Can a Blockchain Keep a Secret?

Blockchains are gaining traction and acceptance, not just for cryptocurrencies but increasingly as a general-purpose architecture for distributed computing. In this work we seek solutions that allow a blockchain to act as a trusted long-term repository of secret information: Our goal is to deposit a secret with the blockchain and specify how to use it (e.g., the conditions under which it is released), and have the blockchain keep this information secret and use it only in the requested manner (e.g., only release it once the conditions are met). This simple functionality would be an enabler for many powerful applications, including signing statements on behalf of the blockchain, using blockchain as the control plane for a storage system, performing decentralized program-obfuscation-as-a-service, and many more. We present a scalable solution for implementing this functionality on a public proof-of-stake blockchain, in the presence of a mobile adversary controlling a small minority of the stake, using proactive secret sharing techniques. The main challenge is that, on the one hand, scalability requires that we use small committees to represent the entire stake, but, on the other hand, a mobile adversary may be able to corrupt the entire committee if it is small. For this reason, prior proactive secret sharing solutions are either non-scalable or insecure in our setting. We solve this issue using “player replaceability”, where the committee is anonymous until after it performs its actions, as in the Algorand blockchain. (Algorand uses player replaceability to defend against DDoS attacks.) Our main technical contribution is a system that allows sharing and re-sharing of secrets among the members of small dynamic committees, without knowing who they are until after they perform their actions. Our solution handles a fully mobile adversary corrupting less than 25% of the stake at any time, and is scalable in terms of both the number of parties on the blockchain and the number of time intervals. Blockchain, Mobile Adversary, Player Replacability, Proactive Secret Sharing

[1]  Moni Naor,et al.  Adaptively secure multi-party computation , 1996, STOC '96.

[2]  Elisa Bertino,et al.  PrivIdEx: Privacy Preserving and Secure Exchange of Digital Identity Assets. , 2019, WWW.

[3]  Moses D. Liskov,et al.  Mobile proactive secret sharing , 2008, PODC '08.

[4]  Nickolai Zeldovich,et al.  Vault: Fast Bootstrapping for the Algorand Cryptocurrency , 2019, NDSS.

[5]  Hugo Krawczyk,et al.  SPHINX: A Password Store that Perfectly Hides Passwords from Itself , 2017, 2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS).

[6]  Tal Rabin,et al.  A Simplified Approach to Threshold and Proactive RSA , 1998, CRYPTO.

[7]  Hugo Krawczyk,et al.  Proactive Secret Sharing Or: How to Cope With Perpetual Leakage , 1995, CRYPTO.

[8]  Robbert van Renesse,et al.  APSS: proactive secret sharing in asynchronous systems , 2005, TSEC.

[9]  G. R. Blakley,et al.  Safeguarding cryptographic keys , 1899, 1979 International Workshop on Managing Requirements Knowledge (MARK).

[10]  Gregory Neven,et al.  One-Shot Verifiable Encryption from Lattices , 2017, EUROCRYPT.

[11]  Aggelos Kiayias,et al.  TOPPSS: Cost-Minimal Password-Protected Secret Sharing Based on Threshold OPRF , 2017, ACNS.

[12]  Dawn Xiaodong Song,et al.  CHURP: Dynamic-Committee Proactive Secret Sharing , 2019, IACR Cryptol. ePrint Arch..

[13]  Hugo Krawczyk,et al.  Updatable Oblivious Key Management for Storage Systems , 2019, CCS.

[14]  Shlomi Dolev,et al.  Brief announcement: swarming secrets , 2010, PODC '10.

[15]  Oded Regev,et al.  On lattices, learning with errors, random linear codes, and cryptography , 2005, STOC '05.

[16]  Brent Waters,et al.  A Framework for Efficient and Composable Oblivious Transfer , 2008, CRYPTO.

[17]  Jesper Buus Nielsen,et al.  Separating Random Oracle Proofs from Complexity Theoretic Proofs: The Non-committing Encryption Case , 2002, CRYPTO.

[18]  Elaine Shi,et al.  The Honey Badger of BFT Protocols , 2016, CCS.

[19]  Ronen Tamari,et al.  Helix: A Scalable and Fair Consensus Algorithm Resistant to Ordering Manipulation , 2018, IACR Cryptol. ePrint Arch..

[20]  Fan Zhang,et al.  Ekiden: A Platform for Confidentiality-Preserving, Trustworthy, and Performant Smart Contracts , 2018, 2019 IEEE European Symposium on Security and Privacy (EuroS&P).

[21]  Jeong Hyun Yi,et al.  Efficient node admission for short-lived mobile ad hoc networks , 2005, 13TH IEEE International Conference on Network Protocols (ICNP'05).

[22]  Yehuda Lindell,et al.  Fast Secure Multiparty ECDSA with Practical Distributed Key Generation and Applications to Cryptocurrency Custody , 2018, CCS.

