SlideShare a Scribd company logo

Blockchain_ver0.5_MIT_security_and Privacy_am_final_upload

Anish Mohammed
Anish Mohammed

Blockchain and Security – Solving the challenge of Privacy, Identity and Trust discusses key security challenges with blockchain such as identity, privacy, trust, and cryptography. It explores solutions like permissioned blockchains, homomorphic encryption, and zero knowledge proofs to address these issues. The document also examines cases like Silk Road and MtGox that demonstrate security failures with blockchain.

1 of 35
Download to read offline
Blockchain and Security – Solving the challenge of Privacy, Identity and Trust Anish Mohammed MIT DCI – 25th August 2016
Blockchain – what makes it unique ● Pseudonmity- The ability that users are not easily identified ● Censorship resistance – gives the ability to bypass authorities ● Decentralised – distributed hence hard to track down
Blockchain – key security challenges ● Identity- General approach has been to support pseudonyms ● Privacy – Blockchain as a paradigm expects all data to be available ● Trust – Question of trust in a decentralised system
Blockchain – key security challenges (contd) ● Cryptography – choice of algorithms and parameters not necessarily considered traditional. Also the question of QC resistance brought up by some vendors ● Infrastructure – Generally considering the whole Blockchain ecosystem, esp Bitcoin
Blockchain and Post Quantum Cryptography ● Shor’s algorithm ● Grover’s algorithm ● Current crop of QC resistant algorithms
Privacy ● Permissioned Blockchain – having Blockchain which has permission ● Homomorphic encryption – Allowing operations with out revealing content
Smart Contracts and Privacy ● “The basic idea behind smart contracts is that many kinds of contractual clauses (such as collateral, bonding, delineation of property rights, etc.) can be embedded in the hardware and software we deal with, in such a way as to make breach of contract expensive (if desired, sometimes prohibitively so) for the breacher.” ● “Smart contracts combine protocols, user interfaces, and promises expressed via those interfaces, to formalize and secure relationships over public networks. This gives us new ways to formalize the digital relationships which are far more functional than their inanimate paper-based ancestors” ● “Smart contracts reduce mental and computational transaction costs.” – “Formalizing and Securing Relationships on Public Networks,” Nick Szabo
Contracts Systems evolution
Permissioned Blockchain ● Permissioned Blockchain – Bitcoin Blockchain is non-permissioned, nodes could have permission to read or write
Homomorphic Encryption ● Homomorphic Encryption – the challenge of processing without knowing what is being asked Function f x search query Google search Search results x f(x)
Homomorphic Encryption ● Homomorphic Encryption – Oct 2008 Craig Gentry came up with solution Function f x Enc(x) Enc(f(x)) search query Search results Google search
Homomorphic – under multiplication ● Some encryption algorithms already have multiplicative homomorphic properties, e.g. RSA 𝐸 𝑚1 = 𝑚1 𝑒 𝐸 𝑚2 = 𝑚2 𝑒 which implies 𝐸 𝑚1 × 𝐸 𝑚2 = 𝑚1 𝑒 × 𝑚2 𝑒 = (𝑚1 × 𝑚2) 𝑒 = 𝐸(𝑚1 × 𝑚2)
Homomorphic – under addition ● Other Encryptions were additively homomorphic 𝐸 𝑚1 + 𝐸 𝑚2 = 𝐸(𝑚1 + 𝑚2) Additive Homomorphism
Enigma – the possible answer from MIT
MtGox – yet another case
Provisions – privacy preserving way to prove solvency
Trust ● Trust model – Bitcoin Blockchain has a distributed model of trust. So everyone trusts everybody else. ● Intermediaries in the ecosystem – real life implementation of Bitcoin ecosystem requires one to trust various intermediaries with varying results.
Bitcoin/Blockchain – malware ● Malware which mines (steals CPU/GPU cycles) ● Malware which steals Bitcoin from wallets ● Ransomware – accepts Bitcoins to release keys
Bitcoin/Blockchain – malware
Identity ● Identity- General approach has been to support pseudonyms ● Identity verification – strength of verification of identity is as good as onboarding
Identity – some interesting examples
Blockchain and graph analysis
Silkroad – A case of failure
Smart Contracts – security challenges (moritorium)
Smart Contracts – security challenges (the hack)
Other tools - Trusted Computing
Trust
Trustworthy systems
Trusted Platform Module
Direct Anonymous Attestation
Zero Knowledge Proofs
Zero Knowledge protocols - properties ● Completeness -If prover is telling the truth, then they will eventually convince the verifier. ● Soundness -Prover can only convince verifier if they're actually telling the truth. ● Zero-knowledgeness -Verifier doesnt learn anything else about prover's solution According to Goldwasser, Micali and Rackoff
Blockchain and expert opinions
Dilbert’s take on Security
Anish Mohammed @anishmohammed

