In the previous two parts, we delved into Blockchain technology, its characteristics, and functionalities. In this final section, we will explore methods for enhancing privacy and security. Nonetheless, despite its benefits, Blockchain transactions are not anonymous as the public can verify addresses, enabling them to trace a user’s pseudonymous transactions.
When a user’s actual identity is connected to a transaction address, it exposes all of their transactions to potential risk. To counteract this, developers have devised merge or flipper services, which randomize a user’s coins by merging them with coins from other users. This method helps to safeguard user anonymity by preventing the tracing of their transactions.
Although shuffling obscures the ownership of coins for external observers, mixing services do not offer any safeguard against coin theft.
There are two mixing services: Mixcoin and CoinJoin
Mixcoin was the first technique to defend against passive cyberattacks by enabling anonymous payment of cryptocurrencies. It extended the anonymity set by allowing all users to mix their coins simultaneously. Mixcoin provides anonymity similar to traditional mix communication to combat active cyberattacks.
To detect theft, Mixcoin uses an accountability mechanism that aligns incentives, showing that users use Mixcoin rationally without stealing cryptocurrency.
On the other hand, CoinJoin is the second mixing service for anonymous cryptocurrency transactions. It relies on the idea of joint payment, where a user finds another user who also wants to make a payment and makes a joint payment in a transaction.
Using the joint payment method significantly reduces the chances of linking inputs and outputs in a transaction, making it challenging to track the exact flow of money for a specific user. To utilize CoinJoin, users must exchange the transactions they intend to merge into a joint payment.
Nevertheless, the initial generation of mixing services that provided this functionality relied on centralized servers, which created a privacy risk due to the presence of a single point of failure.
These services retain records of transactions and document all joint payment participants, demanding users to trust the service operator not to engage in theft or permit others to steal their cryptocurrencies.
Developers have created digital signature technology variants that can provide anonymity to the signer, known as anonymous signatures. Two examples are group signature and ring signature.
Group signing enables a group member to sign a message anonymously using their personal secret key. The group’s public key verifies and authenticates the group signature, revealing only the signer’s group membership.
In the Blockchain system, an authorized entity is required to create and manage groups for group signing. Ring signatures prevent disclosing the signer’s identity during a dispute, and any user can form a ‘ring’ without additional configuration. The term “ring signature” comes from the signature algorithm that uses a ring-shaped structure.
Homomorphic Encryption (HE)
Homomorphic cryptography employs a powerful cipher that facilitates direct computations on ciphertext. When decrypting computed outcomes, the operations executed on encrypted data produce identical plain text results. Partially and fully homomorphic systems can store data on the blockchain with minimal adjustments, ensuring privacy concerns associated with public blockchains are mitigated.
This technique offers privacy protection and enables effortless access to encrypted information for managing employee expenses, auditing, and other purposes.
Attribute-Based Encryption (ABE)
Attribute-Based Encryption is a cryptographic method that defines and governs ciphertext with a user’s secret key attributes. Decryption is only possible if the attributes match the ciphertext attributes. ABE is important for collusion resistance to prevent cyber attackers from accessing other data. However, ABE is underutilized due to a lack of understanding of its basics and efficient implementation. Currently, no real-time operations have implemented ABE on a blockchain.
Secure Multi-Party Computing (MPC)
Secure Multi-Party Computing is a multi-party protocol that jointly performs computations on private data inputs without violating input privacy. A cyber attacker learns nothing about the input from an authentic party but from the exit. The success of using MPC in distributed voting, private bidding, and private information retrieval has made it a popular solution to many real-world problems. The first large-scale deployment of MPC was in 2008 for an absolute auction issue in Denmark. Blockchain systems have utilized MPC in recent years to safeguard users’ privacy.
Non-Interactive Zero-Knowledge Proof (NIZK)
Non-Interactive Zero-Knowledge Proof is a cryptographic technology that offers powerful privacy-preserving properties. The core concept involves creating a formal test to confirm if a program, executed with input known only to the user, can generate publicly accessible results without divulging additional information.
In other words, a certifier can prove to a verifier that an assertion is correct without providing useful information. Blockchain applications store all account balances on the chain in an encrypted format. Using zero-knowledge proofs, a user can easily prove to another user that they have sufficient balance for a money transfer without revealing their account balance.
Trusted Execution Environment (TEE) Based smart contracts:
This technique provides a completely isolated environment for the application, which prevents other software applications and operating systems from tampering with and knowing the state of the application running on it. Intel Guard eXtensions (SGX) software is a representative TEE implementation technology.
Game-Based Smart Contracts
Game-based solutions for smart contract verification are recent developments that use an interactive “verification game” to decide if a computational task was successful or not. These solutions offer rewards to encourage players to verify computational tasks and find errors so that a smart contract can safely perform a task calculation with verifiable properties.
In each round of the “verification game”, the verifier recursively checks a smaller subset of the computation, significantly reducing the computational load on the nodes. This approach provides an efficient and effective method for verifying smart contracts.
We described Blockchain’s security and privacy attributes and techniques used to achieve them in blockchain-based systems and applications, including consensus algorithms, shuffling, anonymous signatures, encryption, secure multi-party computing, and non-interactive zero-knowledge proof, and secure verification of smart contracts.
Although only a few Blockchain platforms can achieve the set security objectives, blockchain security, and privacy have gained significant interest from academic research and industry. Understanding Blockchain’s security and privacy properties is crucial in enhancing trust and developing defense techniques and countermeasures. Developing lightweight cryptographic algorithms and practical security and privacy methods is vital for the future development of Blockchain and its applications.