[23]  Dan Boneh,et al.  Key Homomorphic PRFs and Their Applications , 2013, CRYPTO.

[24]  Mehryar Mohri,et al.  Tight Lower Bound on the Probability of a Binomial Exceeding its Expectation , 2013, ArXiv.

[25]  Markus Stadler,et al.  Publicly Verifiable Secret Sharing , 1996, EUROCRYPT.

[26]  M. Panella Associate Editor of the Journal of Computer and System Sciences , 2014 .

[27]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[28]  Vipul Goyal,et al.  Overcoming Cryptographic Impossibility Results Using Blockchains , 2017, TCC.

[29]  Sushil Jajodia,et al.  Redistributing Secret Shares to New Access Structures and Its Applications , 1997 .

[30]  Keisuke Tanaka,et al.  Anonymity on Paillier's Trap-Door Permutation , 2007, ACISP.

[31]  Ran Canetti,et al.  Maintaining Security in the Presence of Transient Faults , 1994, CRYPTO.

[32]  Anja Lehmann ScrambleDB: Oblivious (Chameleon) Pseudonymization-as-a-Service , 2019, Proc. Priv. Enhancing Technol..

[33]  Mihir Bellare,et al.  Possibility and Impossibility Results for Encryption and Commitment Secure under Selective Opening , 2009, EUROCRYPT.

[34]  Jonathan Katz,et al.  Adaptively-Secure, Non-interactive Public-Key Encryption , 2005, TCC.

[35]  Dennis Hofheinz,et al.  On definitions of selective opening security , 2012, IACR Cryptol. ePrint Arch..

[36]  Markus Jakobsson,et al.  Proactive public key and signature systems , 1997, CCS '97.

[37]  Amit Sahai,et al.  On the (im)possibility of obfuscating programs , 2001, JACM.

[38]  Mihir Bellare,et al.  Key-Privacy in Public-Key Encryption , 2001, ASIACRYPT.

[39]  Dennis Hofheinz,et al.  Standard Security Does Not Imply Indistinguishability Under Selective Opening , 2015, TCC.

[40]  Moses D. Liskov,et al.  MPSS: Mobile Proactive Secret Sharing , 2010, TSEC.

[41]  Nicolas Gailly,et al.  Verifiable Management of Private Data under Byzantine Failures , 2019 .

[42]  Benny Pinkas,et al.  Efficient Private Matching and Set Intersection , 2004, EUROCRYPT.

[43]  Silvio Micali,et al.  Verifiable random functions , 1999, 40th Annual Symposium on Foundations of Computer Science (Cat. No.99CB37039).

[44]  Brent Waters,et al.  Witness encryption and its applications , 2013, STOC '13.

[45]  Alexandra Boldyreva,et al.  Threshold Signatures, Multisignatures and Blind Signatures Based on the Gap-Diffie-Hellman-Group Signature Scheme , 2003, Public Key Cryptography.

[46]  Moni Naor,et al.  Magic Functions: In Memoriam: Bernard M. Dwork 1923--1998 , 2003, JACM.

[47]  Dominic Williams,et al.  DFINITY Technology Overview Series, Consensus System , 2018, ArXiv.

[48]  Moni Naor,et al.  Distributed Pseudo-random Functions and KDCs , 1999, EUROCRYPT.

[49]  Brent Waters,et al.  Standard Security Does Not Imply Security against Selective-Opening , 2012, EUROCRYPT.

[50]  Benny Pinkas,et al.  Keyword Search and Oblivious Pseudorandom Functions , 2005, TCC.

[51]  Jeannette M. Wing,et al.  Verifiable secret redistribution for archive systems , 2002, First International IEEE Security in Storage Workshop, 2002. Proceedings..

[52]  Rafail Ostrovsky,et al.  How to withstand mobile virus attacks (extended abstract) , 1991, PODC '91.

[53]  Jing Chen,et al.  Algorand: A secure and efficient distributed ledger , 2019, Theor. Comput. Sci..

[54]  Rafail Ostrovsky,et al.  Communication-Optimal Proactive Secret Sharing for Dynamic Groups , 2015, ACNS.

[55]  Silvio Micali,et al.  Probabilistic Encryption , 1984, J. Comput. Syst. Sci..

[56]  Dan Boneh,et al.  Threshold Cryptosystems From Threshold Fully Homomorphic Encryption , 2018, IACR Cryptol. ePrint Arch..

[57]  Carmit Hazay,et al.  Selective Opening Security for Receivers , 2015, ASIACRYPT.

[58]  Brent Waters,et al.  Candidate Indistinguishability Obfuscation and Functional Encryption for all Circuits , 2013, 2013 IEEE 54th Annual Symposium on Foundations of Computer Science.

[59]  Tal Rabin,et al.  Simplified VSS and fast-track multiparty computations with applications to threshold cryptography , 1998, PODC '98.