CALYPSO: Private Data Management for Decentralized Ledgers

Distributed ledgers provide high availability and integrity, making them a key enabler for practical and secure computation of distributed workloads among mutually distrustful parties. Many practical applications also require strong confidentiality, however. This work enhances permissioned and permissionless blockchains with the ability to manage confidential data without forfeiting availability or decentralization. The proposed Calypso architecture addresses two orthogonal challenges confronting modern distributed ledgers: (a) enabling the auditable management of secrets and (b) protecting distributed computations against arbitrage attacks when their results depend on the ordering and secrecy of inputs. Calypso introduces on-chain secrets, a novel abstraction that enforces atomic deposition of an auditable trace whenever users access confidential data. Calypso provides user-controlled consent management that ensures revocation atomicity and accountable anonymity. To enable permissionless deployment, we introduce an incentive scheme and provide users with the option to select their preferred trustees. We evaluated our Calypso prototype with a confidential document-sharing application and a decentralized lottery. Our benchmarks show that transaction-processing latency increases linearly in terms of security (number of trustees) and is in the range of 0.2 to 8 seconds for 16 to 128 trustees. PVLDB Reference Format: Eleftherios Kokoris-Kogias, Enis Ceyhun Alp, Linus Gasser, Philipp Jovanovic, Ewa Syta, and Bryan Ford. CALYPSO: Private Data Management for Decentralized Ledgers. PVLDB, 14(4): 586 599, 2021. doi:10.14778/3436905.3436917 PVLDB Artifact Availability: The source code, data, and/or other artifacts have been made available at https://github.com/calypso-demo/.

[1]  G. G. Stokes "J." , 1890, The New Yale Book of Quotations.

[2]  G. R. Blakley,et al.  Safeguarding cryptographic keys , 1899, 1979 International Workshop on Managing Requirements Knowledge (MARK).

[3]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[4]  David Chaum,et al.  Demonstrating Possession of a Discrete Logarithm Without Revealing It , 1986, CRYPTO.

[5]  Paul Feldman,et al.  A practical scheme for non-interactive verifiable secret sharing , 1987, 28th Annual Symposium on Foundations of Computer Science (sfcs 1987).

[6]  Yvo Desmedt,et al.  Threshold Cryptosystems , 1989, CRYPTO.

[7]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[8]  Ronald L. Rivest,et al.  Time-lock Puzzles and Timed-release Crypto , 1996 .

[9]  Berry Schoenmakers,et al.  A Simple Publicly Verifiable Secret Sharing Scheme and Its Application to Electronic , 1999, CRYPTO.

[10]  Miguel Oom Temudo de Castro,et al.  Practical Byzantine fault tolerance , 1999, OSDI '99.

[11]  Markus Jakobsson,et al.  On Quorum Controlled Asymmetric Proxy Re-encryption , 1999, Public Key Cryptography.

[12]  Victor Shoup,et al.  Practical Threshold Signatures , 2000, EUROCRYPT.

[13]  Rosario Gennaro,et al.  Securing Threshold Cryptosystems against Chosen Ciphertext Attack , 1998, Journal of Cryptology.

[14]  Phillip Rogaway,et al.  Authenticated-encryption with associated-data , 2002, CCS '02.

[15]  Jeannette M. Wing,et al.  Verifiable secret redistribution for archive systems , 2002, First International IEEE Security in Storage Workshop, 2002. Proceedings..

[16]  Irit Dinur,et al.  Revealing information while preserving privacy , 2003, PODS.

[17]  Alexandra Boldyreva,et al.  Efficient threshold signature, multisignature and blind signature schemes based on the Gap-Diffie-Hellman-Group signature scheme , 2002 .

[18]  Hugo Krawczyk,et al.  Secure Distributed Key Generation for Discrete-Log Based Cryptosystems , 1999, Journal of Cryptology.

[19]  S. Nakamoto,et al.  Bitcoin: A Peer-to-Peer Electronic Cash System , 2008 .

[20]  Amit A. Levy,et al.  Vanish: Increasing Data Privacy with Self-Destructing Data , 2009, USENIX Security Symposium.

[21]  Ian Goldberg,et al.  Distributed Key Generation for the Internet , 2009, 2009 29th IEEE International Conference on Distributed Computing Systems.

[22]  Nick Mathewson,et al.  Survivable key compromise in software update systems , 2010, CCS '10.

[23]  P. Cochat,et al.  Et al , 2008, Archives de pediatrie : organe officiel de la Societe francaise de pediatrie.

[24]  M. Archetti,et al.  Review: Game theory of public goods in one-shot social dilemmas without assortment. , 2012, Journal of theoretical biology.

[25]  Frederik Vercauteren,et al.  Somewhat Practical Fully Homomorphic Encryption , 2012, IACR Cryptol. ePrint Arch..

[26]  Dick Hardt,et al.  The OAuth 2.0 Authorization Framework , 2012, RFC.

[27]  Daniel J. Bernstein,et al.  Elligator: elliptic-curve points indistinguishable from uniform random strings , 2013, IACR Cryptol. ePrint Arch..

[28]  Matthew Green,et al.  Zerocoin: Anonymous Distributed E-Cash from Bitcoin , 2013, 2013 IEEE Symposium on Security and Privacy.

[29]  IPFS - Content Addressed, Versioned, P2P File System , 2014, ArXiv.

[30]  Eli Ben-Sasson,et al.  Zerocash: Decentralized Anonymous Payments from Bitcoin , 2014, 2014 IEEE Symposium on Security and Privacy.

[31]  Marcin Andrychowicz,et al.  Secure Multiparty Computations on Bitcoin , 2014, 2014 IEEE Symposium on Security and Privacy.

