Additional Security and Privacy Properties of Blockchain

BlogSubImage

Additional Security and Privacy Properties of Blockchain

Although the blockchain in Bitcoin preserves the three basic security properties: consistency, tamper-resistance, and resistance to DoS attacks, a general purpose blockchain system may desire and benefit from a set of additional security and privacy properties that are critical to digital currency systems and distributed global ledger services. Due to space constraint, we here outline a couple of such additional properties.

Unlinkability with high confidence

BlogSubImage

Unlinkability refers to the inability of stating the relation between two observations or two observed entities of the system with high confidence. Anonymity refers to the state of being anonymous and unidentified. Although the blockchain in Bitcoin ensures pseudonymity by offering pseudo-identity as the support for the anonymity of a user identity, it fails to provide users the protection of unlinkability for their transactions. Intuitively, the full anonymity of a user can only be protected by ensuring both pseudonymity and unlinkability if the user always uses her pseudoidentity to interact with the system. This is because unlinkability makes it hard to launch deanonymization inference attacks, which link the transactions of a user together to uncover the true identity of the user in the presence of background knowledge. Concretely, in Bitcoin like systems, a user can have multiple pseudonymous addresses. However, this does not provide perfect anonymity for users of blockchain, because every transaction is recorded on the ledger with the addresses of sender and receiver, and is traceable freely by anyone using the associated addresses of its sender and receiver. Thus, anyone can relate a user’s transaction to other transactions involving her accounts by a simple statistical analysis of the addresses used in Bitcoin transactions. For example, by analysis on a senderąŕs account, one can easily learn the number and total amount of bitcoins coming out or going into this account. Alternatively, one can link multiple accounts that send/receive transactions from one IP address. More seriously, a user may lose her anonymity and thus privacy for all the transactions associated with her Bitcoin address if the linkage of her bitcoin address to the user’s real-world identity is exposed.

In addition, given the open nature of the public blockchain, anyone can make attempt to perform this type of de-anonymization attack silently and secretly without having the target user even realizing that she is being attacked or her true identity has been compromised. Therefore, the blockchain implementation in Bitcoin only achieves pseudonymity but not unlinkability and thus not full anonymity defined by pseudonymity with unlinkability. We argue that the blockchain system should be enhanced by other cryptographic techniques

Confidentiality of Transactions and Data Privacy

BlogSubImage

Data privacy of blockchain refers to the property that blockchain can provide confidentiality for all data or certain sensitive data stored on it. Although the blockchain was originally devised as a distributed global ledger for the digital currency system Bitcoin, its potential scope of applications is much broader than virtual currencies. For example, blockchain can be leveraged for managing smart contract, copyrighted works, digitization of commercial or organizational registries. Not surprisingly, a desirable security property common in all the blockchain applications is the confidentiality of transaction information, such as transaction content (e.g., transaction amounts in Bitcoin), and addresses. Unfortunately, this security property is not supported in Bitcoin systems. In Bitcoin, the transaction content and addresses are publicly viewable, even though the pseudonym is used as the address of sender and receiver of a transaction instead of the real identity. We conjecture that the capability of keeping transaction content private will help to reduce the risk of linkage of pseudonym to the real user identity. This is critical for promoting the need-to-know based sharing instead of publicly viewable of the entire blockchain.

Moreover, blockchain systems, which use smart contracts to implement complex transactions, such as Ethereum, require (1) the data of each contract and the code it runs on the data to be public and (2) every miner to emulate executing each contract. This will lead to the leakage of user information. For example, a user sets up a smart contract to transfer a certain amount of ETH to another user at a certain time. If an adversary has background information about one of the two parties, this adversary may expose and link this party to her real identity. Therefore, it is critical to design and implement stronger protection mechanisms for privacy-preserving smart contract

the data privacy research in the past decades hasshown the risks of privacy leakage due to various inference attacks, which link sensitive transaction data and/or pseudonym to the true identity of the real users. Such privacy leakage can lead to breaching the confidentiality of transaction information. Thus, confidentiality and privacy pose a major challenge for blockchain and its applications that involve sensitive transactions and private data. We will dedicate Section 5 to discuss some main branches of technology that may help enhancing data privacy and transaction confidentiality on blockchain

Featured

BlogImage

Role of analytics in unlocking the power of API enabled ecosystems

BlogImage

How Cloud-Enabled AI will Drive Business Value in the Future

BlogImage

Price Indexes for PC Database Software and the Value of Code Compatibility

BlogImage

Key digital trends shaping the future

BlogImage

Planning Your Code

BlogImage

Additional Security and Privacy Properties of Blockchain

BlogImage

Top Ten Database Security Threats

BlogImage

Priorities in attempting to secure software as a service

BlogImage

Tools such as WebPageTest or Pingdom will show you basic performance metrics.

BlogImage

low-code applications can be integrated with cloud services and other applications, thus creating a broader ecosystem.

Topics

  • AI and Automation

  • Cybersecurity and risk

  • Digital Transformation

  • IT Management

  • Cloud Management

  • Digisquares Platform

  • Database Management

  • Governance

Years

  • 2022