SlideShare a Scribd company logo

Blockchain Privacy Approaches in Indy Explained

Download as PPTX, PDF
M
ManishKumarGiri2

#hyperledger-indy #blockchain

Technology
1 of 30
Blockchain Privacy Approaches in Indy By Manish Kumar Giri
- Hyperledger-Indy provides a software ecosystem for private, secure, and powerful identity, and libindy enables clients for it. - Hyperledger Indy has tools, libraries, and reusable components for providing digital identities rooted on blockchains or other distributed ledgers. - They are interoperable across administrative domains, applications, and any other silo. - Indy is interoperable with other blockchains or can be used standalone powering the decentralization of identity. - Indy uses open-source, distributed ledger technology. These ledgers are a form of database that is provided cooperatively by a pool of participants What is Hyperledger-Indy?
Hyperledger Indy’s approach to privacy includes - Elliptic curve cryptography, - Semi-trusted agents, - Agent-to-agent communication - Pairwise DIDs Using techniques such as - Zero-knowledge proofs, - Libsodium’s sealed box - Authenticated encryption, - Privacy-preserving credential revocation features. Hyperledger-indy approach to priavcy
Elliptic Curve Cryptography - Elliptic curve cryptography is a powerful approach to cryptography and an alternative method from the well known RSA. - It is an approach used for public key encryption by utilizing the mathematics behind elliptic curves in order to generate security between key pairs. - ECC has been slowly gaining in popularity over the past few years due to its ability to provide the same level of security as RSA with a much smaller key size.
How does elliptic curve cryptography work? - An elliptical curve can simply illustrated as a set of points defined by the following equation: y2 = x3 + ax + b
How does elliptic curve cryptography work? - Based on the values given to points a and b, an elliptic curve is drawn. - A line can then be drawn through these points until it reaches a third intersection point on the curve which we can call point c. - At this stage, when the line reaches its third intersect point, we can reflect that point onto the other side of the x-axis. - Continuing from point c, we can then draw a line through from point a to point c which intersects with another part of the curve, point d. This point is also reflected to the other side of the x-axis and this process continues until an end point is defined. - Each intersection point is defined in terms of a "dot". In the example below, the intersection points would be described as: A dot A = B A dot B = C A dot C = D A dot D = E
Zero Knowledge proof - A zero-knowledge proof or zero-knowledge protocol is a method by which one party (the prover) can prove to another party (the verifier) that they know value x, without conveying any information apart from the fact that they know value x. - The essence of a zero-knowledge proof is that it is trivial to prove that someone possesses knowledge of certain information by simply revealing it. The challenge is to justify such possession without revealing the information itself or any additional information.
Zero Knowledge proof A zero-knowledge proof must satisfy the following three parameters: 1. Completeness. If the statement is true, the honest verifier—the one that is following the protocol properly will be convinced of this fact by an honest prover. 1. Soundness. If the statement is false, no cheating prover can convince the honest verifier that it is true, except for some small probability. 1. Zero knowledge. If the statement is true, no verifier learns anything, except the fact that the statement is true.
Zero Knowledge proof To illustrate how ZKP works in practice, Wikipedia refers to the Ali Baba cave story, which was first published by Jean-Jacques Quisquater. - In this example, Peggy acts as the prover and Victor acts as the verifier. - In the story, the cave is shaped like a ring. The entrance is on the left side, and there’s a magic door blocking the right side. - Peggy wants to prove to Victor that she knows the secret word to open the magic door. However, she does not want to reveal the secret word.
The general structure of a ZKP - The general structure of a ZKP consists of three sequential actions between participants A and B. - These actions are called as Witness ,Challenge ,response. 1. Witness : The fact that manish(prover) knows the secret determines some set of the questions, which always can be answered by manish(prover) correctly. At first, manish(prover) randomly chooses any question from the set and calculates a proof. Then, manish(prover) sends the proof to Abhishek(verifier).
The general structure of a ZKP 2. Challenge : After that, Abhishek(verifier) chooses a question from the set and asks manish(prover) to answer it. 3. Response. Manish(prover) calculates the answer and sends it back to Abhishek(verifier
Zero-knowledge succinct non interactive argument of knowledge - The concept (also known as zk-SNARK) enables transactions to be verified in a single message from a prover to a verifier without interaction between them - Zero-knowledge succinct non interactive argument of knowledge (zk-SNARK) is a ZKP-based protocol with the following additional features: 1. Succinct. The size of the proof is small enough to be verified in a few milliseconds. 2. Noninteractive. The proof transcript consists of a single message—from the prover to the verifier. 3. Argument of knowledge. A computationally sound proof: soundness holds against the prover that leverages polynomial-time—i.e., a bounded computation.
Zero-knowledge succinct non interactive argument of knowledge zk-SNARK consists of the three functions: 1. A key generator (G) takes a secret parameter (λ) and generates two publicly available keys—a proving key (pk) and a verification key (vk). . 2. The prover function (PF) takes pk as an input, x as a common input, and w as a private input. The function generates a proof . prf = PF(pk, x, w).
Zero-knowledge succinct non interactive argument of knowledge 3. The verifier function (VF) computes VF(vk, x, prf), which returns Accept if the proof is correct and Reject if it is not.
Zero-knowledge succinct non interactive argument of knowledge Fig : In a Non-interactive ZKP, A & B interact only once
ZK-Snark Approach for privacy of Hyperledger-Indy - Identity Mixer (Idemix) is a ZKP-based cryptographic protocol suite developed by IBM Research for privacy-preserving authentication and transfer of certified attributes. - Idemix works in a similar way as client certificates in a classical public-key infrastructure (PKI), but with two important differences: 1. Flexible public keys. 1. Flexible credentials.
ZK-Snark Approach for privacy of Hyperledger-Indy - Indy-anoncreds, a ZKP based on the Idemix protocol, to cryptographically secure credentials. - The workflow of Indy-annoncreds begins with the prover creating a master key. - This master key is used to guarantee that a credential uniquely belongs to the prover.
ZK-Snark Approach for privacy of Hyperledger-Indy
ZK-Snark Approach for privacy of Hyperledger-Indy
ZK-Snark Approach for privacy of Hyperledger-Indy
ZK-Snark Approach for privacy of Hyperledger-Indy Zero-knowledge proof paradigm works
Libsodium’s sealed box Approach for privacy of Hyperledger-Indy - Sodium is a modern, easy-to-use software library for encryption, decryption, signatures, password hashing and more. - Its goal is to provide all of the core operations needed to build higher-level cryptographic tools. - Sodium is cross-platforms and cross-languages. - The design choices emphasize security and ease of use. But despite the emphasis on high security, primitives are faster across-the-board than most implementations.
Libsodium’s sealed box Approach for privacy of Hyperledger-Indy - Sealed boxes are designed to anonymously send messages to a recipient given its public key. - Only the recipient can decrypt these messages, using its private key. While the recipient can verify the integrity of the message, it cannot verify the identity of the sender. - A message is encrypted using an ephemeral key pair, whose secret part is destroyed right after the encryption process. - Without knowing the secret key used for a given message, the sender cannot decrypt its own message later. And without additional data, a message cannot be correlated with the identity of its sender.
Libsodium’s sealed box Approach for privacy of Hyperledger-Indy - The crypto_box_seal() function encrypts a message m of length mlen for a recipient whose public key is pk. It puts the ciphertext whose length is crypto_box_SEALBYTES + mlen into c. Ex - int crypto_box_seal(unsigned char *c, const unsigned char *m, unsigned long long mlen, const unsigned char *pk); - The function creates a new key pair for each message, and attaches the public key to the ciphertext. - The secret key is overwritten and is not accessible after this function returns.
Libsodium’s sealed box Approach for privacy of Hyperledger-Indy Ex- int crypto_box_seal_open(unsigned char *m, const unsigned char *c, unsigned long long clen, const unsigned char *pk, const unsigned char *sk); - The crypto_box_seal_open() function decrypts the ciphertext c whose length is clen, using the key pair (pk, sk), and puts the decrypted message into m (clen - crypto_box_SEALBYTES bytes). - Key pairs are compatible with other crypto_box_* operations and can be created using crypto_box_keypair() or crypto_box_seed_keypair(). - This function doesn't require passing the public key of the sender, as the ciphertext already includes this information.
Authenticated encryption Approach for privacy of Hyperledger-Indy - Using public-key authenticated encryption, Bob can encrypt a confidential message specifically for Alice, using Alice's public key. - Using Bob's public key, Alice can compute a shared secret key. Using Alice's public key and his secret key, Bob can compute the exact same shared secret key. That shared secret key can be used to verify that the encrypted message was not tampered with, before eventually decrypting it. - Alice only needs Bob's public key, the nonce and the ciphertext. Bob should never ever share his secret key, even with Alice.
Authenticated encryption Approach for privacy of Hyperledger-Indy - And in order to send messages to Alice, Bob only needs Alice's public key. Alice should never ever share her secret key either, even with Bob.key-pair generation Ex- int crypto_box_keypair(unsigned char *pk, unsigned char *sk); - Alice can reply to Bob using the same system, without having to generate a distinct key pair. Ex- int crypto_box_seed_keypair(unsigned char *pk, unsigned char *sk, const unsigned char *seed); - The nonce doesn't have to be confidential.
- https://github.com/hyperledger/indy- hipe/blob/4fd9db5801f24f4e9ec122db98d4f725a394617c/text/0011-cred- revocation/README.md - https://medium.com/@alakhani3000/three-things-that-hyperledger-indy- brings-to-blockchain-6d43eb630b86 - https://github.com/hyperledger- archives/education/blob/master/LFS171x - /docs/introduction-to-hyperledger-indy.md - https://www.geeksforgeeks.org/implementation-diffie-hellman-algorithm/ References
Thank You
Any Question?

