Privacy Preserving Paradigms of Blockchain Technology

Blockchain Privacy Persevering Techniques
Ring Signatures, Zero Knowledge Proofs, Circular Queues, Block Matrices and Much More !

Most powerful privacy preserving
technique is Cryptographically
Secure Obfuscation

Perfect blackbox obfuscation
is mathematically impossible

There is a weaker standard
known as indictngushability
obfuscation that we can satisfy.

When an obfuscation program uses a cryptographic
private key , if insistingushability is satisfied from each
other, then we know that the two obfuscated programs
cannot be distingushed from each other.
Even if someone is in possession of the obfuscated
program definitely has no way of extracting the private
key, otherwise that would be a way of distinguishing the
program.

What happens when we obfuscate a
smart contract
Obfuscated smart contract will contain private key and
will accept instructions encrypted with the
curresponding public key
The contract stores account balances in storage
encrypted and if the contract wants to read the storage
it decrypts it internally and if the contract wants to
storage it encrypts the desired result before writing it
If someone wants to read the balance of their account,
they encode that request as a transaction and simulate
it on their own machine
The obfuscated smart contract code will check the
signature on the transaction to see if that user is
entitled to read the balance

Constraints and
Challenges in
Obfuscation
Techniques
Executing 2 bit multiplication circuit on the same CPU would
take 1.3 X 10^8 years. Additionally, if you want to prevent reads
and writes to storage from being a data leak vector, you must
also set up the contract so that read and write operations
always modify large portions of a contract's entire state -
another source of overhead.

Alternatives :
Secure Multi Party Computation
Secure multi party computation allows for a
program and its state to be split among N
parties in such a way that you need M of them
to cooperate in order to either complete the
computation or reveal any internal data in the
program or the state.
Thus, if you can trust the majority of the
participants to be honest, the scheme is as
good as obfuscation.
Enigma protocol uses multi-party computation
to implement a secret sharing DAO concept.

Constraints and
Challenges on SMPC
Addition operations can be processed very quickly but
every time an SMPC instance performs some very small
ﬁxed number of multiplication operations it needs to
perform a degree reduction step involving messages
being sent from every node to every node in the network

Constraints and
Challenges on SMPC
• The requirement of trust on the participants is also an onerous
one. Participants have the ability to save the data and then
collude to uncover at any future point in history.
• Additionally it is impossible to tell that they have done this and so
it is impossible to inventivise the participants to maintain the
system’s privacy.
• For this reason, secure multi party computation is arguably much
more suitable for private blockchians, where incentives can come
from outside the protocol, than public chains.

Agenda
Ring Signature
Zero Knowledge Proofs
Trusted Execution Environment
Circular Queue
Block Matrix

Zero Knowledge
Proof Systems
•The notion of zero-knowledge was first proposed in 1985
by MIT researchers Shafi Goldwasser, Silvio Micali and
Charles Rackoff in their paper “The knowledge
complexity of interactive proof systems”:
•A zero-knowledge protocol is a method by which one
party (the prover) can prove to another party (the verifier)
that something is true, without revealing any information
apart from the fact that this specific statement is true.

Zero Knowledge
Proof Systems
• Zero-knowledge proofs allow a user to construct a
mathematical proof that a given program, when executed
on some (possibly hidden) input known by the user, has a
particular (publicly known) output, without revealing any
other information.
• You can think of a digital signature as a kind of zero-
knowledge proof showing that you know the value of a
private key which, when processed using a standard
algorithm, can be converted into a particular public key.

Requirements for
Zero Knowledge Proofs
• Completeness: If the input is true, the zero-
knowledge proof always returns ‘true’
• Soundness: If the input is false, it is not
possible to trick the zero-knowledge proof to
return ‘true’
• Privacy: The input can not be obtained by any
other party

Succinct
Zero Knowledge
Proofs ( Zk-SNARKS)
• The term was introduced in 2012 by Nir Bitansky, Ran
Canetti, Alessandro Chiesa & Eran Tromer and describes a
special variation of the zero-knowledge technique.
• Zero Knowledge, Succint, Non-Interactive, Arguments of
Knowledge
• Most importantly, zk-SNARKs reduce the size of the proofs
and the computational effort required to verify them.

Zero Knowledge Proof for
Digital Identity Systems
You would then make a zero-knowledge
proof showing that you have an input that,
when passed through this function, returns 1,
and sign the proof with another private key
that you want to use for future interactions
with this service.
The service would verify the proof and if the
proof is correct, it would accept messages
signed with your private key as valid.

