$30 off During Our Annual Pro Sale. View Details »

How Do We Secure Transaction Data in Account-Ba...

How Do We Secure Transaction Data in Account-Base Blockchain?

LINE DEVDAY 2021

November 11, 2021
Tweet

More Decks by LINE DEVDAY 2021

Other Decks in Technology

Transcript

  1. Why should the transaction be hidden? For the protection of

    personal information For the security of wholesale* transactions of trusted institutions * wholesale: The sale of products, often in large quantities, to retailers or other merchants.
  2. Privacy Enhancing Technologies Unlinking Hiding Segregating Project Stella, Feb 2020,

    https://www.ecb.europa.eu/paym/intro/publications/pdf/ecb.miptopical200212.en.pdf
  3. Segregating - Ledger segregating - Offchain payment channel Image reference:

    https://www.ecb.europa.eu/paym/intro/publications/pdf/ecb.miptopical200212.en.pdf B C  Ledger subset Entity A (Sender) Entity B (Receiver) Entity C (Unauthorised third party) Transaction
  4. Segregating Image reference: https://tsmatz.wordpress.com/2020/03/23/corda-tutorial-on-azure/ Ledger segregating Alice Bob Peter Richard

    Alice’s View Richard’s View Offchain payment channel Image reference: https://www.researchgate.net/figure/State-Channel-Paiern_fig4_325439030 blockchain On-chain State channel Settle transaction Off-chain
  5. Segregating Image reference: https://tsmatz.wordpress.com/2020/03/23/corda-tutorial-on-azure/ Ledger segregating Alice Bob Peter Richard

    Alice’s View Richard’s View Offchain payment channel Image reference: https://www.researchgate.net/figure/State-Channel-Paiern_fig4_325439030 blockchain On-chain State channel Settle transaction Off-chain
  6. Unlinking - One-time address - Mixing - Ring Signature B

    C  Ledger Entity A (Sender) Entity B (Receiver) Entity C (Unauthorised third party) Transaction Image reference: https://www.ecb.europa.eu/paym/intro/publications/pdf/ecb.miptopical200212.en.pdf
  7. Unlinking One-time address Mixing Ring signature Source of image: https://www.ecb.europa.eu/paym/intro/

    publications/pdf/ecb.miptopical200212.en.pdf Signer Non signer Non signer Non signer Ring signature PK1 PK2 PK3 PK4 Account 1 Account 2 Account 3 Account 4
  8. Unlinking One-time address Mixing Ring signature Source of image: https://www.ecb.europa.eu/paym/intro/

    publications/pdf/ecb.miptopical200212.en.pdf Signer Non signer Non signer Non signer Ring signature PK1 PK2 PK3 PK4 Account 1 Account 2 Account 3 Account 4
  9. Unlinking One-time address Mixing Ring signature Source of image: https://www.ecb.europa.eu/paym/intro/

    publications/pdf/ecb.miptopical200212.en.pdf Signer Non signer Non signer Non signer Ring signature PK1 PK2 PK3 PK4 Account 1 Account 2 Account 3 Account 4
  10. Hiding - Pedersen commitment - Zero knowledge Proof - Homomorphic

    encryption Ledger Entity A (Sender) Entity B (Receiver) Entity C (Unauthorised third party) Transaction Image reference: https://www.ecb.europa.eu/paym/intro/publications/pdf/ecb.miptopical200212.en.pdf
  11. Hiding Pedersen commitment image reference: https://blog.csdn.net/mutourend/article/ details/93739575 Bob $PNNJUNFOU D

    S 4FDSFU Alice Blockchain Challenge 1. commit 2. Reveal 3. unlock & check Bob Alice W W $PNNJUNFOU W W $PNNJUNFOU D S $PNNJUNFOU D S Zero knowledge proof Image reference: https://blog.sigmadex.org/understanding- zero-knowledge-proof/ 4FDSFU 4FDSFU 1SPPG 1SPPG Prover Verifier Homomorphic encryption Image reference: https://www.researchgate.net/figure/In-a- fully-homomorphic-encryption-scheme-operations-on- ciphertext-space-are-mirrored-in_fig1_323598036    + = 9 : ; + =    + = 1VCMJDLFZFODSZQU 1SJWBUFLFZEFDSZQU
  12. Hiding Pedersen commitment image reference: https://blog.csdn.net/mutourend/article/ details/93739575 Bob $PNNJUNFOU D

