Can a Public Blockchain Keep a Secret?

Blockchains are gaining traction and acceptance, not just for cryptocurrencies, but increasingly as an architecture for distributed computing. In this work we seek solutions that allow a public blockchain to act as a trusted long-term repository of secret information: Our goal is to deposit a secret with the blockchain, specify how it is to be used (e.g., the conditions under which it is released), and have the blockchain keep the secret and use it only in the specified manner (e.g., release only it once the conditions are met). This simple functionality enables many powerful applications, including signing statements on behalf of the blockchain, using it as the control plane for a storage system, performing decentralized program-obfuscation-as-aservice, and many more. Using proactive secret sharing techniques, we present a scalable solution for implementing this functionality on a public blockchain, in the presence of a mobile adversary controlling a small minority of the participants. The main challenge is that, on the one hand, scalability requires that we use small committees to represent the entire system, but, on the other hand, a mobile adversary may be able to corrupt the entire committee if it is small. For this reason, existing proactive secret sharing solutions are either non-scalable or insecure in our setting. We approach this challenge via “player replaceability”, which ensures the committee is anonymous until after it performs its actions. Our main technical contribution is a system that allows sharing and re-sharing of secrets among the members of small dynamic committees, without knowing who they are until after they perform their actions and erase their secrets. Our solution handles a fully mobile adversary corrupting roughly 1/4 of the participants at any time, and is scalable in terms of both the number of parties and the number of time intervals.

[1]  Alexandra Boldyreva,et al.  Threshold Signatures, Multisignatures and Blind Signatures Based on the Gap-Diffie-Hellman-Group Signature Scheme , 2003, Public Key Cryptography.

[2]  Moni Naor,et al.  Adaptively secure multi-party computation , 1996, STOC '96.

[3]  Shlomi Dolev,et al.  Brief announcement: swarming secrets , 2010, PODC '10.

[4]  Rafail Ostrovsky,et al.  How to withstand mobile virus attacks (extended abstract) , 1991, PODC '91.

[5]  Ronen Tamari,et al.  Helix: A Scalable and Fair Consensus Algorithm Resistant to Ordering Manipulation , 2018, IACR Cryptol. ePrint Arch..

[6]  Yehuda Lindell,et al.  Fast Secure Multiparty ECDSA with Practical Distributed Key Generation and Applications to Cryptocurrency Custody , 2018, CCS.

[7]  M. Panella Associate Editor of the Journal of Computer and System Sciences , 2014 .

[8]  Moses D. Liskov,et al.  MPSS: Mobile Proactive Secret Sharing , 2010, TSEC.

[9]  Moni Naor,et al.  Magic Functions: In Memoriam: Bernard M. Dwork 1923--1998 , 2003, JACM.

[10]  Dominic Williams,et al.  DFINITY Technology Overview Series, Consensus System , 2018, ArXiv.

[11]  Moni Naor,et al.  Distributed Pseudo-random Functions and KDCs , 1999, EUROCRYPT.

[12]  Mihir Bellare,et al.  Possibility and Impossibility Results for Encryption and Commitment Secure under Selective Opening , 2009, EUROCRYPT.

[13]  Brent Waters,et al.  Standard Security Does Not Imply Security against Selective-Opening , 2012, EUROCRYPT.

[14]  Jonathan Katz,et al.  Adaptively-Secure, Non-interactive Public-Key Encryption , 2005, TCC.

[15]  Jing Chen,et al.  Algorand: A secure and efficient distributed ledger , 2019, Theor. Comput. Sci..

[16]  Jesper Buus Nielsen,et al.  Separating Random Oracle Proofs from Complexity Theoretic Proofs: The Non-committing Encryption Case , 2002, CRYPTO.

[17]  Dennis Hofheinz,et al.  Standard Security Does Not Imply Indistinguishability Under Selective Opening , 2015, TCC.

[18]  Brent Waters,et al.  Witness encryption and its applications , 2013, STOC '13.

[19]  Vipul Goyal,et al.  Storing and Retrieving Secrets on a Blockchain , 2020, IACR Cryptol. ePrint Arch..

[20]  Moses D. Liskov,et al.  Mobile proactive secret sharing , 2008, PODC '08.

[21]  Hugo Krawczyk,et al.  Proactive Secret Sharing Or: How to Cope With Perpetual Leakage , 1995, CRYPTO.