Recommended

Hyperledger Indy tutorial
Hyperledger Indy tutorialHyperledger Indy tutorial
Hyperledger Indy tutorialssuser3993f3
 
Verifiable Credentials in Self-Sovereign Identity (SSI)
Verifiable Credentials in Self-Sovereign Identity (SSI)Verifiable Credentials in Self-Sovereign Identity (SSI)
Verifiable Credentials in Self-Sovereign Identity (SSI)Evernym
 
OpenID for Verifiable Credentials
OpenID for Verifiable CredentialsOpenID for Verifiable Credentials
OpenID for Verifiable CredentialsTorsten Lodderstedt
 
DID Resolution: Given a DID how do I retrieve its document? – Markus Sabadello
DID Resolution: Given a DID how do I retrieve its document? – Markus SabadelloDID Resolution: Given a DID how do I retrieve its document? – Markus Sabadello
DID Resolution: Given a DID how do I retrieve its document? – Markus SabadelloSSIMeetup
 
OpenID Connect 4 SSI
OpenID Connect 4 SSIOpenID Connect 4 SSI
OpenID Connect 4 SSITorsten Lodderstedt
 
Vault
VaultVault
VaultJean-Philippe Bélanger
 
Peer DIDs: a secure and scalable method for DIDs that’s entirely off-ledger –...
Peer DIDs: a secure and scalable method for DIDs that’s entirely off-ledger –...Peer DIDs: a secure and scalable method for DIDs that’s entirely off-ledger –...
Peer DIDs: a secure and scalable method for DIDs that’s entirely off-ledger –...SSIMeetup
 
