Non-Disclosing Credential On-chaining for Blockchain-based Decentralized Applications

Many service systems rely on verifiable identity-related information of their users. Manipulation and unwanted exposure of this privacy-relevant information, however, must at the same time be prevented and avoided. Peer-to-peer blockchain-based decentralization with a smart contract-based execution model and verifiable off-chain computations leveraging zero-knowledge proofs promise to provide the basis for next-generation, non-disclosing credential management solutions. In this paper, we propose a novel credential on-chaining system that ensures blockchain-based transparency while preserving pseudonymity. We present a general model compliant to the W3C verifiable credential recommendation and demonstrate how it can be applied to solve existing problems that require computational identity-related attribute verification. Our zkSNARKs-based reference implementation and evaluation show that, compared to related approaches based on, e.g., CL-signatures, our approach provides significant performance advantages and more flexible proof mechanisms, underpinning our vision of increasingly decentralized, transparent, and trustworthy service systems

PTTS: Zero-Knowledge Proof-based Private Token Transfer System on Ethereum Blockchain and its Network Flow Based Balance Range Privacy Attack Analysis

Blockchains are decentralized and immutable databases that are shared among the nodes of the network. Although blockchains have attracted a great scale of attention in the recent years by disrupting the traditional financial systems, the transaction privacy is still a challenging issue that needs to be addressed and analysed. We propose a Private Token Transfer System (PTTS) for the Ethereum public blockchain in the first part of this paper. For the proposed framework, zero-knowledge based protocol has been designed using Zokrates and integrated into our private token smart contract. With the help of web user interface designed, the end users can interact with the smart contract without any third-party setup. In the second part of the paper, we provide security and privacy analysis including the replay attack and the balance range privacy attack which has been modelled as a network flow problem. It is shown that in case some balance ranges are deliberately leaked out to particular organizations or adversial entities, it is possible to extract meaningful information about the user balances by employing minimum cost flow network algorithms that have polynomial complexity. The experimental study reports the Ethereum gas consumption and proof generation times for the proposed framework. It also reports network solution times and goodness rates for a subset of addresses under the balance range privacy attack with respect to number of addresses, number of transactions and ratio of leaked transfer transaction amounts

Blockchain-Based, Confidentiality-Preserving Orchestration of Collaborative Workflows

Business process collaboration between independent parties can be challenging, especially if the participants do not have complete trust in each other. Tracking actions and enforcing the activity authorizations of participants via blockchain-hosted smart contracts is an emerging solution to this lack of trust, with most state-of-the-art approaches generating the orchestrating smart contract logic from BPMN models. However, as a significant drawback in comparison to centralized business process orchestration, smart contract state typically leaks potentially sensitive information about the state of the collaboration. We describe a novel approach where the process manager smart contract only stores cryptographic commitments to the state and checks zero-knowledge proofs on update proposals. We cover a representative subset of BPMN, support message passing commitments between participants and provide an open-source end-to-end implementation. Under our approach, no party external to the collaboration can gain trustable knowledge of the current state of a process instance (barring collusion with a participant), even if it has full access to the blockchain history

Ensuring the privacy of information in distributed ledger systems with zero-knowledge proofs

This article addresses the privacy issue in distributed ledger technology (DLT) and blockchain. The research focuses on the applied use case of private transactions involving digital assets. The article provides a comparison of various privacy methods, including mixing networks, ring signatures, and off-chain protocols. It is noted that these methods do not achieve the target level of decentralization, which is a crucial property for blockchain. To address these limitations, the article introduces zero-knowledge proof methods, with a particular emphasis on SNARK. Mathematical descriptions of SNARK methods are presented, along with software implementation approaches. The research includes experiments conducted to compare the performance and information security properties of SNARK methods in the use case of private transactions involving digital assets. The experimental results highlight approaches to improve performance using batch verification methods. The findings of this research have practical implications for the development of systems requiring high levels of privacy and decentralization in blockchain-based systems

A Privacy Framework for Decentralized Applications using Blockchains and Zero Knowledge Proofs

With the increasing interest in connected vehicles along with electrification opportunities, there is an ongoing effort to automate the charging process of electric vehicles (EVs) through their capabilities to communicate with the infrastructure and each other. However, charging EVs takes time and thus in-advance scheduling is needed. As this process is done frequently due to limited mileage of EVs, it may expose the locations and charging pattern of the EV to the service providers, raising privacy concerns for their users. Nevertheless, the EV still needs to be authenticated to charging providers, which means some information will need to be provided anyway. While there have been many studies to address the problem of privacy-preserving authentication for vehicular networks, such solutions will be void if charging payments are made through traditional means. In this thesis, we tackle this problem by utilizing distributed applications enabled by Blockchain and smart contracts. We adapt zero-knowledge proofs to Blockchain for enabling privacy-preserving authentication while removing the need for a central authority. We introduce two approaches, one using a token-based mechanism and another utilizing the Pederson Commitment scheme to realize anonymous authentication. We also describe a protocol for the whole process which includes scheduling and charging operations. The evaluation of the proposed approaches indicates that the overhead of this process is affordable to enable real-time charging operations for connected EVs

Towards Smart Contract-based Verification of Anonymous Credentials

Smart contracts often need to verify identity-related information of their users. However, such information is typically confidential, and its verification requires access to off-chain resources. Given the isolation and privacy limitations of blockchain technologies, this presents a problem for on-chain verification. In this paper, we show how CL-signature-based anonymous credentials can be verified in smart contracts using the example of Hyperledger Indy, a decentralized credential management platform, and Ethereum, a smart contract-enabled blockchain. Therefore, we first outline how smart contract-based verification can be integrated in the Hyperledger Indy credential management routine and, then, provide a technical evaluation based on a proof-of-concept implementation of CL-signature verification on Ethereum. While our results demonstrate technical feasibility of smart contract-based verification of anonymous credentials, they also reveal technical barriers for its real-world usage

Метод обеспечения конфиденциальности данных на основе zk-SNARK

Представлен метод обеспечения конфиденциальности данных с возможностью проверки корректности на основе протокола доказательства с нулевым разглашение