nach oben

Erschienen in:

2020 | OriginalPaper | Buchkapitel

Can a Public Blockchain Keep a Secret?

verfasst von : Fabrice Benhamouda, Craig Gentry, Sergey Gorbunov, Shai Halevi, Hugo Krawczyk, Chengyu Lin, Tal Rabin, Leonid Reyzin

Erschienen in: Theory of Cryptography

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Blockchains are gaining traction and acceptance, not just for cryptocurrencies, but increasingly as an architecture for distributed computing. In this work we seek solutions that allow a public blockchain to act as a trusted long-term repository of secret information: Our goal is to deposit a secret with the blockchain, specify how it is to be used (e.g., the conditions under which it is released), and have the blockchain keep the secret and use it only in the specified manner (e.g., release only it once the conditions are met). This simple functionality enables many powerful applications, including signing statements on behalf of the blockchain, using it as the control plane for a storage system, performing decentralized program-obfuscation-as-a-service, and many more.

Using proactive secret sharing techniques, we present a scalable solution for implementing this functionality on a public blockchain, in the presence of a mobile adversary controlling a small minority of the participants. The main challenge is that, on the one hand, scalability requires that we use small committees to represent the entire system, but, on the other hand, a mobile adversary may be able to corrupt the entire committee if it is small. For this reason, existing proactive secret sharing solutions are either non-scalable or insecure in our setting.

We approach this challenge via “player replaceability”, which ensures the committee is anonymous until after it performs its actions. Our main technical contribution is a system that allows sharing and re-sharing of secrets among the members of small dynamic committees, without knowing who they are until after they perform their actions and erase their secrets. Our solution handles a fully mobile adversary corrupting roughly 1/4 of the participants at any time, and is scalable in terms of both the number of parties and the number of time intervals.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel On Perfect Correctness in (Lockable) Obfuscation

Nächstes Kapitel Blockchains from Non-idealized Hash Functions

This could mean a small fraction of the stake in a proof-of-stake blockchain, or of the computing power in a proof-of-work blockchain.

An alternative realization in the context of proof-of-work blockchains could use solving moderately-hard puzzles for that purpose.

If the ephemeral PKE scheme is also linearly-homomorphic, it may be possible to compress this commitment to a single ciphertext encrypting the share of that party.

The communication can still be kept small using SNARKs, but the computation would have to be at least linear in N.

A convenient way of thinking about VRFs is as a hash of the signature in a unique-signature scheme.

The witness for such proof consists of the secret key for one of the keys and the encryption randomness for all the others.

“Long-term” in quote since it is replaced at least once per epoch, we use the name to distinguish these keys from the “ephemeral” keys of \(\mathcal {E}_2\) that are only used once in the protocol.

The witness for this NIZK proof consists of the ephemeral secret key \( \mathsf {esk}_j\) that was used to decrypt \(\mathsf {com}_j\), and the randomness that was used to encrypt the \(\mathsf {ct}_{j,k}\)’s.

These NP witness is just the secret key of the ephemeral key that was used to send the shares to it.which need not be hidden anymore now that the secret is revealed.

Since in practice the adversary has very limited time in which to reset the sortition (e.g. less than 5 s in the Algorand network), it may be sufficient to use \(k_1=64\).

This message need not be in the plaintext space relative to these keys. Note that in that case the anonymity property implies that the scheme could also “encrypt” things outside of its plaintext space (although the result may not be decryptable).

The proof in [28] is for the binomial distribution, but for our case of \(m\ll n\) we get the same result upto a factor of \(1\pm o(1)\).

