệ thống Nhà thông minh (Smart Home - SH) cung cấp các khuyến nghị dịch vụ cho người dùng, bao gồm giảm công suất tiêu thụ, cảnh báo các thiết bị lỗi, chẩn đoán bệnh,… [1]. Do tính chất kết nối internet, động và bất đồng bộ của môi trường SH tạo ra các thách thức bảo mật, xác thực và tính riêng tư [2]. Trong bài báo này một hướng tiếp cận tính riêng tư dữ liệu người dùng trong SH sử dụng công nghệ blockchain, gọi là (SH based on the IoT-Blockchain - SHIB), được đề xuất. Để chứng minh kiến trúc đề xuất, một kịch bản thực nghiệm dùng Hyperledger Fabric, NodeJS và C# được xây dựng giữa người dùng, nhà cung cấp dịch vụ và SH. Dựa trên kết quả thực nghiệm, kiến trúc SHIB thể hiện các ưu điểm như tính riêng tư dữ liệu và khả năng mở rộng cao. Ngoài ra, sự so sánh giữa kiến trúc đề xuất và các mô hình tồn tại trước đó trong các thông số khác nhau như hợp đồng thông minh và tính riêng tư của dữ liệu cũng được thực hiện.
Conference Paper
Full-text available
We put forward a new approach for the design of efficient multiparty protocols: 1 Design a protocol π for a small number of parties (say, 3 or 4) which achieves security against a single corrupted party. Such protocols are typically easy to construct, as they may employ techniques that do not scale well with the number of corrupted parties. 2 Recursively compose π with itself to obtain an efficient n-party protocol which achieves security against a constant fraction of corrupted parties. The second step of our approach combines the “player emulation” technique of Hirt and Maurer (J. Cryptology, 2000) with constructions of logarithmic-depth formulae which compute threshold functions using only constant fan-in threshold gates. Using this approach, we simplify and improve on previous results in cryptography and distributed computing. In particular: We provide conceptually simple constructions of efficient protocols for Secure Multiparty Computation (MPC) in the presence of an honest majority, as well as broadcast protocols from point-to-point channels and a 2-cast primitive. We obtain new results on MPC over blackbox groups and other algebraic structures. The above results rely on the following complexity-theoretic contributions, which may be of independent interest: We show that for every j,k ∈ ℕ such that \(m \triangleq \frac{k-1}{j-1}\) is an integer, there is an explicit (poly(n)-time) construction of a logarithmic-depth formula which computes a good approximation of an (n/m)-out-of-n threshold function using only j-out-of-k threshold gates and no constants. For the special case of n-bit majority from 3-bit majority gates, a non-explicit construction follows from the work of Valiant (J. Algorithms, 1984). For this special case, we provide an explicit construction with a better approximation than for the general threshold case, and also an exact explicit construction based on standard complexity-theoretic or cryptographic assumptions.
Conference Paper
Full-text available
Every function of n inputs can be efficiently computed by a complete network of n processors in such a way that: If no faults occur, no set of size t < n/2 of players gets any additional information (other than the function value),Even if Byzantine faults are allowed, no set of size t < n/3 can either disrupt the computation or get additional information.Furthermore, the above bounds on t are tight!
Conference Paper
Full-text available
Gathering and processing sensitive data is a difficult task. In fact, there is no common recipe for building the necessary information systems. In this pa- per, we present a provably secure and efficient general-purpose computation sys- tem to address this problem. Our solution—SHAREMIND—is a virtual machine for privacy-preserving data processing that relies on share computing techniques. This is a standard way for securely evaluating functions in a multi-party computa- tion environment. The novelty of our solution is in the choice of the secret sharing scheme and the design of the protocol suite. We have made many practical de- cisions to make large-scale share computing feasible in practice. The protocols of SHAREMIND are information-theoretically secure in the honest-but-curious model with three computing participants. Although the honest-but-curious model does not tolerate malicious participants, it still provides significantly increased privacy preservation when compared to standard centralised databases.
Conference Paper
Full-text available
We describe a peer-to-peer system which has provable consistency and performance in a fault-prone environment. Our system routes queries and locates nodes using a novel XOR-based metric topology that simplifies the algorithm and facilitates our proof. The topology has the property that every message exchanged conveys or reinforces useful contact information. The system exploits this information to send parallel, asynchronous query messages that tolerate node failures without imposing timeout delays on users.
Article
Is it possible to design an online protocol for playing a lottery, in a completely decentralized way, that is, without relying on a trusted third party? Or can one construct a fully decentralized protocol for selling secret information, so that neither the seller nor the buyer can cheat in it? Until recently, it seemed that every online protocol that has financial consequences for the participants needs to rely on some sort of a trusted server that ensures that the money is transferred between them. In this work, we propose to use Bitcoin (a digital currency, introduced in 2008) to design such fully decentralized protocols that are secure even if no trusted third party is available. As an instantiation of this idea, we construct protocols for secure multiparty lotteries using the Bitcoin currency, without relying on a trusted authority. Our protocols guarantee fairness for the honest parties no matter how the loser behaves. For example, if one party interrupts the protocol, then her money is transferred to the honest participants. Our protocols are practical (to demonstrate it, we performed their transactions in the actual Bitcoin system) and in principle could be used in real life as a replacement for the online gambling sites.