[22]  Nickolai Zeldovich,et al.  Vault: Fast Bootstrapping for the Algorand Cryptocurrency , 2019, NDSS.

[23]  Hugo Krawczyk,et al.  SPHINX: A Password Store that Perfectly Hides Passwords from Itself , 2017, 2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS).

[24]  Rafail Ostrovsky,et al.  The Price of Low Communication in Secure Multi-party Computation , 2017, CRYPTO.

[25]  Rafail Ostrovsky,et al.  Communication-Optimal Proactive Secret Sharing for Dynamic Groups , 2015, ACNS.

[26]  Silvio Micali,et al.  Probabilistic Encryption , 1984, J. Comput. Syst. Sci..

[27]  Dan Boneh,et al.  Threshold Cryptosystems From Threshold Fully Homomorphic Encryption , 2018, IACR Cryptol. ePrint Arch..

[28]  Carmit Hazay,et al.  Selective Opening Security for Receivers , 2015, ASIACRYPT.

[29]  Aggelos Kiayias,et al.  TOPPSS: Cost-Minimal Password-Protected Secret Sharing Based on Threshold OPRF , 2017, ACNS.

[30]  Dawn Xiaodong Song,et al.  CHURP: Dynamic-Committee Proactive Secret Sharing , 2019, IACR Cryptol. ePrint Arch..

[31]  Arka Rai Choudhuri,et al.  Fluid MPC: Secure Multiparty Computation with Dynamic Participants , 2020, IACR Cryptol. ePrint Arch..

[32]  Dennis Hofheinz,et al.  On definitions of selective opening security , 2012, IACR Cryptol. ePrint Arch..

[33]  Markus Jakobsson,et al.  Proactive public key and signature systems , 1997, CCS '97.

[34]  Sushil Jajodia,et al.  Redistributing Secret Shares to New Access Structures and Its Applications , 1997 .

[35]  Keisuke Tanaka,et al.  Anonymity on Paillier's Trap-Door Permutation , 2007, ACISP.

[36]  Ran Canetti,et al.  Maintaining Security in the Presence of Transient Faults , 1994, CRYPTO.

[37]  Elisa Bertino,et al.  PrivIdEx: Privacy Preserving and Secure Exchange of Digital Identity Assets. , 2019, WWW.

[38]  G. R. Blakley,et al.  Safeguarding cryptographic keys , 1899, 1979 International Workshop on Managing Requirements Knowledge (MARK).

[39]  Hugo Krawczyk,et al.  Updatable Oblivious Key Management for Storage Systems , 2019, CCS.

[40]  Mihir Bellare,et al.  Key-Privacy in Public-Key Encryption , 2001, ASIACRYPT.

[41]  Fan Zhang,et al.  Ekiden: A Platform for Confidentiality-Preserving, Trustworthy, and Performant Smart Contracts , 2018, 2019 IEEE European Symposium on Security and Privacy (EuroS&P).

[42]  Mehryar Mohri,et al.  Tight Lower Bound on the Probability of a Binomial Exceeding its Expectation , 2013, ArXiv.

[43]  Manuel Blum,et al.  Non-Interactive Zero-Knowledge and Its Applications (Extended Abstract) , 1988, STOC 1988.

[44]  Tal Rabin,et al.  Simplified VSS and fast-track multiparty computations with applications to threshold cryptography , 1998, PODC '98.

[45]  Nicolas Gailly,et al.  Verifiable Management of Private Data under Byzantine Failures , 2019 .

[46]  Benny Pinkas,et al.  Efficient Private Matching and Set Intersection , 2004, EUROCRYPT.

[47]  Silvio Micali,et al.  Verifiable random functions , 1999, 40th Annual Symposium on Foundations of Computer Science (Cat. No.99CB37039).

[48]  Dan Boneh,et al.  Key Homomorphic PRFs and Their Applications , 2013, CRYPTO.

[49]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[50]  Vipul Goyal,et al.  Overcoming Cryptographic Impossibility Results Using Blockchains , 2017, TCC.

[51]  Anja Lehmann ScrambleDB: Oblivious (Chameleon) Pseudonymization-as-a-Service , 2019, Proc. Priv. Enhancing Technol..

[52]  Tal Rabin,et al.  A Simplified Approach to Threshold and Proactive RSA , 1998, CRYPTO.

[53]  Benny Pinkas,et al.  Keyword Search and Oblivious Pseudorandom Functions , 2005, TCC.