Redactable Blockchain in the Permissionless Setting

Bitcoin is an immutable permissionless blockchain system that has been extensively used as a public bulletin board by many different applications that heavily relies on its immutability. However, Bitcoin's immutability is not without its fair share of demerits. Interpol exposed the existence of harmful and potentially illegal documents, images and links in the Bitcoin blockchain, and since then there have been several qualitative and quantitative analysis on the types of data currently residing in the Bitcoin blockchain. Although there is a lot of attention on blockchains, surprisingly the previous solutions proposed for data redaction in the permissionless setting are far from feasible, and require additional trust assumptions. Hence, the problem of harmful data still poses a huge challenge for law enforcement agencies like Interpol (Tziakouris, IEEE S&P'18). We propose the first efficient redactable blockchain for the permissionless setting that is easily integrable into Bitcoin, and that does not rely on heavy cryptographic tools or trust assumptions. Our protocol uses a consensus-based voting and is parameterised by a policy that dictates the requirements and constraints for the redactions; if a redaction gathers enough votes the operation is performed on the chain. As an extra feature, our protocol offers public verifiability and accountability for the redacted chain. Moreover, we provide formal security definitions and proofs showing that our protocol is secure against redactions that were not agreed by consensus. Additionally, we show the viability of our approach with a proof-of-concept implementation that shows only a tiny overhead in the chain validation of our protocol when compared to an immutable one.Comment: 2019 IEEE Symposium on Security and Privacy (SP), San Fransisco, CA, US, , pp. 645-65

CDEdit: A Highly Applicable Redactable Blockchain with Controllable Editing Privilege and Diversified Editing Types

Redactable blockchains allow modifiers or voting committees with modification privileges to edit the data on the chain. Trapdoor holders in chameleon-based hash redactable blockchains can quickly compute hash collisions for arbitrary data, and without breaking the link of the hash-chain. However, chameleon-based hash redactable blockchain schemes have difficulty solving the problem of multi-level editing requests and competing for modification privileges. In this paper, we propose CDEdit, a highly applicable redactable blockchain with controllable editing privilege and diversified editing types. The proposed scheme increases the cost of invalid or malicious requests by paying the deposit on each edit request. At the same time, the editing privilege is subdivided into request, modification, and verification privileges, and the modification privilege token is distributed efficiently to prevent the abuse of the modification privilege and collusion attacks. We use chameleon hashes with ephemeral trapdoor (CHET) and ciphertext policy attribute-based encryption (CP-ABE) to implement two editing types of transaction-level and block-level, and present a practical instantiation and security analysis. Finally, the implementation and evaluation show that our scheme only costs low-performance overhead and is suitable for multi-level editing requests and modification privilege competition scenarios.Comment: 11 pages, 6 figure

RSA and redactable blockchains

A blockchain is redactable if a private key holder (e.g. a central authority) can change any single block without violating integrity of the whole blockchain, but no other party can do that. In this paper, we offer a simple method of constructing redactable blockchains inspired by the ideas underlying the well-known RSA encryption scheme. Notably, our method can be used in conjunction with any reasonable hash function that is used to build a blockchain. Public immutability of a blockchain in our construction is based on the computational hardness of the RSA problem and not on properties of the underlying hash function. Corruption resistance is based on the computational hardness of the discrete logarithm problem.Comment: 5 page

