SlideShare a Scribd company logo

Blockchain_ver0.5_MIT_security_and Privacy_am_final_upload

Anish Mohammed, profile picture
Anish Mohammed

Blockchain and Security – Solving the challenge of Privacy, Identity and Trust discusses key security challenges with blockchain such as identity, privacy, trust, and cryptography. It explores solutions like permissioned blockchains, homomorphic encryption, and zero knowledge proofs to address these issues. The document also examines cases like Silk Road and MtGox that demonstrate security failures with blockchain.

1 of 35
Downloaded 26 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
Blockchain and Security – Solving the challenge of Privacy, Identity and Trust Anish Mohammed MIT DCI – 25th August 2016
Blockchain – what makes it unique ● Pseudonmity- The ability that users are not easily identified ● Censorship resistance – gives the ability to bypass authorities ● Decentralised – distributed hence hard to track down
Blockchain – key security challenges ● Identity- General approach has been to support pseudonyms ● Privacy – Blockchain as a paradigm expects all data to be available ● Trust – Question of trust in a decentralised system
Blockchain – key security challenges (contd) ● Cryptography – choice of algorithms and parameters not necessarily considered traditional. Also the question of QC resistance brought up by some vendors ● Infrastructure – Generally considering the whole Blockchain ecosystem, esp Bitcoin
Blockchain and Post Quantum Cryptography ● Shor’s algorithm ● Grover’s algorithm ● Current crop of QC resistant algorithms
Privacy ● Permissioned Blockchain – having Blockchain which has permission ● Homomorphic encryption – Allowing operations with out revealing content
Smart Contracts and Privacy ● “The basic idea behind smart contracts is that many kinds of contractual clauses (such as collateral, bonding, delineation of property rights, etc.) can be embedded in the hardware and software we deal with, in such a way as to make breach of contract expensive (if desired, sometimes prohibitively so) for the breacher.” ● “Smart contracts combine protocols, user interfaces, and promises expressed via those interfaces, to formalize and secure relationships over public networks. This gives us new ways to formalize the digital relationships which are far more functional than their inanimate paper-based ancestors” ● “Smart contracts reduce mental and computational transaction costs.” – “Formalizing and Securing Relationships on Public Networks,” Nick Szabo
Contracts Systems evolution
Permissioned Blockchain ● Permissioned Blockchain – Bitcoin Blockchain is non-permissioned, nodes could have permission to read or write
Homomorphic Encryption ● Homomorphic Encryption – the challenge of processing without knowing what is being asked Function f x search query Google search Search results x f(x)
Homomorphic Encryption ● Homomorphic Encryption – Oct 2008 Craig Gentry came up with solution Function f x Enc(x) Enc(f(x)) search query Search results Google search
Homomorphic – under multiplication ● Some encryption algorithms already have multiplicative homomorphic properties, e.g. RSA 𝐸 𝑚1 = 𝑚1 𝑒 𝐸 𝑚2 = 𝑚2 𝑒 which implies 𝐸 𝑚1 × 𝐸 𝑚2 = 𝑚1 𝑒 × 𝑚2 𝑒 = (𝑚1 × 𝑚2) 𝑒 = 𝐸(𝑚1 × 𝑚2)
Homomorphic – under addition ● Other Encryptions were additively homomorphic 𝐸 𝑚1 + 𝐸 𝑚2 = 𝐸(𝑚1 + 𝑚2) Additive Homomorphism
Enigma – the possible answer from MIT
MtGox – yet another case
Provisions – privacy preserving way to prove solvency
Trust ● Trust model – Bitcoin Blockchain has a distributed model of trust. So everyone trusts everybody else. ● Intermediaries in the ecosystem – real life implementation of Bitcoin ecosystem requires one to trust various intermediaries with varying results.
Bitcoin/Blockchain – malware ● Malware which mines (steals CPU/GPU cycles) ● Malware which steals Bitcoin from wallets ● Ransomware – accepts Bitcoins to release keys
Bitcoin/Blockchain – malware
Identity ● Identity- General approach has been to support pseudonyms ● Identity verification – strength of verification of identity is as good as onboarding
Identity – some interesting examples
Blockchain and graph analysis
Silkroad – A case of failure
Smart Contracts – security challenges (moritorium)
Smart Contracts – security challenges (the hack)
Other tools - Trusted Computing
Trust
Trustworthy systems
Trusted Platform Module
Direct Anonymous Attestation
Zero Knowledge Proofs
Zero Knowledge protocols - properties ● Completeness -If prover is telling the truth, then they will eventually convince the verifier. ● Soundness -Prover can only convince verifier if they're actually telling the truth. ● Zero-knowledgeness -Verifier doesnt learn anything else about prover's solution According to Goldwasser, Micali and Rackoff
Blockchain and expert opinions
Dilbert’s take on Security
Anish Mohammed @anishmohammed

