1. 22.01.2018
Blockchain as a cryptographic toolset
Dr. Peter Teufl
peter.teufl@a-sit.at

2. A-SIT registered non-profit association (main focus: IT-security)
members: BMF, BRZ, OENB, Graz University of Technology
A-SIT Plus GmbH
100% subsidiary of A-SIT
acts within public/private sector
Both organisations have a strong link to the IAIK/Graz University of Technology
offices in Graz/Vienna
Main topics for A-SIT Plus GmbH
technical IT-security (mobile security, authentication, cryptographic protocol, secure implementations)
org. IT-security (risk analysis, ISMS etc.)
teaching (e.g. automotive security at IAIK)
A-sit, a-sit plus GMBH

3. Did you know? :-)
blockchain
http://bitcoinist.com/judgment-day-conspiracy-group-claims-bitcoin-created-by-rogue-ai/

4. blockchain Toolset
Proof-of-work Proof-of-stake x out of n central, PKI etc. …
Smart contracts
Plain Data Hashes Encrypted data
none
Hash chains
Private Key none
public private
Key Manag. Trust Manag. ID Manag. Compliance
…
…
…
…
…
Crypto Manag. DSGVO …Operation
Integrity
Consensus
Auto. Trans.
Data
Assets
Read/Write/Delete
Fundamentals …

5. bitcoin Toolset
Proof-of-work Proof-of-stake x out of n central, PKI etc. …
Smart contracts
Plain Data Hashes Encrypted data
none
Hash chains
Private Key none
public private
Key Manag. Trust Manag. ID Manag. Compliance
…
…
…
…
…
Crypto Manag. DSGVO …Operation
Integrity
Consensus
Auto. Trans.
Data
Assets
Read/Write/Delete
Fundamentals …

6. rksv Toolset
Proof-of-work Proof-of-stake x out of n central, PKI etc.
Smart contracts
Plain Data Hashes Encrypted data
none
Hash chains
Private Key none
read (public: receipt data, BMF: reg. state, turnover) write:private
Key Manag. Trust Manag. ID Manag. Compliance
Crypto Manag. DSGVO Operation
Integrity
Consensus
Auto. Trans.
Data
Assets
Read/Write/Delete
Fundamentels

7. Security based on cryptographic signatures and cryptographic chaining
fields
cipher suite (Registrierkassenalgorithmuskennzeichen)
cash-register id
receipt id
date
sum of positions for each tax set
encrypted turnover counter
certificate serial number
hash-value of previous receipt
ECDSA signature value
RKSV, April 2017
_R1-AT1
_01010-3168-0
_3712
_2017-07-12T20:02:35
_0,00_21,60_0,00_0,00_0,00
_eF+MFkSHZfo=
_7E352D8A
_5cOcXaHJAoM=
_AQ/l6f5/zp+24bjZ0dtg4wjey/zf05LzE577XNyGHk8Tw
Hq53lojhDM/+zaM+A5petlw7K6m8+ilDZiRcQ3dqg==

8. For each cash-register: a cryptographic chain of receipts is created
Export of DEP (Datenerfassungsprotokoll) can be verified by verifying the cryptographic hash chain
Integrity
RK-Suite: R1-AT1
Kassen-ID: 0101
Belegnummer: 3713
…
Hash von Beleg 1
a3b3 4676 49fe 34ef …
RK-Suite: R1-AT1
Kassen-ID: 0101
Belegnummer: 3712
…
…
Beleg 1 Beleg 2
RK-Suite: R1-AT1
Kassen-ID: 0101
Belegnummer: 3714
…
HASH von Beleg 2
234a f124 1aaa 1bbb …
Beleg 3
RK-Suite: R1-AT1
Kassen-ID: 0101
Belegnummer: 3715
…
HASH von Beleg 3
aef2 12aa 1218 7afa …
Beleg 4
RK-Suite: R1-AT1
Kassen-ID: 0101
Belegnummer: 3716
…
…
Beleg 5
_R1-AT1
_01010-3168-0
_3712
_2017-07-12T20:02:35
_0,00_21,60_0,00_0,00_0,00
_eF+MFkSHZfo=
_7E352D8A
_5cOcXaHJAoM=
_AQ/l6f5/zp+24bjZ0dtg4wjey/zf05LzE577XNyGHk8Tw
Hq53lojhDM/+zaM+A5petlw7K6m8+ilDZiRcQ3dqg==
Hash chains

9. Consensus: there is no consensus in the BitCoin sense
The cash register uses the private key of a trusted certificate to sign a block, and
thereby extend the chain, no consensus is required to do so
How to ensure that the chain is not rewritten later?
MANDATORY to issue a receipt and take the receipt (validation points)
MANDATORY validation points (yearly receipt)
Consensus #1
_R1-AT1
_01010-3168-0
_3712
_2017-07-12T20:02:35
_0,00_21,60_0,00_0,00_0,00
_eF+MFkSHZfo=
_7E352D8A
_5cOcXaHJAoM=
_AQ/l6f5/zp+24bjZ0dtg4wjey/zf05LzE577XNyGHk8Tw
Hq53lojhDM/+zaM+A5petlw7K6m8+ilDZiRcQ3dqg==
central, PKI etc.

