Presentation is loading. Please wait.

Presentation is loading. Please wait.

Proof-of-Personhood: Redemocratizing Permissionless Cryptocurrencies

Published byLenard Payne Modified over 6 years ago

Similar presentations

Presentation on theme: "Proof-of-Personhood: Redemocratizing Permissionless Cryptocurrencies"— Presentation transcript:

1 Proof-of-Personhood: Redemocratizing Permissionless Cryptocurrencies
Maria Borge, Eleftherios Kokoris-Kogias, Philipp Jovanovic, Linus Gasser, Nicolas Gailly and Bryan Ford EPFL

2 Talk overview Problem Proof of personhood (PoP) PoPCoin Conclusions

3 Re-centralization Problem
Control in current permissionless blockchain-based cryptocurrencies systems lies in hands of a small number of entities Re-centralization

4 Permissionless cryptocurrencies
Enable open participation Provide pseudonymity Avoid double spending attacks Extend the blockchain in a secure manner

5 Proof-of-Work Special purpose hardware
Massive consumption of electricity Only entities with the resources are able to mine Re-centralization!

6 Proof-of-Stake Participants use their assets to create new assets
Rich participants have an advantage, more assets implies faster creation of new assets Shareholder corporation that favors the rich

7 Goal Create a sybil attack resistant cryptocurrency that ensures fair and accessible wealth creation process

8 Talk overview Problem Proof of personhood (PoP) PoPCoin Conclusions

9 Proof-of-Personhood (PoP)
Objective: Verify people, rather than identify them How: Organizing a party and generate tokens PoP-Token PoP-Token PoP-Token El punto es que al final de la fiesta cada personita sale con un PoP token

10 Proof-of-Personhood (PoP)
CoSi - Scalable collective signing Cothority - Collective Authority Linkable ring signatures - Anonymity and accountability in the same context List Building blocks List of assumptions for pseudonym party: Organizers each responsible for a node Anytrust model Attendees are trusted to safely store their private key After the time barrier, no one gets in Linkable ring signatures, even though they share anonymity group. The tags produced at different services, that is with different context, output distinct tags. That is the signatures are not realted between different anonymity groups.

11 Pseudonym party - Setup
Cothority Organizers Conode Conode Configuration-file: - Start, End - Location, Use - Expiration - Organizers’ public keys Conode Lets take a first look at the pseudonym party setup, lets meet some of its main “actors” First, we have the organizers Organizers may be a group of volunteers, part of an entity, an association, an entity, basically any group of people. Each organizer is associated to one server, that from now on is going to be called a conode. The conodes and the organizers together form a collective authority. We assume an anytrust model, in which people do not need to trust all organizer, they just need to trust that one of the organizers is honest and that he/she is not colluding with anyone else. And that their conode is also honest. Some time before the party the organizers meet, to setup the details. In particular start, end, location, use, expiration date, servers and they exchange their public keys. All of these details go to a configuration file that is made public after these meeting. A set of independet of servers, in charge of taping the party are also selected. These observers do not belong to the organizers set of people, they are selected completely appart and independently. They are in charge of taping the party for transparency issues. The tapes allow to prove if for example an organizer refused to sign a User PoP token, or if someone is getting double PoP-tokens.

12 Pseudonym party - Setup
Attendees E Public keys Private keys Configuration-file: - Start, End - Location, Use - Expiration - Organizers’ public keys Attendees also need to do a setup before the party, we trust them to bring an ephemeral public key to use only at the party. They need to download the configuration file that was uploaded by the organizers. Attendees must downlaod the configuration file, as well as a software to generate the public/private/ephemeral keys. They input the configuration file and get a file as an output These file contains three keys, one public key and one private key, to not be used at the party. And an ephemeral public key to be used at the party. These will ideally prevent the user from using the same public key on different services. That is the user can reuse the public key on different services and that should not compromise his/her anonymity. So at the end of the step the attendees end up with a set of ephemeral public keys, and some private keys.

13 Pseudonym party Registration-room Party-room
The pseudonym party is divided in two rooms. A registration room and a party room. Initially everyone enters to the registration room. Everyone is allowed to enter to the registration room up to a point, the barrier point. Once this point is reached no one can get in, but everyone can get out for security purposes.

14 Pseudonym party - Barrier Point
Registration-room Party-room At the barrier point both organizers and attendees line up to collect the ephemeral public keys. First organizers form a line, and the attendees also form a line, following the organizers. Each attendee carries their ephemeral public key. Organizers will collect each attendees eph public key. Each organizer stamps an attendee, that way if an attendee attempts to go back in line, the organizer just needs to recognize his/her stamp, if the attendee has the stamp, then that means that he/she got in line for a second time.

15 Pseudonym party Registration-room Party-room
Once attendees get to the end of line they move to the next room. The party room. They are not allowed to go back. Lets think of the door as a one way door. If they attempt to go back the observers will be recording all the process. In the party room there might be an actual party or something, another incentive for people to go there.

16 Pseudonym party - Termination / Finalization
Cothority Organizers Conode Private key + = PoP-Token Conode Party Transcript: -Configuration file -Public keys of attendees -Hash-file of videos -Collective signature Conode By the end of the party Organizers upload all the ephemeral public keys collected at the party to their respective conodes. With them a Final transcript is created. And collectively signed by the cothority. Each attendee ends up with a PoP-Token, formed by their private key and the party transcript.