More Related Content

PDF
Blockchain security research (in 2 minutes)
Sergei Tikhomirov
 
PPSX
Cryptography
Askme.com
 
PPTX
Software for encrypting and decrypting text file powerpointpresentation
Ruchika Sinha
 
PDF
HMAC a signature alternative
Hubert Gregoire
 
PPTX
Blockchain technology
Navin Kumar
 
PPTX
Cryptography in networks
Kajal Chaudhari
 
PDF
Anish Mohammed - Bitcoin vs Blockchain
Joe Baguley
 
PDF
Consensu, Security, and the Blockchain Gateway Interface - Ethan Buchman, Ten...
WithTheBest
 
Blockchain security research (in 2 minutes)
Sergei Tikhomirov
 
Cryptography
Askme.com
 
Software for encrypting and decrypting text file powerpointpresentation
Ruchika Sinha
 
HMAC a signature alternative
Hubert Gregoire
 
Blockchain technology
Navin Kumar
 
Cryptography in networks
Kajal Chaudhari
 
Anish Mohammed - Bitcoin vs Blockchain
Joe Baguley
 
Consensu, Security, and the Blockchain Gateway Interface - Ethan Buchman, Ten...
WithTheBest
 

Viewers also liked (20)

PPTX
Redefining Security with the Blockchain by William Mougayar
The Business Blockchain
 
PDF
Information security in private blockchains
Coin Sciences Ltd
 
PDF
Build Secure IOT Solutions using Blockchain
geetachauhan
 
PDF
Introduction to DAOs - Ethereum Meetup Warsaw 28.04
Maciej Ołpiński
 
PDF
InterCon 2016 - Blockchain e smart-contracts em Ethereu
iMasters
 
PPTX
Blockchain and the investment industry stack
David Taylor
 
PDF
Reassessing Regulation and the IoT - Gilad Rosner
FSR Communications and Media
 
PDF
FINTECH Circle Blockchain Masterclass with Prof Mainelli @ BNY Mellon
FINTECH Circle
 
PDF
Risk Leadership on the Boardroom Agenda
FERMA
 
PDF
DWS16 - Smart city forum - Niels De Schutter, Atos
IDATE DigiWorld
 
PPTX
Web application security: how to start?
Antonio Fontes
 
PPTX
Trust No One: The New Security Model for Web APIs - SecTor talk by Greg Kliew...
CA API Management
 
PDF
IoT And Inevitable Decentralization of The Internet
Paul Brody
 
PDF
Patterns and Antipatterns in Enterprise Security
WSO2
 
PDF
The End of the Fortress: The new Approach to Cybersecurity
Marc Nader
 
PDF
SABSA: Key features, advantages & benefits summary
SABSAcourses
 
PPTX
Understand How Machine Learning Defends Against Zero-Day Threats
Rahul Mohandas
 
PPTX
The Zero Trust Model of Information Security
Tripwire
 
PPTX
Modelling Security Architecture
narenvivek
 
PDF
Beyond Bitcoin - Enabling Smart Government Using the Bitcoin Blockchain
Vestforsk.no
 
Redefining Security with the Blockchain by William Mougayar
The Business Blockchain
 
Information security in private blockchains
Coin Sciences Ltd
 
Build Secure IOT Solutions using Blockchain
geetachauhan
 
Introduction to DAOs - Ethereum Meetup Warsaw 28.04
Maciej Ołpiński
 
InterCon 2016 - Blockchain e smart-contracts em Ethereu
iMasters
 
Blockchain and the investment industry stack
David Taylor
 
Reassessing Regulation and the IoT - Gilad Rosner
FSR Communications and Media
 
FINTECH Circle Blockchain Masterclass with Prof Mainelli @ BNY Mellon
FINTECH Circle
 
