Video Converter
Audio Converter
Image Converter
PDF Converter
File Compressor
blockchain and secure computation

Blockchain and secure computation Vassilis Zikas RPI Winter School - PowerPoint PPT Presentation

Jul 01, 2023 •287 likes •2.09k views

Blockchain and secure computation Vassilis Zikas RPI Winter School on Cryptocurrency and Blockchain Technologies Shanghai Jiao Tong University 2017 Bitcoin Bitcoin What is bitcoin and how does it work? Bitcoin What is bitcoin and how

  1. The Public Transaction Ledger [KZZ16] t G ledger ? Blockify(.) time? “State” (Submit, x) x Validate(.) Buffer State x 1 ,x 2, … x = Yes No π (x 1 ,…) “State” x (Permute, π ) GetState Can reorder the recently inserted transactions

  2. The Public Transaction Ledger [KZZ16] t G ledger ? Blockify(.) time? “State” x (Submit, x) x Validate(.) Buffer State x 1 ,x 2, … x = Yes No π (x 1 ,…) “State” x (Permute, π ) GetState Can reorder the recently inserted transactions

  3. The Public Transaction Ledger [KZZ16] t G ledger ? Blockify(.) time? “State” x (Submit, x) x Validate(.) Buffer State x Yes No “State” x (Permute, π ) GetState Can reorder the recently inserted transactions

  4. The Public Transaction Ledger [KZZ16] t G ledger ? Blockify(.) time? (B, t) “State” x (Submit, x) x Validate(.) Buffer State x Yes No “State” x (Permute, π ) GetState Can reorder the recently inserted transactions

  5. The Public Transaction Ledger [KZZ16] t G ledger ? Blockify(.) time? (B, t) “State” x (Submit, x) x Validate(.) Buffer State x Yes No “State” x (Permute, π ) GetState More adversarial interference to have an accurate abstraction Can reorder the recently [BadetscherMaurerTschudiZikas17] inserted transactions (Also a construction from the Bitcoin network/protocol)

  6. What Crypto can get from Bitcoin? Use what is on A public this ledger transaction ledger A bulletin board with a filter on what gets written there

  7. What Crypto can get from Bitcoin? Use what is on A public this ledger transaction ledger A bulletin board with a filter on what gets written there How can we use it?

  8. A simple e-voting protocol

  9. A simple e-voting protocol Tools 1/2: Threshold Encryption • n-servers S 1 ,…,S n • Each S i has secret key (share) sk i • There is one public key pk

  10. A simple e-voting protocol Tools 1/2: Threshold Encryption • n-servers S 1 ,…,S n • Each S i has secret key (share) sk i • There is one public key pk • Encryption: Everyone with pk can compute an encryption of message m, i.e., c=Enc pk (m) • Decryption: All n servers together can decrypt, i.e., Dec sk1,…skn (c)=m • Threshold: No n-1 servers can learn any information from the encryption

  11. A simple e-voting protocol Tool 2/2: Additive Homomorphic Encryption Given ciphertexts c 1 =Enc pk (m 1 ) and c 2 =Enc pk (m 2 ) we can compute encryption Enc pk (m 1 +m 2 )

  12. A simple e-voting protocol Tool 2/2: Additive Homomorphic Encryption Same encryption key Given ciphertexts c 1 =Enc pk (m 1 ) and c 2 =Enc pk (m 2 ) we can compute encryption Enc pk (m 1 +m 2 )

  13. A simple e-voting protocol … S 1 S n Setup • n electoral authorities S 1 ,…,S n with key shares sk 1 ,…,sk n and pk. Bulletin Board To vote • Each voter V i encrypts his vote i (0 or 1) and submits c i =Enc pk (vote i ) to the BB • The votes are homomorphically tallied Enc pk (vote 1 ) (i.e., c:=Enc pk (vote 1 + vote 2 + …) ) Enc pk (vote 1 ) • c is decrypted by the electoral authorities … V 1 V 2

  14. A simple e-voting protocol … S 1 S n Setup • n electoral authorities S 1 ,…,S n with key shares sk 1 ,…,sk n and pk. G ledger To vote • Each voter V i encrypts his vote i (0 or 1) Validate(.) State Buffer G ledger and submits c i =Enc pk (vote i ) to the BB • The votes are homomorphically tallied Enc pk (vote 1 ) (i.e., c:=Enc pk (vote 1 + vote 2 + …) ) Enc pk (vote 1 ) • c is decrypted by the electoral authorities … V 1 V 2

