How Do We Secure Transaction Data in Account-Base Blockchain?

Transcript

1. None

2. Agenda - Privacy Enhancing Technologies(PETs) - UTXO vs Account -

   LINE Blockchain Solution - Future plans

3. Why should the transaction be hidden?

4. Why should the transaction be hidden? For the protection of

   personal information For the security of wholesale* transactions of trusted institutions * wholesale: The sale of products, often in large quantities, to retailers or other merchants.

5. What techniques can hide tx? PETs(Privacy Enhancing Technologies)

6. Privacy Enhancing Technologies Unlinking Hiding Segregating Project Stella, Feb 2020,

   https://www.ecb.europa.eu/paym/intro/publications/pdf/ecb.miptopical200212.en.pdf

7. Segregating - Ledger segregating - Offchain payment channel Image reference:

   https://www.ecb.europa.eu/paym/intro/publications/pdf/ecb.miptopical200212.en.pdf B C  Ledger subset Entity A (Sender) Entity B (Receiver) Entity C (Unauthorised third party) Transaction

8. Segregating Image reference: https://tsmatz.wordpress.com/2020/03/23/corda-tutorial-on-azure/ Ledger segregating Alice Bob Peter Richard

   Alice’s View Richard’s View Offchain payment channel Image reference: https://www.researchgate.net/figure/State-Channel-Paiern_fig4_325439030 blockchain On-chain State channel Settle transaction Off-chain

9. Segregating Image reference: https://tsmatz.wordpress.com/2020/03/23/corda-tutorial-on-azure/ Ledger segregating Alice Bob Peter Richard

   Alice’s View Richard’s View Offchain payment channel Image reference: https://www.researchgate.net/figure/State-Channel-Paiern_fig4_325439030 blockchain On-chain State channel Settle transaction Off-chain

10. Unlinking - One-time address - Mixing - Ring Signature B

    C  Ledger Entity A (Sender) Entity B (Receiver) Entity C (Unauthorised third party) Transaction Image reference: https://www.ecb.europa.eu/paym/intro/publications/pdf/ecb.miptopical200212.en.pdf

11. Unlinking One-time address Mixing Ring signature Source of image: https://www.ecb.europa.eu/paym/intro/

    publications/pdf/ecb.miptopical200212.en.pdf Signer Non signer Non signer Non signer Ring signature PK1 PK2 PK3 PK4 Account 1 Account 2 Account 3 Account 4

12. Unlinking One-time address Mixing Ring signature Source of image: https://www.ecb.europa.eu/paym/intro/

    publications/pdf/ecb.miptopical200212.en.pdf Signer Non signer Non signer Non signer Ring signature PK1 PK2 PK3 PK4 Account 1 Account 2 Account 3 Account 4

13. Unlinking One-time address Mixing Ring signature Source of image: https://www.ecb.europa.eu/paym/intro/

    publications/pdf/ecb.miptopical200212.en.pdf Signer Non signer Non signer Non signer Ring signature PK1 PK2 PK3 PK4 Account 1 Account 2 Account 3 Account 4

14. Hiding - Pedersen commitment - Zero knowledge Proof - Homomorphic

    encryption Ledger Entity A (Sender) Entity B (Receiver) Entity C (Unauthorised third party) Transaction Image reference: https://www.ecb.europa.eu/paym/intro/publications/pdf/ecb.miptopical200212.en.pdf

15. Hiding Pedersen commitment image reference: https://blog.csdn.net/mutourend/article/ details/93739575 Bob $PNNJUNFOU
    D

    S 4FDSFU Alice Blockchain Challenge 1. commit 2. Reveal 3. unlock & check Bob Alice W W $PNNJUNFOU
    W W $PNNJUNFOU
    D S $PNNJUNFOU
    D S Zero knowledge proof Image reference: https://blog.sigmadex.org/understanding- zero-knowledge-proof/ 4FDSFU 4FDSFU 1SPPG 1SPPG Prover Verifier Homomorphic encryption Image reference: https://www.researchgate.net/figure/In-a- fully-homomorphic-encryption-scheme-operations-on- ciphertext-space-are-mirrored-in_fig1_323598036    + = 9 : ; + =    + = 1VCMJD
    LFZ
    FODSZQU 1SJWBUF
    LFZ
    EFDSZQU

16. Hiding Pedersen commitment image reference: https://blog.csdn.net/mutourend/article/ details/93739575 Bob $PNNJUNFOU
    D

