Xiubo Liang,Yu Zhao,Junhan Wu,Keting Yin

DOI: https://doi.org/10.4018/ijdcf.302876

2022-01-01

International Journal of Digital Crime and Forensics

Abstract:Recently, with the rapid development of blockchain technology, the information interaction and value transfer problems between different blockchains have become the focus of research. The cross-chain technology is to solve the cross-chain operation problems of assets and data between different chains. However, the existing cross-chain technology has the problem of identity privacy leakage. Therefore, this article proposes a cross-chain privacy protection scheme for consortium blockchains based on group signature, certificate authority and relay chain. The scheme is divided into three cross-chain service layers, called the management layer, the transaction layer, and the group layer. The management layer is responsible for the forwarding of cross-chain transactions, the transaction layer includes the blockchains that actually participate in cross-chain transactions, and the group layer is responsible for group signature related work. Through this scheme, the identity privacy of both parties to the transaction can be protected during the cross-chain transaction process.

Zhi-Yu Peng,Shan-Ping Li

DOI: https://doi.org/10.1109/icmlc.2008.4620616

2008-01-01

Abstract:As pervasive computing leading to an increased collection of information in the computational world as well as the real world, privacy leaking becomes a serious issue. Although privacy protection has drawn great attention in recent years, the privacy-preserving trust management has not been brought forward. Credential chain discovery problem is the key issue in trust management, and traditionally credentials are full open in the whole system. This could expose users' access control policies as well as other private information, and leads to a great risk of being cheated by malicious users. This paper advocates a privacy-preserving credential chain discovery mechanism, in which credentials are no longer available to everyone. By merely learning credentials of one's logic neighbors, this mechanism still achieves good results. The simulations show that this mechanism is practical.

Yu-Heng Hsieh,Xue-Qin Guan,Chia-Hung Liao,Shyan-Ming Yuan

DOI: https://doi.org/10.1016/j.ipm.2024.103761

IF: 7.466

2024-05-12

Information Processing & Management

Abstract:Safeguarding the privacy of physiological data has long been a focal point, especially given the increasing concern surrounding the data exchange process and its implications for privacy. In response to these challenges, we propose a two-layer blockchain-based platform comprising the Decentralized Identity Blockchain (DID Chain) and the Physiological Data Blockchain (App Chain). Within the DID chain, we deploy two contracts: the IdentityManager Contract and the PersonalIdentity Contract. Users are empowered to register their decentralized identity, while governments can leverage the IdentityManager Contract to generate decentralized identities. Once users obtain their identity, they can proceed to register the app-chain using that identity. Moreover, users can utilize the AccessControlManager chaincode within the App-chain to share de-identified information generated by their wearable devices, retaining full control over managing the access control rights of their de-identified information. Through the integration of these two chains, our system significantly enhances user data privacy, security, and trust, thereby fostering confidence in the integration of wearable devices within the home healthcare data sharing process.

computer science, information systems,information science & library science

Jing He,Xiaofeng MA,Dawei Zhang,Feng Peng

DOI: https://doi.org/10.1051/sands/2024013

2024-10-16

Security and Safety

Abstract:Decentralized identity represents an innovative approach based on blockchain to achieve effective identity management. This method utilizes decentralized identifiers and verifiable credential to enable trusted authentication, free circulation of identity information, and self-sovereign control over identity data functionalities. The current decentralized identity systems rely on entirely anonymous identifiers, lacking robust identity regulation. Furthermore, they face challenges such as identity attribute leakage during verifiable credential presentation and the issuers' struggle to reliably revoke credentials. To address these issues, efficient and practical schemes have been designed based on BBS signature, zero-knowledge proof, dynamic accumulator and blockchain technology: one for decentralized identifiers management and the other for verifiable credential privacy protection, both of which are supervised and revocable. The former ensures the privacy of subject identity while achieving regulatability and revocability of identity data by regulator. The latter facilitates selective disclosure of anonymous credentials and reliable revocation. A security analysis shows that the proposed scheme meets anonymity, non-forgeability, regulatory reliability, and revocability reliability, and offers comprehensive and effective privacy protection measures. The experimental results demonstrate that the algorithms designed operate at a millisecond level, which satisfies the demands of blockchain identity management scenarios.

Jonathan Heiss,Robert Muth,Frank Pallas,Stefan Tai

DOI: https://doi.org/10.48550/arXiv.2209.09584

2022-09-20

Cryptography and Security

Abstract:Many service systems rely on verifiable identity-related information of their users. Manipulation and unwanted exposure of this privacy-relevant information, however, must at the same time be prevented and avoided. Peer-to-peer blockchain-based decentralization with a smart contract-based execution model and verifiable off-chain computations leveraging zero-knowledge proofs promise to provide the basis for next-generation, non-disclosing credential management solutions. In this paper, we propose a novel credential on-chaining system that ensures blockchain-based transparency while preserving pseudonymity. We present a general model compliant to the W3C verifiable credential recommendation and demonstrate how it can be applied to solve existing problems that require computational identity-related attribute verification. Our zkSNARKs-based reference implementation and evaluation show that, compared to related approaches based on, e.g., CL-signatures, our approach provides significant performance advantages and more flexible proof mechanisms, underpinning our vision of increasingly decentralized, transparent, and trustworthy service systems.

Shlok Gilda,Tanvi Jain,Aashish Dhalla

DOI: https://doi.org/10.48550/arXiv.2207.02207

2022-07-06

Abstract:Authentication and authorization of a user's identity are generally done by the service providers or identity providers. However, these centralized systems limit the user's control of their own identity and are prone to massive data leaks due to their centralized nature. We propose a blockchain-based identity management system to authenticate and authorize users using attribute-based access control policies and privacy-preserving algorithms and finally returning the control of a user's identity to the user. Our proposed system would use a private blockchain, which would store the re-certification events and data access and authorization requests for users' identities in a secure, verifiable manner, thus ensuring the integrity of the data. This paper suggests a mechanism to digitize documents such as passports, driving licenses, electricity bills, etc., issued by any government authority or other authority in an immutable and secure manner. The data owners are responsible for authenticating and propagating the users' identities as and when needed using the OpenID Connect protocol to enable single sign-on. We use advanced cryptographic algorithms to provide pseudonyms to the users, thus ensuring their privacy. These algorithms also ensure the auditability of transactions as and when required. Our proposed system helps in mitigating some of the issues in the recent privacy debates. The project finds its applications in citizen transfers, inter-country service providence, banks, ownership transfer, etc. The generic framework can also be extended to a consortium of banks, hospitals, etc.

Cryptography and Security

Zhiming Song,Enhua Yan,Junrong Song,Rong Jiang,Yimin Yu,Taowei Chen

DOI: https://doi.org/10.1007/s13369-024-09178-0

IF: 2.807

2024-06-06

Arabian Journal for Science and Engineering

Abstract:The blockchain-based digital identity system (BDIS) has emerged as a promising alternative to centralized digital identity systems. While BDISs offer numerous advantages such as decentralization and enhanced security, traditional implementations still exhibit weaknesses in ensuring identity authenticity, controllability, and auditability while maintaining privacy. This paper aims to address these challenges by proposing novel approaches. It separates the functions of verifying physical identity and issuing digital credentials into two distinct roles: the identity verifier and the credential provider, employing linkable ring signatures to obscure the verifier's identity and significantly mitigate the risk of identity information leakage—a common issue in traditional schemes where a single entity performs both tasks. Additionally, this paper addresses the overlooked aspect of identity controllability in traditional schemes, especially proactive and passive revocation with privacy in mind, by integrating cryptographic commitments, zero-knowledge proofs, PS randomized signatures, cryptographic accumulators, and AES encryption. This approach ensures privacy while enabling both types of revocation. Furthermore, it tackles the neglected auditability of identity privacy in traditional schemes by combining linkable ring signatures with smart contract events and other technologies, ensuring auditable privacy protection. Fourth, a blockchain smart contract is utilized to manage system parameters and implement on-chain verification of privacy-protected identities, ensuring cross-platform capability, transparent verification, and resilience against single-point failures. A use case is provided, evaluating the system's performance. Comparative analysis and security discussions suggest that the proposed system rectifies deficiencies in current BDISs and offers improved applicability, execution performance, and security.

multidisciplinary sciences

Deepak Maram,Harjasleen Malvai,Fan Zhang,Nerla Jean-Louis,Alexander Frolov,Tyler Kell,Tyrone Lobban,Christine Moy,Ari Juels,Andrew Miller

DOI: https://doi.org/10.1109/SP40001.2021.00038

2021-01-01

Abstract:We present CanDID, a platform for practical, user-friendly realization of decentralized identity, the idea of empowering end users with management of their own credentials.While decentralized identity promises to give users greater control over their private data, it burdens users with management of private keys, creating a significant risk of key loss. Existing and proposed approaches also presum...

Jiahe Wang,Songjie Wei,Haozhe Liu

DOI: https://doi.org/10.1007/978-3-030-23404-1_14

2019-01-01

Abstract:To overcome the difficulties in the traditional password-based identity authentication procedure with high security risk and complexity, and to avoid the privacy leaking problems arising from a series of new techniques such as using biometrics as key, this paper proposes a universal solution for decentralized identity authentication by block chain integrated with a trusted execution environment, through a separate hardware to establish a secure area, enabling identity anonymity and avoiding feature disclosure. Smart contract and consensus mechanism are adopted for building trusted identity nodes between decentralized nodes by constructing a traceable identity data structure in blockchain. We conduct formal theoretical and empirical evaluations to show that the proposed can realize user identity registration, cross-platform authentication, and guarantee security in the whole procedure with efficiency and reliability.

Awid Vaziry,Kaustabh Barman,Patrick Herbke

2024-07-25

Abstract:The ongoing regulation of blockchain-based services and applications requires the identification of users who are issuing transactions on the blockchain. This systematic review explores the current status, identifies research gaps, and outlines future research directions for establishing trusted and privacy-compliant identities on the blockchain (on-chain identity). A systematic search term was applied across various scientific databases, collecting 2232 potentially relevant research papers. These papers were narrowed down in two methodologically executed steps to 98 and finally to 13 relevant sources. The relevant articles were then systematically analyzed based on a set of screening questions. The results of the selected studies have provided insightful findings on the mechanisms of on-chain identities. On-chain identities are established using zero-knowledge proofs, public key infrastructure/certificates, and web of trust approaches. The technologies and architectures used by the authors are also highlighted. Trust has emerged as a key research gap, manifesting in two ways: firstly, a gap in how to trust the digital identity representation of a physical human; secondly, a gap in how to trust identity providers that issue identity confirmations on-chain. Potential future research avenues are suggested to help fill the current gaps in establishing trust and on-chain identities.

Cryptography and Security,Computers and Society,Distributed, Parallel, and Cluster Computing

Sidra Malik,Volkan Dedeoglu,Salil Kanhere,Raja Jurdak

DOI: https://doi.org/10.48550/arXiv.2104.13964

2021-04-27

Cryptography and Security

Abstract:Blockchain offers traceability and transparency to supply chain event data and hence can help overcome many challenges in supply chain management such as: data integrity, provenance and traceability. However, data privacy concerns such as the protection of trade secrets have hindered adoption of blockchain technology. Although consortium blockchains only allow authorised supply chain entities to read/write to the ledger, privacy preservation of trade secrets cannot be ascertained. In this work, we propose a privacy-preservation framework, PrivChain, to protect sensitive data on blockchain using zero knowledge proofs. PrivChain provides provenance and traceability without revealing any sensitive information to end-consumers or supply chain entities. Its novelty stems from: a) its ability to allow data owners to protect trade related information and instead provide proofs on the data, and b) an integrated incentive mechanism for entities providing valid proofs over provenance data. In particular, PrivChain uses Zero Knowledge Range Proofs (ZKRPs), an efficient variant of ZKPs, to provide origin information without disclosing the exact location of a supply chain product. Furthermore, the framework allows to compute proofs and commitments off-line, decoupling the computational overhead from blockchain. The proof verification process and incentive payment initiation are automated using blockchain transactions, smart contracts, and events. A proof of concept implementation on Hyperledger Fabric reveals a minimal overhead of using PrivChain for blockchain enabled supply chains.

Zenan Lou,Na Ruan,Yuxiang Cai

DOI: https://doi.org/10.1007/978-981-97-5101-3_2

2024-01-01

Abstract:Permissioned blockchain is often used in multi-consortium applications due to its unique features such as provenance, immutability, and tamper-resistance. For these applications working in a malicious environment, privacy protection is very important. There have been many works attempting to solve the challenge of privacy protection. However, existing works suffer from problems such as low flexibility, difficulty in regulation and waste of computation resources. To address these problems, we propose FXChain, a multi-consortium permissioned blockchain system with a flexible privacy-preserving strategy. We provide a general cross-ledger transaction framework to support and help designing the strategy. In this framework, we divide the cross-ledger transaction into two steps, provide more flexibility to users. We classify privacy requirements into multiple levels from the strongest to the weakest in detail, and design a flexible privacy-preserving strategy for cross-ledger transactions, allowing users to choose proper privacy scheme according to their own demands. We conduct experiments to evaluate the overhead of each level and the overall performance of the system, helping users making better choices. The experiments also show that the impact of our privacy protection scheme is acceptable.

Loic Lesavre,Priam Varin,Peter Mell,Michael Davidson,James Shook

DOI: https://doi.org/10.6028/NIST.CSWP.01142020

2020-01-16

Abstract:Identity management systems (IDMSs) are widely used to provision user identities while managing authentication, authorization, and data sharing within organizations and on the web. Traditional identity systems typically suffer from single points of failure, lack of interoperability, and privacy issues, such as enabling mass data collection and user tracking. Blockchain technology has the potential to alleviate these concerns: it can support the ability for users to control the custody of their own identifiers and credentials, enabling novel data ownership and governance models with built-in control and consent mechanisms. Hence, blockchain-based IDMSs, which could benefit both users and businesses, are beginning to proliferate. This work categorizes these systems into a taxonomy based on differences in blockchain architectures, governance models, and other salient features. Context is provided for the taxonomy through the description of related terms, emerging standards, and use cases while highlighting relevant security and privacy considerations.

Computer Science

Jiahui Huang,Teng Huang,Huanchun Wei,Jiehua Zhang,Hongyang Yan,Duncan S. Wong,Haibo Hu

DOI: https://doi.org/10.1002/ett.4709

IF: 3.6

2022-12-20

Transactions on Emerging Telecommunications Technologies

Abstract:We present a privacy‐preserving model based on zk‐SNARKs and hash chain for efficient exchange of digital assets. The comprehensive experimental results show the practicality of zkChain. As a distributed public ledger technology in a peer‐to‐peer network, blockchain has been widely used in a variety of Internet interaction systems in recent years, such as market supervision, property rights protection, and digital identity. However, in blockchain environment, all historical transaction data are open and transparent, and adversaries may illegally access private transaction data, which makes privacy attacks a core issue that hinders the popularization and application of blockchain. Different privacy‐preserving technologies such as zerocoin and zerocash have been proposed. However, the large amount of proofs and the slow verification speed hinder the effective application of zero‐knowledge proofs (ZKPs) in blockchain. This article proposes a privacy‐preserving model based on zk‐SNARKs and hash chain for efficient transfer of assets, called zkChain. Different from traditional privacy‐preserving schemes, this scheme constructs a smaller proof based on hash chain, and the verification speed of the proof is faster. This scheme constructs ZKP based on the one‐way hash function and zk‐SNARKs. The proof is publicly recorded in the ledger after being verified by miners, and users use the proof to send privacy‐preserving transactions. In the above process, the zkChain scheme can achieve effective privacy protection of account balance and account address. We evaluated the computational and storage costs of the zkChain scheme based on libsnark, and establish a test network to evaluate the processing performance of the zkChain scheme.

telecommunications

Wei Liang,Yaqin Liu,Ce Yang,Songyou Xie,Kuanching Li,Willy Susilo

DOI: https://doi.org/10.1145/3676164

IF: 16.6

2024-07-27

ACM Computing Surveys

Abstract:Blockchain is a decentralized distributed ledger that combines multiple technologies, including chain data structures, P2P networks, consensus algorithms, cryptography, and smart contracts. This gives the blockchain the characteristics of decentralization, immutability, and traceability. However, blockchain stores smart contracts and transactions in blocks publicly, which poses the risk of data leakage and misuse. For example, by mining and analyzing blockchain transaction information, attackers can correlate transactions with user information, resulting in the disclosure of user privacy. Many current reviews focus on the privacy of permissionless blockchains or cryptocurrencies, requiring more in-depth investigations and detailed categorical analysis. To fill this gap, this work comprehensively reviews the latest and traditional methods related to identity, transaction, and smart contract privacy within permissioned and permissionless blockchains. Additionally, we summarize the existing problems, threats, and challenges of data management in different blockchain architectures. Last, we discuss future research directions for blockchain privacy protection technology, which can offer feasible ideas for researchers to explore further.

computer science, theory & methods

M. Mohideen AbdulKader,S. Ganesh Kumar

DOI: https://doi.org/10.1007/978-3-030-92600-7_19

2021-01-01

Abstract:Blockchain is a peer to peer network that is decentralized in nature. It has immutable and persistent property which make this technology more secured. Blockchain is not only suited for crypto currencies but also used for many applications like identity protection, smart contracts, health care, online polling system and much more. In addition, blockchain network holds a distributed ledger which makes all data available to every node in the network. Due to this, security and privacy protection becomes a major concern in blockchain technology. Some of existing solutions to blockchain privacy issues are homomorphice encryption, zero knowledge proofs, ring signature and multiparty computations. Though existing privacy preservation mechanisms secures the blockchain network from privacy leakage. It has limitations when implemented in large scale applications. In this paper, a three layered protection scheme is proposed to enhance the privacy of blockchain technology. This idea of three layered protection integrates randomized address generation, content erasure mechanism and IntelSGX together and forms a secure architecture. It will enhance the security and privacy of blockchain network to a greater extent.