    S 4FDSFU Alice Blockchain Challenge 1. commit 2. Reveal 3. unlock & check Bob Alice W W $PNNJUNFOU W W $PNNJUNFOU D S $PNNJUNFOU D S Zero knowledge proof Image reference: https://blog.sigmadex.org/understanding- zero-knowledge-proof/ 4FDSFU 4FDSFU 1SPPG 1SPPG Prover Verifier Homomorphic encryption Image reference: https://www.researchgate.net/figure/In-a- fully-homomorphic-encryption-scheme-operations-on- ciphertext-space-are-mirrored-in_fig1_323598036    + = 9 : ; + =    + = 1VCMJDLFZFODSZQU 1SJWBUFLFZEFDSZQU
  13. Hiding Pedersen commitment image reference: https://blog.csdn.net/mutourend/article/ details/93739575 Bob $PNNJUNFOU D

    S 4FDSFU Alice Blockchain Challenge 1. commit 2. Reveal 3. unlock & check Bob Alice W W $PNNJUNFOU W W $PNNJUNFOU D S $PNNJUNFOU D S Zero knowledge proof Image reference: https://blog.sigmadex.org/understanding- zero-knowledge-proof/ 4FDSFU 4FDSFU 1SPPG 1SPPG Prover Verifier Homomorphic encryption Image reference: https://www.researchgate.net/figure/In-a- fully-homomorphic-encryption-scheme-operations-on- ciphertext-space-are-mirrored-in_fig1_323598036    + = 9 : ; + =    + = 1VCMJDLFZFODSZQU 1SJWBUFLFZEFDSZQU
  14. PETs Summary Category PETs Transaction Information Sender Receiver Amount Segregating

    Ledger Segregating Hidden Hidden Payment channel network Public Hidden* Unlinking One-time address Hidden Public Mixing Hidden Public Ring signature Hidden Public Hidden Hiding Pedersen commitment Public Hidden Zero knowledge proof Hidden Hidden Homomorphic encryption Public Hidden * Only the net transacted amount can be viewed and interpreted. Project Stella, Feb 2020, https://www.ecb.europa.eu/paym/intro/publications/pdf/ecb.miptopical200212.en.pdf
  15. UTXO - UTXO object - ownership - usage status -

    balance - Proof of ownership of UTXO - Directed acyclic graphs(DAG) - Like cash - High privacy - Excellent scalability Image reference: https://www.techscience.com/csse/v36n3/41264/html 0VUQVU *OQVU 0VUQVU 0VUQVU 0VUQVU Tx k Tx k+1 *OQVU 0VUQVU 0VUQVU Tx k+2 *OQVU 0VUQVU 0VUQVU *OQVU 0VUQVU 0VUQVU *OQVU Tx k+3 Tx n *OQVU 0VUQVU . . . 1 BTC 0.2 BTC 0.6 BTC 0.15 BTC 0.1 BTC 0.5 BTC UTXO
  16. Account - Account state - { account: balance } -

    Proof of Account balance - Like bank account balance - Simple to understand - Efficiency Account A, 500 Account B, 1000 Account A, 400 Account B, 1100 5Y"# 
  17. UTXO vs Account UTXO Account Tx structure • input, output,

    lock and unlocking script • sender, receiver, amount, signature Validation • validate check UTXO is unspent and is from the sender • Check that the sender's balance is sufficient and the signature is valid Recording the state • The movement of asset is Directed acyclic graph(DAG) • key and value database of network states Advantages • Parallel processing possible • easy to implement sharding • excellent anonymity/security • Easy to develop smart contract • Easy to create transaction history for a single user Disadvantage • Smart contract design is complex • Need to prepare a plan to prevent double payment • Difficulty in parallel processing
  18. Secret Tx on UTXO and Account Image reference: https://academy.horizen.io/technology/expert/utxo-vs-account-model/ 6590

    6590 6590 6590 6590 6590 6590 6590 6590 "DDPVOU" #BMBODFU "DDPVOU" #BMBODFU "DDPVOU# #BMBODFU "DDPVOU" #BMBODFU "DDPVOU# #BMBODFU "DDPVOU$ #BMBODFU 4UBUFO 4UBUF O  4UBUF O  4UBUF O  "DDPVOU.PEFM 6590.PEFM %BUBCBTFPGOFUXPSLTUBUFT %JSFDUFEHSBQIPGBTTFUT 6590 T NPWJOHCFUXFFOVTFST "DDPVOU" #BMBODFU "DDPVOU# #BMBODFU
  19. Secret Tx on UTXO and Account Image reference: https://academy.horizen.io/technology/expert/utxo-vs-account-model/ 6590