[32]  Daniel Davis Wood,et al.  ETHEREUM: A SECURE DECENTRALISED GENERALISED TRANSACTION LEDGER , 2014 .

[33]  Jae Kwon,et al.  Tendermint : Consensus without Mining , 2014 .

[34]  Jeffrey H. Meyerson,et al.  The Go Programming Language , 2014, IEEE Softw..

[35]  Iddo Bentov,et al.  How to Use Bitcoin to Play Decentralized Poker , 2015, CCS.

[36]  Craig Costello,et al.  Post-Quantum Key Exchange for the TLS Protocol from the Ring Learning with Errors Problem , 2015, 2015 IEEE Symposium on Security and Privacy.

[37]  Alex Pentland,et al.  Decentralizing Privacy: Using Blockchain to Protect Personal Data , 2015, 2015 IEEE Security and Privacy Workshops.

[38]  Alex Pentland,et al.  Enigma: Decentralized Computation Platform with Guaranteed Privacy , 2015, ArXiv.

[39]  Marc Pilkington,et al.  Blockchain Technology: Principles and Applications , 2015 .

[40]  Rishabh Poddar,et al.  Arx: A Strongly Encrypted Database System , 2016, IACR Cryptol. ePrint Arch..

[41]  Kate Fultz Hollis,et al.  To Share or Not to Share: Ethical Acquisition and Use of Medical Data , 2016, CRI.

[42]  Bryan Ford,et al.  Managing Identities Using Blockchains and CoSi , 2016, PETS 2016.

[43]  David Wolinsky,et al.  Keeping Authorities "Honest or Bust" with Decentralized Witness Cosigning , 2015, 2016 IEEE Symposium on Security and Privacy (SP).

[44]  Andrew Lippman,et al.  MedRec: Using Blockchain for Medical Data Access and Permission Management , 2016, 2016 2nd International Conference on Open and Big Data (OBD).

[45]  Bryan Ford,et al.  Enhancing Bitcoin Security and Performance with Strong Consistency via Collective Signing , 2016, USENIX Security Symposium.

[46]  Fusheng Wang,et al.  Secure and Trustable Electronic Medical Records Sharing using Blockchain , 2017, AMIA.

[47]  W. Lueks,et al.  Security and Privacy via Cryptography Having your cake and eating it too , 2017 .

[48]  Simon Duquennoy,et al.  Towards Blockchain-based Auditable Storage and Sharing of IoT Data , 2017, CCSW.

[49]  Ignacio Cascudo,et al.  SCRAPE: Scalable Randomness Attested by Public Entities , 2017, IACR Cryptol. ePrint Arch..

[50]  Joan Feigenbaum,et al.  Multiple Objectives of Lawful-Surveillance Protocols (Transcript of Discussion) , 2017, Security Protocols Workshop.

[51]  Andrew Miller,et al.  Zero-Collateral Lotteries in Bitcoin and Ethereum , 2016, 2017 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW).

[52]  Machelle D. Wilson,et al.  Factors affecting willingness to share electronic health data among California consumers , 2017, BMC medical ethics.

[53]  Mahdi Sajadieh,et al.  A Verifiable (k,n,m)-Threshold Multi-secret Sharing Scheme Based on NTRU Cryptosystem , 2017, Wirel. Pers. Commun..

[54]  Justin Cappos,et al.  CHAINIAC: Proactive Software-Update Transparency via Collectively Signed Skipchains and Verified Builds , 2017, USENIX Security Symposium.

[55]  Hemang Subramanian,et al.  Decentralized blockchain-based electronic marketplaces , 2017, Commun. ACM.

[56]  Angelo De Caro,et al.  Channels: Horizontal Scaling and Confidentiality on Permissioned Blockchains , 2018, ESORICS.

[57]  Dawn Xiaodong Song,et al.  Ekiden: A Platform for Confidentiality-Preserving, Trustworthy, and Performant Smart Contract Execution , 2018, ArXiv.

[58]  J. Naves Smart contracts , 2018, Onderneming en Financiering.

[59]  Marko Vukolic,et al.  Hyperledger fabric: a distributed operating system for permissioned blockchains , 2018, EuroSys.

[60]  Christoph Meinel,et al.  A Survey on Essential Components of a Self-Sovereign Identity , 2018, Comput. Sci. Rev..

[61]  Philipp Jovanovic,et al.  OmniLedger: A Secure, Scale-Out, Decentralized Ledger via Sharding , 2018, 2018 IEEE Symposium on Security and Privacy (SP).

[62]  Anmin Fu,et al.  SeShare: Secure cloud data sharing based on blockchain and public auditing , 2019, Concurr. Comput. Pract. Exp..

[63]  Ziba Eslami,et al.  A verifiable threshold secret sharing scheme based on lattices , 2019, Inf. Sci..

[64]  Ittai Abraham,et al.  Bootstrapping Consensus Without Trusted Setup: Fully Asynchronous Distributed Key Generation , 2019, IACR Cryptol. ePrint Arch..

[65]  Jeremy Clark,et al.  SoK: Transparent Dishonesty: Front-Running Attacks on Blockchain , 2019, Financial Cryptography Workshops.

[66]  Fan Zhang,et al.  Ekiden: A Platform for Confidentiality-Preserving, Trustworthy, and Performant Smart Contracts , 2018, 2019 IEEE European Symposium on Security and Privacy (EuroS&P).

[67]  Benny Pinkas,et al.  Towards Scalable Threshold Cryptosystems , 2020, 2020 IEEE Symposium on Security and Privacy (SP).

[68]  Eleftherios Kokoris Kogias,et al.  CALYPSO: Private Data Management for Decentralized Ledgers (Extended Version) , 2020 .