A Decentralised Digital Identity Architecture

Current architectures to validate, certify, and manage identity are based on centralised, top-down approaches that rely on trusted authorities and third-party operators. We approach the problem of digital identity starting from a human rights perspective, with a primary focus on identity systems in the developed world. We assert that individual persons must be allowed to manage their personal information in a multitude of different ways in different contexts and that to do so, each individual must be able to create multiple unrelated identities. Therefore, we first define a set of fundamental constraints that digital identity systems must satisfy to preserve and promote privacy as required for individual autonomy. With these constraints in mind, we then propose a decentralised, standards-based approach, using a combination of distributed ledger technology and thoughtful regulation, to facilitate many-to-many relationships among providers of key services. Our proposal for digital identity differs from others in its approach to trust in that we do not seek to bind credentials to each other or to a mutually trusted authority to achieve strong non-transferability. Because the system does not implicitly encourage its users to maintain a single aggregated identity that can potentially be constrained or reconstructed against their interests, individuals and organisations are free to embrace the system and share in its benefits.Comment: 30 pages, 10 figures, 3 table

Quantum-secured blockchain

Blockchain is a distributed database which is cryptographically protected against malicious modifications. While promising for a wide range of applications, current blockchain platforms rely on digital signatures, which are vulnerable to attacks by means of quantum computers. The same, albeit to a lesser extent, applies to cryptographic hash functions that are used in preparing new blocks, so parties with access to quantum computation would have unfair advantage in procuring mining rewards. Here we propose a possible solution to the quantum era blockchain challenge and report an experimental realization of a quantum-safe blockchain platform that utilizes quantum key distribution across an urban fiber network for information-theoretically secure authentication. These results address important questions about realizability and scalability of quantum-safe blockchains for commercial and governmental applications.Comment: 7 pages, 2 figures; published versio

A fair payment system with online anonymous transfer

Thesis (M. Eng.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, February 2007.Includes bibliographical references (p. 26-27).Physical cash can be anonymously transfered. Transferability is a desirable property because it allows for flexible, private commerce where neither the seller nor the buyer must identify themselves to the bank. In some cases, however, anonymity can be abused and lead to problems such as blackmail and money laundering. In 1996, Camenisch, Piveteau, and Stadler introduced the concept of fairness for (non-transferable) ECash, where a trusted authority can revoke the anonymity of certain transactions as needed. To our knowledge, no current ECash system supports both anonymous transfer and fairness. We have designed and implemented such a system. Also, we formally describe a set of desirable properties for ECash systems and prove that our system meets all of these properties under the Strong RSA assumption and the Decisional Diffie-Hellman assumption in the random oracle model. Furthermore, we provide extensions for our system that could allow it to deal with offline payments and micropayments. Our system has been implemented in java. Tests have shown that it performs and scales well, as expected.by Bin D. Vo.M.Eng

SHAREDWEALTH: A CRYPTOCURRENCY TO REWARD MINERS EVENLY

Bitcoin [19] is a decentralized cryptocurrency that has recently gained popularity and has emerged as a popular medium of exchange. The total market capitalization is around 1.5 billion US dollars as of October 2013 [28]. All the operations of Bitcoin are maintained in a distributed public global ledger known as a block chain which consists of all the successful transactions that have ever taken place. The security of a block chain is maintained by a chain of cryptographic puzzles solved by participants called miners, who in return are rewarded with bitcoins. To be successful, the miner has to put in his resources to solve the cryptographic puzzle (also known as a proof of work). The reward structure is an incentive for miners to contribute their computational resources and is also essential to the currency\u27s decentralized nature. One disadvantage of the reward structure is that the payment system is uneven. The reward is always given to one person. Hence people form mining pools where every member of the pool solves the same cryptographic puzzle and irrespective of the person who solved it, the reward is shared evenly among all the members of the pool. The Bitcoin protocol assumes that the miners are honest and they follow the Bitcoin protocol as prescribed. If group of selfish miners comes to lead by forming pools, the currency stops being decentralized and comes under the control of the selfish miners. Such miners can control the whole Bitcoin network [29]. Our goal is to address this problem by creating a distinct peer-to-peer protocol that reduces the incentives for the miners to join large mining pools. The central idea is to pay the “runners-up” who come close to finding a proof, thereby creating a less volatile payout situation. The work done by the “runners-up” can be used by other miners to find the solution of proof of work by building upon their work. Once they find the actual solution they have to include the solution of the other miner in order to get rewarded. The benefit of this protocol is that not only the miners save their computational resources but also the reward is distributed among the miners

Efficient and Provably-secure Certificateless Strong Designated Verifier Signature Scheme without Pairings

Strong designated verifier signature (generally abbreviated to SDVS) allows signers to obtain absolute control over who can verify the signature, while only the designated verifier other than anyone else can verify the validity of a SDVS without being able to transfer the conviction. Certificateless PKC has unique advantages comparing with certificate-based cryptosystems and identity-based PKC, without suffering from key escrow. Motivated by these attractive features, we propose a novel efficient CL-SDVS scheme without bilinear pairings or map-to-point hash operations. The proposed scheme achieves all the required security properties including EUF-CMA, non-transferability, strongness and non-delegatability. We also estimate the computational and communication efficiency. The comparison shows that our scheme outperforms all the previous CL-(S)DVS schemes. Furthermore, the crucial security properties of the CL-SDVS scheme are formally proved based on the intractability of SCDH and ECDL assumptions in random oracle model