46 research outputs found
Redactable Blockchain in the Permissionless Setting
Bitcoin is an immutable permissionless blockchain system that has been
extensively used as a public bulletin board by many different applications that
heavily relies on its immutability. However, Bitcoin's immutability is not
without its fair share of demerits. Interpol exposed the existence of harmful
and potentially illegal documents, images and links in the Bitcoin blockchain,
and since then there have been several qualitative and quantitative analysis on
the types of data currently residing in the Bitcoin blockchain.
Although there is a lot of attention on blockchains, surprisingly the
previous solutions proposed for data redaction in the permissionless setting
are far from feasible, and require additional trust assumptions. Hence, the
problem of harmful data still poses a huge challenge for law enforcement
agencies like Interpol (Tziakouris, IEEE S&P'18).
We propose the first efficient redactable blockchain for the permissionless
setting that is easily integrable into Bitcoin, and that does not rely on heavy
cryptographic tools or trust assumptions. Our protocol uses a consensus-based
voting and is parameterised by a policy that dictates the requirements and
constraints for the redactions; if a redaction gathers enough votes the
operation is performed on the chain. As an extra feature, our protocol offers
public verifiability and accountability for the redacted chain. Moreover, we
provide formal security definitions and proofs showing that our protocol is
secure against redactions that were not agreed by consensus. Additionally, we
show the viability of our approach with a proof-of-concept implementation that
shows only a tiny overhead in the chain validation of our protocol when
compared to an immutable one.Comment: 2019 IEEE Symposium on Security and Privacy (SP), San Fransisco, CA,
US, , pp. 645-65
CDEdit: A Highly Applicable Redactable Blockchain with Controllable Editing Privilege and Diversified Editing Types
Redactable blockchains allow modifiers or voting committees with modification
privileges to edit the data on the chain. Trapdoor holders in chameleon-based
hash redactable blockchains can quickly compute hash collisions for arbitrary
data, and without breaking the link of the hash-chain. However, chameleon-based
hash redactable blockchain schemes have difficulty solving the problem of
multi-level editing requests and competing for modification privileges. In this
paper, we propose CDEdit, a highly applicable redactable blockchain with
controllable editing privilege and diversified editing types. The proposed
scheme increases the cost of invalid or malicious requests by paying the
deposit on each edit request. At the same time, the editing privilege is
subdivided into request, modification, and verification privileges, and the
modification privilege token is distributed efficiently to prevent the abuse of
the modification privilege and collusion attacks. We use chameleon hashes with
ephemeral trapdoor (CHET) and ciphertext policy attribute-based encryption
(CP-ABE) to implement two editing types of transaction-level and block-level,
and present a practical instantiation and security analysis. Finally, the
implementation and evaluation show that our scheme only costs low-performance
overhead and is suitable for multi-level editing requests and modification
privilege competition scenarios.Comment: 11 pages, 6 figure
RSA and redactable blockchains
A blockchain is redactable if a private key holder (e.g. a central authority)
can change any single block without violating integrity of the whole
blockchain, but no other party can do that. In this paper, we offer a simple
method of constructing redactable blockchains inspired by the ideas underlying
the well-known RSA encryption scheme. Notably, our method can be used in
conjunction with any reasonable hash function that is used to build a
blockchain. Public immutability of a blockchain in our construction is based on
the computational hardness of the RSA problem and not on properties of the
underlying hash function. Corruption resistance is based on the computational
hardness of the discrete logarithm problem.Comment: 5 page
Decentralized Inverse Transparency With Blockchain
Employee data can be used to facilitate work, but their misusage may pose
risks for individuals. Inverse transparency therefore aims to track all usages
of personal data, allowing individuals to monitor them to ensure accountability
for potential misusage. This necessitates a trusted log to establish an
agreed-upon and non-repudiable timeline of events. The unique properties of
blockchain facilitate this by providing immutability and availability. For
power asymmetric environments such as the workplace, permissionless blockchain
is especially beneficial as no trusted third party is required. Yet, two issues
remain: (1) In a decentralized environment, no arbiter can facilitate and
attest to data exchanges. Simple peer-to-peer sharing of data, conversely,
lacks the required non-repudiation. (2) With data governed by privacy
legislation such as the GDPR, the core advantage of immutability becomes a
liability. After a rightful request, an individual's personal data need to be
rectified or deleted, which is impossible in an immutable blockchain.
