Presentation is loading. Please wait.

Presentation is loading. Please wait.

Signing transactions anonymously with Identity Mixer in Hyperledger

Published by奠 闵 Modified over 6 years ago

Similar presentations

Presentation on theme: "Signing transactions anonymously with Identity Mixer in Hyperledger"— Presentation transcript:

1 Signing transactions anonymously with Identity Mixer in Hyperledger
Idemix team: Jan Camenisch, Manu Drijvers, Maria Dubovitskaya Blockchain team: Elli Androulaki, Angelo De Caro, Andreas Kind, Alessandro Sorniotti IBM Research - Zurich

2 Identity Mixer for HL Fabric: Executive Summary
Identity Mixer is a Strong Privacy-Preserving Authentication solution Better privacy than standard X.509 or OpenID Protocols are verified by the scientific community Perfect fit for the Blockchain scenario & requirements Better scalability, simplicity, privacy, security, auditability Use cases: privacy-preserving asset transfer, banking, trading shares, KYC. GDPR compliance A differentiator for HL Fabric (advanced privacy features) Basis for Privacy-preserving asset transfer Privacy-preserving & efficient hierarchical issuance of certificates is also possible (paper at CCS’17) Status: Implemented in Go for HL Fabric Merged: Crypto library, MSP implementation, tool to generate crypto material [1.1 tech preview] In Review: e2e demo [1.1 tech preview] In progress: Integration into java sdk (crypto library in review, integration in progress) [1.1 tech preview] Planned: fabric-ca, Node sdk integration, advanced functionalities, HSM support [see next slide]

3 Identity Mixer for HL roadmap (epics)
FAB-2005 Idemix MVP in Fabric [last CR in review][v1.1 Release (?)/TechPreview(?)] Crypto library in Go [done] MSP implementation, tool to generate crypto material [done] e2e demo [CR in review] FAB-6835 Idemix integration into Java SDK [target: Nov. 30] Add amcl crypto lib to the central maven repo [working with Miracl (authors) on it] Crypto library in java [done] Integration with sdk [in progress] FAB-6837 Idemix integration into Node.js SDK [target: Jan-Feb 2018] FAB-6988 Idemix issuance via Fabric-CA and SDKs [target: Feb 2018][v1.2 Release] FAB-5733 Idemix post MVP (advanced functionality) [target: Spring 2018][v1.2 TechPreview(?)] Performance optimizations Revocation Auditing Advanced Access Control policies FAB-6989 HSM support for Identity Mixer MSP [target: Fall 2018 (?)][Future]

4 (prove Over 17 from ID issued by eGov)
Identity Mixer Attribute-based credentials Strong authentication (signatures) Privacy-preserving Access Control Selective disclosure of attributes, predicates over attributes, full unlinkability Auditability Revocation Preserving privacy and unlinkability - Verification is done with the public key of the issuer only Presentation Policy (prove Over 17 from ID issued by eGov)

5 Presentation Policy Fresh Nonce to prevent a replay attack
Issuer’s public key reference Auditor’s public key reference and audit grounds Selective disclosure of attributes or predicates over attributes

6 Permissioned Blockchain
Attr 1 Attr 2 Party A Attr 1 Attr 2 Ledger Bank node Ledger Party C node Attr 1 Attr 2 node Ledger node Ledger Party B Attr 1 Attr 2

7 Signing transactions with a single X.509 TCert
Certificate Authority (CA) X.509 Attr 1 Attr 2 secret key public key Attr 1 Attr 2 trust Transaction B Attr 1 Attr 2 Transaction A Attr 1 Attr 2 - Full linkability - All attrs are disclosed CA’s public key Verifier

8 Certificate Authority (CA)
Multiple X.509 Certs Certificate Authority (CA) X.509 Attr 1 Attr 2 Attr 1 Attr 2 secret key public key Attr 1 Attr 2 Attr 1 Attr 2 Attr 1 Attr 2 Attr 1 Attr 2 Attr 1 Attr 2 Attr 1 Attr 2 trust Transaction B Attr 1 Attr 2 Transaction A Attr 1 Attr 2 CA’s public key Verifier

