Upgrade to Pro — share decks privately, control downloads, hide ads and more …

How Do We Secure Transaction Data in Account-Base Blockchain?

How Do We Secure Transaction Data in Account-Base Blockchain?

LINE DEVDAY 2021

November 11, 2021
Tweet

More Decks by LINE DEVDAY 2021

Other Decks in Technology

Transcript

  1. Agenda
    - Privacy Enhancing Technologies(PETs)
    - UTXO vs Account
    - LINE Blockchain Solution
    - Future plans

    View full-size slide

  2. Why should the transaction
    be hidden?

    View full-size slide

  3. Why should the transaction be hidden?
    For the protection of personal information
    For the security of wholesale* transactions of trusted institutions
    * wholesale: The sale of products, often in large quantities, to retailers or other merchants.

    View full-size slide

  4. What techniques can hide tx?
    PETs(Privacy Enhancing Technologies)

    View full-size slide

  5. Privacy Enhancing Technologies
    Unlinking Hiding
    Segregating
    Project Stella, Feb 2020, https://www.ecb.europa.eu/paym/intro/publications/pdf/ecb.miptopical200212.en.pdf

    View full-size slide

  6. Segregating
    - Ledger segregating
    - Offchain payment channel
    Image reference: https://www.ecb.europa.eu/paym/intro/publications/pdf/ecb.miptopical200212.en.pdf
    B C

    Ledger subset
    Entity A
    (Sender)
    Entity B
    (Receiver)
    Entity C
    (Unauthorised third party)
    Transaction

    View full-size slide

  7. Segregating
    Image reference: https://tsmatz.wordpress.com/2020/03/23/corda-tutorial-on-azure/
    Ledger segregating
    Alice
    Bob Peter
    Richard
    Alice’s View
    Richard’s View
    Offchain payment channel
    Image reference: https://www.researchgate.net/figure/State-Channel-Paiern_fig4_325439030
    blockchain
    On-chain
    State
    channel
    Settle
    transaction
    Off-chain

    View full-size slide

  8. Segregating
    Image reference: https://tsmatz.wordpress.com/2020/03/23/corda-tutorial-on-azure/
    Ledger segregating
    Alice
    Bob Peter
    Richard
    Alice’s View
    Richard’s View
    Offchain payment channel
    Image reference: https://www.researchgate.net/figure/State-Channel-Paiern_fig4_325439030
    blockchain
    On-chain
    State
    channel
    Settle
    transaction
    Off-chain

    View full-size slide

  9. Unlinking
    - One-time address
    - Mixing
    - Ring Signature
    B C

    Ledger
    Entity A
    (Sender)
    Entity B
    (Receiver)
    Entity C
    (Unauthorised third party)
    Transaction
    Image reference: https://www.ecb.europa.eu/paym/intro/publications/pdf/ecb.miptopical200212.en.pdf

    View full-size slide

  10. Unlinking
    One-time address Mixing Ring signature
    Source of image: https://www.ecb.europa.eu/paym/intro/
    publications/pdf/ecb.miptopical200212.en.pdf
    Signer
    Non signer
    Non signer
    Non signer
    Ring signature
    PK1
    PK2 PK3
    PK4
    Account 1
    Account 2
    Account 3
    Account 4

    View full-size slide

  11. Unlinking
    One-time address Mixing Ring signature
    Source of image: https://www.ecb.europa.eu/paym/intro/
    publications/pdf/ecb.miptopical200212.en.pdf
    Signer
    Non signer
    Non signer
    Non signer
    Ring signature
    PK1
    PK2 PK3
    PK4
    Account 1
    Account 2
    Account 3
    Account 4

    View full-size slide

  12. Unlinking
    One-time address Mixing Ring signature
    Source of image: https://www.ecb.europa.eu/paym/intro/
    publications/pdf/ecb.miptopical200212.en.pdf
    Signer
    Non signer
    Non signer
    Non signer
    Ring signature
    PK1
    PK2 PK3
    PK4
    Account 1
    Account 2
    Account 3
    Account 4

    View full-size slide

  13. Hiding
    - Pedersen commitment
    - Zero knowledge Proof
    - Homomorphic encryption
    Ledger
    Entity A
    (Sender)
    Entity B
    (Receiver)
    Entity C
    (Unauthorised third party)
    Transaction
    Image reference: https://www.ecb.europa.eu/paym/intro/publications/pdf/ecb.miptopical200212.en.pdf

    View full-size slide

  14. Hiding
    Pedersen commitment
    image reference: https://blog.csdn.net/mutourend/article/
    details/93739575
    Bob
    $PNNJUNFOU
    D S

    4FDSFU
    Alice
    Blockchain
    Challenge
    1. commit
    2. Reveal
    3. unlock & check
    Bob
    Alice
    W
    W
    $PNNJUNFOU
    WW

    $PNNJUNFOU
    D S

    $PNNJUNFOU
    D S

    Zero knowledge proof
    Image reference: https://blog.sigmadex.org/understanding-
    zero-knowledge-proof/
    4FDSFU 4FDSFU
    1SPPG 1SPPG
    Prover
    Verifier
    Homomorphic encryption
    Image reference: https://www.researchgate.net/figure/In-a-
    fully-homomorphic-encryption-scheme-operations-on-
    ciphertext-space-are-mirrored-in_fig1_323598036

    + =
    9 : ;
    + =

    + =
    1VCMJDLFZFODSZQU
    1SJWBUFLFZEFDSZQU

    View full-size slide

  15. Hiding
    Pedersen commitment
    image reference: https://blog.csdn.net/mutourend/article/
    details/93739575
    Bob
    $PNNJUNFOU
    D S

    4FDSFU
    Alice
    Blockchain
    Challenge
    1. commit
    2. Reveal
    3. unlock & check
    Bob
    Alice
    W
    W
    $PNNJUNFOU
    WW

    $PNNJUNFOU
    D S

    $PNNJUNFOU
    D S

    Zero knowledge proof
    Image reference: https://blog.sigmadex.org/understanding-
    zero-knowledge-proof/
    4FDSFU 4FDSFU
    1SPPG 1SPPG
    Prover
    Verifier
    Homomorphic encryption
    Image reference: https://www.researchgate.net/figure/In-a-
    fully-homomorphic-encryption-scheme-operations-on-
    ciphertext-space-are-mirrored-in_fig1_323598036

    + =
    9 : ;
    + =

    + =
    1VCMJDLFZFODSZQU
    1SJWBUFLFZEFDSZQU

    View full-size slide

  16. Hiding
    Pedersen commitment
    image reference: https://blog.csdn.net/mutourend/article/
    details/93739575
    Bob
    $PNNJUNFOU
    D S

    4FDSFU
    Alice
    Blockchain
    Challenge
    1. commit
    2. Reveal
    3. unlock & check
    Bob
    Alice
    W
    W
    $PNNJUNFOU
    WW

    $PNNJUNFOU
    D S

    $PNNJUNFOU
    D S

    Zero knowledge proof
    Image reference: https://blog.sigmadex.org/understanding-
    zero-knowledge-proof/
    4FDSFU 4FDSFU
    1SPPG 1SPPG
    Prover
    Verifier
    Homomorphic encryption
    Image reference: https://www.researchgate.net/figure/In-a-
    fully-homomorphic-encryption-scheme-operations-on-
    ciphertext-space-are-mirrored-in_fig1_323598036

    + =
    9 : ;
    + =

    + =
    1VCMJDLFZFODSZQU
    1SJWBUFLFZEFDSZQU

    View full-size slide

  17. PETs Summary
    Category PETs
    Transaction Information
    Sender Receiver Amount
    Segregating
    Ledger Segregating Hidden Hidden
    Payment channel network Public Hidden*
    Unlinking
    One-time address Hidden Public
    Mixing Hidden Public
    Ring signature Hidden Public Hidden
    Hiding
    Pedersen commitment Public Hidden
    Zero knowledge proof Hidden Hidden
    Homomorphic encryption Public Hidden
    * Only the net transacted amount can be viewed and interpreted.
    Project Stella, Feb 2020, https://www.ecb.europa.eu/paym/intro/publications/pdf/ecb.miptopical200212.en.pdf

    View full-size slide

  18. UTXO vs Account

    View full-size slide

  19. UTXO
    - UTXO object
    - ownership
    - usage status
    - balance
    - Proof of ownership of UTXO
    - Directed acyclic graphs(DAG)
    - Like cash
    - High privacy
    - Excellent scalability
    Image reference: https://www.techscience.com/csse/v36n3/41264/html
    0VUQVU
    *OQVU
    0VUQVU
    0VUQVU
    0VUQVU
    Tx k
    Tx k+1
    *OQVU
    0VUQVU
    0VUQVU
    Tx k+2
    *OQVU
    0VUQVU
    0VUQVU
    *OQVU
    0VUQVU
    0VUQVU
    *OQVU
    Tx k+3
    Tx n
    *OQVU
    0VUQVU
    .
    .
    .
    1 BTC 0.2 BTC
    0.6 BTC
    0.15 BTC
    0.1 BTC
    0.5 BTC
    UTXO

    View full-size slide

  20. Account
    - Account state
    - { account: balance }
    - Proof of Account balance
    - Like bank account balance
    - Simple to understand
    - Efficiency
    Account A, 500
    Account B, 1000
    Account A, 400
    Account B, 1100
    5Y"#

    View full-size slide

  21. UTXO vs Account
    UTXO Account
    Tx structure • input, output, lock and unlocking script • sender, receiver, amount, signature
    Validation
    • validate check UTXO is unspent and is from
    the sender
    • Check that the sender's balance is sufficient
    and the signature is valid
    Recording the
    state
    • The movement of asset is Directed acyclic
    graph(DAG)
    • key and value database of network states
    Advantages
    • Parallel processing possible
    • easy to implement sharding
    • excellent anonymity/security
    • Easy to develop smart contract
    • Easy to create transaction history for a single
    user
    Disadvantage • Smart contract design is complex
    • Need to prepare a plan to prevent double
    payment
    • Difficulty in parallel processing

    View full-size slide

  22. Secret Tx on UTXO and Account
    Image reference: https://academy.horizen.io/technology/expert/utxo-vs-account-model/
    6590
    6590
    6590 6590 6590
    6590
    6590 6590 6590
    "DDPVOU" #BMBODFU
    "DDPVOU" #BMBODFU
    "DDPVOU# #BMBODFU
    "DDPVOU" #BMBODFU
    "DDPVOU# #BMBODFU
    "DDPVOU$ #BMBODFU
    4UBUFO
    4UBUF O

    4UBUF O

    4UBUF O

    "DDPVOU.PEFM
    6590.PEFM
    %BUBCBTFPGOFUXPSLTUBUFT
    %JSFDUFEHSBQIPGBTTFUT 6590
    T
    NPWJOHCFUXFFOVTFST
    "DDPVOU" #BMBODFU
    "DDPVOU# #BMBODFU

    View full-size slide

  23. Secret Tx on UTXO and Account
    Image reference: https://academy.horizen.io/technology/expert/utxo-vs-account-model/
    6590
    6590
    6590 6590 6590
    6590
    6590 6590 6590
    "DDPVOU" #BMBODFU
    "DDPVOU" #BMBODFU
    "DDPVOU# #BMBODFU
    "DDPVOU" #BMBODFU
    "DDPVOU# #BMBODFU
    "DDPVOU$ #BMBODFU
    4UBUFO
    4UBUF O

    4UBUF O

    4UBUF O

    "DDPVOU.PEFM
    6590.PEFM
    %BUBCBTFPGOFUXPSLTUBUFT
    %JSFDUFEHSBQIPGBTTFUT 6590
    T
    NPWJOHCFUXFFOVTFST
    "DDPVOU" #BMBODFU
    "DDPVOU# #BMBODFU

    View full-size slide

  24. Secret Tx on UTXO and Account
    Image reference: https://academy.horizen.io/technology/expert/utxo-vs-account-model/
    6590
    6590
    6590 6590 6590
    6590
    6590 6590 6590
    "DDPVOU" #BMBODFU
    "DDPVOU" #BMBODFU
    "DDPVOU# #BMBODFU
    "DDPVOU" #BMBODFU
    "DDPVOU# #BMBODFU
    "DDPVOU$ #BMBODFU
    4UBUFO
    4UBUF O

    4UBUF O

    4UBUF O

    "DDPVOU.PEFM
    6590.PEFM
    %BUBCBTFPGOFUXPSLTUBUFT
    %JSFDUFEHSBQIPGBTTFUT 6590
    T
    NPWJOHCFUXFFOVTFST
    "DDPVOU" #BMBODFU
    "DDPVOU# #BMBODFU

    View full-size slide

  25. LINE Blockchain Solution

    View full-size slide

  26. Requirement of LINE Blockchain
    1. Both public and secure transfer must be possible.
    3. The secure transfer must be secured by the sender, receiver, and amount.
    2. All public and secure transfers must be public on a single ledger.
    4. Secure transfer need to be auditable by auditor.