Keycloak for Science Gateways - SGCI Technology Sampler Webinar
Keycloak for Science Gateways - SGCI Technology Sampler WebinarKeycloak for Science Gateways - SGCI Technology Sampler Webinar
Keycloak for Science Gateways - SGCI Technology Sampler Webinarmarcuschristie
 

Recommended

Hyperledger Indy tutorial
Hyperledger Indy tutorialHyperledger Indy tutorial
Hyperledger Indy tutorialssuser3993f3
 
Verifiable Credentials in Self-Sovereign Identity (SSI)
Verifiable Credentials in Self-Sovereign Identity (SSI)Verifiable Credentials in Self-Sovereign Identity (SSI)
Verifiable Credentials in Self-Sovereign Identity (SSI)Evernym
 
OpenID for Verifiable Credentials
OpenID for Verifiable CredentialsOpenID for Verifiable Credentials
OpenID for Verifiable CredentialsTorsten Lodderstedt
 
DID Resolution: Given a DID how do I retrieve its document? – Markus Sabadello
DID Resolution: Given a DID how do I retrieve its document? – Markus SabadelloDID Resolution: Given a DID how do I retrieve its document? – Markus Sabadello
DID Resolution: Given a DID how do I retrieve its document? – Markus SabadelloSSIMeetup
 
OpenID Connect 4 SSI
OpenID Connect 4 SSIOpenID Connect 4 SSI
OpenID Connect 4 SSITorsten Lodderstedt
 
Vault
VaultVault
VaultJean-Philippe Bélanger
 
Peer DIDs: a secure and scalable method for DIDs that’s entirely off-ledger –...
Peer DIDs: a secure and scalable method for DIDs that’s entirely off-ledger –...Peer DIDs: a secure and scalable method for DIDs that’s entirely off-ledger –...
Peer DIDs: a secure and scalable method for DIDs that’s entirely off-ledger –...SSIMeetup
 
Keycloak for Science Gateways - SGCI Technology Sampler Webinar
Keycloak for Science Gateways - SGCI Technology Sampler WebinarKeycloak for Science Gateways - SGCI Technology Sampler Webinar
Keycloak for Science Gateways - SGCI Technology Sampler Webinarmarcuschristie
 
Invoke-Obfuscation DerbyCon 2016
Invoke-Obfuscation DerbyCon 2016Invoke-Obfuscation DerbyCon 2016
Invoke-Obfuscation DerbyCon 2016Daniel Bohannon
 
ERC Identity
ERC IdentityERC Identity
ERC IdentityFabian Vogelsteller
 
Matching Identity Management Solutions to Self-Sovereign Identity Principles
Matching Identity Management Solutions to Self-Sovereign Identity PrinciplesMatching Identity Management Solutions to Self-Sovereign Identity Principles
Matching Identity Management Solutions to Self-Sovereign Identity PrinciplesTommy Koens
 
Windows Attacks AT is the new black
Windows Attacks AT is the new blackWindows Attacks AT is the new black
Windows Attacks AT is the new blackRob Fuller
 
Room 1 - 6 - Trần Quốc Sang - Autoscaling for multi cloud platform based on S...
Room 1 - 6 - Trần Quốc Sang - Autoscaling for multi cloud platform based on S...Room 1 - 6 - Trần Quốc Sang - Autoscaling for multi cloud platform based on S...
Room 1 - 6 - Trần Quốc Sang - Autoscaling for multi cloud platform based on S...Vietnam Open Infrastructure User Group
 
What is Content centric networking
What is Content centric networkingWhat is Content centric networking
What is Content centric networkingpraison
 
Level Up! - Practical Windows Privilege Escalation
Level Up! - Practical Windows Privilege EscalationLevel Up! - Practical Windows Privilege Escalation
Level Up! - Practical Windows Privilege Escalationjakx_
 
Graylog for open stack 3 steps to know why
Graylog for open stack 3 steps to know whyGraylog for open stack 3 steps to know why
Graylog for open stack 3 steps to know whyVietnam Open Infrastructure User Group
 
Fluent Bit: Log Forwarding at Scale
Fluent Bit: Log Forwarding at ScaleFluent Bit: Log Forwarding at Scale
Fluent Bit: Log Forwarding at ScaleEduardo Silva Pereira
 
Overview of Decentralized Identity
Overview of Decentralized IdentityOverview of Decentralized Identity
Overview of Decentralized IdentityJim Flynn
 
Introduction to FIDO Alliance
Introduction to FIDO AllianceIntroduction to FIDO Alliance
Introduction to FIDO AllianceFIDO Alliance
 
Webauthn Tutorial
Webauthn TutorialWebauthn Tutorial
Webauthn TutorialFIDO Alliance
 
Introduction to Real-time, Streaming Data and Amazon Kinesis: Streaming Data ...
Introduction to Real-time, Streaming Data and Amazon Kinesis: Streaming Data ...Introduction to Real-time, Streaming Data and Amazon Kinesis: Streaming Data ...
Introduction to Real-time, Streaming Data and Amazon Kinesis: Streaming Data ...Amazon Web Services
 
SIngle Sign On with Keycloak
SIngle Sign On with KeycloakSIngle Sign On with Keycloak
SIngle Sign On with KeycloakJulien Pivotto
 
KubeCon + CloudNative Con NA 2021 | A New Generation of NATS
KubeCon + CloudNative Con NA 2021 | A New Generation of NATSKubeCon + CloudNative Con NA 2021 | A New Generation of NATS
KubeCon + CloudNative Con NA 2021 | A New Generation of NATSNATS
 