Decentralized Inverse Transparency With Blockchain

Employee data can be used to facilitate work, but their misusage may pose risks for individuals. Inverse transparency therefore aims to track all usages of personal data, allowing individuals to monitor them to ensure accountability for potential misusage. This necessitates a trusted log to establish an agreed-upon and non-repudiable timeline of events. The unique properties of blockchain facilitate this by providing immutability and availability. For power asymmetric environments such as the workplace, permissionless blockchain is especially beneficial as no trusted third party is required. Yet, two issues remain: (1) In a decentralized environment, no arbiter can facilitate and attest to data exchanges. Simple peer-to-peer sharing of data, conversely, lacks the required non-repudiation. (2) With data governed by privacy legislation such as the GDPR, the core advantage of immutability becomes a liability. After a rightful request, an individual's personal data need to be rectified or deleted, which is impossible in an immutable blockchain. To solve these issues, we present Kovacs, a decentralized data exchange and usage logging system for inverse transparency built on blockchain. Its new-usage protocol ensures non-repudiation, and therefore accountability, for inverse transparency. Its one-time pseudonym generation algorithm guarantees unlinkability and enables proof of ownership, which allows data subjects to exercise their legal rights regarding their personal data. With our implementation, we show the viability of our solution. The decentralized communication impacts performance and scalability, but exchange duration and storage size are still reasonable. More importantly, the provided information security meets high requirements. We conclude that Kovacs realizes decentralized inverse transparency through secure and GDPR-compliant use of permissionless blockchain.Comment: Peer-reviewed version accepted for publication in ACM Distributed Ledger Technologies: Research and Practice (DLT). arXiv admin note: substantial text overlap with arXiv:2104.0997

Reparo: Publicly Verifiable Layer to Repair Blockchains

Although blockchains aim for immutability as their core feature, several instances have exposed the harms with perfect immutability. The permanence of illicit content inserted in Bitcoin poses a challenge to law enforcement agencies like Interpol, and millions of dollars are lost in buggy smart contracts in Ethereum. A line of research then spawned on Redactable blockchains with the aim of solving the problem of redacting illicit contents from both permissioned and permissionless blockchains. However, all the existing proposals follow the build-new-chain approach for redactions, and cannot be integrated with existing systems like Bitcoin and Ethereum. We present Reparo, a generic protocol that acts as a publicly verifiable layer on top of any blockchain to perform repairs, ranging from fixing buggy contracts to removing illicit contents from the chain. Reparo facilitates additional functionalities for blockchains while maintaining the same provable security guarantee; thus, Reparo can be integrated with existing blockchains and start performing repairs on the pre-existent data. Any system user may propose a repair and a deliberation process ensues resulting in a decision that complies with the repair policy of the chain and is publicly verifiable. Our Reparo layer can be easily tailored to different consensus requirements, does not require heavy cryptographic machinery and can, therefore, be efficiently instantiated in any permission-ed or -less setting. We demonstrate it by giving efficient instantiations of Reparo on top of Ethereum (with PoS and PoW), Bitcoin, and Cardano. Moreover, we evaluate Reparo with Ethereum mainnet and show that the cost of fixing several prominent smart contract bugs is almost negligible. For instance, the cost of repairing the prominent Parity Multisig wallet bug with Reparo is as low as 0.000000018% of the Ethers that can be retrieved after the fix.Comment: Appeared in Financial Cryptography 2021 (https://fc21.ifca.ai/program.php#abstract-talk-66

Moderated Redactable Blockchains: A Definitional Framework with an Efficient Construct

Blockchain is a multiparty protocol to reach agreement on the order of events, and to record them consistently and immutably without centralized trust. In some cases, however, the blockchain can benefit from some controlled mutability. Examples include removing private information or unlawful content, and correcting protocol vulnerabilities which would otherwise require a hard fork. Two approaches to control the mutability are: moderation, where one or more designated administrators can use their private keys to approve a redaction, and voting, where miners can vote to endorse a suggested redaction. In this paper, we first present several attacks against existing redactable blockchain solutions. Next, we provide a definitional framework for moderated redactable blockchains. Finally, we propose a provable and efficient construct, which applies a single digital signature per redaction, achieving a much simpler and secure result compared to the prior art in the moderated setting

Yes, I Do: Marrying Blockchain Applications with GDPR

Due to blockchains’ intrinsic transparency and immutability, blockchain-based applications are challenged by privacy regulations, such as the EU General Data Protection Regulation. Hence, scaling blockchain use cases to production often fails to owe to a lack of compliance with legal constraints. As current research mainly focuses on specific use cases, we aim to offer comprehensive guidance regarding the development of blockchain solutions that comply with privacy regulations. Following the action design research method, we contribute a generic framework and design principles to the research domain. In this context, we also emphasize the need for distinguishing between applications based on blockchains’ data integrity and computational integrity guarantees