Asayag, A., et al.: Helix: a scalable and fair consensus algorithm resistant to ordering manipulation. IACR Cryptology ePrint Archive (2018)

Baron, J., Defrawy, K.E., Lampkins, J., Ostrovsky, R.: Communication-optimal proactive secret sharing for dynamic groups. In: Malkin, T., Kolesnikov, V., Lewko, A.B., Polychronakis, M. (eds.) ACNS 2015. LNCS, vol. 9092, pp. 23–41. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-28166-7_2CrossRef

Bellare, M., Boldyreva, A., Desai, A., Pointcheval, D.: Key-privacy in public-key encryption. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 566–582. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-45682-1_33CrossRefMATH

Bellare, M., Dowsley, R., Waters, B., Yilek, S.: Standard security does not imply security against selective-opening. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 645–662. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-29011-4_38CrossRef

Bellare, M., Hofheinz, D., Yilek, S.: Possibility and impossibility results for encryption and commitment secure under selective opening. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 1–35. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-01001-9_1CrossRef

Benhamouda, F., et al.: Can a blockchain keep a secret? Cryptology ePrint Archive, Report 2020/464 (2020). https://eprint.iacr.org/2020/464

Blakley, G.: Safeguarding cryptographic keys. In: Proceedings of the AFIPS Conference, pp. 313–318 (1979). https://doi.org/10.1109/AFIPS.1979.98

Blum, M., Feldman, P., Micali, S.: Non-interactive zero-knowledge and its applications (extended abstract). In: Simon, J. (ed.) Proceedings of the 20th Annual ACM Symposium on Theory of Computing, 2–4 May 1988, Chicago, Illinois, USA, pp. 103–112. ACM (1988). https://doi.org/10.1145/62212.62222

Böhl, F., Hofheinz, D., Kraschewski, D.: On definitions of selective opening security. In: Fischlin, M., Buchmann, J., Manulis, M. (eds.) PKC 2012. LNCS, vol. 7293, pp. 522–539. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-30057-8_31CrossRef

10.

Boneh, D., et al.: Threshold cryptosystems from threshold fully homomorphic encryption. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018. LNCS, vol. 10991, pp. 565–596. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-96884-1_19CrossRef

11.

Canetti, R., Feige, U., Goldreich, O., Naor, M.: Adaptively secure multi-party computation. In: Proceedings of the twenty-eighth annual ACM symposium on Theory of computing, pp. 639–648 (1996). https://doi.org/10.1145/237814.238015

12.

Canetti, R., Halevi, S., Katz, J.: Adaptively-secure, non-interactive public-key encryption. In: Kilian, J. (ed.) TCC 2005. LNCS, vol. 3378, pp. 150–168. Springer, Heidelberg (2005). https://doi.org/10.1007/978-3-540-30576-7_9CrossRef

13.

Canetti, R., Herzberg, A.: Maintaining security in the presence of transient faults. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 425–438. Springer, Heidelberg (1994). https://doi.org/10.1007/3-540-48658-5_38CrossRefMATH

14.

Chen, J., Micali, S.: Algorand: A secure and efficient distributed ledger. Theor. Comput. Sci. 777, 155–183 (2019). https://doi.org/10.1016/j.tcs.2019.02.001

15.

Cheng, R., et al.: Ekiden: a platform for confidentiality-preserving, trustworthy, and performant smart contracts. In: IEEE European Symposium on Security and Privacy, EuroS&P, pp. 185–200 (2019). https://doi.org/10.1109/EuroSP.2019.00023

16.

Choudhuri, A.R., Goel, A., Green, M., Jain, A., Kaptchuk, G.: Fluid MPC: Secure multiparty computation with dynamic participants. Cryptology ePrint Archive, Report 2020/754 (2020). https://eprint.iacr.org/2020/754

17.

Desmedt, Y., Jajodia, S.: Redistributing secret shares to new access structures and its applications. Technical report (1997)

18.

Dolev, S., Garay, J.A., Gilboa, N., Kolesnikov, V.: Brief announcement: swarming secrets. In: Proceedings of the 29th ACM SIGACT-SIGOPS symposium on Principles of distributed computing, pp. 231–232 (2010). https://doi.org/10.1145/1835698.1835750

19.

Dwork, C., Naor, M., Reingold, O., Stockmeyer, L.: Magic functions: In memoriam: Bernard M. Dwork 1923–1998. J. ACM (JACM) 50(6), 852–921 (2003). https://doi.org/10.1145/950620.950623

20.

