Secure, Confidential Blockchains Providing High Throughput and Low Latency

One of the core promises of blockchain technology is that of enabling trustworthy data dissemination in a trustless environment. What current blockchain systems deliver, however, is slow dissemination of public data, rendering blockchain technology unusable in settings where latency, transaction capacity, or data confidentiality are important. In this thesis we focus on providing solutions on two of the most pressing problems blockchain technology currently faces: scalability and data confidentiality. To address the scalability issue, we present OMNILEDGER, a novel scale-out distributed ledger that preserves long-term security under permissionless operation. It ensures security and correctness by using a bias-resistant public-randomness protocol for choosing large, statistically representative shards that process transactions, and by introducing an efficient cross-shard commit protocol that atomically handles transactions affecting multiple shards. To enable secure sharing of confidential data we present CALYPSO, the first fully decentralized, auditable access-control framework for secure blockchain-based data sharing which builds upon two abstractions. First, on-chain secrets enable collective management of (verifiably shared) secrets under a Byzantine adversary where an access-control blockchain enforces user-specific access rules and a secret-management cothority administers encrypted data. Second, skipchain-based identity and access management enables efficient administration of dynamic, sovereign identities and access policies and, in particular, permits clients to maintain long-term relationships with respect to evolving user identities thanks to the trust-delegating forward links of skipchains. In order to build OMNILEDGER and CALYPSO, we first build a set of tools for efficient decentralization, which are presented in Part II of this dissertation. These tools can be used in decentralized and distributed systems to achieve (1) scalable consensus (BYZCOIN), (2) bias- resistant distributed randomness creations (RANDHOUND), and (3) relationship-keeping between independently updating communication endpoints (SKIPCHAINIAC). Although we use this tools in the scope off this thesis, they can be (and already have been) used in a far wider scope.

Time in cryptography

Gwangbae Choi

Time travel has always been a fascinating topic in literature and physics. In cryptography, one may wonder how to keep data confidential for some time. In this dissertation, we will study how to make private information travel to the future. This dissertation consists of three parts: Timed-release encryption, witness encryption and self-encryption. With timed-release encryption, one can send to a counterpart a message which cannot be read before some time has elapsed. One possible solution is to use a third party. At every time period, the third party releases a time bound key, and a ciphertext which is encrypted for a time period requires the time bound key of that time period for decryption. Then, a problem occurs when the counterpart somehow loses the release time of ciphertext. We propose a solution by introducing a master time bound key which can be considered as a valid time bound key of all time periods. We propose a provably secure construction and show the experimental results. In 2018, Liu, Jager, Kakvi and Warinschi introduced a timed-release encryption scheme based on a blockchain with proof-of-work and witness encryption. Current proposals of witness encryption are based on multilinear maps. In this part, we propose a new construction without. We propose the notion of hidden group with hashing and make a witness encryption from it. We show that the construction is secure in a generic model. We propose a concrete construction based on RSA-related problems. Namely, we use an extension of the knowledge-of-exponent assumption and the order problem. We finally estimate the cost of the bitcoin blockchain implementation. Although our estimates are still high (for a release time of one hour / one year, we respectively use ciphertexts of 567 MB / 4.5 TB and a decryption time of 27 min / 5.2 months on a single core), there is room for improvement by a factor 20 000 by adapting the blockchain structure and by adopting a hash function which is better adapted to this type of programming than SHA256. In self-encryption, a device encrypts some piece of information for itself to decrypt in the future. We are interested in security of self-encryption when the state occasionally leaks. Applications where self-encryption operates are cloud storage, when a client encrypts files to be stored, and in 0-RTT session resumptions, when a server encrypts a resumption key to be stored by the client. Previous works focused on forward secrecy and resistance to replay attacks. In our work, we study post-compromise security. Post-compromise security was already solved in ratcheted instant messaging schemes, at the price of having an inflating state size. However, it was not known whether state inflation was necessary. We prove here that this is the case. In our results, we prove that post-compromise security implies a super-linear state size in terms of the number of ciphertexts which can still be decrypted by the state. We apply our result to self-encryption for cloud storage and 0-RTT session resumption, and also to secure messaging. We further show how to construct a secure scheme matching our bound on the state size.

EPFL2020

OmniLedger: A Secure, Scale-Out, Decentralized Ledger via Sharding

Bryan Alexander Ford, Nicolas Gailly, Linus Gasser, Philipp Svetolik Jovanovic, Eleftherios Kokoris Kogias

Designing a secure permissionless distributed ledger (blockchain) that performs on par with centralized payment processors, such as Visa, is a challenging task. Most existing distributed ledgers are unable to scale-out, i.e., to grow their total processing capacity with the number of validators; and those that do, compromise security or decentralization. We present OmniLedger, a novel scale-out distributed ledger that preserves longterm security under permissionless operation. It ensures security and correctness by using a bias-resistant public-randomness protocol for choosing large, statistically representative shards that process transactions, and by introducing an efficient crossshard commit protocol that atomically handles transactions affecting multiple shards. OmniLedger also optimizes performance via parallel intra-shard transaction processing, ledger pruning via collectively-signed state blocks, and low-latency “trust-butverify” validation for low-value transactions. An evaluation of our experimental prototype shows that OmniLedger’s throughput scales linearly in the number of active validators, supporting Visa-level workloads and beyond, while confirming typical transactions in under two seconds.

2018

Time in cryptography

Gwangbae Choi

EPFL2020