  15. A simple e-voting protocol … S 1 S n Setup • n electoral authorities S 1 ,…,S n with key shares sk 1 ,…,sk n and pk. G ledger To vote • Each voter V i encrypts his vote i (0 or 1) Validate(.) State Buffer G ledger and submits c i =Enc pk (vote i ) to the BB • The votes are homomorphically tallied Enc pk (vote 1 ) (i.e., c:=Enc pk (vote 1 + vote 2 + …) ) Enc pk (vote 1 ) • c is decrypted by the electoral authorities … V 1 V 2 Having a public transaction ledger ensures that • The Bulletin Board where the votes are kept is decentralized, i.e., no server needs to be trusted to maintain it • The parties can see when the votes are added (no reordering is allowed) • A vote that is added cannot be deleted

  16. What Crypto can get from Bitcoin? What is on this A public ledger? transaction ledger A bulletin board with a filter on what gets written there

  17. What Crypto can get from Bitcoin? What is on this A public ledger? transaction ledger A bulletin board with a filter on what gets written there

  18. What Crypto can get from Bitcoin? What is on this A public ledger? transaction ledger A bulletin board with a filter on what gets Random written there Stuff

  19. What Crypto can get from Bitcoin? What is on this A public ledger? transaction ledger A bulletin board with a filter on what gets Random written there Money Stuff

  20. What Crypto can get from Bitcoin? What is on this A public ledger? transaction ledger A bulletin board with a filter on what gets Random written there Money ?? Stuff

  21. What Crypto can get from Bitcoin? Use what is on A public this ledger transaction ledger A bulletin board with a filter on what gets Random written there Money ?? Stuff

  22. The Bitcoin ledger as a random beacon G ledger Validate(.) State Buffer (t 1 ,0110), (t 2 ,0001) …

  23. The Bitcoin ledger as a random beacon G ledger Validate(.) State Buffer (t 1 ,0110), (t 2 ,0001) … Why is this useful?

  24. The Bitcoin ledger as a random beacon G ledger Validate(.) State Buffer (t 1 ,0110), (t 2 ,0001) … Why is this useful? • Lotteries:

  25. The Bitcoin ledger as a random beacon G ledger Validate(.) State Buffer (t 1 ,0110), (t 2 ,0001) … Why is this useful? USE • Lotteries: CRYPTO

  26. The Bitcoin ledger as a random beacon G ledger Validate(.) State Buffer (t 1 ,0110), (t 2 ,0001) … Why is this useful? USE • Lotteries: CRYPTO • Before time t 2 : collect tokens x 0000 , x 0001 ,…

  27. The Bitcoin ledger as a random beacon G ledger Validate(.) State Buffer (t 1 ,0110), (t 2 ,0001) … Why is this useful? USE • Lotteries: CRYPTO • Before time t 2 : collect tokens x 0000 , x 0001 ,… • At time t 2: The token indexed by the beacon’s value wins

  28. The Bitcoin ledger as a random beacon G ledger Validate(.) State Buffer (t 1 ,0110), (t 2 ,0001) … Why is this useful? USE • Lotteries: CRYPTO • Before time t 2 : collect tokens x 0000 , x 0001 ,… • At time t 2: The token indexed by the beacon’s value wins

  29. The Bitcoin ledger as a random beacon G ledger Validate(.) State Buffer (t 1 ,0110), (t 2 ,0001) … Why is this useful? USE • Lotteries: CRYPTO • Before time t 2 : collect tokens x 0000 , x 0001 ,… • At time t 2: The token indexed by the beacon’s value wins • Zero-knowledge Proofs • Common Random String (aka the cryptographer’s paradise)

  30. The Bitcoin ledger as a random beacon G ledger Validate(.) State Buffer (t 1 ,0110), (t 2 ,0001) … Why is this useful? Is it possible? • Heuristically: Hash each block [AndrychowiczDziembowski15] • No: if we require the rate of the beacon to be the same as the Bitcoin network [BentovGabizonKiayiasZhouZikasZuckerman17] • Yes: if we allow a much slower beacon rate • Under number theoretic assumptions [LenstraWesolowski15] • Assuming (only) random oracles [ongoing …]