OK Google, How Do I Red Team GSuite?
OK Google, How Do I Red Team GSuite?OK Google, How Do I Red Team GSuite?
OK Google, How Do I Red Team GSuite?Beau Bullock
 
Vault - Secret and Key Management
Vault - Secret and Key ManagementVault - Secret and Key Management
Vault - Secret and Key ManagementAnthony Ikeda
 
BlueHat 2014 - The Attacker's View of Windows Authentication and Post Exploit...
BlueHat 2014 - The Attacker's View of Windows Authentication and Post Exploit...BlueHat 2014 - The Attacker's View of Windows Authentication and Post Exploit...
BlueHat 2014 - The Attacker's View of Windows Authentication and Post Exploit...Benjamin Delpy
 
Android Tamer: Virtual Machine for Android (Security) Professionals
Android Tamer: Virtual Machine for Android (Security) ProfessionalsAndroid Tamer: Virtual Machine for Android (Security) Professionals
Android Tamer: Virtual Machine for Android (Security) ProfessionalsAnant Shrivastava
 
OSCON 2018 Getting Started with Hyperledger Indy
OSCON 2018 Getting Started with Hyperledger IndyOSCON 2018 Getting Started with Hyperledger Indy
OSCON 2018 Getting Started with Hyperledger IndyTracy Kuhrt
 
Deniable Encryption Key
Deniable Encryption KeyDeniable Encryption Key
Deniable Encryption KeyIOSR Journals
 
Privacy Preserving Paradigms of Blockchain Technology
Privacy Preserving Paradigms of Blockchain TechnologyPrivacy Preserving Paradigms of Blockchain Technology
Privacy Preserving Paradigms of Blockchain TechnologyGokul Alex
 

More Related Content

What's hot

Invoke-Obfuscation DerbyCon 2016
Invoke-Obfuscation DerbyCon 2016Invoke-Obfuscation DerbyCon 2016
Invoke-Obfuscation DerbyCon 2016Daniel Bohannon
 
Matching Identity Management Solutions to Self-Sovereign Identity Principles
Matching Identity Management Solutions to Self-Sovereign Identity PrinciplesMatching Identity Management Solutions to Self-Sovereign Identity Principles
Matching Identity Management Solutions to Self-Sovereign Identity PrinciplesTommy Koens
 
Windows Attacks AT is the new black
Windows Attacks AT is the new blackWindows Attacks AT is the new black
Windows Attacks AT is the new blackRob Fuller
 
Room 1 - 6 - Trần Quốc Sang - Autoscaling for multi cloud platform based on S...
Room 1 - 6 - Trần Quốc Sang - Autoscaling for multi cloud platform based on S...Room 1 - 6 - Trần Quốc Sang - Autoscaling for multi cloud platform based on S...
Room 1 - 6 - Trần Quốc Sang - Autoscaling for multi cloud platform based on S...Vietnam Open Infrastructure User Group
 
What is Content centric networking
What is Content centric networkingWhat is Content centric networking
What is Content centric networkingpraison
 
Level Up! - Practical Windows Privilege Escalation
Level Up! - Practical Windows Privilege EscalationLevel Up! - Practical Windows Privilege Escalation
Level Up! - Practical Windows Privilege Escalationjakx_
 
Overview of Decentralized Identity
Overview of Decentralized IdentityOverview of Decentralized Identity
Overview of Decentralized IdentityJim Flynn
 
Introduction to FIDO Alliance
Introduction to FIDO AllianceIntroduction to FIDO Alliance
Introduction to FIDO AllianceFIDO Alliance
 
Introduction to Real-time, Streaming Data and Amazon Kinesis: Streaming Data ...
Introduction to Real-time, Streaming Data and Amazon Kinesis: Streaming Data ...Introduction to Real-time, Streaming Data and Amazon Kinesis: Streaming Data ...
Introduction to Real-time, Streaming Data and Amazon Kinesis: Streaming Data ...Amazon Web Services
 
SIngle Sign On with Keycloak
SIngle Sign On with KeycloakSIngle Sign On with Keycloak
SIngle Sign On with KeycloakJulien Pivotto
 
KubeCon + CloudNative Con NA 2021 | A New Generation of NATS
KubeCon + CloudNative Con NA 2021 | A New Generation of NATSKubeCon + CloudNative Con NA 2021 | A New Generation of NATS
KubeCon + CloudNative Con NA 2021 | A New Generation of NATSNATS
 
OK Google, How Do I Red Team GSuite?
OK Google, How Do I Red Team GSuite?OK Google, How Do I Red Team GSuite?
OK Google, How Do I Red Team GSuite?Beau Bullock
 
Vault - Secret and Key Management
Vault - Secret and Key ManagementVault - Secret and Key Management
Vault - Secret and Key ManagementAnthony Ikeda
 
BlueHat 2014 - The Attacker's View of Windows Authentication and Post Exploit...
BlueHat 2014 - The Attacker's View of Windows Authentication and Post Exploit...BlueHat 2014 - The Attacker's View of Windows Authentication and Post Exploit...
BlueHat 2014 - The Attacker's View of Windows Authentication and Post Exploit...Benjamin Delpy
 
Android Tamer: Virtual Machine for Android (Security) Professionals
Android Tamer: Virtual Machine for Android (Security) ProfessionalsAndroid Tamer: Virtual Machine for Android (Security) Professionals
Android Tamer: Virtual Machine for Android (Security) ProfessionalsAnant Shrivastava
 
OSCON 2018 Getting Started with Hyperledger Indy
OSCON 2018 Getting Started with Hyperledger IndyOSCON 2018 Getting Started with Hyperledger Indy
OSCON 2018 Getting Started with Hyperledger IndyTracy Kuhrt
 