Recommended

Blockchain security research (in 2 minutes)
Blockchain security research (in 2 minutes)Blockchain security research (in 2 minutes)
Blockchain security research (in 2 minutes)
Sergei Tikhomirov
 
Cryptography
CryptographyCryptography
Cryptography
Askme.com
 
Software for encrypting and decrypting text file powerpointpresentation
Software for encrypting and decrypting text file powerpointpresentationSoftware for encrypting and decrypting text file powerpointpresentation
Software for encrypting and decrypting text file powerpointpresentation
Ruchika Sinha
 
HMAC a signature alternative
HMAC a signature alternativeHMAC a signature alternative
HMAC a signature alternative
Hubert Gregoire
 
Blockchain technology
Blockchain technologyBlockchain technology
Blockchain technology
Navin Kumar
 
Cryptography in networks
Cryptography in networksCryptography in networks
Cryptography in networks
Kajal Chaudhari
 
Anish Mohammed - Bitcoin vs Blockchain
Anish Mohammed - Bitcoin vs BlockchainAnish Mohammed - Bitcoin vs Blockchain
Anish Mohammed - Bitcoin vs Blockchain
Joe Baguley
 
Consensu, Security, and the Blockchain Gateway Interface - Ethan Buchman, Ten...
Consensu, Security, and the Blockchain Gateway Interface - Ethan Buchman, Ten...Consensu, Security, and the Blockchain Gateway Interface - Ethan Buchman, Ten...
Consensu, Security, and the Blockchain Gateway Interface - Ethan Buchman, Ten...
WithTheBest
 

Recommended

Blockchain security research (in 2 minutes)
Blockchain security research (in 2 minutes)Blockchain security research (in 2 minutes)
Blockchain security research (in 2 minutes)
Sergei Tikhomirov
 
Cryptography
CryptographyCryptography
Cryptography
Askme.com
 
Software for encrypting and decrypting text file powerpointpresentation
Software for encrypting and decrypting text file powerpointpresentationSoftware for encrypting and decrypting text file powerpointpresentation
Software for encrypting and decrypting text file powerpointpresentation
Ruchika Sinha
 
HMAC a signature alternative
HMAC a signature alternativeHMAC a signature alternative
HMAC a signature alternative
Hubert Gregoire
 
Blockchain technology
Blockchain technologyBlockchain technology
Blockchain technology
Navin Kumar
 
Cryptography in networks
Cryptography in networksCryptography in networks
Cryptography in networks
Kajal Chaudhari
 
Anish Mohammed - Bitcoin vs Blockchain
Anish Mohammed - Bitcoin vs BlockchainAnish Mohammed - Bitcoin vs Blockchain
Anish Mohammed - Bitcoin vs Blockchain
Joe Baguley
 
Consensu, Security, and the Blockchain Gateway Interface - Ethan Buchman, Ten...
Consensu, Security, and the Blockchain Gateway Interface - Ethan Buchman, Ten...Consensu, Security, and the Blockchain Gateway Interface - Ethan Buchman, Ten...
Consensu, Security, and the Blockchain Gateway Interface - Ethan Buchman, Ten...
WithTheBest
 
Redefining Security with the Blockchain by William Mougayar
Redefining Security with the Blockchain by William Mougayar Redefining Security with the Blockchain by William Mougayar
Redefining Security with the Blockchain by William Mougayar
The Business Blockchain
 
Information security in private blockchains
Information security in private blockchainsInformation security in private blockchains
Information security in private blockchains
Coin Sciences Ltd
 
Build Secure IOT Solutions using Blockchain
Build Secure IOT Solutions using BlockchainBuild Secure IOT Solutions using Blockchain
Build Secure IOT Solutions using Blockchain
geetachauhan
 