  31. What Crypto can get from Bitcoin? Use what is on A public this ledger transaction ledger A bulletin board with a filter on what gets Random written there Money ?? Stuff

  32. What Crypto can get from Bitcoin? Use what is on A public this ledger transaction ledger A bulletin board with a filter on what gets Random written there Money ?? Stuff People (good or bad) want money

  33. What Crypto can get from Bitcoin? Use what is on A public this ledger transaction ledger A bulletin board with a filter on what gets Random written there Money ?? Stuff People (good or bad) want money We can use bitcoins as compensation for relaxed security

  34. Leveraging Security Loss with Coins … in Secure Multi-Party Computation (MPC)

  35. Leveraging Security Loss with Coins … in Secure Multi-Party Computation (MPC)

  36. Multi-Party Computation (MPC) Goal: Parties P 1 ,…,P n with inputs x 1 ,…,x n wish to compute a function f(x 1 ,…,x n ) securely

  37. Multi-Party Computation (MPC) F f Ideal World x 1 x 2 x n f(x ̅ )=y f(x ̅ ) f(x ̅ ) … P 1 P 2 P n

  38. Multi-Party Computation (MPC) F f Ideal World x 1 x 2 x n f(x ̅ )=y f(x ̅ ) f(x ̅ ) … P 1 P 2 P n Real World … P 1 P 2 P n

  39. Multi-Party Computation (MPC) F f Ideal World x 1 x 2 x n f(x ̅ )=y f(x ̅ ) f(x ̅ ) … P 1 P 2 P n ≈ Real World π 1 (x 1 ) π 2 (x 2 ) π n (x n ) … P 1 P 2 P n

  40. Multi-Party Computation (MPC) F f Ideal World x 1 x 2 x n f(x ̅ )=y f(x ̅ ) f(x ̅ ) … P 1 P 2 P n ≈ Real World π 1 (x 1 ) π 2 (x 2 ) π n (x n ) … P 1 P 2 P n

  41. Multi-Party Computation (MPC) F f Ideal World x 1 x 2 x n f(x ̅ )=y f(x ̅ ) f(x ̅ ) … P 1 P 2 P n Protocol π is secure if for every adversary : ≈ • (privacy) Whatever the adversary learns he could compute by himself • (correctness) Honest (uncorrupted) parties learn their correct outputs Real World π 1 (x 1 ) π 2 (x 2 ) π n (x n ) … P 1 P 2 P n

  42. Multi-Party Computation (MPC) Private blockchains are a special case F f Ideal World x 1 x 2 x n f(x ̅ )=y f(x ̅ ) f(x ̅ ) … P 1 P 2 P n Protocol π is secure if for every adversary : ≈ • (privacy) Whatever the adversary learns he could compute by himself • (correctness) Honest (uncorrupted) parties learn their correct outputs Real World π 1 (x 1 ) π 2 (x 2 ) π n (x n ) … P 1 P 2 P n

  43. Fair MPC In fair MPC: If the adversary learns any information beyond (what is derived by) its inputs then every honest party should learn the output

  44. Fair MPC In fair MPC: If the adversary learns any information beyond (what is derived by) its inputs then every honest party should learn the output F f y ⊥ ⊥ P 1 P 2 P n

  45. Fair MPC In fair MPC: If the adversary learns any information beyond (what is derived by) its inputs then every honest party should learn the output F f ✘ (Unfair) y ⊥ ⊥ P 1 P 2 P n

  46. Fair MPC In fair MPC: If the adversary learns any information beyond (what is derived by) its inputs then every honest party should learn the output F f ✘ (Unfair) y ⊥ ⊥ P 1 P 2 P n Fair MPC is impossible against corrupted majorities

  47. Fair MPC In fair MPC: If the adversary learns any information beyond (what is derived by) its inputs then every honest party should learn the output F f ✘ (Unfair) y ⊥ ⊥ P 1 P 2 P n Fair MPC is impossible against corrupted majorities Security against Security with = corrupted majorities abort

Recommend

Solidus Blockchain Ethan Cecchetti March 26, 2017 Blockchains Blockchain Blockchain

Solidus Blockchain Ethan Cecchetti March 26, 2017 Blockchains Blockchain Blockchain

