RSA and redactable blockchains

A blockchain is redactable if a private key holder (e.g. a central authority) can change any single block without violating integrity of the whole blockchain, but no other party can do that. In this paper, we offer a simple method of constructing redactable blockchains inspired by the ideas underlying the well-known RSA encryption scheme. Notably, our method can be used in conjunction with any reasonable hash function that is used to build a blockchain. Public immutability of a blockchain in our construction is based on the computational hardness of the RSA problem and not on properties of the underlying hash function. Corruption resistance is based on the computational hardness of the discrete logarithm problem.Comment: 5 page

CDEdit: A Highly Applicable Redactable Blockchain with Controllable Editing Privilege and Diversified Editing Types

Redactable blockchains allow modifiers or voting committees with modification privileges to edit the data on the chain. Trapdoor holders in chameleon-based hash redactable blockchains can quickly compute hash collisions for arbitrary data, and without breaking the link of the hash-chain. However, chameleon-based hash redactable blockchain schemes have difficulty solving the problem of multi-level editing requests and competing for modification privileges. In this paper, we propose CDEdit, a highly applicable redactable blockchain with controllable editing privilege and diversified editing types. The proposed scheme increases the cost of invalid or malicious requests by paying the deposit on each edit request. At the same time, the editing privilege is subdivided into request, modification, and verification privileges, and the modification privilege token is distributed efficiently to prevent the abuse of the modification privilege and collusion attacks. We use chameleon hashes with ephemeral trapdoor (CHET) and ciphertext policy attribute-based encryption (CP-ABE) to implement two editing types of transaction-level and block-level, and present a practical instantiation and security analysis. Finally, the implementation and evaluation show that our scheme only costs low-performance overhead and is suitable for multi-level editing requests and modification privilege competition scenarios.Comment: 11 pages, 6 figure

Redactable Blockchain in the Permissionless Setting

Bitcoin is an immutable permissionless blockchain system that has been extensively used as a public bulletin board by many different applications that heavily relies on its immutability. However, Bitcoin's immutability is not without its fair share of demerits. Interpol exposed the existence of harmful and potentially illegal documents, images and links in the Bitcoin blockchain, and since then there have been several qualitative and quantitative analysis on the types of data currently residing in the Bitcoin blockchain. Although there is a lot of attention on blockchains, surprisingly the previous solutions proposed for data redaction in the permissionless setting are far from feasible, and require additional trust assumptions. Hence, the problem of harmful data still poses a huge challenge for law enforcement agencies like Interpol (Tziakouris, IEEE S&P'18). We propose the first efficient redactable blockchain for the permissionless setting that is easily integrable into Bitcoin, and that does not rely on heavy cryptographic tools or trust assumptions. Our protocol uses a consensus-based voting and is parameterised by a policy that dictates the requirements and constraints for the redactions; if a redaction gathers enough votes the operation is performed on the chain. As an extra feature, our protocol offers public verifiability and accountability for the redacted chain. Moreover, we provide formal security definitions and proofs showing that our protocol is secure against redactions that were not agreed by consensus. Additionally, we show the viability of our approach with a proof-of-concept implementation that shows only a tiny overhead in the chain validation of our protocol when compared to an immutable one.Comment: 2019 IEEE Symposium on Security and Privacy (SP), San Fransisco, CA, US, , pp. 645-65

Blockchain Technology, Technical Challenges and Countermeasures for Illegal Data Insertion

Blockchain is a decentralized transaction and data management technology. It was developed for the world’s first cryptocurrency known as Bitcoin in 2008. The reason behind its popularity was its properties which provide pseudonymity, security, and data integrity without third-party intervention.  Initially, most of the researches were focused on the Bitcoin system and its limitation, but later other applications of Blockchain e.g. smart contracts and licensing [1] also got famous. Blockchain technology has the potential to change the way how transactions are conducted in daily life. It is not limited to cryptocurrencies but could be possibly applied in various environments where any forms of transactions are done. This article presents a comprehensive overview of Blockchain technology, its development, applications, security issues, and their countermeasures. In particular, the security towards illegal data insertion and the countermeasures is focused. Our analysis of countermeasures of illegal data insertion can be combined for increased efficiency. After the introduction of the Blockchain and consensus algorithm, some famous Blockchain applications and expected future of Blockchain are deliberated. Then, the technical challenges of Blockchain are discussed, in which the main focus here is on the security and the data insertion in Blockchain. The review of the possible countermeasures to overcome the security issues related to data insertion are elaborated

Die Blockchain im Spannungsfeld der Grundsätze der Datenschutzgrundverordnung

Blockchain-Technologie und auf ihr basierende Smart Contracts erleben aktuell große Aufmerksamkeit. Egal ob Finanztransaktionen, eHealth oder eGovernment, für zahlreiche Anwendungsfelder wird der Einsatz von Blockchain-Technologie vorgeschlagen. In jüngster Zeit mehren sich jedoch auch kritische Stimmen, die die kryptographischen und Konsens-Prinzipien dieser Technologie für unvereinbar mit der Verarbeitung personenbezogener Daten und somit den Grundsätzen des Datenschutzrechts halten. Ziel dieses Beitrags ist es, die Eignung verschiedener Blockchain-Technologien für die Erfüllung der Grundsätze der Verarbeitung personenbezogener Daten gemäß Artikel 5 der EU Datenschutzgrundverordnung wie u.a. Rechenschaftspflicht, Speicherbegrenzung und Betroffenenrechten zu analysieren