Conference Paper
In the last few years the efficiency of secure multi-party computation (MPC) increased in several orders of magnitudes. However, this alone might not be enough if we want MPC protocols to be used in practice. A crucial property that is needed in many applications is that everyone can check that a given (secure) computation was performed correctly – even in the extreme case where all the parties involved in the computation are corrupted, and even if the party who wants to verify the result was not participating. This is especially relevant in the clients-servers setting, where many clients provide input to a secure computation performed by a few servers. An obvious example of this is electronic voting, but also in many types of auctions one may want independent verification of the result. Traditionally, this is achieved by using non-interactive zero-knowledge proofs during the computation. A recent trend in MPC protocols is to have a more expensive preprocessing phase followed by a very efficient online phase, e.g., the recent so-called SPDZ protocol by Damgård et al. Applications such as voting and some auctions are perfect use-case for these protocols, as the parties usually know well in advance when the computation will take place, and using those protocols allows us to use only cheap information-theoretic primitives in the actual computation. Unfortunately no protocol of the SPDZ type supports an audit phase. In this paper, we show how to achieve efficient MPC with a public audit. We formalize the concept of publicly auditable secure computation and provide an enhanced version of the SPDZ protocol where, even if all the servers are corrupted, anyone with access to the transcript of the protocol can check that the output is indeed correct. Most importantly, we do so without significantly compromising the performance of SPDZ i.e. our online phase has complexity approximately twice that of SPDZ.
Conference Paper
Is it possible to design an online protocol for playing a lottery, in a completely decentralized way, that is, without relying on a trusted third party? Or can one construct a fully decentralized protocol for selling secret information, so that neither the seller nor the buyer can cheat in it? Until recently, it seemed that every online protocol that has financial consequences for the participants needs to rely on some sort of a trusted server that ensures that the money is transferred between them. In this work, we propose to use Bitcoin (a digital currency, introduced in 2008) to design such fully decentralized protocols that are secure even if no trusted third party is available. As an instantiation of this idea, we construct protocols for secure multiparty lotteries using the Bitcoin currency, without relying on a trusted authority. Our protocols guarantee fairness for the honest parties no matter how the loser behaves. For example, if one party interrupts the protocol, then her money is transferred to the honest participants. Our protocols are practical (to demonstrate it, we performed their transactions in the actual Bitcoin system) and in principle could be used in real life as a replacement for the online gambling sites.
Article
Bit coin has emerged as the most successful cryptographic currency in history. Within two years of its quiet launch in 2009, Bit coin grew to comprise billions of dollars of economic value despite only cursory analysis of the system's design. Since then a growing literature has identified hidden-but-important properties of the system, discovered attacks, proposed promising alternatives, and singled out difficult future challenges. Meanwhile a large and vibrant open-source community has proposed and deployed numerous modifications and extensions. We provide the first systematic exposition Bit coin and the many related crypto currencies or 'altcoins.' Drawing from a scattered body of knowledge, we identify three key components of Bit coin's design that can be decoupled. This enables a more insightful analysis of Bit coin's properties and future stability. We map the design space for numerous proposed modifications, providing comparative analyses for alternative consensus mechanisms, currency allocation mechanisms, computational puzzles, and key management tools. We survey anonymity issues in Bit coin and provide an evaluation framework for analyzing a variety of privacy-enhancing proposals. Finally we provide new insights on what we term disinter mediation protocols, which absolve the need for trusted intermediaries in an interesting set of applications. We identify three general disinter mediation strategies and provide a detailed comparison.
Conference Paper
We study a model of fairness in secure computation in which an adversarial party that aborts on receiving output is forced to pay a mutually predefined monetary penalty. We then show how the Bitcoin network can be used to achieve the above notion of fairness in the two-party as well as the multiparty setting (with a dishonest majority). In particular, we propose new ideal functionalities and protocols for fair secure computation and fair lottery in this model. One of our main contributions is the definition of an ideal primitive, which we call \(\mathcal{F}_{\mathrm{CR}}^\star\) (CR stands for “claim-or-refund”), that formalizes and abstracts the exact properties we require from the Bitcoin network to achieve our goals. Naturally, this abstraction allows us to design fair protocols in a hybrid model in which parties have access to the \(\mathcal{F}_{\mathrm{CR}}^\star\) functionality, and is otherwise independent of the Bitcoin ecosystem. We also show an efficient realization of \(\mathcal{F}_{\mathrm{CR}}^\star\) that requires only two Bitcoin transactions to be made on the network. Our constructions also enjoy high efficiency. In a multiparty setting, our protocols only require a constant number of calls to \(\mathcal{F}_{\mathrm{CR}}^\star\) per party on top of a standard multiparty secure computation protocol. Our fair multiparty lottery protocol improves over previous solutions which required a quadratic number of Bitcoin transactions.