Solidus Blockchain Ethan Cecchetti March 26, 2017 Blockchains Blockchain Blockchain blockchain blockchain blockchain Blockchain blockchain blockchain Blockchain Blockchain (blockchain) Blockchain blockchain, blockchain

475 views • 12 slides
Blockchain & Banking Ahmed A. Mansour MBA, PMP, ITIL, TOGAF, FL23, Blockchain Expert Who

Blockchain & Banking Ahmed A. Mansour MBA, PMP, ITIL, TOGAF, FL23, Blockchain Expert Who

Blockchain & Banking Ahmed A. Mansour MBA, PMP, ITIL, TOGAF, FL23, Blockchain Expert Who thinks blockchain is the future of banking? Who can explain what blockchain is? Blockchain in Banking 2 Blockchain Key Elements Smart Ledger

521 views • 20 slides
CHALLENGES 02/04/2020 OUTLINE : Introduction Blockchain in Cyber security Blockchain and CIA

CHALLENGES 02/04/2020 OUTLINE : Introduction Blockchain in Cyber security Blockchain and CIA

BLOCKCHAIN IN CYBERSECURITY: USAGE AND Abdullah Hamdan CHALLENGES 02/04/2020 OUTLINE : Introduction Blockchain in Cyber security Blockchain and CIA Blockchain Security applications Blockchain Security challenges Conclusion 2 INTRODUCTION

414 views • 12 slides
Bitcoin, Blockchain and the Internet of Value Veronika Ktt Frankfurt School Blockchain Center

Bitcoin, Blockchain and the Internet of Value Veronika Ktt Frankfurt School Blockchain Center

Bitcoin, Blockchain and the Internet of Value Veronika Ktt Frankfurt School Blockchain Center E-Mail: veronika.kuett@fs-blockchain.de Internet: www.fs-blockchain.de About FSBC Our Portfolio Research 1 Foster understanding of blockchain

689 views • 24 slides
Blockchain and Crypto By David and Lukas Blockchain and Crypto By David and Lukas Topics

Blockchain and Crypto By David and Lukas Blockchain and Crypto By David and Lukas Topics

Blockchain and Crypto By David and Lukas Blockchain and Crypto By David and Lukas Topics Overview What is Bitcoin? What is a Blockchain? Blockchain and Bitcoin In-Depth Transactions New Blocks Forks Nakamotos Forerunners Smart

708 views • 48 slides
Blockchain and Accounting By: Jamie Freiman Rutgers University Overview What is Blockchain?

Blockchain and Accounting By: Jamie Freiman Rutgers University Overview What is Blockchain?

Blockchain and Accounting By: Jamie Freiman Rutgers University Overview What is Blockchain? How does it work? Types of Blockchain systems. Impacts of the Blockchain on business and accounting. Integration with Smart

880 views • 22 slides
bluzelle What is Blockchain? Blockchain is a combination of multiple technologies 4 3 2

bluzelle What is Blockchain? Blockchain is a combination of multiple technologies 4 3 2

MAKE BLOCKCHAIN WORK FOR YOU bluzelle What is Blockchain? Blockchain is a combination of multiple technologies 4 3 2 Consensus 1 Encryption P2P Networks Time Stamp Challenges addressed by blockchain Regulatory and compliance pressures

675 views • 14 slides
The Blockchain Josh Vorick Bitcoin is a currency. Blockchain is a technology. What is a

The Blockchain Josh Vorick Bitcoin is a currency. Blockchain is a technology. What is a

The Blockchain Josh Vorick Bitcoin is a currency. Blockchain is a technology. What is a blockchain? A decentralized database that anyone can add to and no one can delete from The Bitcoin blockchain Why You Should Care Bitcoin

1.02k views • 76 slides
Blockchain in Insurance CHRIS VAN KOOTEN | FCAS, FCIA January 11 th , 2018 GUY CARPENTER

Blockchain in Insurance CHRIS VAN KOOTEN | FCAS, FCIA January 11 th , 2018 GUY CARPENTER

Blockchain in Insurance CHRIS VAN KOOTEN | FCAS, FCIA January 11 th , 2018 GUY CARPENTER Blockchain in the News GUY CARPENTER What is Blockchain? GUY CARPENTER What is Blockchain? Blockchain is a technology that allows individuals to directly