What's hot (20)

Invoke-Obfuscation DerbyCon 2016
Invoke-Obfuscation DerbyCon 2016Invoke-Obfuscation DerbyCon 2016
Invoke-Obfuscation DerbyCon 2016
 
ERC Identity
ERC IdentityERC Identity
ERC Identity
 
Matching Identity Management Solutions to Self-Sovereign Identity Principles
Matching Identity Management Solutions to Self-Sovereign Identity PrinciplesMatching Identity Management Solutions to Self-Sovereign Identity Principles
Matching Identity Management Solutions to Self-Sovereign Identity Principles
 
Windows Attacks AT is the new black
Windows Attacks AT is the new blackWindows Attacks AT is the new black
Windows Attacks AT is the new black
 
Room 1 - 6 - Trần Quốc Sang - Autoscaling for multi cloud platform based on S...
Room 1 - 6 - Trần Quốc Sang - Autoscaling for multi cloud platform based on S...Room 1 - 6 - Trần Quốc Sang - Autoscaling for multi cloud platform based on S...
Room 1 - 6 - Trần Quốc Sang - Autoscaling for multi cloud platform based on S...
 
What is Content centric networking
What is Content centric networkingWhat is Content centric networking
What is Content centric networking
 
Level Up! - Practical Windows Privilege Escalation
Level Up! - Practical Windows Privilege EscalationLevel Up! - Practical Windows Privilege Escalation
Level Up! - Practical Windows Privilege Escalation
 
Graylog for open stack 3 steps to know why
Graylog for open stack 3 steps to know whyGraylog for open stack 3 steps to know why
Graylog for open stack 3 steps to know why
 
Fluent Bit: Log Forwarding at Scale
Fluent Bit: Log Forwarding at ScaleFluent Bit: Log Forwarding at Scale
Fluent Bit: Log Forwarding at Scale
 
Overview of Decentralized Identity
Overview of Decentralized IdentityOverview of Decentralized Identity
Overview of Decentralized Identity
 
Introduction to FIDO Alliance
Introduction to FIDO AllianceIntroduction to FIDO Alliance
Introduction to FIDO Alliance
 
Webauthn Tutorial
Webauthn TutorialWebauthn Tutorial
Webauthn Tutorial
 
Introduction to Real-time, Streaming Data and Amazon Kinesis: Streaming Data ...
Introduction to Real-time, Streaming Data and Amazon Kinesis: Streaming Data ...Introduction to Real-time, Streaming Data and Amazon Kinesis: Streaming Data ...
Introduction to Real-time, Streaming Data and Amazon Kinesis: Streaming Data ...
 
SIngle Sign On with Keycloak
SIngle Sign On with KeycloakSIngle Sign On with Keycloak
SIngle Sign On with Keycloak
 
KubeCon + CloudNative Con NA 2021 | A New Generation of NATS
KubeCon + CloudNative Con NA 2021 | A New Generation of NATSKubeCon + CloudNative Con NA 2021 | A New Generation of NATS
KubeCon + CloudNative Con NA 2021 | A New Generation of NATS
 
OK Google, How Do I Red Team GSuite?
OK Google, How Do I Red Team GSuite?OK Google, How Do I Red Team GSuite?
OK Google, How Do I Red Team GSuite?
 
Vault - Secret and Key Management
Vault - Secret and Key ManagementVault - Secret and Key Management
Vault - Secret and Key Management
 
BlueHat 2014 - The Attacker's View of Windows Authentication and Post Exploit...
BlueHat 2014 - The Attacker's View of Windows Authentication and Post Exploit...BlueHat 2014 - The Attacker's View of Windows Authentication and Post Exploit...
BlueHat 2014 - The Attacker's View of Windows Authentication and Post Exploit...
 
Android Tamer: Virtual Machine for Android (Security) Professionals
Android Tamer: Virtual Machine for Android (Security) ProfessionalsAndroid Tamer: Virtual Machine for Android (Security) Professionals
Android Tamer: Virtual Machine for Android (Security) Professionals
 
OSCON 2018 Getting Started with Hyperledger Indy
OSCON 2018 Getting Started with Hyperledger IndyOSCON 2018 Getting Started with Hyperledger Indy
OSCON 2018 Getting Started with Hyperledger Indy
 

Similar to Blockchain Privacy Approaches in Indy Explained

Deniable Encryption Key
Deniable Encryption KeyDeniable Encryption Key
Deniable Encryption KeyIOSR Journals
 
Privacy Preserving Paradigms of Blockchain Technology
Privacy Preserving Paradigms of Blockchain TechnologyPrivacy Preserving Paradigms of Blockchain Technology
Privacy Preserving Paradigms of Blockchain TechnologyGokul Alex
 
Ao318992
Ao318992Ao318992
Ao318992IJMER
 
Chaos Based Direct Public Verifiable Signcryption Scheme
Chaos Based Direct Public Verifiable Signcryption SchemeChaos Based Direct Public Verifiable Signcryption Scheme
Chaos Based Direct Public Verifiable Signcryption SchemeIOSR Journals
 
Encryption technology
Encryption technologyEncryption technology
Encryption technologyNeha Bhambu
 
Dissemination of knowledge on Secure Systems Engineering
Dissemination of knowledge on Secure Systems EngineeringDissemination of knowledge on Secure Systems Engineering
Dissemination of knowledge on Secure Systems EngineeringJAIGANESH SEKAR
 
AN EFFICIENT AND SECURE DIGITAL MULTI-SIGNATURE PROTOCOL BASED ON ECC
AN EFFICIENT AND SECURE DIGITAL MULTI-SIGNATURE PROTOCOL BASED ON ECCAN EFFICIENT AND SECURE DIGITAL MULTI-SIGNATURE PROTOCOL BASED ON ECC
AN EFFICIENT AND SECURE DIGITAL MULTI-SIGNATURE PROTOCOL BASED ON ECCijcisjournal
 