    S 4FDSFU Alice Blockchain Challenge 1. commit 2. Reveal 3. unlock & check Bob Alice W W $PNNJUNFOU
    W W $PNNJUNFOU
    D S $PNNJUNFOU
    D S Zero knowledge proof Image reference: https://blog.sigmadex.org/understanding- zero-knowledge-proof/ 4FDSFU 4FDSFU 1SPPG 1SPPG Prover Verifier Homomorphic encryption Image reference: https://www.researchgate.net/figure/In-a- fully-homomorphic-encryption-scheme-operations-on- ciphertext-space-are-mirrored-in_fig1_323598036    + = 9 : ; + =    + = 1VCMJD
    LFZ
    FODSZQU 1SJWBUF
    LFZ
    EFDSZQU

17. Hiding Pedersen commitment image reference: https://blog.csdn.net/mutourend/article/ details/93739575 Bob $PNNJUNFOU
    D

    S 4FDSFU Alice Blockchain Challenge 1. commit 2. Reveal 3. unlock & check Bob Alice W W $PNNJUNFOU
    W W $PNNJUNFOU
    D S $PNNJUNFOU
    D S Zero knowledge proof Image reference: https://blog.sigmadex.org/understanding- zero-knowledge-proof/ 4FDSFU 4FDSFU 1SPPG 1SPPG Prover Verifier Homomorphic encryption Image reference: https://www.researchgate.net/figure/In-a- fully-homomorphic-encryption-scheme-operations-on- ciphertext-space-are-mirrored-in_fig1_323598036    + = 9 : ; + =    + = 1VCMJD
    LFZ
    FODSZQU 1SJWBUF
    LFZ
    EFDSZQU

18. PETs Summary Category PETs Transaction Information Sender Receiver Amount Segregating

    Ledger Segregating Hidden Hidden Payment channel network Public Hidden* Unlinking One-time address Hidden Public Mixing Hidden Public Ring signature Hidden Public Hidden Hiding Pedersen commitment Public Hidden Zero knowledge proof Hidden Hidden Homomorphic encryption Public Hidden * Only the net transacted amount can be viewed and interpreted. Project Stella, Feb 2020, https://www.ecb.europa.eu/paym/intro/publications/pdf/ecb.miptopical200212.en.pdf

19. UTXO vs Account

20. UTXO - UTXO object - ownership - usage status -

    balance - Proof of ownership of UTXO - Directed acyclic graphs(DAG) - Like cash - High privacy - Excellent scalability Image reference: https://www.techscience.com/csse/v36n3/41264/html 0VUQVU
     *OQVU
     0VUQVU
     0VUQVU
     0VUQVU
     Tx k Tx k+1 *OQVU
     0VUQVU
     0VUQVU
     Tx k+2 *OQVU
     0VUQVU
     0VUQVU
     *OQVU
     0VUQVU
     0VUQVU
     *OQVU
     Tx k+3 Tx n *OQVU
     0VUQVU
     . . . 1 BTC 0.2 BTC 0.6 BTC 0.15 BTC 0.1 BTC 0.5 BTC UTXO

21. Account - Account state - { account: balance } -

    Proof of Account balance - Like bank account balance - Simple to understand - Efficiency Account A, 500 Account B, 1000 Account A, 400 Account B, 1100 5Y
    
    
    
    
    "
    
    #
    

22. UTXO vs Account UTXO Account Tx structure • input, output,

    lock and unlocking script • sender, receiver, amount, signature Validation • validate check UTXO is unspent and is from the sender • Check that the sender's balance is sufficient and the signature is valid Recording the state • The movement of asset is Directed acyclic graph(DAG) • key and value database of network states Advantages • Parallel processing possible • easy to implement sharding • excellent anonymity/security • Easy to develop smart contract • Easy to create transaction history for a single user Disadvantage • Smart contract design is complex • Need to prepare a plan to prevent double payment • Difficulty in parallel processing

23. Secret Tx on UTXO and Account Image reference: https://academy.horizen.io/technology/expert/utxo-vs-account-model/ 6590

    6590 6590 6590 6590 6590 6590 6590 6590 "DDPVOU
    " #BMBODF
    U "DDPVOU
    " #BMBODF
    U "DDPVOU
    # #BMBODF
    U "DDPVOU
    " #BMBODF
    U "DDPVOU
    # #BMBODF
    U "DDPVOU
    $ #BMBODF
    U 4UBUF
    O 4UBUF
    O  4UBUF
    O  4UBUF
    O  "DDPVOU
    .PEFM 6590
    .PEFM %BUBCBTF
    PG
    OFUXPSL
    TUBUFT %JSFDUFE
    HSBQI
    PG
    BTTFUT
    6590 T
    NPWJOH
    CFUXFFO
    VTFST "DDPVOU
    " #BMBODF
    U "DDPVOU
    # #BMBODF
    U

24. Secret Tx on UTXO and Account Image reference: https://academy.horizen.io/technology/expert/utxo-vs-account-model/ 6590