396 views • 26 slides
BLOCKCHAIN Technology & Applications #apiconf2018 BLOCKCHAIN Technology & Applications

BLOCKCHAIN Technology & Applications #apiconf2018 BLOCKCHAIN Technology & Applications

edoardo conte BLOCKCHAIN Technology & Applications #apiconf2018 BLOCKCHAIN Technology & Applications edoardo conte BLOCKCHAIN Technology & Applications #apiconf2018 BLOCKCHAIN Technology & Applications edoardo conte The

921 views • 44 slides
How Secure are Secure How Secure are Secure Interdomain Routing Protocols? Interdomain Routing

How Secure are Secure How Secure are Secure Interdomain Routing Protocols? Interdomain Routing

DIMACS Workshop On Secure Routing March 10, 2010 How Secure are Secure How Secure are Secure Interdomain Routing Protocols? Interdomain Routing Protocols? $ $ Sharon Goldberg Microsoft Research & Boston University y Michael Schapira

705 views • 54 slides
TECHNOLOGY (DLT) AND BLOCKCHAIN Blockchain and its applications INTRODUCTION Ishmeet Singh,

TECHNOLOGY (DLT) AND BLOCKCHAIN Blockchain and its applications INTRODUCTION Ishmeet Singh,

DISTRIBUTED LEDGER TECHNOLOGY (DLT) AND BLOCKCHAIN Blockchain and its applications INTRODUCTION Ishmeet Singh, Blockchain Consultant I have built technology products for Fortune 500 companies like MasterCard, MetLife and Adobe. I have also

928 views • 28 slides
THE FUTURE OF BLOCKCHAIN IS NOT BLOCKCHAIN LUKE ANGELL Events and Partnerships Manager

THE FUTURE OF BLOCKCHAIN IS NOT BLOCKCHAIN LUKE ANGELL Events and Partnerships Manager

THE FUTURE OF BLOCKCHAIN IS NOT BLOCKCHAIN LUKE ANGELL Events and Partnerships Manager BLOCKCHAIN FUTURE FESTIVAL 2019 WHAT SEEMS TO BE THE PROBLEM? Two entities: transactions and blocks Miners are gatekeepers Miners are not accountable

546 views • 11 slides
Blockchain and GDPR Blockchain Hands On, March 5 th 2019, Fusion, Geneva Jrn Erbguth,

Blockchain and GDPR Blockchain Hands On, March 5 th 2019, Fusion, Geneva Jrn Erbguth,

Blockchain and GDPR Blockchain Hands On, March 5 th 2019, Fusion, Geneva Jrn Erbguth, Dipl.-Inf., Dipl.-Jur. Consultant Legal Tech, Blockchain, Smart Contracts and Data Protection PhD candidate, University of Geneva joern@erbguth.ch +41

641 views • 42 slides
Round-Optimal Secure Multiparty Computation with Honest Majority Prabhanjan Ananth Arka Rai

Round-Optimal Secure Multiparty Computation with Honest Majority Prabhanjan Ananth Arka Rai

Round-Optimal Secure Multiparty Computation with Honest Majority Prabhanjan Ananth Arka Rai Choudhuri Aarushi Goel Abhishek Jain CRYPTO 2018 Secure Multiparty Computation ! # ! $ ! " ! % Secure Multiparty Computation Securely compute

1.19k views • 102 slides
Asynchronous Multi-Party Computation Vassilis Zikas RPI MPC School IIT Mumbai Secure

Asynchronous Multi-Party Computation Vassilis Zikas RPI MPC School IIT Mumbai Secure

Asynchronous Multi-Party Computation Vassilis Zikas RPI MPC School IIT Mumbai Secure Multi-Party Computation (MPC) Security D 1 D 2 D 4 D 3 Secure Multi-Party Computation (MPC) Security D 1 D 2 1 2 4 3 D 4 D 3 Secure

1.37k views • 124 slides
Cryptographic Hashing in P4 Data Planes Dominik Scholz , Andreas Oeldemann, Fabien Geyer, Sebastian

Cryptographic Hashing in P4 Data Planes Dominik Scholz , Andreas Oeldemann, Fabien Geyer, Sebastian

