Decentralized Attribute-Based Encryption is Possible on a Blockchain

in #security8 years ago

enter image description here

Attribute based encryption is very powerful yet few currently understand it. In addition, so far it has not been implemented in any form that I know of on a blockchain. I decided to investigate whether it's possible to implementt attribute based encryption on a blockchain and I found a paper titiled: "Decentralizing Attribute-Based Encryption" which is worth a read.

A quote from the paper:

In almost all ABE proposals, private keys were issued by one central authority that would need to be in a position to verify all the attributes or credentials it issued for each user in the system. These systems can be utilized to share information according a policy over attributes issued within a domain or organization, however, in many applications a party will want to share data according to a policy written over attributes or credentials issued across di erent trust domains and organizations. For instance, a party might want to share medical data only with a user who has the attribute of \Doctor"issued by a medical organization and the attribute \Researcher" issued by the administrators of a clinical trial. On a commercial application, two corporations such as Boeing and General Electric might both issue attributes as part of a joint project. Using current ABE systems forthese applications can be problematic since one needs a single authority that is both able to verify attributes across different organizations and issue private keys to every user in the system

Attribute quantification tokens as user issued assets?

Be aware that this paper was written sometime in 2010, before blockchain technology was well known. On a blockchain, permissions could be represented by ownership of access tokens. All who have a certain token issued to them, would be granted access to the special rights and privileges associated with the token. The token alone wouldn't encrypt anything but it would provide a means of tracking who has certain attributes so long as the authority which distributes the token does so in an algorithmic and consistent fashion. Tokens would become badge which represent attributes, qualifications, and these tokens would have to be non-transferable quantifiers of reputation or attribute.

Secure computation is also possible in theory over a blockchain, and in this case a witness or similar role could do the verified computation which generates the private keys from the attributes of the users. Of course with any of these approaches there are non-trivial challenges involved, yet based on the Enigma paper there is at least a theoretical approach which shows you can do computations of this sort over a blockchain data structure.

In the paper it is shown that you do not need a fixed authority to do attribute based encryption. You can have multiple authorities in a decentralized network and accomplish the same ends. In the case of a blockchain, you might have to rely on witnesses for the role of these authorities. Because this is an entirely new approach to things which is only recently made possible with technologies such as Steemit, Storj, IPFS, SAFE Network, it's unknown whether or not we will see an implementation of attribute based encryption utilizing a blockchain approach.

In a much more recent paper, titled: "Incorporating Leveled Homomorphic Encryption-based Private Information Retrieval in Federated eID Schemes to Enhance User Privacy" we do see mention of blockchain technology in the approach. EID is electronic identity and it's popularly used by government backed ID systems such as German, UK, Belgium. These identity systems and more approaches such as E-Estonia are necessary for certain use cases and in combination with Steemit an EID could actually increase the security and recoverablility of Steemit account holders.

The issue with EID is privacy. While it is nice to be able to verify that you are the individual you say you are, and to permanently attach your Steem Power or other digital assets to your unique human identity, it is also very risky in terms of privacy and in terms of identity theft. The paper addresses the issue of privacy and private information retrieval, but to extend on what is in the paper we have to consider the fact that there could be technologies like Storj, SAFE Network, and even Bitcache. Can these technologies become symbiotic and integrated?

The research paper ends with two open questions:

• Can somewhat homomorphic encryption provide a scalable and efficient solution to improve the privacy of users at the IDP by preventing the IDP from knowing which user it is authenticating to an SP; which SP’s service has been requested by a user; hiding both the SP and user from the IDP?
• How feasible and scalable is it to decentralize the role of IDP using block chain and what topology of private block chain used to store private data minimizes the latency?

Conclusion

Decentralized attribute based encryption is possible on a blockchain but there remains open problems with regard to privacy. Steemit can be enhanced by attribute based encryption and the EID technologies if there were enhanced privacy which could be integrated into an account recovery scheme. A government issued electronic ID would in theory reveal to the network the true person behind the cryptography and even their attributes, but it would have to be done in ways which protect the pseudo-anonymity of the person, the privacy aspects need to be enhanced.