10. Certificates
software key stores not allowed, require secure signature creation device
either local (smardcard, USB-token) or remote (APIs protected by auth procedure)
certificates are issued by trust service providers (requirement, TSP must be able to
issue qualified signature certificates which allow to create signatures that are equal
to handwritten signatures) (details: EIDAS, EU regulation, electronic IDentification,
Authentication and trust Services)
Consensus #2
_R1-AT1
_01010-3168-0
_3712
_2017-07-12T20:02:35
_0,00_21,60_0,00_0,00_0,00
_eF+MFkSHZfo=
_7E352D8A
_5cOcXaHJAoM=
_AQ/l6f5/zp+24bjZ0dtg4wjey/zf05LzE577XNyGHk8Tw
Hq53lojhDM/+zaM+A5petlw7K6m8+ilDZiRcQ3dqg==
central, PKI etc.

11. https://www.signatur.rtr.at/currenttl.xml
https://www.signatur.rtr.at/en/directory/tsl.html
trust lists

12. Thus: Receipts can be uniquely linked to vendors
Consensus #3
_R1-AT1
_01010-3168-0
_3712
_2017-07-12T20:02:35
_0,00_21,60_0,00_0,00_0,00
_eF+MFkSHZfo=
_7E352D8A
_5cOcXaHJAoM=
_AQ/l6f5/zp+24bjZ0dtg4wjey/zf05LzE577XNyGHk8Tw
Hq53lojhDM/+zaM+A5petlw7K6m8+ilDZiRcQ3dqg==
central, PKI etc.

13. Plain
Receipt ID
cash register ID
date of receipt
sums of positions for different tax sets (20% 10% etc.)
serial number of signature certificate (can be fetched via public directory services)
signature value, hash-value of previous block, encrypted turnover counter (AES-ICM)
Encrypted
Turnover counter (sums up all values since cash-register activation)
Not on receipt: cash-register, signature device state (Fin Online)
DATA Plain Data Encrypted data
_R1-AT1
_01010-3168-0
_3712
_2017-07-12T20:02:35
_0,00_21,60_0,00_0,00_0,00
_eF+MFkSHZfo=
_7E352D8A
_5cOcXaHJAoM=
_AQ/l6f5/zp+24bjZ0dtg4wjey/zf05LzE577XNyGHk8Tw
Hq53lojhDM/+zaM+A5petlw7K6m8+ilDZiRcQ3dqg==

14. not in the sense of a crypto currency (there is no coin)
however AES-key for turnover counter could be seen as asset
AES key is known to BMF and the vendor
assets
_R1-AT1
_01010-3168-0
_3712
_2017-07-12T20:02:35
_0,00_21,60_0,00_0,00_0,00
_eF+MFkSHZfo=
_7E352D8A
_5cOcXaHJAoM=
_AQ/l6f5/zp+24bjZ0dtg4wjey/zf05LzE577XNyGHk8Tw
Hq53lojhDM/+zaM+A5petlw7K6m8+ilDZiRcQ3dqg==
none

15. write: valid receipts can only be written if a private key of a valid certificate is
available
read:
public: basic receipt data
private: turnover counter, cash register state: BMF/vendor
READ/WRITE/DELETE
read (public: receipt data, BMF: reg. state, turnover) write:private
_R1-AT1
_01010-3168-0
_3712
_2017-07-12T20:02:35
_0,00_21,60_0,00_0,00_0,00
_eF+MFkSHZfo=
_7E352D8A
_5cOcXaHJAoM=
_AQ/l6f5/zp+24bjZ0dtg4wjey/zf05LzE577XNyGHk8Tw
Hq53lojhDM/+zaM+A5petlw7K6m8+ilDZiRcQ3dqg==

16. Key management:
only secure signature creation device, key cannot be extracted
management: standard PKI methods (revocation, trusted CAs etc.), in addition
registering, de-registering via BMF services
fundamentals
_R1-AT1
_01010-3168-0
_3712
_2017-07-12T20:02:35
_0,00_21,60_0,00_0,00_0,00
_eF+MFkSHZfo=
_7E352D8A
_5cOcXaHJAoM=
_AQ/l6f5/zp+24bjZ0dtg4wjey/zf05LzE577XNyGHk8Tw
Hq53lojhDM/+zaM+A5petlw7K6m8+ilDZiRcQ3dqg==
Key Manag. Trust Manag. ID Manag. Compliance
Crypto Manag.