Freedman, M.J., Ishai, Y., Pinkas, B., Reingold, O.: Keyword search and oblivious pseudorandom functions. In: Kilian, J. (ed.) TCC 2005. LNCS, vol. 3378, pp. 303–324. Springer, Heidelberg (2005). https://doi.org/10.1007/978-3-540-30576-7_17CrossRef

21.

Freedman, M.J., Nissim, K., Pinkas, B.: Efficient private matching and set intersection. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 1–19. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24676-3_1CrossRef

22.

Garay, J., Ishai, Y., Ostrovsky, R., Zikas, V.: The price of low communication in secure multi-party computation. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10401, pp. 420–446. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-63688-7_14CrossRefMATH

23.

Garg, S., Gentry, C., Sahai, A., Waters, B.: Witness encryption and its applications. In: Proceedings of the forty-fifth annual ACM symposium on Theory of computing, pp. 467–476 (2013). https://doi.org/10.1145/2488608.2488667

24.

Gennaro, R., Rabin, M.O., Rabin, T.: Simplified VSS and fast-track multiparty computations with applications to threshold cryptography. In: Coan, B.A., Afek, Y. (eds.) Proceedings of the Seventeenth Annual ACM Symposium on Principles of Distributed Computing, PODC 1998, Puerto Vallarta, Mexico, 28 June-2 July 1998, pp. 101–111. ACM (1998). https://doi.org/10.1145/277697.277716

25.

Goldwasser, S., Micali, S.: Probabilistic encryption. J. Comput. Syst. Sci. 28(2), pp. 270–299 (1984). https://doi.org/10.1016/0022-0000(84)90070-9

26.

Goyal, R., Goyal, V.: Overcoming cryptographic impossibility results using blockchains. In: Kalai, Y., Reyzin, L. (eds.) TCC 2017. LNCS, vol. 10677, pp. 529–561. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70500-2_18CrossRef

27.

Goyal, V., Kothapalli, A., Masserova, E., Parno, B., Song, Y.: Storing and retrieving secrets on a blockchain. Cryptology ePrint Archive, Report 2020/504 (2020). https://eprint.iacr.org/2020/504

28.

Greenberg, S., Mohri, M.: Tight lower bound on the probability of a binomial exceeding its expectation. Stat. Probab. Lett. 86, 91–98 (2014). https://doi.org/10.1016/j.spl.2013.12.009MathSciNetCrossRefMATH

29.

Gunasinghe, H., et al.: PrivIdEx: privacy preserving and secure exchange of digital identity assets. In: WWW, pp. 594–604 (2019). https://doi.org/10.1145/3308558.3313574

30.

Hanke, T., Movahedi, M., Williams, D.: DFINITY technology overview series, consensus system. CoRR (2018). arXiv:1805.04548

31.

Hayashi, R., Tanaka, K.: Anonymity on Paillier’s trap-door permutation. In: Pieprzyk, J., Ghodosi, H., Dawson, E. (eds.) ACISP 2007. LNCS, vol. 4586, pp. 200–214. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-73458-1_16CrossRef

32.

Hazay, C., Patra, A., Warinschi, B.: Selective opening security for receivers. In: Iwata, T., Cheon, J.H. (eds.) ASIACRYPT 2015. LNCS, vol. 9452, pp. 443–469. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-48797-6_19CrossRef

33.

Herzberg, A., Jakobsson, M., Jarecki, S., Krawczyk, H., Yung, M.: Proactive public key and signature systems. In: Proceedings of the 4th ACM conference on Computer and communications security, pp. 100–110 (1997). https://doi.org/10.1145/266420.266442

34.

Herzberg, A., Jarecki, S., Krawczyk, H., Yung, M.: Proactive secret sharing or: how to cope with perpetual leakage. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 339–352. Springer, Heidelberg (1995). https://doi.org/10.1007/3-540-44750-4_27CrossRef

35.