    View full-size slide

  27. Which PETs meet the requirements?
    1. Both public and secure transfer must be possible.
    3. The secure transfer must be secured by the sender, receiver, and amount.
    Category PETs
    Transaction Information
    Sender Receiver Amount
    Segregating
    Ledger Segregating Hidden Hidden
    Payment channel network Public Hidden*
    Unlinking
    One-time address Hidden Public
    Mixing Hidden Public
    Ring signature Hidden Public Hidden
    Hiding
    Pedersen commitment Public Hidden
    Zero knowledge proof Hidden Hidden
    Homomorphic encryption Public Hidden
    Requirements
    4. Secure transfer need to be auditable by auditor.
    2. All public and secure transfers must be public on a single ledger.

    View full-size slide

  28. Which PETs meet the requirements?
    1. Both public and secure transfer must be possible.
    3. The secure transfer must be secured by the sender, receiver, and amount.
    Category PETs
    Transaction Information
    Sender Receiver Amount
    Segregating
    Ledger Segregating Hidden Hidden
    Payment channel network Public Hidden*
    Unlinking
    One-time address Hidden Public
    Mixing Hidden Public
    Ring signature Hidden Public Hidden
    Hiding
    Pedersen commitment Public Hidden
    Zero knowledge proof Hidden Hidden
    Homomorphic encryption Public Hidden
    Requirements
    4. Secure transfer need to be auditable by auditor.
    2. All public and secure transfers must be public on a single ledger.

    View full-size slide

  29. Which PETs meet the requirements?
    1. Both public and secure transfer must be possible.
    3. The secure transfer must be secured by the sender, receiver, and amount.
    Category PETs
    Transaction Information
    Sender Receiver Amount
    Segregating
    Ledger Segregating Hidden Hidden
    Payment channel network Public Hidden*
    Unlinking
    One-time address Hidden Public
    Mixing Hidden Public
    Ring signature Hidden Public Hidden
    Hiding
    Pedersen commitment Public Hidden
    Zero knowledge proof Hidden Hidden
    Homomorphic encryption Public Hidden
    Requirements
    4. Secure transfer need to be auditable by auditor.
    2. All public and secure transfers must be public on a single ledger.

    View full-size slide

  30. 3FQFBU/UJNFT
    Zero knowledge proof
    Source of image: https://simple.wikipedia.org/wiki/Zero-knowledge_proof
    A
    B
    Alice
    Bob
    " 0,
    Bob
    Alice
    Alice
    A
    B
    Bob

    View full-size slide

  31. Using ZKP on an Account based
    Public Balances
    Account
    Model

    View full-size slide

  32. Using ZKP on an Account based
    Secret Balances
    Encrypted
    UTXO Model
    Public Balances
    Account
    Model
    Hybrid Model

    View full-size slide

  33. Audit for secure transfer
    PXOFS
    WBMVF
    SBOE4FFE
    VOTQFOU
    JOQVUT
    PVUQVUT
    UTXO
    FODSZQUFECPEZ
    VOTQFOU
    JOQVUT
    PVUQVUT
    Encrypted UTXO
    Encryption Key
    Auditor
    Viewing Key PXOFS
    WBMVF
    SBOE4FFE

    View full-size slide

  34. Main function of LINE Blockchain secure
    transfer
    Add secure transfer and All secure transfer are handled with ZKP.
    Transactions between secret and public balances.
    Secure transfer is UTXO model, public transfer is Account model.
    Encrypt UTXO of secure transfer with one-time encryption key.

    View full-size slide

  35. How secure transfer work
    Account
    Encrypted
    UTXO
    Account Encrypted
    UTXO
    HidingTransaction
    RevealingTransaction
    SecretTransaction
    Transaction

    View full-size slide

  36. - Sender and amount are disclosed
    - Receiver is private
    - Sender signature required
    - Receiver and encrypted UTXO
    attestation with ZKP
    - The public balance is burned
    - Mint new UTXO and used as input
    for secret UTXO
    HidingTransaction
    FODSZQUFECPEZ
    PXOFS WBMVF

    secret UTXO
    Account value
    Secure transfer
    public balance → secret balance
    Transaction
    • Sender
    • Amount
    • Receiver
    • Input UTXO
    • Output UTXO
    • ZKP Proof
    • signature

    View full-size slide

  37. - Sender and amount are disclosed
    - Receiver is private
    - Sender signature required
    - Receiver and encrypted UTXO
    attestation with ZKP
    - The public balance is burned
    - Mint new UTXO and used as input
    for secret UTXO
    HidingTransaction
    PXOFS TFOEFS