17 Usage of PoP-Tokens Context, M Linkable Ring Signature Attendee
Service Context, M Aggregate public key of trustworthy cothorities Linkable Ring Signature Attendees public keys Attendees public keys ... ... ... Table with tags

18 Talk overview Problem Proof of personhood (PoP) PoPCoin Conclusions

19 PoPCoin Open membership: Proof-of-Personhood Fairness: Randhound
Consensus: Byzcoin

20 PoPCoin - Implementation - Setup
Set of organizers throw a pseudonym party to create PoP-tokens Attendees authenticate their PoP-tokens If successfully authenticated attendee deposits a public key, to identify as a minter The set of public keys form a minting-pool

21 PoPCoin - Implementation - Minting
Minters part of the minting-pool are eligible to create new blocks Last N miners run RandHound, to select the next minter allowed to create next block The process repeats every M minutes, if minter fails a new one is selected

22 PoPCoin - Overview

23 PoPCoin - Deployment Local cryptocurrency

24 Challenges We propose a cryptocurrency that builds on:
Proof-of-Personhood Randhound Byzcoin

25 Related Work We propose a cryptocurrency that builds on:
Proof-of-Personhood Randhound Byzcoin

26 Thank you!

27 Questions?

Download ppt "Proof-of-Personhood: Redemocratizing Permissionless Cryptocurrencies"

Similar presentations

Secure Multiparty Computations on Bitcoin

Secure Multiparty Computations on Bitcoin
 A public-key infrastructure ( PKI ) is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store,

 A public-key infrastructure ( PKI ) is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store,
CMSC 414 Computer and Network Security Lecture 19 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 19 Jonathan Katz.
BITCOIN An introduction to a decentralised and anonymous currency. By Andy Brodie.

BITCOIN An introduction to a decentralised and anonymous currency. By Andy Brodie.
CSCI 530 Lab Authentication. Authentication is verifying the identity of a particular person Example: Logging into a system Example: PGP – Digital Signature.

CSCI 530 Lab Authentication. Authentication is verifying the identity of a particular person Example: Logging into a system Example: PGP – Digital Signature.
“Electronic Payment System”

“Electronic Payment System”
Cloud Usability Framework

Cloud Usability Framework
INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.

INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.
©2014 Experian Information Solutions, Inc. All rights reserved. Experian Confidential.

©2014 Experian Information Solutions, Inc. All rights reserved. Experian Confidential.
Csci5233 Computer Security1 Bishop: Chapter 10 (Cont.) Key Management: Storage & Revoking.

Csci5233 Computer Security1 Bishop: Chapter 10 (Cont.) Key Management: Storage & Revoking.
Lecture 11: Strong Passwords

Lecture 11: Strong Passwords
PRIVACY PRESERVING SOCIAL NETWORKING THROUGH DECENTRALIZATION AUTHORS: L.A. CUTILLO, REFIK MOLVA, THORSTEN STRUFE INSTRUCTOR DR. MOHAMMAD ASHIQUR RAHMAN.

PRIVACY PRESERVING SOCIAL NETWORKING THROUGH DECENTRALIZATION AUTHORS: L.A. CUTILLO, REFIK MOLVA, THORSTEN STRUFE INSTRUCTOR DR. MOHAMMAD ASHIQUR RAHMAN.
1 Bitcoin A Digital Currency. Functions of Money.

1 Bitcoin A Digital Currency. Functions of Money.
WISTP’08 ©LAM2008 15/05/2008 A Self-Certified and Sybil-Free Framework for Secure Digital Identity Domain Buildup Christer Andersson Markulf Kohlweiss.

WISTP’08 ©LAM /05/2008 A Self-Certified and Sybil-Free Framework for Secure Digital Identity Domain Buildup Christer Andersson Markulf Kohlweiss.
Matej Bel University Cascaded signatures Ladislav Huraj Department of Computer Science Faculty of Natural Sciences Matthias Bel University Banska Bystrica.

Matej Bel University Cascaded signatures Ladislav Huraj Department of Computer Science Faculty of Natural Sciences Matthias Bel University Banska Bystrica.
Security fundamentals Topic 5 Using a Public Key Infrastructure.

Security fundamentals Topic 5 Using a Public Key Infrastructure.
SCP: A Computationally Scalable Byzantine Consensus Protocol for Blockchains Loi Luu, Viswesh Narayanan, Kunal Baweja, Chaodong Zheng, Seth Gilbert, Prateek.

SCP: A Computationally Scalable Byzantine Consensus Protocol for Blockchains Loi Luu, Viswesh Narayanan, Kunal Baweja, Chaodong Zheng, Seth Gilbert, Prateek.
CSCI 530 Lab Passwords. Overview Authentication Passwords Hashing Breaking Passwords Dictionary Hybrid Brute-Force Rainbow Tables Detection.

CSCI 530 Lab Passwords. Overview Authentication Passwords Hashing Breaking Passwords Dictionary Hybrid Brute-Force Rainbow Tables Detection.
7/10/20161 Computer Security Protection in general purpose Operating Systems.

7/10/20161 Computer Security Protection in general purpose Operating Systems.
 Introduction  History  What is Digital Signature  Why Digital Signature  Basic Requirements  How the Technology Works  Approaches.

 Introduction  History  What is Digital Signature  Why Digital Signature  Basic Requirements  How the Technology Works  Approaches.

Similar presentations

Ads by Google