Risk Leadership on the Boardroom Agenda
FERMA
 
DWS16 - Smart city forum - Niels De Schutter, Atos
IDATE DigiWorld
 
Web application security: how to start?
Antonio Fontes
 
Trust No One: The New Security Model for Web APIs - SecTor talk by Greg Kliew...
CA API Management
 
IoT And Inevitable Decentralization of The Internet
Paul Brody
 
Patterns and Antipatterns in Enterprise Security
WSO2
 
The End of the Fortress: The new Approach to Cybersecurity
Marc Nader
 
SABSA: Key features, advantages & benefits summary
SABSAcourses
 
Understand How Machine Learning Defends Against Zero-Day Threats
Rahul Mohandas
 
The Zero Trust Model of Information Security
Tripwire
 
Modelling Security Architecture
narenvivek
 
Beyond Bitcoin - Enabling Smart Government Using the Bitcoin Blockchain
Vestforsk.no
 
Ad

Similar to Blockchain_ver0.5_MIT_security_and Privacy_am_final_upload (20)

PDF
Blockchain_FintechEvo_ver1.8_am
Anish Mohammed
 
PPTX
SMART Seminar Series: "Blockchain and its Applications". Presented by Prof Wi...
SMART Infrastructure Facility
 
PPTX
Improving privacy in blockchain using homomorphic encryption
Razi Rais
 
PPTX
BlockChain.pptx
Tilani Gunawardena PhD(UNIBAS), BSc(Pera), FHEA(UK), CEng, MIESL
 
PPTX
Understanding Blockchain
Tony Willenberg
 
PDF
Paranoid's View of Token Engineering
Token Engineering
 
PDF
Introduction To Blockchain Technology For Beginners
LouaiBoumedienne
 
PDF
Blockchain meetup
QuantUniversity
 
PDF
Topic 2 Blockchain Fundamentals - Cryptography BW.pdf
beluleung1
 
PPTX
Crypto & Crpyocurrencies Intro
Tal Shmueli
 
PDF
Introduction to blockchain and cryptocurrency technologies
Paweł Wacławczyk
 
PPTX
Blockchain
Mohit Singh
 
PDF
Blockchain and Cryptography - A Primer
Gokul Alex
 
PDF
Introduction to Blockchain Technologies
Massimiliano Masi
 
PPTX
Module (Blockchain & Cryptocurrency).pptx
BaharAli53
 
PPTX
Bitcoin MOOC Lecture 1.pptx
Oluseyi Akindeinde
 
PDF
Bitcoin.pdf
INSPECTORESWSS
 
PDF
Privacy Preserving Paradigms of Blockchain Technology
Gokul Alex
 
PDF
Blockchain_TezosDeveloperCommunitySNSCE.pdf
VISHNURAJSSNSCEAD
 
ODP
Understanding Bitcoin (Blockchain) and its Potential for Disruptive Applications
IndicThreads
 
Blockchain_FintechEvo_ver1.8_am
Anish Mohammed
 
SMART Seminar Series: "Blockchain and its Applications". Presented by Prof Wi...
SMART Infrastructure Facility
 
Improving privacy in blockchain using homomorphic encryption
Razi Rais
 
BlockChain.pptx
Tilani Gunawardena PhD(UNIBAS), BSc(Pera), FHEA(UK), CEng, MIESL
 
Understanding Blockchain
Tony Willenberg
 
Paranoid's View of Token Engineering
Token Engineering
 
Introduction To Blockchain Technology For Beginners
LouaiBoumedienne
 
Blockchain meetup
QuantUniversity
 
Topic 2 Blockchain Fundamentals - Cryptography BW.pdf
beluleung1
 
Crypto & Crpyocurrencies Intro
Tal Shmueli
 
Introduction to blockchain and cryptocurrency technologies
Paweł Wacławczyk
 
Blockchain
Mohit Singh
 
Blockchain and Cryptography - A Primer
Gokul Alex
 
Introduction to Blockchain Technologies
Massimiliano Masi
 
Module (Blockchain & Cryptocurrency).pptx
BaharAli53
 
Bitcoin MOOC Lecture 1.pptx
Oluseyi Akindeinde
 
Bitcoin.pdf
INSPECTORESWSS
 
Privacy Preserving Paradigms of Blockchain Technology
Gokul Alex
 
Blockchain_TezosDeveloperCommunitySNSCE.pdf
VISHNURAJSSNSCEAD
 
Understanding Bitcoin (Blockchain) and its Potential for Disruptive Applications
IndicThreads
 