Article
A purely peer-to-peer version of electronic cash would allow online payments to be sent directly from one party to another without going through a financial institution. Digital signatures provide part of the solution, but the main benefits are lost if a trusted third party is still required to prevent double-spending. We propose a solution to the double-spending problem using a peer-to-peer network. The network timestamps transactions by hashing them into an ongoing chain of hash-based proof-of-work, forming a record that cannot be changed without redoing the proof-of-work. The longest chain not only serves as proof of the sequence of events witnessed, but proof that it came from the largest pool of CPU power. As long as a majority of CPU power is controlled by nodes that are not cooperating to attack the network, they'll generate the longest chain and outpace attackers. The network itself requires minimal structure. Messages are broadcast on a best effort basis, and nodes can leave and rejoin the network at will, accepting the longest proof-of-work chain as proof of what happened while they were gone.
Conference Paper
We present FairplayMP (for \Fairplay Multi-Party"), a sys- tem for secure multi-party computation. Secure computa- tion is one of the great achievements of modern cryptog- raphy, enabling a set of untrusting parties to compute any function of their private inputs while revealing nothing but the result of the function. In a sense, FairplayMP lets the parties run a joint computation that emulates a trusted party which receives the inputs from the parties, computes the function, and privately informs the parties of their out- puts. FairplayMP operates by receiving a high-level lan- guage description of a function and a conguration le de-
Article
In this paper we show how to divide data D into n pieces in such a way that D is easily reconstructable from any k pieces, but even complete knowledge of k - 1 pieces reveals absolutely no information about D. This technique enables the construction of robust key management schemes for cryptographic systems that can function securely and reliably even when misfortunes destroy half the pieces and security breaches expose all but one of the remaining pieces.
Book
On September 11, 2001, members of Osama bin Laden's AI Qaeda terrorist network apparently hijacked four civilian passenger airplanes and flew them into the World Trade Center and the Pentagon, killing approximately 3000 innocent civilians from more than 80 different countries. In the days since, I have been struck by how many Americans-and how many lawyers-seem to have concluded that, somehow, the destruction of four planes and three buildings has taken us back to a state of nature in which there are no laws or rules. In fact, over the years, we have developed an elaborate system of domestic and international laws, institutions, regimes, and decision-making procedures precisely so that they will be consulted and obeyed, not ignored, at a time like this.
A Declaration of the Independence of Cyberspace. Electronic Frontier Foundation 8
  • Barlow Perry
  • John
Perry, Barlow John. A Declaration of the Independence of Cyberspace. Electronic Frontier Foundation 8, 1996.
Facebook tinkers with users emotions in news feed experiment, stirring outcry. The New York Times
  • Vindu Goel
Vindu Goel. Facebook tinkers with users emotions in news feed experiment, stirring outcry. The New York Times, 2014.
How to use bitcoin to design fair protocols Advances in CryptologyCRYPTO 2014
  • Iddo Bentov
  • Ranjit Kumaresan
Bentov, Iddo, and Ranjit Kumaresan. " How to use bitcoin to design fair protocols. " Advances in CryptologyCRYPTO 2014. Springer Berlin Heidelberg, 2014. 421-439.
Practical covertly secure MPC for dishonest majorityor: Breaking the SPDZ limits
  • Ivan Damgrd
Damgrd, Ivan, et al. "Practical covertly secure MPC for dishonest majorityor: Breaking the SPDZ limits." Computer SecurityESORICS 2013. Springer Berlin Heidelberg, 2013. 1-18.
Nsas prism surveillance program: how it works and what it can do
  • James Ball
James Ball. "Nsas prism surveillance program: how it works and what it can do." The Guardian, 2013.
Viff, the virtual ideal functionality framework
  • Team
  • Developement
Team, VIFF Developement. "Viff, the virtual ideal functionality framework." 2009.
Consensus-as-a-service: a brief report on the emergence of permissioned, distributed ledger systems
  • Tim Swanson
Swanson, Tim. "Consensus-as-a-service: a brief report on the emergence of permissioned, distributed ledger systems.", 2015.
The Big Data Breaches of 2014
  • Bill Hardekopf
Bill Hardekopf. "The Big Data Breaches of 2014." Forbes, 2015.
The dawn of trustworthy computing
  • Nick Szabo
Nick Szabo. "The dawn of trustworthy computing." 2014
Steel: The fates of human societies
  • Jared Diamond
  • Germs Guns
Diamond, Jared, and Germs Guns. Steel: The fates of human societies. New York: W. W. Norton, 1997.
SoK: Research Perspectives and Challenges for Bitcoin and Cryptocurrencies
  • Joseph Clark
  • Arvind Bonneau Andrew Miller Jeremy
  • A Narayanan Joshua
  • W Edward
  • Felten
Clark, Joseph Bonneau Andrew Miller Jeremy, Arvind Narayanan Joshua A. Kroll Edward, and W. Felten. "SoK: Research Perspectives and Challenges for Bitcoin and Cryptocurrencies.", Security and Privacy (SP), 2015 IEEE Symposium on. IEEE, 2015.