17. Trust management (certificates)
Trust lists (EIDAS)
Trusted CAs
Well established trust centres
fundamentals
_R1-AT1
_01010-3168-0
_3712
_2017-07-12T20:02:35
_0,00_21,60_0,00_0,00_0,00
_eF+MFkSHZfo=
_7E352D8A
_5cOcXaHJAoM=
_AQ/l6f5/zp+24bjZ0dtg4wjey/zf05LzE577XNyGHk8Tw
Hq53lojhDM/+zaM+A5petlw7K6m8+ilDZiRcQ3dqg==
Key Manag. Trust Manag. ID Manag. Compliance
Crypto Manag.

18. ID management
Identity of vendors (e.g. via UID)
Registration procedures by trust centers
fundamentals
_R1-AT1
_01010-3168-0
_3712
_2017-07-12T20:02:35
_0,00_21,60_0,00_0,00_0,00
_eF+MFkSHZfo=
_7E352D8A
_5cOcXaHJAoM=
_AQ/l6f5/zp+24bjZ0dtg4wjey/zf05LzE577XNyGHk8Tw
Hq53lojhDM/+zaM+A5petlw7K6m8+ilDZiRcQ3dqg==
Key Manag. Trust Manag. ID Manag. Compliance
Crypto Manag.

19. Compliance
RKSV, BAO, EIDAS etc.
fundamentals
_R1-AT1
_01010-3168-0
_3712
_2017-07-12T20:02:35
_0,00_21,60_0,00_0,00_0,00
_eF+MFkSHZfo=
_7E352D8A
_5cOcXaHJAoM=
_AQ/l6f5/zp+24bjZ0dtg4wjey/zf05LzE577XNyGHk8Tw
Hq53lojhDM/+zaM+A5petlw7K6m8+ilDZiRcQ3dqg==
Key Manag. Trust Manag. ID Manag. Compliance
Crypto Manag.

20. Crypto Management
Cipher suite (e.g. R1_AT1) which uniquely identifies allowed algorithms,
procedures
new cipher suites can easily be added
fundamentals
_R1-AT1
_01010-3168-0
_3712
_2017-07-12T20:02:35
_0,00_21,60_0,00_0,00_0,00
_eF+MFkSHZfo=
_7E352D8A
_5cOcXaHJAoM=
_AQ/l6f5/zp+24bjZ0dtg4wjey/zf05LzE577XNyGHk8Tw
Hq53lojhDM/+zaM+A5petlw7K6m8+ilDZiRcQ3dqg==
Key Manag. Trust Manag. ID Manag. Compliance
Crypto Manag.

21. Details: https://github.com/BMF-RKSV-Technik/at-registrierkassen-mustercode/releases/download/1.2-DOK/2016-09-05-
Detailfragen-RKSV-V1.2.pdf
Start a DEP for a cash-register
create start receipt (initial hash value: ID of cash-register), turnover counter = 0
register cash-register and signature device with BMF (either manually or via API)
submit start receipt via App or API
validity of start receipt (signature, format) etc. is validated, starting point for cash register is defined
RKSV processes

22. Bitcoin toolset is not going to work in most cases
Unique toolset required, linked to use case, application requirements
Ideally: basic techniques covered by platform (e.g. multichain, other)
blockchain toolset in applications

23. Issues, questions?
how to achieve the desired transparency without publishing vital information (even if a
private group)?
if assets are required: non-existing key/trust/id management is a major problem
public nature of data (compliance, privacy, user groups etc.)?
Handling of cryptographic
material (org, tech processes)
DSGVO (delete data)
blockchain toolset in applications

24. thoughts suitable problems
configuration, transformations
core issue: which data to store?
cryptographic key Management
operational/technical processes as
in any other component, especially
due to the use of cryptography
how to achieve the desired
transparency?
smart contracts
for non crypto-currency applications
public chain: in most cases not
suitablebackup etc.
compliance

25. blockchain Toolset
Proof-of-work Proof-of-stake x out of n central, PKI etc. …
Smart contracts
Plain Data Hashes Encrypted data
none
Hash chains
Private Key none
public private
Key Manag. Trust Manag. ID Manag. Compliance
…
…
…
…
…
Crypto Manag. DSGVO …Operation
Integrity
Consensus
Auto. Trans.
Data
Assets
Read/Write/Delete
Fundamentals …