    6590 6590 6590 6590 6590 6590 6590 6590 "DDPVOU
    " #BMBODF
    U "DDPVOU
    " #BMBODF
    U "DDPVOU
    # #BMBODF
    U "DDPVOU
    " #BMBODF
    U "DDPVOU
    # #BMBODF
    U "DDPVOU
    $ #BMBODF
    U 4UBUF
    O 4UBUF
    O  4UBUF
    O  4UBUF
    O  "DDPVOU
    .PEFM 6590
    .PEFM %BUBCBTF
    PG
    OFUXPSL
    TUBUFT %JSFDUFE
    HSBQI
    PG
    BTTFUT
    6590 T
    NPWJOH
    CFUXFFO
    VTFST "DDPVOU
    " #BMBODF
    U "DDPVOU
    # #BMBODF
    U

25. Secret Tx on UTXO and Account Image reference: https://academy.horizen.io/technology/expert/utxo-vs-account-model/ 6590

    6590 6590 6590 6590 6590 6590 6590 6590 "DDPVOU
    " #BMBODF
    U "DDPVOU
    " #BMBODF
    U "DDPVOU
    # #BMBODF
    U "DDPVOU
    " #BMBODF
    U "DDPVOU
    # #BMBODF
    U "DDPVOU
    $ #BMBODF
    U 4UBUF
    O 4UBUF
    O  4UBUF
    O  4UBUF
    O  "DDPVOU
    .PEFM 6590
    .PEFM %BUBCBTF
    PG
    OFUXPSL
    TUBUFT %JSFDUFE
    HSBQI
    PG
    BTTFUT
    6590 T
    NPWJOH
    CFUXFFO
    VTFST "DDPVOU
    " #BMBODF
    U "DDPVOU
    # #BMBODF
    U

26. LINE Blockchain Solution

27. Requirement of LINE Blockchain 1. Both public and secure transfer

    must be possible. 3. The secure transfer must be secured by the sender, receiver, and amount. 2. All public and secure transfers must be public on a single ledger. 4. Secure transfer need to be auditable by auditor.

28. Which PETs meet the requirements? 1. Both public and secure

    transfer must be possible. 3. The secure transfer must be secured by the sender, receiver, and amount. Category PETs Transaction Information Sender Receiver Amount Segregating Ledger Segregating Hidden Hidden Payment channel network Public Hidden* Unlinking One-time address Hidden Public Mixing Hidden Public Ring signature Hidden Public Hidden Hiding Pedersen commitment Public Hidden Zero knowledge proof Hidden Hidden Homomorphic encryption Public Hidden Requirements 4. Secure transfer need to be auditable by auditor. 2. All public and secure transfers must be public on a single ledger.

29. Which PETs meet the requirements? 1. Both public and secure

    transfer must be possible. 3. The secure transfer must be secured by the sender, receiver, and amount. Category PETs Transaction Information Sender Receiver Amount Segregating Ledger Segregating Hidden Hidden Payment channel network Public Hidden* Unlinking One-time address Hidden Public Mixing Hidden Public Ring signature Hidden Public Hidden Hiding Pedersen commitment Public Hidden Zero knowledge proof Hidden Hidden Homomorphic encryption Public Hidden Requirements 4. Secure transfer need to be auditable by auditor. 2. All public and secure transfers must be public on a single ledger.

30. Which PETs meet the requirements? 1. Both public and secure

    transfer must be possible. 3. The secure transfer must be secured by the sender, receiver, and amount. Category PETs Transaction Information Sender Receiver Amount Segregating Ledger Segregating Hidden Hidden Payment channel network Public Hidden* Unlinking One-time address Hidden Public Mixing Hidden Public Ring signature Hidden Public Hidden Hiding Pedersen commitment Public Hidden Zero knowledge proof Hidden Hidden Homomorphic encryption Public Hidden Requirements 4. Secure transfer need to be auditable by auditor. 2. All public and secure transfers must be public on a single ledger.

31. 3FQFBU
    /
    UJNFT Zero knowledge proof Source of image: https://simple.wikipedia.org/wiki/Zero-knowledge_proof A B

    Alice Bob " 0, Bob Alice Alice A B Bob

32. Using ZKP on an Account based Public Balances Account Model

33. Using ZKP on an Account based Secret Balances Encrypted UTXO

    Model Public Balances Account Model Hybrid Model

34. Audit for secure transfer PXOFS
    WBMVF
    SBOE4FFE
    VOTQFOU
    JOQVUT
    PVUQVUT

    UTXO FODSZQUFE
    CPEZ
    VOTQFOU
    JOQVUT
    PVUQVUT Encrypted UTXO Encryption Key Auditor Viewing Key PXOFS
    WBMVF
    SBOE4FFE

35. Main function of LINE Blockchain secure transfer Add secure transfer

    and All secure transfer are handled with ZKP. Transactions between secret and public balances. Secure transfer is UTXO model, public transfer is Account model. Encrypt UTXO of secure transfer with one-time encryption key.