Since this is an open problem, does anyone have ideas on how to build an attribute based encryption scheme on top of a blockchain while also integrating EID for last resort account recovery? Considering Steemit currently relies on Reddit and Facebook, it's only as secure as Reddit and Facebook, which both are US-based companies, and are very much centralized. EID schemes would be nationalist based, but because different countries have different competing systems you would possibly have greater security with that decentralization if the EID schemes were private and secure for purpose.

References

Lewko, A., & Waters, B. (2011, May). Decentralizing attribute-based encryption. In Annual International Conference on the Theory and Applications of Cryptographic Techniques (pp. 568-588). Springer Berlin Heidelberg.

Shrishak, K. (2016). Incorporating Leveled Homomorphic Encryption-based Private Information Retrieval in Federated eID Schemes to Enhance User Privacy (Doctoral dissertation, Delft University of Technology).

Zyskind, G., Nathan, O., & Pentland, A. (2015). Enigma: Decentralized computation platform with guaranteed privacy. arXiv preprint arXiv:1506.03471.

Sort:  

The best person to answer this question is probably @modprobe -- I think he was at some point (and maybe still is) working on the problem of attaching a signed assertion that a certifying body (Public Records 'r' Us, Inc.) says a particular user (Alice) has a particular attribute (she is an Alaska resident as of August 10, 2016) in a somewhat-privacy-preserving way for Follow My Vote.

I don't understand the cryptosystems in play enough to say what's possible. I understand ABE only at a very high level, and haven't yet seen a cryptosystem which boasts ABE.

As to certifying certain users with certain attributes in a privacy-preserving fashion, that's trivial. Alice wants to be certified as a female resident of Alaska by Public Records 'r' Us (PRU). PRU encrypts each of Alice's attributes (female, Alaska resident) with different symmetric keys, and encrypts all of the attribute ciphertexts together with Alice's account name/ID with a final ID symmetric key, and sends Alice the ID and attribute keys. Alice can prove to Bob that she is identified by providing him the ID key, and she can prove certain attributes by providing their respective keys in addition. Eve is unable to discern any relationship between Alice and PRU, or between Alice and Bob, and is also ignorant to Alice's attributes. Bob only knows the attributes about Alice that she gives him keys for. PRU can revoke any attribute at any time by updating the blockchain object.

The biggest issue I see with that system is that once Alice reveals attributes to Bob, Bob can reveal them to others. I don't know of a way to combat this off the top of my head.

I'd like some of the experienced Graphene developer wizards to comment on this, whether to confirm or deny my conclusion, or just for sake of discussion.

Whether it's possible on Graphene I do not know for certain, but I do think it will be possible on Enigma and Enigma promises secure multiparty computation on a blockchain. Whether or not they pull off their theoretical claims will depend on the code which so far hasn't been shown.

Even if they were to pull it off, I don't know if privacy would work along with having secure identity.

Hi @dana-edwards , while I can't answer this question but I've trying to find a way to contact you but nowhere to be found on steemit.chat, what's the best way to get in touch with you, at least with something more realtime than in this comment section? :)

Why are we not upvoting this important message!!

Good article thank you,encryption is the important thing.

I think with this type of encryption schema, you could have confidentiality, and anonymity but not privacy. The encryption strength and process covers the confidentiality of the data. Anonymity as you don't know who the users really are. But the blockchain is public, so there is no privacy for transactions. Overall it has value, including scale-ability and a decentralized structure to promote resilience and no need for traditional Admins. Just my 2 cents.

need more people spreading the message!

The more encryption the better, we need to express our privacy and liberty online, I wrote an article on the importance of encryption:
https://steemit.com/security/@freddy008/encryption-should-be-a-human-right-shouldn-t-it-be