Introduction to DAOs - Ethereum Meetup Warsaw 28.04
Introduction to DAOs - Ethereum Meetup Warsaw 28.04Introduction to DAOs - Ethereum Meetup Warsaw 28.04
Introduction to DAOs - Ethereum Meetup Warsaw 28.04
Maciej Ołpiński
 
InterCon 2016 - Blockchain e smart-contracts em Ethereu
InterCon 2016 - Blockchain e smart-contracts em EthereuInterCon 2016 - Blockchain e smart-contracts em Ethereu
InterCon 2016 - Blockchain e smart-contracts em Ethereu
iMasters
 
Blockchain and the investment industry stack
Blockchain and the investment industry stackBlockchain and the investment industry stack
Blockchain and the investment industry stack
David Taylor
 
Reassessing Regulation and the IoT - Gilad Rosner
Reassessing Regulation and the IoT - Gilad RosnerReassessing Regulation and the IoT - Gilad Rosner
Reassessing Regulation and the IoT - Gilad Rosner
FSR Communications and Media
 
FINTECH Circle Blockchain Masterclass with Prof Mainelli @ BNY Mellon
FINTECH Circle Blockchain Masterclass with Prof Mainelli @ BNY MellonFINTECH Circle Blockchain Masterclass with Prof Mainelli @ BNY Mellon
FINTECH Circle Blockchain Masterclass with Prof Mainelli @ BNY Mellon
FINTECH Circle
 
Risk Leadership on the Boardroom Agenda
Risk Leadership on the Boardroom AgendaRisk Leadership on the Boardroom Agenda
Risk Leadership on the Boardroom Agenda
FERMA
 
DWS16 - Smart city forum - Niels De Schutter, Atos
DWS16 - Smart city forum - Niels De Schutter, AtosDWS16 - Smart city forum - Niels De Schutter, Atos
DWS16 - Smart city forum - Niels De Schutter, Atos
IDATE DigiWorld
 
Web application security: how to start?
Web application security: how to start?Web application security: how to start?
Web application security: how to start?
Antonio Fontes
 
Trust No One: The New Security Model for Web APIs - SecTor talk by Greg Kliew...
Trust No One: The New Security Model for Web APIs - SecTor talk by Greg Kliew...Trust No One: The New Security Model for Web APIs - SecTor talk by Greg Kliew...
Trust No One: The New Security Model for Web APIs - SecTor talk by Greg Kliew...
CA API Management
 
IoT And Inevitable Decentralization of The Internet
IoT And Inevitable Decentralization of The InternetIoT And Inevitable Decentralization of The Internet
IoT And Inevitable Decentralization of The Internet
Paul Brody
 
Patterns and Antipatterns in Enterprise Security
Patterns and Antipatterns in Enterprise SecurityPatterns and Antipatterns in Enterprise Security
Patterns and Antipatterns in Enterprise Security
WSO2
 
The End of the Fortress: The new Approach to Cybersecurity
The End of the Fortress: The new Approach to CybersecurityThe End of the Fortress: The new Approach to Cybersecurity
The End of the Fortress: The new Approach to Cybersecurity
Marc Nader
 
SABSA: Key features, advantages & benefits summary
SABSA: Key features, advantages & benefits summarySABSA: Key features, advantages & benefits summary
SABSA: Key features, advantages & benefits summary
SABSAcourses
 
Understand How Machine Learning Defends Against Zero-Day Threats
Understand How Machine Learning Defends Against Zero-Day ThreatsUnderstand How Machine Learning Defends Against Zero-Day Threats
Understand How Machine Learning Defends Against Zero-Day Threats
Rahul Mohandas
 
The Zero Trust Model of Information Security
The Zero Trust Model of Information Security The Zero Trust Model of Information Security
The Zero Trust Model of Information Security
Tripwire
 
Modelling Security Architecture
Modelling Security ArchitectureModelling Security Architecture
Modelling Security Architecture
narenvivek
 
Beyond Bitcoin - Enabling Smart Government Using the Bitcoin Blockchain
Beyond Bitcoin - Enabling Smart Government Using the Bitcoin BlockchainBeyond Bitcoin - Enabling Smart Government Using the Bitcoin Blockchain
Beyond Bitcoin - Enabling Smart Government Using the Bitcoin Blockchain
Vestforsk.no
 
Introduction multiparty computation
Introduction multiparty computationIntroduction multiparty computation
Introduction multiparty computation
The Cryptography Centre For Excellence
 