    6590 6590 6590 6590 6590 6590 6590 6590 "DDPVOU" #BMBODFU "DDPVOU" #BMBODFU "DDPVOU# #BMBODFU "DDPVOU" #BMBODFU "DDPVOU# #BMBODFU "DDPVOU$ #BMBODFU 4UBUFO 4UBUF O  4UBUF O  4UBUF O  "DDPVOU.PEFM 6590.PEFM %BUBCBTFPGOFUXPSLTUBUFT %JSFDUFEHSBQIPGBTTFUT 6590 T NPWJOHCFUXFFOVTFST "DDPVOU" #BMBODFU "DDPVOU# #BMBODFU
  20. Secret Tx on UTXO and Account Image reference: https://academy.horizen.io/technology/expert/utxo-vs-account-model/ 6590

    6590 6590 6590 6590 6590 6590 6590 6590 "DDPVOU" #BMBODFU "DDPVOU" #BMBODFU "DDPVOU# #BMBODFU "DDPVOU" #BMBODFU "DDPVOU# #BMBODFU "DDPVOU$ #BMBODFU 4UBUFO 4UBUF O  4UBUF O  4UBUF O  "DDPVOU.PEFM 6590.PEFM %BUBCBTFPGOFUXPSLTUBUFT %JSFDUFEHSBQIPGBTTFUT 6590 T NPWJOHCFUXFFOVTFST "DDPVOU" #BMBODFU "DDPVOU# #BMBODFU
  21. Requirement of LINE Blockchain 1. Both public and secure transfer

    must be possible. 3. The secure transfer must be secured by the sender, receiver, and amount. 2. All public and secure transfers must be public on a single ledger. 4. Secure transfer need to be auditable by auditor.
  22. Which PETs meet the requirements? 1. Both public and secure

    transfer must be possible. 3. The secure transfer must be secured by the sender, receiver, and amount. Category PETs Transaction Information Sender Receiver Amount Segregating Ledger Segregating Hidden Hidden Payment channel network Public Hidden* Unlinking One-time address Hidden Public Mixing Hidden Public Ring signature Hidden Public Hidden Hiding Pedersen commitment Public Hidden Zero knowledge proof Hidden Hidden Homomorphic encryption Public Hidden Requirements 4. Secure transfer need to be auditable by auditor. 2. All public and secure transfers must be public on a single ledger.
  23. Which PETs meet the requirements? 1. Both public and secure

    transfer must be possible. 3. The secure transfer must be secured by the sender, receiver, and amount. Category PETs Transaction Information Sender Receiver Amount Segregating Ledger Segregating Hidden Hidden Payment channel network Public Hidden* Unlinking One-time address Hidden Public Mixing Hidden Public Ring signature Hidden Public Hidden Hiding Pedersen commitment Public Hidden Zero knowledge proof Hidden Hidden Homomorphic encryption Public Hidden Requirements 4. Secure transfer need to be auditable by auditor. 2. All public and secure transfers must be public on a single ledger.
  24. Which PETs meet the requirements? 1. Both public and secure

    transfer must be possible. 3. The secure transfer must be secured by the sender, receiver, and amount. Category PETs Transaction Information Sender Receiver Amount Segregating Ledger Segregating Hidden Hidden Payment channel network Public Hidden* Unlinking One-time address Hidden Public Mixing Hidden Public Ring signature Hidden Public Hidden Hiding Pedersen commitment Public Hidden Zero knowledge proof Hidden Hidden Homomorphic encryption Public Hidden Requirements 4. Secure transfer need to be auditable by auditor. 2. All public and secure transfers must be public on a single ledger.
  25. Using ZKP on an Account based Secret Balances Encrypted UTXO

    Model Public Balances Account Model Hybrid Model
  26. Audit for secure transfer PXOFS WBMVF SBOE4FFE VOTQFOU JOQVUT PVUQVUT

    UTXO FODSZQUFECPEZ VOTQFOU JOQVUT PVUQVUT Encrypted UTXO Encryption Key Auditor Viewing Key PXOFS WBMVF SBOE4FFE
  27. Main function of LINE Blockchain secure transfer Add secure transfer

    and All secure transfer are handled with ZKP. Transactions between secret and public balances. Secure transfer is UTXO model, public transfer is Account model. Encrypt UTXO of secure transfer with one-time encryption key.
  28. How secure transfer work Account Encrypted UTXO Account Encrypted UTXO