9 Membership management: privacy in v0.6
ECerts: (relatively) static enrollment certificates acquired via registration with an enrollment certificate authority (CA). TCerts: transaction certificates that faithfully but pseudonymously represent enrolled users, acquired via a transaction CA. Blockchain User B Certificate Authority (CA) Blockchain User A TkeyB shares public key U Application Membership uses uses Ecert Tcert U Requests certificates 1xEcert, 1xTcert invokes SC txn (signed with TkeyA, encrypted with TkeyA, TkeyB…) Application (stored in wallet) TkeyA TkeyB Accesses ledger TkeyB Enrollment certificates (Ecerts) and Transaction certificates (Tcerts) can only be linked by CA and user sc deployed on every validating peer Smart contract Consensus Network (signed with Ekey of origin, encrypted with validators’ key)

10 How Identity Mixer works
Certificate Authority (CA) Identity Mixer secret key public key Attr 1 Attr 2 Attr 1 Attr 2 Presentation Policy 2 Presentation Policy 1 trust Attr 1 Attr 2 Attr 1 Attr 2 Transaction A Attr 1 Attr 2 Transaction B Attr 1 Attr 2 CA’s public key Verifier

11 Identity Mixer vs. multiple X.509 TCerts
Certificate Authority (CA) X.509 Identity Mixer Attr 1 Attr 2 Attr 1 Attr 2 secret key public key Attr 1 Attr 2 Attr 1 Attr 2 Attr 1 Attr 2 Attr 1 Attr 2 Attr 1 Attr 2 Attr 1 Attr 2 Attr 1 Attr 2 Attr 1 Attr 2 Presentation Policy 2 Presentation Policy 1 trust Attr 1 Attr 2 Attr 1 Attr 2 Presentation Policy 1 Transaction B Attr 1 Attr 2 Transaction A Attr 1 Attr 2 Attr 1 Attr 2 Transaction A Transaction C Transaction B Attr 1 Attr 2 Attr 1 Attr 2 Attr 1 Attr 2 CA’s public key Verifier

12 Membership management with Identity Mixer
ECerts: (relatively) static enrollment certificates acquired via registration with an enrollment certificate authority (CA). TCerts: Identity Mixer presentation proofs derived from ECert, without interaction with CA Blockchain User B Certificate Authority (CA) Blockchain User A TkeyB shares public key U Application Membership uses uses Ecert U Requests certificates 1xEcert invokes SC txn (signed with TkeyA, encrypted with TkeyA, TkeyB…) Application (stored in wallet) TkeyA TkeyB Accesses ledger TkeyB sc deployed on every validating peer Smart contract Consensus Network (signed with Ekey of origin, encrypted with validators’ key)

13 Contribution Overview: MVP in Go (fabric only)
Sign (cli) Verify Transactions Membership Service Provider [fabric/msp/idemixmsp.go] Peer Identity/Signing identity Produce MSP config files Sign/Verify (Generate/Verify Presentation Tokens) Idemixgen tool [fabric/common/tools/idemixgen] KeyGen Issuance Revocation Identity Mixer crypto package [fabric/idemix] Generate CA keys Issue ECert Presentation Verification Audit

14 E2E demo: video/live

15 Identity Mixer for HL Fabric: Executive Summary
Identity Mixer is a Strong Privacy-Preserving Authentication solution Better privacy than standard X.509 or OpenID Protocols are verified by the scientific community Perfect fit for the Blockchain scenario & requirements Better scalability, simplicity, privacy, security, auditability Use cases: privacy-preserving asset transfer, banking, trading shares, KYC. GDPR compliance A differentiator for HL Fabric (advanced privacy features) Basis for Privacy-preserving asset transfer Privacy-preserving & efficient hierarchical issuance of certificates is also possible (paper at CCS’17) Status: Implemented in Go for HL Fabric Merged: Crypto library, MSP implementation, tool to generate crypto material [1.1 tech preview] In Review: e2e demo [1.1 tech preview] In progress: Integration into java sdk (crypto library in review, integration in progress) [1.1 tech preview] Planned: fabric-ca, Node sdk integration, advanced functionalities, HSM support