Blockchain_FintechEvo_ver1.8_am
Blockchain_FintechEvo_ver1.8_amBlockchain_FintechEvo_ver1.8_am
Blockchain_FintechEvo_ver1.8_am
Anish Mohammed
 

More Related Content

Viewers also liked

Redefining Security with the Blockchain by William Mougayar
Redefining Security with the Blockchain by William Mougayar Redefining Security with the Blockchain by William Mougayar
Redefining Security with the Blockchain by William Mougayar
The Business Blockchain
 
Information security in private blockchains
Information security in private blockchainsInformation security in private blockchains
Information security in private blockchains
Coin Sciences Ltd
 
Build Secure IOT Solutions using Blockchain
Build Secure IOT Solutions using BlockchainBuild Secure IOT Solutions using Blockchain
Build Secure IOT Solutions using Blockchain
geetachauhan
 
Introduction to DAOs - Ethereum Meetup Warsaw 28.04
Introduction to DAOs - Ethereum Meetup Warsaw 28.04Introduction to DAOs - Ethereum Meetup Warsaw 28.04
Introduction to DAOs - Ethereum Meetup Warsaw 28.04
Maciej Ołpiński
 
InterCon 2016 - Blockchain e smart-contracts em Ethereu
InterCon 2016 - Blockchain e smart-contracts em EthereuInterCon 2016 - Blockchain e smart-contracts em Ethereu
InterCon 2016 - Blockchain e smart-contracts em Ethereu
iMasters
 
Blockchain and the investment industry stack
Blockchain and the investment industry stackBlockchain and the investment industry stack
Blockchain and the investment industry stack
David Taylor
 
Reassessing Regulation and the IoT - Gilad Rosner
Reassessing Regulation and the IoT - Gilad RosnerReassessing Regulation and the IoT - Gilad Rosner
Reassessing Regulation and the IoT - Gilad Rosner
FSR Communications and Media
 
FINTECH Circle Blockchain Masterclass with Prof Mainelli @ BNY Mellon
FINTECH Circle Blockchain Masterclass with Prof Mainelli @ BNY MellonFINTECH Circle Blockchain Masterclass with Prof Mainelli @ BNY Mellon
FINTECH Circle Blockchain Masterclass with Prof Mainelli @ BNY Mellon
FINTECH Circle
 
Risk Leadership on the Boardroom Agenda
Risk Leadership on the Boardroom AgendaRisk Leadership on the Boardroom Agenda
Risk Leadership on the Boardroom Agenda
FERMA
 
DWS16 - Smart city forum - Niels De Schutter, Atos
DWS16 - Smart city forum - Niels De Schutter, AtosDWS16 - Smart city forum - Niels De Schutter, Atos
DWS16 - Smart city forum - Niels De Schutter, Atos
IDATE DigiWorld
 
Web application security: how to start?
Web application security: how to start?Web application security: how to start?
Web application security: how to start?
Antonio Fontes
 
Trust No One: The New Security Model for Web APIs - SecTor talk by Greg Kliew...
Trust No One: The New Security Model for Web APIs - SecTor talk by Greg Kliew...Trust No One: The New Security Model for Web APIs - SecTor talk by Greg Kliew...
Trust No One: The New Security Model for Web APIs - SecTor talk by Greg Kliew...
CA API Management
 
IoT And Inevitable Decentralization of The Internet
IoT And Inevitable Decentralization of The InternetIoT And Inevitable Decentralization of The Internet
IoT And Inevitable Decentralization of The Internet
Paul Brody
 
Patterns and Antipatterns in Enterprise Security
Patterns and Antipatterns in Enterprise SecurityPatterns and Antipatterns in Enterprise Security
Patterns and Antipatterns in Enterprise Security
WSO2
 
The End of the Fortress: The new Approach to Cybersecurity
The End of the Fortress: The new Approach to CybersecurityThe End of the Fortress: The new Approach to Cybersecurity
The End of the Fortress: The new Approach to Cybersecurity
Marc Nader
 
SABSA: Key features, advantages & benefits summary
SABSA: Key features, advantages & benefits summarySABSA: Key features, advantages & benefits summary
SABSA: Key features, advantages & benefits summary
SABSAcourses
 
Understand How Machine Learning Defends Against Zero-Day Threats
Understand How Machine Learning Defends Against Zero-Day ThreatsUnderstand How Machine Learning Defends Against Zero-Day Threats
Understand How Machine Learning Defends Against Zero-Day Threats
Rahul Mohandas
 