36. How secure transfer work Account Encrypted UTXO Account Encrypted UTXO

    HidingTransaction RevealingTransaction SecretTransaction Transaction

37. - Sender and amount are disclosed - Receiver is private

    - Sender signature required - Receiver and encrypted UTXO attestation with ZKP - The public balance is burned - Mint new UTXO and used as input for secret UTXO HidingTransaction FODSZQUFE
    CPEZ
    PXOFS
    WBMVF secret UTXO Account value Secure transfer public balance → secret balance Transaction • Sender • Amount • Receiver • Input UTXO • Output UTXO • ZKP Proof • signature

38. - Sender and amount are disclosed - Receiver is private

    - Sender signature required - Receiver and encrypted UTXO attestation with ZKP - The public balance is burned - Mint new UTXO and used as input for secret UTXO HidingTransaction PXOFS TFOEFS
    WBMVF
    CMPDL
    IFJHIU mint UTXO FODSZQUFE
    CPEZ
    PXOFS
    WBMVF secret UTXO Account value Burn Account value Secure transfer public balance → secret balance

39. - Receiver and amount are disclosed - Sender is private

    - Sender and encrypted UTXO attestation with ZKP - The secret balance is burned - New account value is created and added to the receiver’s balance RevealingTransaction Secure transfer secret balance → public balance Account value + A value secret UTXO FODSZQUFE
    CPEZ
    PXOFS
    "
    WBMVF Transaction • Sender • Amount • Receiver • Input UTXO • Output UTXO • ZKP Proof

40. - Receiver and amount are disclosed - Sender is private

    - Sender and encrypted UTXO attestation with ZKP - The secret balance is burned - New account value is created and added to the receiver’s balance RevealingTransaction Secure transfer secret balance → public balance PXOFS SFDFJWFS
    "
    WBMVF
    CMPDL
    IFJHIU burn UTXO Account value + A value secret UTXO FODSZQUFE
    CPEZ
    PXOFS
    "
    WBMVF Mint Account value

41. - Receiver and amount are disclosed - Sender is private

    - Sender and encrypted UTXO attestation with ZKP - The secret balance is burned - New account value is created and added to the receiver’s balance RevealingTransaction Secure transfer secret balance → public balance PXOFS SFDFJWFS
    #
    WBMVF
    CMPDL
    IFJHIU burn UTXO Account value + B value secret UTXO FODSZQUFE
    CPEZ
    PXOFS
    "
    WBMVF secret UTXO FODSZQUFE
    CPEZ
    PXOFS
    "#
    WBMVF Mint Account value

42. - Sender, receiver and amount are private - Sender and

    input/output UTXO attestation with ZKP SecretTransaction Secure transfer secret balance → secret balance Transaction • Sender • Amount • Receiver • Input UTXO • Output UTXO • ZKP Proof

43. - Sender, receiver and amount are private - Sender and

    input/output UTXO attestation with ZKP SecretTransaction secret UTXO secret UTXO FODSZQUFE
    CPEZ
    PXOFS
    "
    WBMVF FODSZQUFE
    CPEZ
    PXOFS
    #
    WBMVF secret UTXO FODSZQUFE
    CPEZ
    PXOFS
    $
    WBMVF Secure transfer secret balance → secret balance

44. SecretTransaction secret UTXO FODSZQUFE
    CPEZ
    PXOFS
    " # ʜ O

    
    WBMVF secret UTXO FODSZQUFE
    CPEZ
    PXOFS
    "
    WBMVF secret UTXO FODSZQUFE
    CPEZ
    PXOFS
    #
    WBMVF secret UTXO FODSZQUFE
    CPEZ
    PXOFS
    O
    WBMVF . . . Secure transfer secret balance → secret balance - Sender, receiver and amount are private - Sender and input/output UTXO attestation with ZKP

45. Secret balance audit - Auditor requests viewing key from owner.

    - Audit UTXO with viewing key - Other encrypted UTXOs can’t be decrypted - UTXO is encrypted with one-time encryption key TFDSFU
    6590 TFDSFU
    6590 TFDSFU
    6590 TFDSFU
    6590 Owner Auditor 1. Request Viewing Key 2. audit UTXO x

46. Secure transfer Summary Account Encrypted UTXO Account Encrypted UTXO HidingTransaction

    RevealingTransaction SecretTransaction Transaction

47. Secure transfer Summary Account Encrypted UTXO Account Encrypted UTXO HidingTransaction

    RevealingTransaction SecretTransaction Transaction MintSecureUTXO

48. Future plans

49. Future plans - Improve secure transfer auditing through MPC* -

    Secret balance calculation with homomorphic encryption - NFT TFDVSF
    USBOTGFS * MPC: Multi-Party computation

50. Thank you