Ad

Blockchain_ver0.5_MIT_security_and Privacy_am_final_upload

  • 1. Blockchain and Security – Solving the challenge of Privacy, Identity and Trust Anish Mohammed MIT DCI – 25th August 2016
  • 2. Blockchain – what makes it unique ● Pseudonmity- The ability that users are not easily identified ● Censorship resistance – gives the ability to bypass authorities ● Decentralised – distributed hence hard to track down
  • 3. Blockchain – key security challenges ● Identity- General approach has been to support pseudonyms ● Privacy – Blockchain as a paradigm expects all data to be available ● Trust – Question of trust in a decentralised system
  • 4. Blockchain – key security challenges (contd) ● Cryptography – choice of algorithms and parameters not necessarily considered traditional. Also the question of QC resistance brought up by some vendors ● Infrastructure – Generally considering the whole Blockchain ecosystem, esp Bitcoin
  • 5. Blockchain and Post Quantum Cryptography ● Shor’s algorithm ● Grover’s algorithm ● Current crop of QC resistant algorithms
  • 6. Privacy ● Permissioned Blockchain – having Blockchain which has permission ● Homomorphic encryption – Allowing operations with out revealing content
  • 7. Smart Contracts and Privacy ● “The basic idea behind smart contracts is that many kinds of contractual clauses (such as collateral, bonding, delineation of property rights, etc.) can be embedded in the hardware and software we deal with, in such a way as to make breach of contract expensive (if desired, sometimes prohibitively so) for the breacher.” ● “Smart contracts combine protocols, user interfaces, and promises expressed via those interfaces, to formalize and secure relationships over public networks. This gives us new ways to formalize the digital relationships which are far more functional than their inanimate paper-based ancestors” ● “Smart contracts reduce mental and computational transaction costs.” – “Formalizing and Securing Relationships on Public Networks,” Nick Szabo
  • 9. Permissioned Blockchain ● Permissioned Blockchain – Bitcoin Blockchain is non-permissioned, nodes could have permission to read or write
  • 10. Homomorphic Encryption ● Homomorphic Encryption – the challenge of processing without knowing what is being asked Function f x search query Google search Search results x f(x)
  • 11. Homomorphic Encryption ● Homomorphic Encryption – Oct 2008 Craig Gentry came up with solution Function f x Enc(x) Enc(f(x)) search query Search results Google search
  • 12. Homomorphic – under multiplication ● Some encryption algorithms already have multiplicative homomorphic properties, e.g. RSA 𝐸 𝑚1 = 𝑚1 𝑒 𝐸 𝑚2 = 𝑚2 𝑒 which implies 𝐸 𝑚1 × 𝐸 𝑚2 = 𝑚1 𝑒 × 𝑚2 𝑒 = (𝑚1 × 𝑚2) 𝑒 = 𝐸(𝑚1 × 𝑚2)
  • 13. Homomorphic – under addition ● Other Encryptions were additively homomorphic 𝐸 𝑚1 + 𝐸 𝑚2 = 𝐸(𝑚1 + 𝑚2) Additive Homomorphism
  • 14. Enigma – the possible answer from MIT
  • 15. MtGox – yet another case
  • 16. Provisions – privacy preserving way to prove solvency
  • 17. Trust ● Trust model – Bitcoin Blockchain has a distributed model of trust. So everyone trusts everybody else. ● Intermediaries in the ecosystem – real life implementation of Bitcoin ecosystem requires one to trust various intermediaries with varying results.
  • 18. Bitcoin/Blockchain – malware ● Malware which mines (steals CPU/GPU cycles) ● Malware which steals Bitcoin from wallets ● Ransomware – accepts Bitcoins to release keys
  • 20. Identity ● Identity- General approach has been to support pseudonyms ● Identity verification – strength of verification of identity is as good as onboarding
  • 21. Identity – some interesting examples
  • 23. Silkroad – A case of failure
  • 24. Smart Contracts – security challenges (moritorium)
  • 25. Smart Contracts – security challenges (the hack)
  • 26. Other tools - Trusted Computing
  • 27. Trust
  • 32. Zero Knowledge protocols - properties ● Completeness -If prover is telling the truth, then they will eventually convince the verifier. ● Soundness -Prover can only convince verifier if they're actually telling the truth. ● Zero-knowledgeness -Verifier doesnt learn anything else about prover's solution According to Goldwasser, Micali and Rackoff