The Zero Trust Model of Information Security
The Zero Trust Model of Information Security The Zero Trust Model of Information Security
The Zero Trust Model of Information Security
Tripwire
 
Modelling Security Architecture
Modelling Security ArchitectureModelling Security Architecture
Modelling Security Architecture
narenvivek
 
Beyond Bitcoin - Enabling Smart Government Using the Bitcoin Blockchain
Beyond Bitcoin - Enabling Smart Government Using the Bitcoin BlockchainBeyond Bitcoin - Enabling Smart Government Using the Bitcoin Blockchain
Beyond Bitcoin - Enabling Smart Government Using the Bitcoin Blockchain
Vestforsk.no
 

Viewers also liked (20)

Redefining Security with the Blockchain by William Mougayar
Redefining Security with the Blockchain by William Mougayar Redefining Security with the Blockchain by William Mougayar
Redefining Security with the Blockchain by William Mougayar
 
Information security in private blockchains
Information security in private blockchainsInformation security in private blockchains
Information security in private blockchains
 
Build Secure IOT Solutions using Blockchain
Build Secure IOT Solutions using BlockchainBuild Secure IOT Solutions using Blockchain
Build Secure IOT Solutions using Blockchain
 
Introduction to DAOs - Ethereum Meetup Warsaw 28.04
Introduction to DAOs - Ethereum Meetup Warsaw 28.04Introduction to DAOs - Ethereum Meetup Warsaw 28.04
Introduction to DAOs - Ethereum Meetup Warsaw 28.04
 
InterCon 2016 - Blockchain e smart-contracts em Ethereu
InterCon 2016 - Blockchain e smart-contracts em EthereuInterCon 2016 - Blockchain e smart-contracts em Ethereu
InterCon 2016 - Blockchain e smart-contracts em Ethereu
 
Blockchain and the investment industry stack
Blockchain and the investment industry stackBlockchain and the investment industry stack
Blockchain and the investment industry stack
 
Reassessing Regulation and the IoT - Gilad Rosner
Reassessing Regulation and the IoT - Gilad RosnerReassessing Regulation and the IoT - Gilad Rosner
Reassessing Regulation and the IoT - Gilad Rosner
 
FINTECH Circle Blockchain Masterclass with Prof Mainelli @ BNY Mellon
FINTECH Circle Blockchain Masterclass with Prof Mainelli @ BNY MellonFINTECH Circle Blockchain Masterclass with Prof Mainelli @ BNY Mellon
FINTECH Circle Blockchain Masterclass with Prof Mainelli @ BNY Mellon
 
Risk Leadership on the Boardroom Agenda
Risk Leadership on the Boardroom AgendaRisk Leadership on the Boardroom Agenda
Risk Leadership on the Boardroom Agenda
 
DWS16 - Smart city forum - Niels De Schutter, Atos
DWS16 - Smart city forum - Niels De Schutter, AtosDWS16 - Smart city forum - Niels De Schutter, Atos
DWS16 - Smart city forum - Niels De Schutter, Atos
 
Web application security: how to start?
Web application security: how to start?Web application security: how to start?
Web application security: how to start?
 
Trust No One: The New Security Model for Web APIs - SecTor talk by Greg Kliew...
Trust No One: The New Security Model for Web APIs - SecTor talk by Greg Kliew...Trust No One: The New Security Model for Web APIs - SecTor talk by Greg Kliew...
Trust No One: The New Security Model for Web APIs - SecTor talk by Greg Kliew...
 
IoT And Inevitable Decentralization of The Internet
IoT And Inevitable Decentralization of The InternetIoT And Inevitable Decentralization of The Internet
IoT And Inevitable Decentralization of The Internet
 
Patterns and Antipatterns in Enterprise Security
Patterns and Antipatterns in Enterprise SecurityPatterns and Antipatterns in Enterprise Security
Patterns and Antipatterns in Enterprise Security
 
The End of the Fortress: The new Approach to Cybersecurity
The End of the Fortress: The new Approach to CybersecurityThe End of the Fortress: The new Approach to Cybersecurity
The End of the Fortress: The new Approach to Cybersecurity
 
SABSA: Key features, advantages & benefits summary
SABSA: Key features, advantages & benefits summarySABSA: Key features, advantages & benefits summary
SABSA: Key features, advantages & benefits summary
 