Cryptography chap#6.pptx
Cryptography chap#6.pptxCryptography chap#6.pptx
Cryptography chap#6.pptxHamnaMalik31
 
AN EFFICIENT PROXY SIGNCRYPTION SCHEME BASED ON THE DISCRETE LOGARITHM PROBLEM
AN EFFICIENT PROXY SIGNCRYPTION SCHEME BASED ON THE DISCRETE LOGARITHM PROBLEMAN EFFICIENT PROXY SIGNCRYPTION SCHEME BASED ON THE DISCRETE LOGARITHM PROBLEM
AN EFFICIENT PROXY SIGNCRYPTION SCHEME BASED ON THE DISCRETE LOGARITHM PROBLEMZac Darcy
 
CNS_Solutions-Adi.pdf
CNS_Solutions-Adi.pdfCNS_Solutions-Adi.pdf
CNS_Solutions-Adi.pdfAdiseshaK
 
CNS Solutions-Adi.pdf
CNS Solutions-Adi.pdfCNS Solutions-Adi.pdf
CNS Solutions-Adi.pdfAdiseshaK
 
Lightweight secure scheme for detecting provenance forgery and packet drop at...
Lightweight secure scheme for detecting provenance forgery and packet drop at...Lightweight secure scheme for detecting provenance forgery and packet drop at...
Lightweight secure scheme for detecting provenance forgery and packet drop at...Pvrtechnologies Nellore
 
Exploring the role of DSA in Zero Knowledge Proof
Exploring the role of DSA in Zero Knowledge ProofExploring the role of DSA in Zero Knowledge Proof
Exploring the role of DSA in Zero Knowledge Proof22f2000330
 
Secrecy and Authenticity Properties of the Lightning Network Protocol
Secrecy and Authenticity Properties of the Lightning Network ProtocolSecrecy and Authenticity Properties of the Lightning Network Protocol
Secrecy and Authenticity Properties of the Lightning Network ProtocolHans Hyttel
 
PresentationonCRYPTOGRAPHYppt.ppt
PresentationonCRYPTOGRAPHYppt.pptPresentationonCRYPTOGRAPHYppt.ppt
PresentationonCRYPTOGRAPHYppt.pptPrabhatMishraAbvp
 
PresentationonCRYPTOGRAPHYppt.ppt
PresentationonCRYPTOGRAPHYppt.pptPresentationonCRYPTOGRAPHYppt.ppt
PresentationonCRYPTOGRAPHYppt.pptvinitajain703
 

Similar to Blockchain Privacy Approaches in Indy Explained (20)

Deniable Encryption Key
Deniable Encryption KeyDeniable Encryption Key
Deniable Encryption Key
 
Privacy Preserving Paradigms of Blockchain Technology
Privacy Preserving Paradigms of Blockchain TechnologyPrivacy Preserving Paradigms of Blockchain Technology
Privacy Preserving Paradigms of Blockchain Technology
 
Ao318992
Ao318992Ao318992
Ao318992
 
Chaos Based Direct Public Verifiable Signcryption Scheme
Chaos Based Direct Public Verifiable Signcryption SchemeChaos Based Direct Public Verifiable Signcryption Scheme
Chaos Based Direct Public Verifiable Signcryption Scheme
 
Encryption technology
Encryption technologyEncryption technology
Encryption technology
 
Dissemination of knowledge on Secure Systems Engineering
Dissemination of knowledge on Secure Systems EngineeringDissemination of knowledge on Secure Systems Engineering
Dissemination of knowledge on Secure Systems Engineering
 
Network security
Network securityNetwork security
Network security
 
AN EFFICIENT AND SECURE DIGITAL MULTI-SIGNATURE PROTOCOL BASED ON ECC
AN EFFICIENT AND SECURE DIGITAL MULTI-SIGNATURE PROTOCOL BASED ON ECCAN EFFICIENT AND SECURE DIGITAL MULTI-SIGNATURE PROTOCOL BASED ON ECC
AN EFFICIENT AND SECURE DIGITAL MULTI-SIGNATURE PROTOCOL BASED ON ECC
 
Cryptography chap#6.pptx
Cryptography chap#6.pptxCryptography chap#6.pptx
Cryptography chap#6.pptx
 
AN EFFICIENT PROXY SIGNCRYPTION SCHEME BASED ON THE DISCRETE LOGARITHM PROBLEM
AN EFFICIENT PROXY SIGNCRYPTION SCHEME BASED ON THE DISCRETE LOGARITHM PROBLEMAN EFFICIENT PROXY SIGNCRYPTION SCHEME BASED ON THE DISCRETE LOGARITHM PROBLEM
AN EFFICIENT PROXY SIGNCRYPTION SCHEME BASED ON THE DISCRETE LOGARITHM PROBLEM
 
CNS_Solutions-Adi.pdf
CNS_Solutions-Adi.pdfCNS_Solutions-Adi.pdf
CNS_Solutions-Adi.pdf
 
CNS_Solutions-Adi.pdf
CNS_Solutions-Adi.pdfCNS_Solutions-Adi.pdf
CNS_Solutions-Adi.pdf
 
CNS Solutions-Adi.pdf
CNS Solutions-Adi.pdfCNS Solutions-Adi.pdf
CNS Solutions-Adi.pdf
 
Encryption
EncryptionEncryption
Encryption
 
Lightweight secure scheme for detecting provenance forgery and packet drop at...
Lightweight secure scheme for detecting provenance forgery and packet drop at...Lightweight secure scheme for detecting provenance forgery and packet drop at...
Lightweight secure scheme for detecting provenance forgery and packet drop at...
 