Hofheinz, D., Rao, V., Wichs, D.: Standard security does not imply indistinguishability under selective opening. In: Hirt, M., Smith, A. (eds.) TCC 2016. LNCS, vol. 9986, pp. 121–145. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53644-5_5CrossRef

36.

Jarecki, S., Kiayias, A., Krawczyk, H., Xu, J.: TOPPSS: cost-minimal password-protected secret sharing based on threshold OPRF. In: Gollmann, D., Miyaji, A., Kikuchi, H. (eds.) ACNS 2017. LNCS, vol. 10355, pp. 39–58. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-61204-1_3CrossRef

37.

Jarecki, S., Krawczyk, H., Resch, J.K.: Updatable oblivious key management for storage systems. In: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security (CCS 2019), pp. 379–393 (2019). https://doi.org/10.1145/3319535.3363196

38.

Kokoris-Kogias, E., et al.: Verifiable management of private data under byzantine failures. IACR Cryptology ePrint Archive (2018). https://eprint.iacr.org/2018/209

39.

Lehmann, A.: Scrambledb: Oblivious (chameleon) pseudonymization-as-a-service. In: Proceedings on Privacy Enhancing Technologies, 3, pp. 289–309. (2019). https://doi.org/10.2478/popets-2019-0048

40.

Lindell, Y., Nof, A., Ranellucci, S.: Fast secure multiparty ECDSA with practical distributed key generation and applications to cryptocurrency custody. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, CCS 2018, pp. 1837–1854 (2018). https://doi.org/10.1145/3243734.3243788

41.

Maram, S.K.D., et al.: CHURP: dynamic-committee proactive secret sharing. In: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, CCS 2019, London, UK, 11–15 November 2019 (2019). https://eprint.iacr.org/2019/017, https://doi.org/10.1145/3319535.3363203

42.

Micali, S., Rabin, M.O., Vadhan, S.P.: Verifiable random functions. In: 40th Annual Symposium on Foundations of Computer Science (Cat. No.99CB37039), New York City, NY, USA, pp. 120–130 (1999). https://doi.org/10.1109/SFFCS.1999.814584

43.

Nielsen, J.B.: Separating random oracle proofs from complexity theoretic proofs: the non-committing encryption case. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 111–126. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45708-9_8CrossRef

44.

Ostrovsky, R., Yung, M.: How to withstand mobile virus attacks (extended abstract). In: PODC (1991). https://doi.org/10.1145/112600.112605

45.

Schultz, D.A., Liskov, B., Liskov, M.D.: Mobile proactive secret sharing. In: Proceedings of the twenty-seventh ACM symposium on Principles of distributed computing, pp. 458 (2008). https://doi.org/10.1145/1400751.1400856

46.

Schultz, D.A., Liskov, B., Liskov, M.D.: MPSS: mobile proactive secret sharing. ACM Trans. Inf. Syst. Secur. 13(4), 1–32 (2010). https://doi.org/10.1145/1880022.1880028

47.

Shamir, A.: How to share a secret. ACM Commun. 22 612–613 (1979). https://doi.org/10.1145/359168.359176

48.

Shirvanian, M., Jarecki, S., Krawczyk, H., Saxena, N.: SPHINX: a password store that perfectly hides passwords from itself. In: ICDCS, pp. 1094–1104 (2017). https://doi.org/10.1109/ICDCS.2017.64

Titel: Can a Public Blockchain Keep a Secret?
verfasst von: Fabrice Benhamouda
Craig Gentry
Sergey Gorbunov
Shai Halevi
Hugo Krawczyk
Chengyu Lin
Tal Rabin
Leonid Reyzin
Verlag: Springer International Publishing
Buch: Theory of Cryptography
Print ISBN: 978-3-030-64374-4

Electronic ISBN: 978-3-030-64375-1

Copyright-Jahr: 2020
DOI: https://doi.org/10.1007/978-3-030-64375-1_10

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner