Private Balance-Checking on Blockchain Accounts Using Private Integer Addition

A transaction record in a sharded blockchain can be represented as a two-dimensional array of integers with row-index associated to an account, column-index to a shard and the entry to the transaction amount. In a blockchain-based cryptocurrency system with coded sharding, a transaction record of a given epoch of time is encoded using a block code considering the entries as finite-field symbols. Each column of the resultant coded array is then stored in a server. In the particular case of PolyShard scheme, the block code turns out to be a maximum-distance-separable code. In this paper, we propose a privacy-preserving multi-round protocol that allows a remote client to retrieve from a coded blockchain system the sum of transaction amounts belonging to two different epochs of time, but to the same account. At the core of the protocol lies an algorithm for a remote client to privately compute a non-linear function referred to as integer-addition of two finite-field symbols representing integer numbers, in the presence of curious-but-honest adversaries. Applying it to balance-checking in a cryptocurrency system, the protocol guarantees information-theoretic privacy on account number and shard number thereby ensuring perfect user anonymity, and also maintains confidentiality of half of the input bits on average. The protocol turns out to be a useful primitive for balance-checking in lightweight clients of a PolyShard-ed blockchain

CrowdBC: A blockchain-based decentralized framework for crowdsourcing

Crowdsourcing systems which utilize the human intelligence to solve complex tasks have gained considerable interest and adoption in recent years. However, the majority of existing crowdsourcing systems rely on central servers, which are subject to the weaknesses of traditional trust-based model, such as single point of failure. They are also vulnerable to distributed denial of service (DDoS) and Sybil attacks due to malicious users involvement. In addition, high service fees from the crowdsourcing platform may hinder the development of crowdsourcing. How to address these potential issues has both research and substantial value. In this paper, we conceptualize a blockchain-based decentralized framework for crowdsourcing named CrowdBC, in which a requester’s task can be solved by a crowd of workers without relying on any third trusted institution, users’ privacy can be guaranteed and only low transaction fees are required. In particular, we introduce the architecture of our proposed framework, based on which we give a concrete scheme. We further implement a software prototype on Ethereum public test network with real-world dataset. Experiment results show the feasibility, usability and scalability of our proposed crowdsourcing system

LightPIR: Privacy-Preserving Route Discovery for Payment Channel Networks

Payment channel networks are a promising approach to improve the scalability of cryptocurrencies: they allow to perform transactions in a peer-to-peer fashion, along multi-hop routes in the network, without requiring consensus on the blockchain. However, during the discovery of cost-efficient routes for the transaction, critical information may be revealed about the transacting entities. This paper initiates the study of privacy-preserving route discovery mechanisms for payment channel networks. In particular, we present LightPIR, an approach which allows a source to efficiently discover a shortest path to its destination without revealing any information about the endpoints of the transaction. The two main observations which allow for an efficient solution in LightPIR are that: (1) surprisingly, hub labelling algorithms - which were developed to preprocess "street network like" graphs so one can later efficiently compute shortest paths - also work well for the graphs underlying payment channel networks, and that (2) hub labelling algorithms can be directly combined with private information retrieval. LightPIR relies on a simple hub labeling heuristic on top of existing hub labeling algorithms which leverages the specific topological features of cryptocurrency networks to further minimize storage and bandwidth overheads. In a case study considering the Lightning network, we show that our approach is an order of magnitude more efficient compared to a privacy-preserving baseline based on using private information retrieval on a database that stores all pairs shortest paths

Reputation Driven Dynamic Access Control Framework for IoT atop PoA Ethereum Blockchain

Security and Scalability are two major challenges that IoT is currently facing. Access control to critical IoT infrastructure is considered as top security challenge that IoT faces. Data generated by IoT devices may be driving many hard real time systems, thus it is of utmost importance to guarantee integrity and authenticity of the data and resources at the first place itself. Due to heterogeneous and constrained nature of IoT devices, traditional IoT security frameworks are not able to deliver scalable, efficient and manageable mechanisms to meet the requirements of IoT devices. On the other hand Blockchain technology has shown great potential to bridge the missing gap towards building a truly decentralized, trustworthy, secure and scalable environment for IoT. Allowing access to IoT resources and data managed through Blockchain will provide an additional security layer backed by the strongest cryptographic algorithms available. In this work we present a reputation driven dynamic access control framework for small scale IoT applications based on Proof of Authority Blockchain, we name it as Rep-ACM. In RepACM framework we build two major services, one for Reputation building (for better IoT device behaviour regulations) and other for Misbehaviour detection (for detecting any Misbehaviour on object resource usage). Both of these services work in coordination with other services of proposed framework to determine who can access what and under what conditions access should be granted. For Proof of Concept (PoC) we created private Ethereum network consisting of two Raspberry Pi single board computers, one desktop computer and a laptop as nodes. We configured Ethereum protocol to use Istanbul Byzantine Fault Tolerance (IBFT) as Proof of Authority (PoA) consensus mechanism for performance optimization in constrained environment. We deployed our model on private network for feasibility and performance analysis

