Storing and Retrieving Secrets on a Blockchain

Multiple protocols implementing exciting cryptographic functionalities using blockchains such as time-lock encryption, one-time programs and fair multi-party computation assume the existence of a cryptographic primitive called extractable witness encryption. Unfortunately, there are no known efficient constructions (or even constructions based on any well studied assumptions) of extractable witness encryption. In this work, we propose a protocol that uses a blockchain itself to provide a functionality that is effectively the same as extractable witness encryption. By making small adjustments to the blockchain code, it is possible to easily implement applications that rely on extractable witness encryption and existed only as theoretical designs until now. There is also potential for new applications. As a key building block, our protocol uses a new and highly efficient batched dynamic proactive secret sharing scheme which may be of independent interest. We provide a proof-of-concept implementation of the extractable witness encryption construction and the underlying dynamic proactive secret sharing protocol.

[1]  Richard Cleve,et al.  Limits on the security of coin flips when half the processors are faulty , 1986, STOC '86.

[2]  Nicolas Gailly,et al.  Verifiable Management of Private Data under Byzantine Failures , 2019 .

[3]  Rafail Ostrovsky,et al.  Near-Linear Unconditionally-Secure Multiparty Computation with a Dishonest Minority , 2012, CRYPTO.

[4]  Stefan Dziembowski,et al.  One-Time Programs with Limited Memory , 2013, Inscrypt.

[5]  Craig Gentry,et al.  On the Implausibility of Differing-Inputs Obfuscation and Extractable Witness Encryption with Auxiliary Input , 2014, Algorithmica.

[6]  Ronald L. Rivest,et al.  Time-lock Puzzles and Timed-release Crypto , 1996 .

[7]  Manuel Blum,et al.  Non-interactive zero-knowledge and its applications , 1988, STOC '88.

[8]  Ian Goldberg,et al.  Constant-Size Commitments to Polynomials and Their Applications , 2010, ASIACRYPT.

[9]  Dawn Xiaodong Song,et al.  CHURP: Dynamic-Committee Proactive Secret Sharing , 2019, IACR Cryptol. ePrint Arch..

[10]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[11]  Jeannette M. Wing,et al.  Verifiable secret redistribution for archive systems , 2002, First International IEEE Security in Storage Workshop, 2002. Proceedings..

[12]  Mihir Bellare,et al.  Adaptive Witness Encryption and Asymmetric Password-Based Cryptography , 2015, Public Key Cryptography.

[13]  Moses D. Liskov,et al.  Mobile proactive secret sharing , 2008, PODC '08.

[14]  Hugo Krawczyk,et al.  Proactive Secret Sharing Or: How to Cope With Perpetual Leakage , 1995, CRYPTO.

[15]  Amit Sahai,et al.  On the (im)possibility of obfuscating programs , 2001, JACM.

[16]  Jens Groth,et al.  Simulation-Sound NIZK Proofs for a Practical Language and Constant Size Group Signatures , 2006, ASIACRYPT.

[17]  Yael Tauman Kalai,et al.  How to Run Turing Machines on Encrypted Data , 2013, CRYPTO.

[18]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[19]  Vipul Goyal,et al.  Overcoming Cryptographic Impossibility Results Using Blockchains , 2017, TCC.

[20]  Matthew Green,et al.  Fairness in an Unfair World: Fair Multiparty Computation from Public Bulletin Boards , 2017, CCS.

[21]  Alfred V. Aho,et al.  The Design and Analysis of Computer Algorithms , 1974 .

[22]  Hovav Shacham,et al.  Aggregate and Verifiably Encrypted Signatures from Bilinear Maps , 2003, EUROCRYPT.

[23]  C. P. Schnorr,et al.  Efficient Identification and Signatures for Smart Cards (Abstract) , 1989, EUROCRYPT.

[24]  Ivan Damgård,et al.  Scalable and Unconditionally Secure Multiparty Computation , 2007, CRYPTO.

[25]  Sushil Jajodia,et al.  Redistributing Secret Shares to New Access Structures and Its Applications , 1997 .

[26]  Yuval Ishai,et al.  Founding Cryptography on Tamper-Proof Hardware Tokens , 2010, IACR Cryptol. ePrint Arch..

[27]  Anna Lysyanskaya,et al.  Asynchronous verifiable secret sharing and proactive cryptosystems , 2002, CCS '02.

[28]  Brent Waters,et al.  Witness encryption and its applications , 2013, STOC '13.

[29]  Tibor Jager,et al.  How to build time-lock encryption , 2018, Designs, Codes and Cryptography.

[30]  Mary Maller,et al.  Marlin: Preprocessing zkSNARKs with Universal and Updatable SRS , 2020, IACR Cryptol. ePrint Arch..

[31]  Vinod M. Prabhakaran,et al.  On the Communication Complexity of Secure Computation , 2013, IACR Cryptol. ePrint Arch..

[32]  Mark Zhandry,et al.  Differing-Inputs Obfuscation and Applications , 2013, IACR Cryptol. ePrint Arch..

[33]  Rafail Ostrovsky,et al.  Communication-Optimal Proactive Secret Sharing for Dynamic Groups , 2015, ACNS.

[34]  Brent Waters,et al.  Encoding Functions with Constant Online Rate, or How to Compress Garbled Circuit Keys , 2015, SIAM J. Comput..

[35]  Kuang-Ching Wang,et al.  The Design and Operation of CloudLab , 2019, USENIX ATC.

[36]  Tal Rabin,et al.  Verifiable secret sharing and multiparty protocols with honest majority , 1989, STOC '89.

[37]  Craig Gentry,et al.  Can a Blockchain Keep a Secret? , 2020, IACR Cryptol. ePrint Arch..

[38]  Torben P. Pedersen Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing , 1991, CRYPTO.

[39]  Francisco Rodríguez-Henríquez,et al.  High-Speed Software Implementation of the Optimal Ate Pairing over Barreto-Naehrig Curves , 2010, Pairing.

[40]  Emin Gün Sirer,et al.  Majority is not enough , 2013, Financial Cryptography.

[41]  Mihir Bellare,et al.  Adaptively Secure Garbling with Applications to One-Time Programs and Secure Outsourcing , 2012, ASIACRYPT.

[42]  Yael Tauman Kalai,et al.  One-Time Programs , 2008, CRYPTO.

[43]  Robbert van Renesse,et al.  APSS: proactive secret sharing in asynchronous systems , 2005, TSEC.