Digital Token Ownership
In order to have a functioning digital token system, you do not
strictly need to have visible accounts and balances; in fact, all
that you need is a way to solve the "double spending" problem
The claim that you would zero-knowledge-prove is something
like "I know a secret number behind one of the accounts in
this set of accounts that have been created, and it does not
match any of the secret numbers that have already been
revealed”.
Accounts in this scheme become one-time-use: an "account"
is created every time assets are sent, and the sender account
is completely consumed.
If you do not want to completely consume a given account,
then you must simply create two accounts, one controlled by
the recipient and the other with the remaining "change"
controlled by the sender themselves.

Two Party Smart Contracts
• When the contract is ﬁrst negotiated, instead of creating a
smart contract containing the actual formula by which the
funds will eventually be released, create a contract
containing the hash of the formula.
• (eg. in a binary option, the formula would be "if index I as
released by some data source is greater than X, send
everything to A, otherwise send everything to B”)
• When the contract is to be closed, either party can
themselves compute the amount that A and B should receive,
and provide the result alongside a zero-knowledge-proof
that a formula with the correct hash provides that result.
• The blockchain ﬁnds out how much A and B each put in, and
how much they get out, but not why they put in or get out
that amount.

Advantages of Zero
Knowledge Proofs
• Zero knowledge transfer as the name suggest
• Computational efﬁciency- No Encryption
• Based on problem like discrete logarithms and
integer factorization
• No degradation of the protocol

Bitcoin
Approach to
Privacy Preservation
Just like with Zcash, every transaction must completely
empty one or more accounts, and create one or more
new accounts, and it is recommended for users to
generate a new private key for every new account that
they intend to receive funds into (though it is possible to
have multiple accounts with the same private key).
The main beneﬁt that this brings is that a user's funds
are not linked to each other by default.

However, there is a problem. If, at any point in the future, you make a transaction consuming
from two accounts at the same time, then you irrevertibly "link" those accounts, making it
obvious to the world that they come from one user. And, what's more, these linkages are
transitive: if, at any point, you link together A and B, and then at any other point link together A
and C, and so forth, then you've created a large amount of evidence by which statistical
analysis can link up your entire set of assets.

Bitcoin developer Mike Hearn came up with a mitigation strategy that reduces the likelihood
of this happening called merge avoidance: essentially, a fancy term for trying really really hard
to minimize the number of times that you link accounts together by spending from them at the
same time. This deﬁnitely helps, but even still, privacy inside of the Bitcoin system has proven
to be highly porous and heuristic, with nothing even close to approaching high guarantees.

Two Party Smart Contracts with
Cryptoeconomics beyond Cryptography
Auditable Computation and Veriﬁable Data Structures
The participants send their funds into a contract
which stores the hash of the code. When it comes
time to send out funds, either party can submit the
result.
The other party can either send a transaction to
agree on the result, allowing the funds to be sent, or
it can publish the actual code to the contract, at
which point the code will run and distribute the funds
correctly.
A security deposit can be used to incentivize the
parties to participate honestly.

Ring Signatures
A ring signature is essentially a signature that proves that the signer has a private key
corresponding to one of a specific set of public keys, without revealing which one.
A ring signature algorithm includes a mathematical function which can be computed normally
with just a public key, but where knowing the private key allows you to add a seed to the input
to make the output be whatever specific value you want.
The signature itself consists of a list of values, where each value is set to the function applied
to the previous value (plus some seed); producing a valid signature requires using knowledge
of a private key to "close the loop", forcing the last value that you compute to equal the first.
Given a valid "ring" produced in this way, anyone can verify that it is indeed a "ring", so each
value is equal to the function computed on the previous value plus the given seed, but there is
no way to tell at which "link" in the ring a private key was used.

Ring Signature : Definite Properties
• Ring signatures are a type of cryptographic
digital signature and were actually invented
back in 2001 by Ron Rivest, Adi Shamir, and
Yael Tauman and subsequently introduced at
Asiacrypt.
• The concept is similar to that of group
signatures, however, there is no way to
identify the actual signer of a ring signature
transaction and an arbitrary group of users
can be included in the ring signature without
any additional setup.

The original concept was for ring signatures to function as a way to leak secret
information, speciﬁcally, from high ranking government ofﬁcials, without actually
revealing who signed the message.

