Enabling Data Confidentiality with Public Blockchains

Edoardo Marangone,Claudio Di Ciccio,Daniele Friolo,Eugenio Nerio Nemmi,Daniele Venturi,Ingo Weber
2023-09-21
Abstract:Blockchain technology is apt to facilitate the automation of multi-party cooperations among various players in a decentralized setting, especially in cases where trust among participants is limited. Transactions are stored in a ledger, a replica of which is retained by every node of the blockchain network. The operations saved thereby are thus publicly accessible. While this aspect enhances transparency, reliability, and persistence, it hinders the utilization of public blockchains for process automation as it violates typical confidentiality requirements in corporate settings. To overcome this issue, we propose our approach named Multi-Authority Approach to Transaction Systems for Interoperating Applications (MARTSIA). Based on Multi-Authority Attribute-Based Encryption (MA-ABE), MARTSIA enables read-access control over shared data at the level of message parts. User-defined policies determine whether an actor can interpret the publicly stored information or not, depending on the actor's attributes declared by a consortium of certifiers. Still, all nodes in the blockchain network can attest to the publication of the (encrypted) data. We provide a formal analysis of the security guarantees of MARTSIA, and illustrate the proof-of-concept implementation over multiple blockchain platforms. To demonstrate its interoperability, we showcase its usage in ensemble with a state-of-the-art blockchain-based engine for multi-party process execution, and three real-world decentralized applications in the context of NFT markets, supply chain, and retail.
Cryptography and Security,Software Engineering
What problem does this paper attempt to address?
The paper primarily aims to address the issue of data confidentiality in public blockchain technology within multi-party collaboration scenarios. Specifically, since blockchain technology can facilitate automated collaboration among multiple parties in a decentralized environment and is particularly suitable when trust among participants is limited, it typically requires all transaction information to be publicly transparent to every node in the network. However, this transparency poses a challenge for enterprise-level applications that require confidentiality (such as supply chain management and retail processes), as these scenarios often need to protect certain data from being accessed by specific participants or most other blockchain network members. To address this issue, the authors propose a method called MARTSIA (Multi-Authority Approach to Transaction Systems for Interoperating Applications). MARTSIA is based on Multi-Authority Attribute-Based Encryption (MA-ABE), allowing fine-grained read access control over shared data. This means that users can determine whether they can interpret publicly stored information based on predefined policies, which depend on user attributes declared by a set of authorities. Additionally, MARTSIA offers the following contributions: 1. Decentralized user authentication architecture, enhancing security. 2. Introduced a majority-based system initiation and update method, increasing system robustness. 3. Conducted a formal analysis of the system's security. 4. Demonstrated the applicability of MARTSIA in a range of key blockchain application areas, including integration with existing decentralized applications. 5. Provided a new implementation version, proving its cross-platform nature. The paper illustrates the problem through a specific supply chain process example and proposes solutions to meet specific needs, including fine-grained message access control, permanent and tamper-proof data writing, independent auditing, and secure key management. Overall, MARTSIA aims to ensure data confidentiality while leveraging public blockchain technology to support business process execution in multi-party collaboration scenarios.