Chair of Network Architectures and Services Department of Informatics Technical University of Munich Cryptographic Hashing in P4 Data Planes Dominik Scholz , Andreas Oeldemann, Fabien Geyer, Sebastian Gallenmller, Henning Stubbe, Thomas Wild,

183 views • 15 slides
Breaking Deployed Crypto The Side Channel Analyst s Way Daniel Moghimi (@danielmgmi)

Breaking Deployed Crypto The Side Channel Analyst s Way Daniel Moghimi (@danielmgmi)

Breaking Deployed Crypto The Side Channel Analyst s Way Daniel Moghimi (@danielmgmi) 04/30/2020 Hardwear.io About Me Daniel Moghimi @danielmgmi Security Researcher PhD Student @ WPI Microarchitectural Security Side

930 views • 69 slides
and Beyond Vadim Lyubashevsky IBM Research Zurich Why Lattice Cryptography One of the

and Beyond Vadim Lyubashevsky IBM Research Zurich Why Lattice Cryptography One of the

Standardizing Lattice Cryptography and Beyond Vadim Lyubashevsky IBM Research Zurich Why Lattice Cryptography One of the oldest and most (the most?) efficient quantum-resilient alternatives for basic primitives Public key

847 views • 62 slides
The LED Block Cipher Jian Guo, Thomas Peyrin, Axel Poschmann and Matt Robshaw I2R, NTU and Orange

The LED Block Cipher Jian Guo, Thomas Peyrin, Axel Poschmann and Matt Robshaw I2R, NTU and Orange

Introduction The LED Round Function Minimalism for Key Schedule Security Analysis Implementations and Results The LED Block Cipher Jian Guo, Thomas Peyrin, Axel Poschmann and Matt Robshaw I2R, NTU and Orange Labs CHES 2011 Nara, Japan

690 views • 33 slides
Sage & Algebraic Techniques for the Lazy Symmetric Cryptographer Martin R. Albrecht

Sage & Algebraic Techniques for the Lazy Symmetric Cryptographer Martin R. Albrecht

Sage & Algebraic Techniques for the Lazy Symmetric Cryptographer Martin R. Albrecht @martinralbrecht Crypto Group, DTU Compute, Denmark IceBreak, Reykjavik, Iceland # icebreak Outline Sage Introduction Highlevel Features Fields &

1.04k views • 93 slides
High-Assurance and High-Speed Cryptographic Implementations Using the Jasmin Language J.B.

High-Assurance and High-Speed Cryptographic Implementations Using the Jasmin Language J.B.

High-Assurance and High-Speed Cryptographic Implementations Using the Jasmin Language J.B. Almeida, M. Barbosa, G. Barthe, B. Grgoire, A. Koutsos , V. La- porte, T. Oliveira, P-Y. Strub Octobre 9th, 2019 1 Context 2 Context Cryptographic

988 views • 57 slides
Cryptography on the Blockchain Vassilis Zikas RPI IACR Summer School on Blockchain Techs

Cryptography on the Blockchain Vassilis Zikas RPI IACR Summer School on Blockchain Techs

Cryptography on the Blockchain Vassilis Zikas RPI IACR Summer School on Blockchain Techs Aggelos Kiayias, Hong-Shen Zhou, and Vassilis Zikas, Fair and Robust Multi-Party Computation using a Global Transaction Ledger, EUROCRYPT 2016. Bitcoin

1.8k views • 176 slides
Database data security through the lens of cryptographic engineering Eugene Pilyankevich, Chief

Database data security through the lens of cryptographic engineering Eugene Pilyankevich, Chief

Database data security through the lens of cryptographic engineering Eugene Pilyankevich, Chief Technical officer, Cossack Labs Data breaches, annually 1093 783 781 614 447 419 2011 2012 2013 2014 2015 2016 Airplane crashes,

718 views • 58 slides

More recommend

Explore More Topics

Stay informed with curated content and fresh updates.

animals pets art culture automotive transportation business finance computer internet construction architecture education-career electronics communication

Logo Sambuz

Unleash a World of Digital Possibilities—Browse, Share, and Explore Content Without Boundaries

Useful Links

About Us Privacy Services FAQ's Contact

Newsletter

Stay Informed & Inspired—Subscribe for the Latest Updates, Tips, and Exclusive Content Directly to Your Inbox.

Mail Us

mail@sambuz.com

2026 SAMBUZ, All right reserved.