Understand How Machine Learning Defends Against Zero-Day Threats
Understand How Machine Learning Defends Against Zero-Day ThreatsUnderstand How Machine Learning Defends Against Zero-Day Threats
Understand How Machine Learning Defends Against Zero-Day Threats
 
The Zero Trust Model of Information Security
The Zero Trust Model of Information Security The Zero Trust Model of Information Security
The Zero Trust Model of Information Security
 
Modelling Security Architecture
Modelling Security ArchitectureModelling Security Architecture
Modelling Security Architecture
 
Beyond Bitcoin - Enabling Smart Government Using the Bitcoin Blockchain
Beyond Bitcoin - Enabling Smart Government Using the Bitcoin BlockchainBeyond Bitcoin - Enabling Smart Government Using the Bitcoin Blockchain
Beyond Bitcoin - Enabling Smart Government Using the Bitcoin Blockchain
 

Similar to Blockchain_ver0.5_MIT_security_and Privacy_am_final_upload

Introduction multiparty computation
Introduction multiparty computationIntroduction multiparty computation
Introduction multiparty computation
The Cryptography Centre For Excellence
 
Blockchain_FintechEvo_ver1.8_am
Blockchain_FintechEvo_ver1.8_amBlockchain_FintechEvo_ver1.8_am
Blockchain_FintechEvo_ver1.8_am
Anish Mohammed
 
Paranoid's View of Token Engineering
Paranoid's View of Token Engineering Paranoid's View of Token Engineering
Paranoid's View of Token Engineering
Token Engineering
 
Blockchain and Cryptocurrency for Dummies
Blockchain and Cryptocurrency for DummiesBlockchain and Cryptocurrency for Dummies
Blockchain and Cryptocurrency for Dummies
Narudom Roongsiriwong, CISSP
 
Ccc brochure
Ccc brochureCcc brochure
Ccc brochure
Ehab El Barbary
 
The future of data security and blockchain
The future of data security and blockchainThe future of data security and blockchain
The future of data security and blockchain
Ulf Mattsson
 
Windows Domains Part 2
Windows Domains Part 2Windows Domains Part 2
Windows Domains Part 2
UTD Computer Security Group
 
Seun - Breaking into Protocol Engineering (1).pptx
Seun - Breaking into Protocol Engineering (1).pptxSeun - Breaking into Protocol Engineering (1).pptx
Seun - Breaking into Protocol Engineering (1).pptx
SeunLanLege1
 
BCT.pptx
BCT.pptxBCT.pptx
BCT.pptx
ssuser3a47cb
 
Why cloud native envs deserve better security - Dima Stopel, Twistlock - Clou...
Why cloud native envs deserve better security - Dima Stopel, Twistlock - Clou...Why cloud native envs deserve better security - Dima Stopel, Twistlock - Clou...
Why cloud native envs deserve better security - Dima Stopel, Twistlock - Clou...
Cloud Native Day Tel Aviv
 
Fullsize Smart Contracts That Learn
Fullsize Smart Contracts That Learn Fullsize Smart Contracts That Learn
Fullsize Smart Contracts That Learn
Mike Slinn
 
Trusted Types - Securing the DOM from the bottom up (JSNation Amsterdam)
Trusted Types - Securing the DOM from the bottom up (JSNation Amsterdam)Trusted Types - Securing the DOM from the bottom up (JSNation Amsterdam)
Trusted Types - Securing the DOM from the bottom up (JSNation Amsterdam)
Krzysztof Kotowicz
 
Icsa2018 blockchain tutorial
Icsa2018 blockchain tutorialIcsa2018 blockchain tutorial
Icsa2018 blockchain tutorial
Len Bass
 
Blockchain for business
Blockchain for businessBlockchain for business
Blockchain for business
Pavel Kravchenko, PhD
 
Blockchain Technology and its Business Application
Blockchain Technology and its Business ApplicationBlockchain Technology and its Business Application
Blockchain Technology and its Business Application
Pritom Chaki
 
Towards a Post-Modern Hash Chain Future
Towards a Post-Modern Hash Chain FutureTowards a Post-Modern Hash Chain Future
Towards a Post-Modern Hash Chain Future
Casey Kuhlman
 