To solve these issues, we present Kovacs, a decentralized data exchange and
usage logging system for inverse transparency built on blockchain. Its
new-usage protocol ensures non-repudiation, and therefore accountability, for
inverse transparency. Its one-time pseudonym generation algorithm guarantees
unlinkability and enables proof of ownership, which allows data subjects to
exercise their legal rights regarding their personal data. With our
implementation, we show the viability of our solution. The decentralized
communication impacts performance and scalability, but exchange duration and
storage size are still reasonable. More importantly, the provided information
security meets high requirements. We conclude that Kovacs realizes
decentralized inverse transparency through secure and GDPR-compliant use of
permissionless blockchain.Comment: Peer-reviewed version accepted for publication in ACM Distributed
Ledger Technologies: Research and Practice (DLT). arXiv admin note:
substantial text overlap with arXiv:2104.0997
Reparo: Publicly Verifiable Layer to Repair Blockchains
Although blockchains aim for immutability as their core feature, several
instances have exposed the harms with perfect immutability. The permanence of
illicit content inserted in Bitcoin poses a challenge to law enforcement
agencies like Interpol, and millions of dollars are lost in buggy smart
contracts in Ethereum. A line of research then spawned on Redactable
blockchains with the aim of solving the problem of redacting illicit contents
from both permissioned and permissionless blockchains. However, all the
existing proposals follow the build-new-chain approach for redactions, and
cannot be integrated with existing systems like Bitcoin and Ethereum.
We present Reparo, a generic protocol that acts as a publicly verifiable
layer on top of any blockchain to perform repairs, ranging from fixing buggy
contracts to removing illicit contents from the chain. Reparo facilitates
additional functionalities for blockchains while maintaining the same provable
security guarantee; thus, Reparo can be integrated with existing blockchains
and start performing repairs on the pre-existent data. Any system user may
propose a repair and a deliberation process ensues resulting in a decision that
complies with the repair policy of the chain and is publicly verifiable.
Our Reparo layer can be easily tailored to different consensus requirements,
does not require heavy cryptographic machinery and can, therefore, be
efficiently instantiated in any permission-ed or -less setting. We demonstrate
it by giving efficient instantiations of Reparo on top of Ethereum (with PoS
and PoW), Bitcoin, and Cardano. Moreover, we evaluate Reparo with Ethereum
mainnet and show that the cost of fixing several prominent smart contract bugs
is almost negligible. For instance, the cost of repairing the prominent Parity
Multisig wallet bug with Reparo is as low as 0.000000018% of the Ethers that
can be retrieved after the fix.Comment: Appeared in Financial Cryptography 2021
(https://fc21.ifca.ai/program.php#abstract-talk-66
Moderated Redactable Blockchains: A Definitional Framework with an Efficient Construct
Blockchain is a multiparty protocol to reach agreement on the order of events, and to record them consistently and immutably without centralized trust. In some cases, however, the blockchain can benefit from some controlled mutability. Examples include removing private information or unlawful content, and correcting protocol vulnerabilities which would otherwise require a hard fork. Two approaches to control the mutability are: moderation, where one or more designated administrators can use their private keys to approve a redaction, and voting, where miners can vote to endorse a suggested redaction. In this paper, we first present several attacks against existing redactable blockchain solutions. Next, we provide a definitional framework for moderated redactable blockchains. Finally, we propose a provable and efficient construct, which applies a single digital signature per redaction, achieving a much simpler and secure result compared to the prior art in the moderated setting
Yes, I Do: Marrying Blockchain Applications with GDPR
Due to blockchainsâ intrinsic transparency and immutability, blockchain-based applications are challenged by privacy regulations, such as the EU General Data Protection Regulation. Hence, scaling blockchain use cases to production often fails to owe to a lack of compliance with legal constraints. As current research mainly focuses on specific use cases, we aim to offer comprehensive guidance regarding the development of blockchain solutions that comply with privacy regulations. Following the action design research method, we contribute a generic framework and design principles to the research domain. In this context, we also emphasize the need for distinguishing between applications based on blockchainsâ data integrity and computational integrity guarantees