Alberto Sonnino

DOI: https://doi.org/10.48550/arXiv.2102.12273

2021-02-24

Cryptography and Security

Abstract:This thesis proposes techniques aiming to make blockchain technologies and smart contract platforms practical by improving their scalability, latency, and privacy. This thesis starts by presenting the design and implementation of Chainspace, a distributed ledger that supports user defined smart contracts and execute user-supplied transactions on their objects. The correct execution of smart contract transactions is publicly verifiable. Chainspace is scalable by sharding state; it is secure against subsets of nodes trying to compromise its integrity or availability properties through Byzantine Fault Tolerance (BFT). This thesis also introduces a family of replay attacks against sharded distributed ledgers targeting cross-shard consensus protocols; they allow an attacker, with network access only, to double-spend resources with minimal efforts. We then build Byzcuit, a new cross-shard consensus protocol that is immune to those attacks and that is tailored to run at the heart of Chainspace. Next, we propose FastPay, a high-integrity settlement system for pre-funded payments that can be used as a financial side-infrastructure for Chainspace to support low-latency retail payments. This settlement system is based on Byzantine Consistent Broadcast as its core primitive, foregoing the expenses of full atomic commit channels (consensus). The resulting system has extremely low-latency for both confirmation and payment finality. Finally, this thesis proposes Coconut, a selective disclosure credential scheme supporting distributed threshold issuance, public and private attributes, re-randomization, and multiple unlinkable selective attribute revelations. It ensures authenticity and availability even when a subset of credential issuing authorities are malicious or offline, and natively integrates with Chainspace to enable a number of scalable privacy-preserving applications.

Guy Zyskind,Oz Nathan,Alex Pentland,Alex 'Sandy' Pentland

DOI: https://doi.org/10.1109/spw.2015.27

2015-05-01

Abstract:The recent increase in reported incidents of surveillance and security breaches compromising users' privacy call into question the current model, in which third-parties collect and control massive amounts of personal data. Bit coin has demonstrated in the financial space that trusted, auditable computing is possible using a decentralized network of peers accompanied by a public ledger. In this paper, we describe a decentralized personal data management system that ensures users own and control their data. We implement a protocol that turns a block chain into an automated access-control manager that does not require trust in a third party. Unlike Bit coin, transactions in our system are not strictly financial -- they are used to carry instructions, such as storing, querying and sharing data. Finally, we discuss possible future extensions to block chains that could harness them into a well-rounded solution for trusted computing problems in society.

Daniel Maldonado-Ruiz,Alan Pulval-Dady,Yulin Shi,Zhe Wang,Nour El Madhoun,Jenny Torres

DOI: https://doi.org/10.1007/s12243-024-01030-8

2024-04-05

Annals of Telecommunications

Abstract:New developments of blockchain designs, for both research and commercial environments, focus on improving security and energy consumption. Indeed, these implementations are based on managing a single type of information linked to a single blockchain. In this paper, we propose a new design called NestedChain. This proposal creates a system that allows two completely different types of information to be held in the same physical structure, enabling the creation of a blockchain within a blockchain. The new blockchain design can be implemented in various environments where it is necessary to have two different and parallel sets of information in the same network infrastructure. This new conception of blockchain offers a new way to understand the limitations of existing implementations and suggests how the evolution of the blockchain environment could be enhanced.

telecommunications

Collin Connors,Dilip Sarkar

DOI: https://doi.org/10.48550/arXiv.2212.14671

2022-12-12

Computers and Society

Abstract:Blockchain has been touted as a revolutionary technology. However, despite the excitement, blockchain has not been adopted in many fields. Many are hesitant to adopt blockchain technology due to privacy concerns, barriers to use, or lack of practical use cases. In this work, we outline a potential blockchain use case for tracking financial transactions across multiple financial institutions. We show the downsides of traditional centralized approaches and that blockchain approaches fail to give all the privacy and accessibility required for this use case. Thus we propose a novel blockchain architecture to support our use case. This novel architecture combines the ease of use of public blockchains with the privacy of private blockchains by allowing users to create personal blockchains. We believe this novel personal blockchain architecture will lead to more blockchain adoption, particularly in use cases handling private data.