Exploring the role of DSA in Zero Knowledge Proof
Exploring the role of DSA in Zero Knowledge ProofExploring the role of DSA in Zero Knowledge Proof
Exploring the role of DSA in Zero Knowledge Proof
 
Secrecy and Authenticity Properties of the Lightning Network Protocol
Secrecy and Authenticity Properties of the Lightning Network ProtocolSecrecy and Authenticity Properties of the Lightning Network Protocol
Secrecy and Authenticity Properties of the Lightning Network Protocol
 
Cryptography ppt
Cryptography pptCryptography ppt
Cryptography ppt
 
PresentationonCRYPTOGRAPHYppt.ppt
PresentationonCRYPTOGRAPHYppt.pptPresentationonCRYPTOGRAPHYppt.ppt
PresentationonCRYPTOGRAPHYppt.ppt
 
PresentationonCRYPTOGRAPHYppt.ppt
PresentationonCRYPTOGRAPHYppt.pptPresentationonCRYPTOGRAPHYppt.ppt
PresentationonCRYPTOGRAPHYppt.ppt
 

Recently uploaded

costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 

Recently uploaded (20)

costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 

Blockchain Privacy Approaches in Indy Explained

  • 1. Blockchain Privacy Approaches in Indy By Manish Kumar Giri
  • 2. - Hyperledger-Indy provides a software ecosystem for private, secure, and powerful identity, and libindy enables clients for it. - Hyperledger Indy has tools, libraries, and reusable components for providing digital identities rooted on blockchains or other distributed ledgers. - They are interoperable across administrative domains, applications, and any other silo. - Indy is interoperable with other blockchains or can be used standalone powering the decentralization of identity. - Indy uses open-source, distributed ledger technology. These ledgers are a form of database that is provided cooperatively by a pool of participants What is Hyperledger-Indy?
  • 3. Hyperledger Indy’s approach to privacy includes - Elliptic curve cryptography, - Semi-trusted agents, - Agent-to-agent communication - Pairwise DIDs Using techniques such as - Zero-knowledge proofs, - Libsodium’s sealed box - Authenticated encryption, - Privacy-preserving credential revocation features. Hyperledger-indy approach to priavcy
  • 4. Elliptic Curve Cryptography - Elliptic curve cryptography is a powerful approach to cryptography and an alternative method from the well known RSA. - It is an approach used for public key encryption by utilizing the mathematics behind elliptic curves in order to generate security between key pairs. - ECC has been slowly gaining in popularity over the past few years due to its ability to provide the same level of security as RSA with a much smaller key size.
  • 5. How does elliptic curve cryptography work? - An elliptical curve can simply illustrated as a set of points defined by the following equation: y2 = x3 + ax + b
  • 6. How does elliptic curve cryptography work? - Based on the values given to points a and b, an elliptic curve is drawn. - A line can then be drawn through these points until it reaches a third intersection point on the curve which we can call point c. - At this stage, when the line reaches its third intersect point, we can reflect that point onto the other side of the x-axis. - Continuing from point c, we can then draw a line through from point a to point c which intersects with another part of the curve, point d. This point is also reflected to the other side of the x-axis and this process continues until an end point is defined. - Each intersection point is defined in terms of a "dot". In the example below, the intersection points would be described as: A dot A = B A dot B = C A dot C = D A dot D = E
  • 7. Zero Knowledge proof - A zero-knowledge proof or zero-knowledge protocol is a method by which one party (the prover) can prove to another party (the verifier) that they know value x, without conveying any information apart from the fact that they know value x. - The essence of a zero-knowledge proof is that it is trivial to prove that someone possesses knowledge of certain information by simply revealing it. The challenge is to justify such possession without revealing the information itself or any additional information.
  • 8. Zero Knowledge proof A zero-knowledge proof must satisfy the following three parameters: 1. Completeness. If the statement is true, the honest verifier—the one that is following the protocol properly will be convinced of this fact by an honest prover. 1. Soundness. If the statement is false, no cheating prover can convince the honest verifier that it is true, except for some small probability. 1. Zero knowledge. If the statement is true, no verifier learns anything, except the fact that the statement is true.
  • 9. Zero Knowledge proof To illustrate how ZKP works in practice, Wikipedia refers to the Ali Baba cave story, which was first published by Jean-Jacques Quisquater. - In this example, Peggy acts as the prover and Victor acts as the verifier. - In the story, the cave is shaped like a ring. The entrance is on the left side, and there’s a magic door blocking the right side. - Peggy wants to prove to Victor that she knows the secret word to open the magic door. However, she does not want to reveal the secret word.
  • 10. The general structure of a ZKP - The general structure of a ZKP consists of three sequential actions between participants A and B. - These actions are called as Witness ,Challenge ,response. 1. Witness : The fact that manish(prover) knows the secret determines some set of the questions, which always can be answered by manish(prover) correctly. At first, manish(prover) randomly chooses any question from the set and calculates a proof. Then, manish(prover) sends the proof to Abhishek(verifier).
  • 11. The general structure of a ZKP 2. Challenge : After that, Abhishek(verifier) chooses a question from the set and asks manish(prover) to answer it. 3. Response. Manish(prover) calculates the answer and sends it back to Abhishek(verifier
