Part 1 Security Technologies of Blockchain

The last article describes security attributes that are inherent or desired in blockchain systems. In this medium, we will provide a detailed discussion on a selection of techniques that can be leveraged to enhance the security and privacy of existing and future blockchain systems. This article is designed with dual goals. First, it will provide an entry point for non-security experts to gain better understanding of security and privacy properties of blockchain technology, detailed description of which can be found from the last article. Second, it will help specialists and researchers to explore the cutting edge security and privacy techniques of blockchain. We will mainly introduce seven popular security technologies, three of which will be demonstrated in this article.

As we mentioned before, Bitcoin’s blockchain does not guarantee anonymity for users [1]: transactions use pseudonymous addresses and can be verified publicly. Thus, anyone can relate a user’s transaction to her other transactions by a simple analysis of addresses she used in making bitcoin exchanges. More seriously, when the address of transaction is linked to the real-world identity of a user, it may cause the leakage of all her transactions. Thus, mixing services was designed to prevent users’ addresses from being linked. Mixing, literally, is a random exchange of user’s coins with other users’ coins. As a result, for the observer, their ownership of coins are obfuscated. However, these mixing services do not provide protection from coin theft. In this medium, we describe two such mixing services and analyze their security and privacy properties.

Mixcoin. Mixcoin was proposed by Bonneau et al. [2] in 2014, which provides anonymous payment in Bitcoin and bitcoin-like cryptocurrencies. To defend against passive adversaries, Mixcoin extends the anonymity set to allow all users to mix coins simultaneously. To defend against active adversaries, Mixcoin provides anonymity similar to traditional communication mixes. In addition, Mixcoin uses an accountability mechanism to detect stealing, and it shows that users will use Mixcoin rationally without stealing bitcoins by aligning incentives.

CoinJoin. CoinJoin [3] was proposed in 2013 as an alternative anonymization method for bitcoin transactions. It is motivated by the idea of joint payment. Suppose a user wants to make a payment, she will find another user who also wants to make a payment, and they make a joint payment together in one transaction by negotiation. By the joint payment, it significantly reduces the probability of linking inputs and outputs in one transaction and tracing the exact direction of money movement of a specific user. CoinJoin requires that users negotiate transactions with whom they wish to join payment. The first generation of mixing services to offer this functionality has used centralized servers and required users to trust the service operator not to steal or allow others to steal the bitcoins. However, despite the single point of failure, centralized services may have risk of leakage of users’ privacy because they will keep logs of the transactions and record all participants of joint payment, and thus causing several worries.

Digital signature technology was developed by several variants. Some signature schemes themselves have the ability of providing anonymity for the signer. We call this kind of signature schemes anonymous signature [4]. Among the anonymous signature schemes, group signature and ring signature were proposed earlier and are the two most important and typical anonymous signature schemes.

Group Signature. Group signature is a cryptography scheme proposed initially in 1991 [5]. Given a group, any of its members can sign a message for the entire group anonymously by using her personal secret key, and any member with the group’s public key can check and validate the generated signature and confirm that the signature of some group member is used to sign the message. The process of signature verification reveals nothing about true identity of the signer except the membership of the group. Group signature has a group manager who manages adding group members, handling the event of disputes, including revealing the original signer. In blockchain system, we also need an authority entity to create and revoke the group and dynamically add new members to the group and delete/revoke membership of some participants from the group. Since the group signature requires a group manager to setup the group, the group signature is suitable for consortium blockchain.

Ring Signature. Ring signature [6] also can achieve anonymity through signing by any member of a group of users. The term of “ring signature” originates from the signature algorithm that uses the ring-like structure. The ring signature is anonymous if it is difficult to determine which member of the group uses his/her key to sign the message. As been discussed in the previous medium, Ring signatures differ from group signatures in two principal ways: First, in a ring signature scheme, the real identity of the signer cannot be revealed in the event of dispute, since there is no group manager in ring signature. Second, any users can group a “ring” by themselves without additional setup. Thus, ring signature is applicable to public blockchain. One of the typical applications of ring signature is CryptoNote [7]. It adopts ring signature to hide the connection between the sender’s addresses of transactions. More precisely, CryptoNote constructs the sender’s public key with several other keys so that it is impossible to identify who actually sent (signed) the transaction. Due to the use of ring signature, if the number of ring members is n, then the probability that an adversary may successfully guess a real sender of a transaction is 1/n. Later, Ethereum added ring signatures in 2015, which gives users anonymity like CryptoNote currencies.

Homomorphic Encryption. Homomorphic Encryption is a powerful cryptography primitive. It can perform certain types of computations directly on ciphertext and ensure that the operations performed on the encrypted data, when decrypting the computed results, will generate identical results to those performed by the same operations on the plaintext.

One can use homomorphic encryption techniques to store data over the blockchain with no significant changes in the blockchain properties. This ensures that the data on the blockchain will be encrypted, addressing the privacy concerns associated with public blockchains. The use of homomorphic encryption technique offers privacy protection and allows ready access to encrypted data over public blockchain for auditing and other purposes, such as managing employee expenses. Ethereum smart contracts provide homomorphic encryption on data stored in blockchain for greater control and privacy.

In the next article, we will introduce the remaining security technologies that can be employed in blockchain systems with the goal of privacy preserving and security guarantee.

Zecrey official website: Zecrey

Welcome to join our communities and follow us on twitter:

Medium：https://medium.com/@zecrey

Twitter: https://twitter.com/zecreyprotocol

Telegram: https://t.me/zecrey

Discord: https://discord.com/invite/U98ghQsJE5

References

[1] https://bitcoinmagazine.com/guides/is-bitcoin-anonymous

[2] Joseph Bonneau, Arvind Narayanan, Andrew Miller, Jeremy Clark, Joshua A. Kroll, and Edward W. Felten. [n.d.]. Mixcoin: Anonymity for Bitcoin with Accountable Mixes. 486–504.

[3] Gregory Maxwell. 2013. CoinJoin: Bitcoin privacy for the real world. Retrieved from bitcointalk.org.

[4] Yang G, Wong D S, Deng X, et al. Anonymous signature schemes[C]//International Workshop on Public Key Cryptography. Springer, Berlin, Heidelberg, 2006: 347–363.

[5] Chen L, Pedersen T P. New group signature schemes[C]//Workshop on the Theory and Application of of Cryptographic Techniques. Springer, Berlin, Heidelberg, 1994: 171–181.

[6] Herranz J, Sáez G. New identity-based ring signature schemes[C]//International Conference on Information and Communications Security. Springer, Berlin, Heidelberg, 2004: 27–39.

[7] Nicolas van Saberhagen, Johannes Meier, Antonio M. Juarez, and Max Jameson. 2012. CryptoNote Signatures.