    WBMVF
    CMPDLIFJHIU
    mint UTXO
    FODSZQUFECPEZ
    PXOFS WBMVF

    secret UTXO
    Account value Burn Account value
    Secure transfer
    public balance → secret balance

    View full-size slide

  38. - Receiver and amount are disclosed
    - Sender is private
    - Sender and encrypted UTXO
    attestation with ZKP
    - The secret balance is burned
    - New account value is created and
    added to the receiver’s balance
    RevealingTransaction
    Secure transfer
    secret balance → public balance
    Account value + A value
    secret UTXO
    FODSZQUFECPEZ
    PXOFS "WBMVF

    Transaction
    • Sender
    • Amount
    • Receiver
    • Input UTXO
    • Output UTXO
    • ZKP Proof

    View full-size slide

  39. - Receiver and amount are disclosed
    - Sender is private
    - Sender and encrypted UTXO
    attestation with ZKP
    - The secret balance is burned
    - New account value is created and
    added to the receiver’s balance
    RevealingTransaction
    Secure transfer
    secret balance → public balance
    PXOFS SFDFJWFS

    "WBMVF
    CMPDLIFJHIU
    burn UTXO
    Account value + A value
    secret UTXO
    FODSZQUFECPEZ
    PXOFS "WBMVF

    Mint Account value

    View full-size slide

  40. - Receiver and amount are disclosed
    - Sender is private
    - Sender and encrypted UTXO
    attestation with ZKP
    - The secret balance is burned
    - New account value is created and
    added to the receiver’s balance
    RevealingTransaction
    Secure transfer
    secret balance → public balance
    PXOFS SFDFJWFS

    #WBMVF
    CMPDLIFJHIU
    burn UTXO
    Account value + B value
    secret UTXO
    FODSZQUFECPEZ
    PXOFS "WBMVF

    secret UTXO
    FODSZQUFECPEZ
    PXOFS "#
    WBMVF

    Mint Account value

    View full-size slide

  41. - Sender, receiver and amount
    are private
    - Sender and input/output UTXO
    attestation with ZKP
    SecretTransaction
    Secure transfer
    secret balance → secret balance
    Transaction
    • Sender
    • Amount
    • Receiver
    • Input UTXO
    • Output UTXO
    • ZKP Proof

    View full-size slide

  42. - Sender, receiver and amount
    are private
    - Sender and input/output UTXO
    attestation with ZKP
    SecretTransaction
    secret UTXO
    secret UTXO
    FODSZQUFECPEZ
    PXOFS "WBMVF

    FODSZQUFECPEZ
    PXOFS #WBMVF

    secret UTXO
    FODSZQUFECPEZ
    PXOFS $WBMVF

    Secure transfer
    secret balance → secret balance

    View full-size slide

  43. SecretTransaction
    secret UTXO
    FODSZQUFECPEZ
    PXOFS "#ʜO
    WBMVF

    secret UTXO
    FODSZQUFECPEZ
    PXOFS "WBMVF

    secret UTXO
    FODSZQUFECPEZ
    PXOFS #WBMVF

    secret UTXO
    FODSZQUFECPEZ
    PXOFS OWBMVF

    .
    .
    .
    Secure transfer
    secret balance → secret balance
    - Sender, receiver and amount
    are private
    - Sender and input/output UTXO
    attestation with ZKP

    View full-size slide

  44. Secret balance audit
    - Auditor requests viewing key
    from owner.
    - Audit UTXO with viewing key
    - Other encrypted UTXOs can’t
    be decrypted
    - UTXO is encrypted with
    one-time encryption key
    TFDSFU
    6590
    TFDSFU
    6590
    TFDSFU
    6590
    TFDSFU
    6590
    Owner Auditor
    1. Request Viewing Key
    2. audit UTXO
    x

    View full-size slide

  45. Secure transfer Summary
    Account
    Encrypted
    UTXO
    Account Encrypted
    UTXO
    HidingTransaction
    RevealingTransaction
    SecretTransaction
    Transaction

    View full-size slide

  46. Secure transfer Summary
    Account
    Encrypted
    UTXO
    Account Encrypted
    UTXO
    HidingTransaction
    RevealingTransaction
    SecretTransaction
    Transaction
    MintSecureUTXO

    View full-size slide

  47. Future plans

    View full-size slide

  48. Future plans
    - Improve secure transfer auditing through MPC*
    - Secret balance calculation with homomorphic encryption
    - NFT TFDVSFUSBOTGFS
    * MPC: Multi-Party computation

    View full-size slide