Analysis of-security-algorithms-in-cloud-computing [autosaved]
Analysis of-security-algorithms-in-cloud-computing [autosaved]Analysis of-security-algorithms-in-cloud-computing [autosaved]
Analysis of-security-algorithms-in-cloud-computing [autosaved]
Md. Fazla Rabbi
 
L017136269
L017136269L017136269
L017136269
IOSR Journals
 
Comparison of Various Encryption Algorithms and Techniques for improving secu...
Comparison of Various Encryption Algorithms and Techniques for improving secu...Comparison of Various Encryption Algorithms and Techniques for improving secu...
Comparison of Various Encryption Algorithms and Techniques for improving secu...
IOSR Journals
 
Smart Contracts That Learn
Smart Contracts That LearnSmart Contracts That Learn
Smart Contracts That Learn
Mike Slinn
 

Similar to Blockchain_ver0.5_MIT_security_and Privacy_am_final_upload (20)

Introduction multiparty computation
Introduction multiparty computationIntroduction multiparty computation
Introduction multiparty computation
 
Blockchain_FintechEvo_ver1.8_am
Blockchain_FintechEvo_ver1.8_amBlockchain_FintechEvo_ver1.8_am
Blockchain_FintechEvo_ver1.8_am
 
Paranoid's View of Token Engineering
Paranoid's View of Token Engineering Paranoid's View of Token Engineering
Paranoid's View of Token Engineering
 
Blockchain and Cryptocurrency for Dummies
Blockchain and Cryptocurrency for DummiesBlockchain and Cryptocurrency for Dummies
Blockchain and Cryptocurrency for Dummies
 
Ccc brochure
Ccc brochureCcc brochure
Ccc brochure
 
The future of data security and blockchain
The future of data security and blockchainThe future of data security and blockchain
The future of data security and blockchain
 
Windows Domains Part 2
Windows Domains Part 2Windows Domains Part 2
Windows Domains Part 2
 
Seun - Breaking into Protocol Engineering (1).pptx
Seun - Breaking into Protocol Engineering (1).pptxSeun - Breaking into Protocol Engineering (1).pptx
Seun - Breaking into Protocol Engineering (1).pptx
 
BCT.pptx
BCT.pptxBCT.pptx
BCT.pptx
 
Why cloud native envs deserve better security - Dima Stopel, Twistlock - Clou...
Why cloud native envs deserve better security - Dima Stopel, Twistlock - Clou...Why cloud native envs deserve better security - Dima Stopel, Twistlock - Clou...
Why cloud native envs deserve better security - Dima Stopel, Twistlock - Clou...
 
Fullsize Smart Contracts That Learn
Fullsize Smart Contracts That Learn Fullsize Smart Contracts That Learn
Fullsize Smart Contracts That Learn
 
Trusted Types - Securing the DOM from the bottom up (JSNation Amsterdam)
Trusted Types - Securing the DOM from the bottom up (JSNation Amsterdam)Trusted Types - Securing the DOM from the bottom up (JSNation Amsterdam)
Trusted Types - Securing the DOM from the bottom up (JSNation Amsterdam)
 
Icsa2018 blockchain tutorial
Icsa2018 blockchain tutorialIcsa2018 blockchain tutorial
Icsa2018 blockchain tutorial
 
Blockchain for business
Blockchain for businessBlockchain for business
Blockchain for business
 
Blockchain Technology and its Business Application
Blockchain Technology and its Business ApplicationBlockchain Technology and its Business Application
Blockchain Technology and its Business Application
 
Towards a Post-Modern Hash Chain Future
Towards a Post-Modern Hash Chain FutureTowards a Post-Modern Hash Chain Future
Towards a Post-Modern Hash Chain Future
 
Analysis of-security-algorithms-in-cloud-computing [autosaved]
Analysis of-security-algorithms-in-cloud-computing [autosaved]Analysis of-security-algorithms-in-cloud-computing [autosaved]
Analysis of-security-algorithms-in-cloud-computing [autosaved]
 
L017136269
L017136269L017136269
L017136269
 
Comparison of Various Encryption Algorithms and Techniques for improving secu...
Comparison of Various Encryption Algorithms and Techniques for improving secu...Comparison of Various Encryption Algorithms and Techniques for improving secu...
Comparison of Various Encryption Algorithms and Techniques for improving secu...
 
