Part 2 Security Technologies of Blockchain
In the last article, we introduced three types of security and privacy techniques of blockchain, including mixing, anonymous signatures, and homomorphic encryption. In this section, we provide a detailed discussion on the rest of security techniques that can be leveraged to enhance security and privacy of existing and future blockchain systems, including attributed-based encryption, secure multi-party encryption, non-interactive zero-knowledge (NIZK) proof, and trusted execution environment.
Attribute-based encryption (ABE) is a cryptographic method in which attributes are the defining and regulating factors for the ciphertext encrypted using the secret key of a user. One can decrypt the encrypted data using the users secret key if her attributes agree with the attributes of the ciphertext.
The collusion-resistance is an important security property of ABE. It ensures that when a malicious user colludes with other users, he cannot access other data except the data that he can decrypt with his private key. The concept of attribute-based encryption was proposed in 2005  with single authority. Since then, a number of extensions have been proposed to the baseline ABE, including ABE with multiple authorities to generate users’ private keys jointly and ABE schemes that support arbitrary predicates.
Attribute-based encryption is very powerful, yet few applications to date deploy it due to the lack of understanding of both core concepts and efficient implementation. ABE has not yet been deployed in any form on a blockchain for real-time operation to date. For example, on a blockchain, permissions could be represented by ownership of access tokens.
All nodes in the network, which have a certain token issued to them, will be granted access to the special rights and privileges associated with the token. The token provides a means of tracking who has certain attributes and such tracking should be done in an algorithmic and consistent fashion by the authority entity that distributes the token.
Tokens can be viewed as badges that represent attributes or qualifications, and should be used as non-transferable quantifiers of reputation or attributes. It is shown that there is no need for a fixed authority to do attribute-based encryption . It is possible to have multiple authorities in a decentralized network and fulfill the same goals.
The multi-party computation (MPC) model defines a multi-party protocol to allow them to carry out some computation jointly over their private data inputs without violating their input privacy, such that an adversary learns nothing about the input of an authentic party but the output of the joint computation. Andrew Yao formally defined secure two-party computation in 1982  and generalized it in 1986  for the Millionaires’ problem. This generalization has served as the foundation for many subsequent and increasingly efficient MPC protocols.
The success of employing MPC in distributed voting, private bidding, and private information retrieval has made it a popular solution to many real-world problems. In recent years, MPC has been used in blockchain systems to protect users’ privacy. Andrychowicz et al. designed and implemented secure multiparty computation protocols on Bitcoin system in 2014 .
They constructed protocols for secure multiparty lotteries without any trusted authority. Their protocols are able to guarantee fairness for the honest users regardless of how dishonest one behaves. If a user violates or interferes with the protocol, then she becomes a loser and her bitcoins are transported to the honest users.
Another cryptographic technology that has powerful privacy-preserving properties is zero knowledge proofs, proposed in the early 1980s . The basic idea is that a formal proof can be formulated to verify that a program executed with some input privately known by the user can produce some publicly open output with no disclosure of any other information. In other words, a certifier can prove to a verifier that some assertion is accurate without providing any useful information to the verifier.
As a variant of zero-knowledge proofs, it is shown that, with the non-interactive variant of zero-knowledge proofs, called as NIZK, one can achieve computational zero-knowledge without requiring certifier and verifier to interact at all, provided that the certifier and the verifier share a common reference string. In a blockchain application, all account balances are encrypted and stored in the chain.
When a user transfers money to another user, he can easily prove that he has sufficient balance for the transfer with zero-knowledge proofs, without revealing the account balance.
Another variation is the zero-knowledge Succinct Non-interactive ARgument of Knowledge (zk-SNARK) proof, introduced in 2012 by Bitansky  and is served as the backbone of the Zcash protocol . Zcash uses zk-SNARKs to verify transactions while protecting users’ privacy. Recently, the Zcash group enhanced the Ethereum contract language to efficiently provide zkSNARK proofs verification. They also used the new zk-SNARK verifier to enforce an original coin mixing contract, which adopts a simplified version of Zerocash, an academic protocol whose implementation is used to build Zcash.
An execution environment is called TEE if it provides a completely isolated environment for application execution, which effectively prevents other software applications and operating system(s) from tampering with and learning the state of the application running in it. Specifically, TEEs establish an isolated execution environment that runs in parallel with a standard operating system, such as Android and Microsoft Windows; its aim is to defend sensitive code and data against privileged software attacks from a potentially compromised native OS.
ARM TrustZone and Intel SGX are examples of TEE technologies, which use hybrid hardware and software mechanisms to protect sensitive assets. Only trusted applications running in a TEE have access to the full power of a device’s main processor, peripherals and memory, while hardware isolation protects these from user installed apps running in a main operating system. For example, Ekiden  is a SGX-based solution for confidentiality-preserving smart contracts. Ekiden separates computation from consensus. It performs smart contract computation in TEEs on compute nodes off chain, then uses a remote attestation protocol to validate the execution correctness of compute nodes on chain. The consensus nodes are used for maintaining the blockchain and do not require to use a trusted hardware.
Zecrey official website: Zecrey
Welcome to join our communities and follow us on twitter:
 Amit Sahai and Brent Waters. [n.d.]. Fuzzy Identity-Based Encryption. 457–473.
 Allison Lewko and Brent Waters. [n.d.]. Decentralizing attribute-based encryption. In EUROCRYPT 2011. 568–588
 A. C. Yao. [n.d.]. Protocols for secure computations. In SFCS 1982. 160–164.
 Andrew Chi-Chih Yao. [n.d.]. How to generate and exchange secrets. In SFCS 1986. 162–167.
 Marcin Andrychowicz, Stefan Dziembowski, Daniel Malinowski, and Lukasz Mazurek. [n.d.]. Secure multiparty computations on bitcoin. In SP 2014. 443–458.
 S. Goldwasser, S. Micali, and C. Rackoff. [n.d.]. The knowledge complexity of interactive proof-systems. In STOC 1985. 291–304.
 Nir Bitansky, Ran Canetti, Alessandro Chiesa, and Eran Tromer. [n.d.]. From extractable collision resistance to succinct non-interactive arguments of knowledge, and back again. In ITCS 2012. 326–349.
 Eli Ben Sasson, Alessandro Chiesa, Christina Garman, Matthew Green, Ian Miers, Eran Tromer, and Madars Virza. [n.d.]. Zerocash: Decentralized anonymous payments from Bitcoin. In SP 2014. 459–474.
 Raymond Cheng, Fan Zhang, Jernej Kos, Warren He, Nicholas Hynes, Noah M. Johnson, Ari Juels, Andrew Miller, and Dawn Song. 2018. Ekiden: A platform for confidentiality-preserving, trustworthy, and performant smart contract execution. CoRR abs/1804.05141 (2018).