  • 12. Zero-knowledge succinct non interactive argument of knowledge - The concept (also known as zk-SNARK) enables transactions to be verified in a single message from a prover to a verifier without interaction between them - Zero-knowledge succinct non interactive argument of knowledge (zk-SNARK) is a ZKP-based protocol with the following additional features: 1. Succinct. The size of the proof is small enough to be verified in a few milliseconds. 2. Noninteractive. The proof transcript consists of a single message—from the prover to the verifier. 3. Argument of knowledge. A computationally sound proof: soundness holds against the prover that leverages polynomial-time—i.e., a bounded computation.
  • 13. Zero-knowledge succinct non interactive argument of knowledge zk-SNARK consists of the three functions: 1. A key generator (G) takes a secret parameter (λ) and generates two publicly available keys—a proving key (pk) and a verification key (vk). . 2. The prover function (PF) takes pk as an input, x as a common input, and w as a private input. The function generates a proof . prf = PF(pk, x, w).
  • 14. Zero-knowledge succinct non interactive argument of knowledge 3. The verifier function (VF) computes VF(vk, x, prf), which returns Accept if the proof is correct and Reject if it is not.
  • 15. Zero-knowledge succinct non interactive argument of knowledge Fig : In a Non-interactive ZKP, A & B interact only once
  • 16. ZK-Snark Approach for privacy of Hyperledger-Indy - Identity Mixer (Idemix) is a ZKP-based cryptographic protocol suite developed by IBM Research for privacy-preserving authentication and transfer of certified attributes. - Idemix works in a similar way as client certificates in a classical public-key infrastructure (PKI), but with two important differences: 1. Flexible public keys. 1. Flexible credentials.
  • 17. ZK-Snark Approach for privacy of Hyperledger-Indy - Indy-anoncreds, a ZKP based on the Idemix protocol, to cryptographically secure credentials. - The workflow of Indy-annoncreds begins with the prover creating a master key. - This master key is used to guarantee that a credential uniquely belongs to the prover.
  • 18. ZK-Snark Approach for privacy of Hyperledger-Indy
  • 19. ZK-Snark Approach for privacy of Hyperledger-Indy
  • 20. ZK-Snark Approach for privacy of Hyperledger-Indy
  • 21. ZK-Snark Approach for privacy of Hyperledger-Indy Zero-knowledge proof paradigm works
  • 22. Libsodium’s sealed box Approach for privacy of Hyperledger-Indy - Sodium is a modern, easy-to-use software library for encryption, decryption, signatures, password hashing and more. - Its goal is to provide all of the core operations needed to build higher-level cryptographic tools. - Sodium is cross-platforms and cross-languages. - The design choices emphasize security and ease of use. But despite the emphasis on high security, primitives are faster across-the-board than most implementations.
  • 23. Libsodium’s sealed box Approach for privacy of Hyperledger-Indy - Sealed boxes are designed to anonymously send messages to a recipient given its public key. - Only the recipient can decrypt these messages, using its private key. While the recipient can verify the integrity of the message, it cannot verify the identity of the sender. - A message is encrypted using an ephemeral key pair, whose secret part is destroyed right after the encryption process. - Without knowing the secret key used for a given message, the sender cannot decrypt its own message later. And without additional data, a message cannot be correlated with the identity of its sender.
  • 24. Libsodium’s sealed box Approach for privacy of Hyperledger-Indy - The crypto_box_seal() function encrypts a message m of length mlen for a recipient whose public key is pk. It puts the ciphertext whose length is crypto_box_SEALBYTES + mlen into c. Ex - int crypto_box_seal(unsigned char *c, const unsigned char *m, unsigned long long mlen, const unsigned char *pk); - The function creates a new key pair for each message, and attaches the public key to the ciphertext. - The secret key is overwritten and is not accessible after this function returns.
  • 25. Libsodium’s sealed box Approach for privacy of Hyperledger-Indy Ex- int crypto_box_seal_open(unsigned char *m, const unsigned char *c, unsigned long long clen, const unsigned char *pk, const unsigned char *sk); - The crypto_box_seal_open() function decrypts the ciphertext c whose length is clen, using the key pair (pk, sk), and puts the decrypted message into m (clen - crypto_box_SEALBYTES bytes). - Key pairs are compatible with other crypto_box_* operations and can be created using crypto_box_keypair() or crypto_box_seed_keypair(). - This function doesn't require passing the public key of the sender, as the ciphertext already includes this information.
  • 26. Authenticated encryption Approach for privacy of Hyperledger-Indy - Using public-key authenticated encryption, Bob can encrypt a confidential message specifically for Alice, using Alice's public key. - Using Bob's public key, Alice can compute a shared secret key. Using Alice's public key and his secret key, Bob can compute the exact same shared secret key. That shared secret key can be used to verify that the encrypted message was not tampered with, before eventually decrypting it. - Alice only needs Bob's public key, the nonce and the ciphertext. Bob should never ever share his secret key, even with Alice.
  • 27. Authenticated encryption Approach for privacy of Hyperledger-Indy - And in order to send messages to Alice, Bob only needs Alice's public key. Alice should never ever share her secret key either, even with Bob.key-pair generation Ex- int crypto_box_keypair(unsigned char *pk, unsigned char *sk); - Alice can reply to Bob using the same system, without having to generate a distinct key pair. Ex- int crypto_box_seed_keypair(unsigned char *pk, unsigned char *sk, const unsigned char *seed); - The nonce doesn't have to be confidential.
  • 28. - https://github.com/hyperledger/indy- hipe/blob/4fd9db5801f24f4e9ec122db98d4f725a394617c/text/0011-cred- revocation/README.md - https://medium.com/@alakhani3000/three-things-that-hyperledger-indy- brings-to-blockchain-6d43eb630b86 - https://github.com/hyperledger- archives/education/blob/master/LFS171x - /docs/introduction-to-hyperledger-indy.md - https://www.geeksforgeeks.org/implementation-diffie-hellman-algorithm/ References