Smart Contracts That Learn
Smart Contracts That LearnSmart Contracts That Learn
Smart Contracts That Learn
 

Blockchain_ver0.5_MIT_security_and Privacy_am_final_upload

  • 1. Blockchain and Security – Solving the challenge of Privacy, Identity and Trust Anish Mohammed MIT DCI – 25th August 2016
  • 2. Blockchain – what makes it unique ● Pseudonmity- The ability that users are not easily identified ● Censorship resistance – gives the ability to bypass authorities ● Decentralised – distributed hence hard to track down
  • 3. Blockchain – key security challenges ● Identity- General approach has been to support pseudonyms ● Privacy – Blockchain as a paradigm expects all data to be available ● Trust – Question of trust in a decentralised system
  • 4. Blockchain – key security challenges (contd) ● Cryptography – choice of algorithms and parameters not necessarily considered traditional. Also the question of QC resistance brought up by some vendors ● Infrastructure – Generally considering the whole Blockchain ecosystem, esp Bitcoin
  • 5. Blockchain and Post Quantum Cryptography ● Shor’s algorithm ● Grover’s algorithm ● Current crop of QC resistant algorithms
  • 6. Privacy ● Permissioned Blockchain – having Blockchain which has permission ● Homomorphic encryption – Allowing operations with out revealing content
  • 7. Smart Contracts and Privacy ● “The basic idea behind smart contracts is that many kinds of contractual clauses (such as collateral, bonding, delineation of property rights, etc.) can be embedded in the hardware and software we deal with, in such a way as to make breach of contract expensive (if desired, sometimes prohibitively so) for the breacher.” ● “Smart contracts combine protocols, user interfaces, and promises expressed via those interfaces, to formalize and secure relationships over public networks. This gives us new ways to formalize the digital relationships which are far more functional than their inanimate paper-based ancestors” ● “Smart contracts reduce mental and computational transaction costs.” – “Formalizing and Securing Relationships on Public Networks,” Nick Szabo
  • 9. Permissioned Blockchain ● Permissioned Blockchain – Bitcoin Blockchain is non-permissioned, nodes could have permission to read or write
  • 10. Homomorphic Encryption ● Homomorphic Encryption – the challenge of processing without knowing what is being asked Function f x search query Google search Search results x f(x)
  • 11. Homomorphic Encryption ● Homomorphic Encryption – Oct 2008 Craig Gentry came up with solution Function f x Enc(x) Enc(f(x)) search query Search results Google search
  • 12. Homomorphic – under multiplication ● Some encryption algorithms already have multiplicative homomorphic properties, e.g. RSA 𝐸 𝑚1 = 𝑚1 𝑒 𝐸 𝑚2 = 𝑚2 𝑒 which implies 𝐸 𝑚1 × 𝐸 𝑚2 = 𝑚1 𝑒 × 𝑚2 𝑒 = (𝑚1 × 𝑚2) 𝑒 = 𝐸(𝑚1 × 𝑚2)
  • 13. Homomorphic – under addition ● Other Encryptions were additively homomorphic 𝐸 𝑚1 + 𝐸 𝑚2 = 𝐸(𝑚1 + 𝑚2) Additive Homomorphism
  • 14. Enigma – the possible answer from MIT
  • 15. MtGox – yet another case
  • 16. Provisions – privacy preserving way to prove solvency
  • 17. Trust ● Trust model – Bitcoin Blockchain has a distributed model of trust. So everyone trusts everybody else. ● Intermediaries in the ecosystem – real life implementation of Bitcoin ecosystem requires one to trust various intermediaries with varying results.
  • 18. Bitcoin/Blockchain – malware ● Malware which mines (steals CPU/GPU cycles) ● Malware which steals Bitcoin from wallets ● Ransomware – accepts Bitcoins to release keys
  • 20. Identity ● Identity- General approach has been to support pseudonyms ● Identity verification – strength of verification of identity is as good as onboarding
  • 21. Identity – some interesting examples
  • 23. Silkroad – A case of failure
  • 24. Smart Contracts – security challenges (moritorium)
  • 25. Smart Contracts – security challenges (the hack)
  • 26. Other tools - Trusted Computing
  • 27. Trust
  • 32. Zero Knowledge protocols - properties ● Completeness -If prover is telling the truth, then they will eventually convince the verifier. ● Soundness -Prover can only convince verifier if they're actually telling the truth. ● Zero-knowledgeness -Verifier doesnt learn anything else about prover's solution According to Goldwasser, Micali and Rackoff