Improving privacy in blockchain using homomorphic encryption

Improving Privacy in Blockchain using
Homomorphic Encryption
Razi Rais | https://razibinrais.com

Who am I?
www.linkedin.com/in/razirais

Agenda
 Understand Privacy & Role of Homomorphic Encryption (HE)
 Blockchain & Zero-Knowledge Proofs (zk-SNARKS)
 Tools & Technologies
 Demos (Healthcare & identity)

Privacy
http://faculty.uml.edu/sgallagher/Brandeisprivacy.htm
• Freedom from intrusion - being left alone
• Control of information about oneself
• Freedom from surveillance (from being followed,
tracked, watched, and eavesdropped upon)

Privacy | Encryption to Protect Data
Razi X?DE&7
Plaintext Encrypted

Privacy | Encryption Challenge
At Rest In Motion In Memory
X?DE&7 X?DE&7 Razi
e.g – BitLocker e.g - TLS ?

Privacy | Encryption Solution
At Rest In Motion
X?DE&7 X?DE&7 X?DE&7
e.g – BitLocker e.g - TLS Homomorphic
Encryption
In Memory

Homomorphic Encryption (HE) - 101
Allows you to perform operations on encrypted data
Addition & Multiplication
Quantum Resistant*
Slow – Requires lot of compute power

Homomorphic Encryption - Applications
HomomorphicEncryption.org
http://homomorphicencryption.org/white_papers/applications
_homomorphic_encryption_white_paper.pdf

Scenario | Healthcare
What's wrong with sending/sharing your blood results with the
3rd party (e.g. Research institutes, Law enforcement etc.)
Unnecessary exposure of data
Once results are shared they cannot be un-shared
Data breaches (you also don’t control data lifecycle)
Your DNA + PII = Ultimate Identity that can be tracked and use
with AI!

Use Case
You want to participate in a healthcare research program that needs your
Glucose and Cholesterol levels
Problem
How to share data without revealing the actual values?

Solution
1. Encrypt glucose and cholesterol levels on the client device (using
private key)
2. Send glucose and cholesterol levels (still encrypted) to the server
3. Processing is done by the server on encrypted values (using HE
and client’s public key)
4. Results are send back in encrypted format to the client
5. Client decrypt the values (using private key)

DEMO | Healthcare
Improve Privacy using HE
https://github.com/razi-rais/homomorphic-encryption

SDKs |Offchain
Microsoft | Simple Encrypted Arithmetic Library (SEAL)
https://www.microsoft.com/en-us/research/project/simple-encrypted-arithmetic-library
n1analytics
https://github.com/n1analytics/python-paillier
TFHE | Fast Fully Homomorphic Encryption Library over the Torus
https://github.com/tfhe/tfhe
More ..

Blockchain & Privacy Issues
Data on the blockchain is immutable
(write once– ready many)
PII (Personal Identifiable Information)
in plaintext should never be stored on blockchain
Solution?

Blockchain & Privacy
Store data off the chain (Database, IPFS etc.)
Step 1 - Encrypt Data (PII)
Step 2 - Hash Data
Step 3 – Store Hash on the chain

Blockchain & Privacy
Why not just store the encrypted data on the chain?
because..
Storage is expensive on the chain
Secret key exposure/hack will reveal encrypted data
Data storage is immutable
(so no turning back if data is exposed)

Scenario: Identity
What's wrong with the current Identity system?
It reveals too much information to 3rd party!
Lets take a closer look…

Scenario: Identity
Scenario
You need to proof that you are over 21 years
of age

Scenario: Identity
As usual you showed your ID to the 3rd party
(3rd party is some one who you don’t trust with PII.
E.g. receptionist, security guard etc. )

Scenario: Identity
What information was needed?
DOB
Picture
What information was revealed?
Address,
Sex
Height
Eye Color
Etc.

Scenario: Identity
One Possible Solution
Step 1 – DMV issues you proof that you are over 21 and
create smart contract for 3rd party to verify it.
Step 2 – You send a signed transaction to smart contract
with encrypted input (only you and DMV knows private
values)
Step 3 – Smart contract verify your proof and either rejects
or accepts it.
Step 4 – Third party uses result of smart contract (step#3)
to verify if your are over 21 or not.

Zero-knowledge Proof
Benefits
Minimal/No data discourse
Blockchain is used to verify (and record results) but data
always stays encrypted
One time proof can be used for more sensitive
transactions*
High Level Definition
It’s a method by which one party (the prover
“Razi”) can prove to another party
(the verifier ”Security Guard”) that he knows a
value x (DOB, attested by the DMV), without
conveying any information apart from the fact
that he knows the value x.

zk-SNARKs
Zk-SNARK  Zero-Knowledge Succinct Non-Interactive Argument of Knowledge
Zero-knowledge  Allows prover to prove to the verifier that a statement is true
without revealing any information beyond the validity of the statement itself
Succinct  Proof is short and easy to verify
Non-interactive  Proof does not require back-and-forth interaction between the
prover and the verifier
Argument of knowledge Proof attests not just that the statement is true, but also that
the prover knows why its true

zk-SNARKs – How it works
2. key generator ( lambda , program/circuit )  proving
key (pk) , verification key (vk)
1. program/circuit has public input (x) and
private input (witness or w)
3. prover ( pk , x , w )  proof
4. verifier( vk , x , proof)  { true | false }
Program written to work with
ZoKrates

DEMO | Identity
Using zk-SNARKs to proof age
https://github.com/razi-rais/blockchain-workshop/tree/master/zk-
SNARKs

Resources
Raziel: Private and Verifiable Smart Contracts on Blockchains
https://eprint.iacr.org/2017/878.pdf
Homomorphic Encryption Standard
https://projects.csail.mit.edu/HEWorkshop/HomomorphicEncryptionStandar
d2018.pdf
A Primer on Zero Knowledge Protocols
http://www.cs.ox.ac.uk/people/gerardo.simari/personal/publications/zkp-
simari2002.pdf

Improving privacy in blockchain using homomorphic encryption

More Related Content

What's hot (20)

Similar to Improving privacy in blockchain using homomorphic encryption (20)

Recently uploaded (20)

Improving privacy in blockchain using homomorphic encryption

Editor's Notes