Vizard: A Metadata-hiding Data Analytic System with End-to-End Policy Controls

Owner-centric control is a widely adopted method for easing owners\u27 concerns over data abuses and motivating them to share their data out to gain collective knowledge. However, while many control enforcement techniques have been proposed, privacy threats due to the metadata leakage therein are largely neglected in existing works. Unfortunately, a sophisticated attacker can infer very sensitive information based on either owners\u27 data control policies or their analytic task participation histories (e.g., participating in a mental illness or cancer study can reveal their health conditions). To address this problem, we introduce $\textsf{Vizard}$, a metadata-hiding analytic system that enables privacy-hardened and enforceable control for owners. $\textsf{Vizard}$ is built with a tailored suite of lightweight cryptographic tools and designs that help us efficiently handle analytic queries over encrypted data streams coming in real-time (like heart rates). We propose extension designs to further enable advanced owner-centric controls (with AND, OR, NOT operators) and provide owners with release control to additionally regulate how the result should be protected before deliveries. We develop a prototype of $\textsf{Vizard}$ that is interfaced with Apache Kafka, and the evaluation results demonstrate the practicality of $\textsf{Vizard}$ for large-scale and metadata-hiding analytics over data streams

A Survey on Privacy-preserving Blockchain Systems (PPBS) and A Novel PPBS-based Framework for Smart Agriculture

Blockchain and smart contracts have seen significant application over the last decade, revolutionising many industries, including cryptocurrency, finance and banking, and supply chain management. In many cases, however, the transparency provided potentially comes at the cost of privacy. Blockchain does have potential uses to increase privacy-preservation. This paper outlines the current state of privacy preservation utilising Blockchain and Smart Contracts, as applied to a number of fields and problem domains. It provides a background of blockchain, outlines the challenges in blockchain as they relate to privacy, and then classifies into areas in which this paradigm can be applied to increase or protect privacy. These areas are cryptocurrency, data management and storage, e-voting, the Internet of Things, and smart agriculture. This work then proposes PPSAF, a new privacy-preserving framework designed explicitly for the issues that are present in smart agriculture. Finally, this work outlines future directions of research in areas combining future technologies, privacy-preservation and blockchain

IntegraDos: facilitating the adoption of the Internet of Things through the integration of technologies

También, han sido analizados los componentes para una integración del IoT y cloud computing, concluyendo en la arquitectura Lambda-CoAP. Y por último, los desafíos para una integración del IoT y Blockchain han sido analizados junto con una evaluación de las posibilidades de los dispositivos del IoT para incorporar nodos de Blockchain. Las contribuciones de esta tesis doctoral contribuyen a acercar la adopción del IoT en la sociedad, y por tanto, a la expansión de esta prominente tecnología. Fecha de lectura de Tesis: 17 de diciembre 2018.El Internet de las Cosas (IoT) fue un nuevo concepto introducido por K. Asthon en 1999 para referirse a un conjunto identificable de objetos conectados a través de RFID. Actualmente, el IoT se caracteriza por ser una tecnología ubicua que está presente en un gran número de áreas, como puede ser la monitorización de infraestructuras críticas, sistemas de trazabilidad o sistemas asistidos para el cuidado de la salud. El IoT está cada vez más presente en nuestro día a día, cubriendo un gran abanico de posibilidades con el fin de optimizar los procesos y problemas a los que se enfrenta la sociedad. Es por ello por lo que el IoT es una tecnología prometedora que está continuamente evolucionando gracias a la continua investigación y el gran número de dispositivos, sistemas y componentes emergidos cada día. Sin embargo, los dispositivos involucrados en el IoT se corresponden normalmente con dispositivos embebidos con limitaciones de almacenamiento y procesamiento, así como restricciones de memoria y potencia. Además, el número de objetos o dispositivos conectados a Internet contiene grandes previsiones de crecimiento para los próximos años, con unas expectativas de 500 miles de millones de objetos conectados para 2030. Por lo tanto, para dar cabida a despliegues globales del IoT, además de suplir las limitaciones que existen, es necesario involucrar nuevos sistemas y paradigmas que faciliten la adopción de este campo. El principal objetivo de esta tesis doctoral, conocida como IntegraDos, es facilitar la adopción del IoT a través de la integración con una serie de tecnologías. Por un lado, ha sido abordado cómo puede ser facilitada la gestión de sensores y actuadores en dispositivos físicos sin tener que acceder y programar las placas de desarrollo. Por otro lado, un sistema para programar aplicaciones del IoT portables, adaptables, personalizadas y desacopladas de los dispositivos ha sido definido

Moving Multiparty Computation Forward for the Real World

Privacy is important both for individuals and corporations. While individuals want to keep their personally identifiable information private, corporations want to protect the privacy of their proprietary data in order not to lose their competitive advantage. The academic literature has extensively analyzed privacy from a theoretical perspective. We use these theoretical results to address the need for privacy in real-world applications, for both individuals and corporations. We focus on different variations of a cryptographic primitive from the literature: secure Multi-Party Computation (MPC). MPC helps different parties compute a joint function on their private inputs, without disclosing them. In this dissertation, we look at real-world applications of MPC, and aim to protect the privacy of personal and/or proprietary data. Our main aim is to match theory to practical applications. The first work we present in this dissertation is a blockchain-based, generic MPC system that can be used in applications where personal and/or proprietary data is involved. Then we present a system that performs privacy-preserving link prediction between two graph databases using private set intersection cardinality (PSI-CA). The next use case we present again uses PSI-CA to perform contact tracing in order to track the spread of a virus in a population. The last use case is a genomic test realized by one time programs. Finally, this dissertation provides a comparison of the different MPC techniques and a detailed discussion about this comparison