Eiichiro Fujisaki and Koutarou Suzuki proposed Traceable Ring Signatures in 2006 as an
improvement to some of the vulnerabilities around ring signatures concerning manipulation
by malicious or irresponsible signers. An optimized version of this type of ring signature is
what is currently employed in the CryptoNote coins and is used to provide untraceability of
the sender in a P2P transaction by obscuring the source of the inputs in the transaction.

Ring Signatures : Essential Concepts
• Ring signatures may require multiple
different public keys for veriﬁcation and the
word “ring” is used because it consists of a
group of partial digital signatures from
various users that come together to form a
unique signature that is used to sign a
transaction.
• This group is known as the ring and can be
arbitrarily selected from outputs from other
users on the blockchain.

Addressing Double
Spending Possibility
in Ring Signatures
using Key Images
• A key image is a cryptographic key that is derived from an output
being spent and is part of every ring signature transaction.
• There is only one, unique key image for each output on the
blockchain and a list of all used key images is maintained on the
blockchain.
• Due to the cryptographic properties of key images, it is not
possible to make a correlation between an output on the
blockchain and its key image.

Ring Confidential Transactions
• In the initial ring signature format,
outputs had to be broken up into
separate rings since ring signatures
could only contain outputs of the same
value.
• Due to this, third parties were able to see
the actual amounts being transacted.
Implementing Ring CTs makes the
transactions stored in the blockchain
opaque rather than transparent as in a
cryptocurrency such as Bitcoin.

Range Proofs in
Ring Confidential
Transactions
• Ring CTs also use a commitment scheme that is
enabled through a range proof.
• These rang proofs prove that an amount used in a
transaction is greater than 0 and less than some other
number without actually revealing the amounts
transacted. So, outside observers cannot actually see
the transaction but can be assured through
cryptographic veriﬁcation that the transaction is valid.

A Data Structure
for Integrity
Protection with
Erasure Capability
The European General Data Protection Regulation (GDPR) requires that
organizations make it possible to delete all information related to a particular
individual, at that person's request. This requirement may be incompatible
with current blockchain data structures, including private (permissioned)
blockchains, because blockchains are designed to ensure that block contents
are immutable. Any change in a block will invalidate subsequent hashes in
following blocks, losing integrity protection. This note describes a data
structure that provides the capability of deleting speciﬁed blocks while
retaining hash-based assurance that other blocks are unchanged. It is
primarily designed to be implemented in a permissioned infrastructure,
providing certain features of existing permissioned blockchains.

Blockmatrix is a data structure that supports
the ongoing audition of hash linked records
while also allowing the deletion of arbitrary
records, preserving hash based integrity.

Blocks are numbered 1to k and added to
the data structure staring with cell 0,1. It is
desirable to keep cells on the dingonal null.

Properties of Block Matrix
Balance
Cells are ﬁlled in a Balanced Manner so that the upper half
contains at most one additional cell more than the lower half
Hashchain length
The number of blocks in a row or column hash chain is
proportional to square root of the N for a matrix of N blocks, by
the balance property
Block Dispersal
No consecutive blocks appear in the same row or column. .
Because no two consecutive blocks appear in the same row or
column,
Because no consecutive blocks appear in the same row or
column, it is possible to delete two consecutive blocks
simultaneously without disturbing integrity protection for others.

A Data Structure
Encryption Algorithm
based on Circular
Queue to Enhance
Data Security
An algorithm that uses the shifting and replacing operations
of bi-column-bi-row for circular queue to increase security.
A random number is used in this algorithm to control the
shifting between the row and the column, eventually this
lead to increase the complexity of plaintext encryption
An elliptical curve algorithm can be developed based on
matrix scrambling using circular queue

This algorithm enabled the shifting elements
in the outer or inner array, swapping
elements among circular arrays and XORing
based on generating random number.

Future of Privacy : Challenges
There are two major challenges with privacy
preserving protocols in blockchains.
One of the challenges is statistical: in order for any
privacy-preserving scheme to be computationally
practical, the scheme must only alter a small part
of the blockchain state with every transaction.
However, even if the contents of the alteration are
privacy, there will inevitably be some amount of
metadata that is not.
The second challenge is the developer experience
challenge.

Privacy Preserving Paradigms of Blockchain Technology

Privacy Preserving Paradigms of Blockchain Technology

More Related Content

What's hot

Similar to Privacy Preserving Paradigms of Blockchain Technology

More from Gokul Alex

Recently uploaded

Privacy Preserving Paradigms of Blockchain Technology