    HidingTransaction RevealingTransaction SecretTransaction Transaction
  29. - Sender and amount are disclosed - Receiver is private

    - Sender signature required - Receiver and encrypted UTXO attestation with ZKP - The public balance is burned - Mint new UTXO and used as input for secret UTXO HidingTransaction FODSZQUFECPEZ PXOFS WBMVF secret UTXO Account value Secure transfer public balance → secret balance Transaction • Sender • Amount • Receiver • Input UTXO • Output UTXO • ZKP Proof • signature
  30. - Sender and amount are disclosed - Receiver is private

    - Sender signature required - Receiver and encrypted UTXO attestation with ZKP - The public balance is burned - Mint new UTXO and used as input for secret UTXO HidingTransaction PXOFS TFOEFS  WBMVF CMPDLIFJHIU mint UTXO FODSZQUFECPEZ PXOFS WBMVF secret UTXO Account value Burn Account value Secure transfer public balance → secret balance
  31. - Receiver and amount are disclosed - Sender is private

    - Sender and encrypted UTXO attestation with ZKP - The secret balance is burned - New account value is created and added to the receiver’s balance RevealingTransaction Secure transfer secret balance → public balance Account value + A value secret UTXO FODSZQUFECPEZ PXOFS "WBMVF Transaction • Sender • Amount • Receiver • Input UTXO • Output UTXO • ZKP Proof
  32. - Receiver and amount are disclosed - Sender is private

    - Sender and encrypted UTXO attestation with ZKP - The secret balance is burned - New account value is created and added to the receiver’s balance RevealingTransaction Secure transfer secret balance → public balance PXOFS SFDFJWFS  "WBMVF CMPDLIFJHIU burn UTXO Account value + A value secret UTXO FODSZQUFECPEZ PXOFS "WBMVF Mint Account value
  33. - Receiver and amount are disclosed - Sender is private

    - Sender and encrypted UTXO attestation with ZKP - The secret balance is burned - New account value is created and added to the receiver’s balance RevealingTransaction Secure transfer secret balance → public balance PXOFS SFDFJWFS  #WBMVF CMPDLIFJHIU burn UTXO Account value + B value secret UTXO FODSZQUFECPEZ PXOFS "WBMVF secret UTXO FODSZQUFECPEZ PXOFS  "# WBMVF Mint Account value
  34. - Sender, receiver and amount are private - Sender and

    input/output UTXO attestation with ZKP SecretTransaction Secure transfer secret balance → secret balance Transaction • Sender • Amount • Receiver • Input UTXO • Output UTXO • ZKP Proof
  35. - Sender, receiver and amount are private - Sender and

    input/output UTXO attestation with ZKP SecretTransaction secret UTXO secret UTXO FODSZQUFECPEZ PXOFS "WBMVF FODSZQUFECPEZ PXOFS #WBMVF secret UTXO FODSZQUFECPEZ PXOFS $WBMVF Secure transfer secret balance → secret balance
  36. SecretTransaction secret UTXO FODSZQUFECPEZ PXOFS  " # ʜ O

    WBMVF secret UTXO FODSZQUFECPEZ PXOFS "WBMVF secret UTXO FODSZQUFECPEZ PXOFS #WBMVF secret UTXO FODSZQUFECPEZ PXOFS OWBMVF . . . Secure transfer secret balance → secret balance - Sender, receiver and amount are private - Sender and input/output UTXO attestation with ZKP
  37. Secret balance audit - Auditor requests viewing key from owner.

    - Audit UTXO with viewing key - Other encrypted UTXOs can’t be decrypted - UTXO is encrypted with one-time encryption key TFDSFU 6590 TFDSFU 6590 TFDSFU 6590 TFDSFU 6590 Owner Auditor 1. Request Viewing Key 2. audit UTXO x
  38. Secure transfer Summary Account Encrypted UTXO Account Encrypted UTXO HidingTransaction

    RevealingTransaction SecretTransaction Transaction MintSecureUTXO
  39. Future plans - Improve secure transfer auditing through MPC* -

    Secret balance calculation with homomorphic encryption - NFT TFDVSFUSBOTGFS * MPC: Multi-Party computation