16 Backup slides

17 More Privacy, Simplicity and Efficiency with advanced cryptography
Security & Privacy features Hyperledger v1.0 Hyperledger + TCerts Hyperledger + Idemix User Anonymity - ++ Transaction Security Transaction Confidentiality Accountability Access Control + + (only attribute disclosure) ++ (selective disclosure, predicates) Auditability ++ (but without privacy) + (TCA have to participate) ++ (TCA is not involved in the audit) Unlinkability + (TCA can link all transactions) ++ (TCA cannot link transactions, only auditors) Simple Key Management - (key derivation is required) ++ (single secret key on the user side) TCA, Multiple TCAs N/A - (TCA is a bottleneck to request fresh Tcerts, multiple TCAs is a problem) ++ (only one ECert, TCA cannot link transactions, multiple TCAs is not a problem) Solution Simplicity Storage Efficiency - (TCerts and keys need to be stored) ++ (only one ECert) HSM & CSP support - (interface changes required to implement key derivation) + (only custom implementation of the signing algorithms, no interface / flow changes) Revocation + (only ECert? Privacy-preserving revocation of TCerts?) ++ (privacy-preserving revocation of Ecerts)

18 Contribution Overview: MVP for Java SDK
User.java TransactionContext.java Sign Transactions Identity/SigningIdentity.java IdemixSampleStore.java Sign/Verify (Generate/Verify Presentation Tokens) User Certificates Idemixgen tool KeyGen Issuance Revocation Identity Mixer crypto package Generate CA keys Issue ECert Presentation Verification Audit

19 Auditability (Inspection)
Certificate Authority (CA) Identity Mixer Only Auditor can track the transactions Auditor’s secret key can be shared between multiple parties to distribute the trust signing key public key Attr 1 eID Attr 1 eID Auditor secret key public key Transaction A Attr 1 Attr 2 User enrollment ID Auditor’s public key CA’s public key Verifier

20 Revocation Certificates can be revoked at any time
Certificate Authority (CA) Certificates can be revoked at any time Non-revocation proof is unlinkable: no loss of privacy for non-revoked users Identity Mixer signing key public key Attr 1 RevID Attr 1 RevID Revocation Authority (RA) Revocation Info Revocation Info signing key public key Transaction A Attr 1 Attr 2 Revocation Info CA’s public key Verifier

Download ppt "Signing transactions anonymously with Identity Mixer in Hyperledger"

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Chapter 14 – Authentication Applications

Chapter 14 – Authentication Applications
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Claudia Diaz, Hannelore Dekeyser, Markulf Kohlweiss, Girma Nigusse K.U.Leuven IDIS Workshop 29/05/2008 [Work done in the context of the ADAPID project]

Claudia Diaz, Hannelore Dekeyser, Markulf Kohlweiss, Girma Nigusse K.U.Leuven IDIS Workshop 29/05/2008 [Work done in the context of the ADAPID project]
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
7/11/2011Pomcor 1 Pros and Cons of U-Prove, Idemix and Other Privacy-Enhancing Technologies Francisco Corella Karen Lewison Pomcor.

7/11/2011Pomcor 1 Pros and Cons of U-Prove, Idemix and Other Privacy-Enhancing Technologies Francisco Corella Karen Lewison Pomcor.
Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.

Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.

Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.

Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.

 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.
Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 13-1© 2007 Prentice-Hall, Inc ELC 200 Day 23.

Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 13-1© 2007 Prentice-Hall, Inc ELC 200 Day 23.
Copyright © 1995-2003 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authentication.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authentication.
Public Key Infrastructure from the Most Trusted Name in e-Security.

Public Key Infrastructure from the Most Trusted Name in e-Security.
Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.

Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.
Anual Workshop February 5th, 2014. Anonymous yet reliable ePoll application Italo Dacosta SecAnon-DistriNet.

Anual Workshop February 5th, Anonymous yet reliable ePoll application Italo Dacosta SecAnon-DistriNet.

Similar presentations

Ads by Google