Elsevier

Future Generation Computer Systems

Volume 112, November 2020, Pages 913-929
Future Generation Computer Systems

PAChain: Private, authenticated & auditable consortium blockchain and its implementation

https://doi.org/10.1016/j.future.2020.05.011Get rights and content

Highlights

  • A private and secure solution for consortium blockchain was proposed.

  • Confidentiality was protected by an ECC ElGamal encryption and a range proof.

  • Spender remained anonymous by using anonymous credential issued by the endorser.

  • Recipient was represented by a one-time key derived from his certified public key.

  • All functionalities can be integrated into the architecture of Hyperledger Fabric.

Abstract

Blockchain provides a distributed ledger recording a globally agreed, immutable transaction history, which may not be suitable for Fintech applications that process sensitive information. This paper aims to solve three important problems for practical blockchain applications: privacy, authentication and auditability. Private transaction means that the transaction can be validated without revealing the transaction details, such as the identity of the transacting parties and the transaction amount. Auditable transaction means that the complete transaction details can be revealed by auditors or law enforcement agencies. Authenticated transaction means that only authorized parties can be involved in the transaction. Auditability prevents a malicious user from abusing the privacy property. Authenticity helps the auditor to trace the identity of the malicious user in the system. In this paper, we present a private, authenticated and auditable consortium blockchain, using a number of cryptographic building blocks. Our scheme can be integrated with the architecture of consortium blockchain. 1

Introduction

Blockchain is a fast-growing field of technology since it is recognized as the core component of Bitcoin [2]. Blockchain can serve as a distributed ledger in a peer-to-peer network to provide publicly verifiable data. The public blockchain is an open, permissionless system such that every one is allowed to join as a user or miner freely. Cryptocurrencies like Bitcoin is an example of public blockchain. They usually have limited throughput. The consortium blockchain is a partly private blockchain. The submission of transactions can be performed by many (authorized) users, but the verification of transactions is only permitted by a few predetermined parties. Consortium blockchain provides a higher efficiency (more than 10k transactions per second (tps)) than the public blockchain. Consortium blockchain is suitable for organizational collaboration. Hyperledger, an umbrella project of open source consortium blockchain, has 130 members including members from the IT industry (e.g., IBM, Intel) and the financial industry (e.g., JP Morgan, American Express).

Privacy in blockchain. Privacy is important for commercial system, especially in the financial sector where money is transferred from one party to another. No one would like to have his bank account transaction history posted on a public blockchain. We define three key privacy properties that we want to achieve in this paper:

  • 1.

    Sender Privacy: the sender’s identity is not known by any third party and two valid transactions of the same sender should not be linked.

  • 2.

    Recipient Privacy: the recipient’s identity is not known by any third party and two valid transactions of the same recipient should not be linked.

  • 3.

    Transaction Privacy: the content of the transaction is not known by any third party. General transaction privacy for smart contract is difficult to achieve without using general zero-knowledge proof of circuit or fully homomorphic encryption, which are both not quite practical. In this paper, we only consider the privacy for transaction amount.

The above conditions should hold for any third party (including the parties running the consensus algorithm). There are also a number of academic and industrial solutions for privacy-preserving blockchain as shown in Table 1. Details will be discussed in Section 3.1.

Our contributions: Private, authenticated & auditable in consortium blockchain. Auditability is essential for financial blockchain applications and unconditional anonymity may not be desirable. Financial institution has to check if there is any money laundering or terrorist-related activities. In case of court order, the institute has to provide the complete information of a particular transaction to the court. For the above situations, the privacy of certain transaction has to be revoked if necessary. For simplicity, we denote the party to legally revoke privacy as the auditor.

Authentication is important for consortium blockchain in two aspects. First, the consortium companies need to ensure that the user is authenticated to use the system (e.g., he has paid /subscribed for the blockchain service). The consortium companies do not earn from the “mining” process and no new coin is generated from consortium blockchain. Second, authentication is useful for tracing real user identity during the auditing process. If users can transact in the consortium blockchain without registration, then the auditor can only discover the self-generated public key after opening the transaction. The real world identity can only be recovered if the user was registered before and is authenticated during the transaction.

In this paper, we show how to construct a private, authenticated and auditable consortium blockchain: PAChain. We give the sender privacy, recipient privacy and transaction privacy by three separate modules. Auditability is provided for all three modules. Authentication is analyzed for the sender privacy and recipient privacy modules. It allows us to analysis the security of each module clearly. It gives the flexibility for system architects to choose the properties according to the business requirements. In our construction, we use a number of cryptographic techniques (e.g., anonymous credential, zero-knowledge range proof, additive homomorphic encryption) and modify them for higher efficiency in consortium blockchain. Table 1 gives the comparison of our paper and related works described in Section 3.1.

Finally, we give the system architecture for integrating our PAChain with Hyperledger Fabric, the open source consortium blockchain platform. We demonstrate how to incorporate various parties in PAChain (e.g., peers, auditors, certificate authorities) into the concrete framework of Hyperledger Fabric. We highlight the changes in each individual steps, such as user registration, transaction proposal and transaction endorsement.

Section snippets

PAChain overview

In this paper, we show the high level overview of how to achieve privacy and auditability in consortium blockchain.

Related works

Public blockchain. Monero is a cryptocurrency providing privacy by linkable ring signature, stealth address and ring confidential transactions [6]. The major disadvantage of Monero is the size of the linkable ring signature, which is proportional to the size of the ring (related to the level of sender anonymity).

Zcash offers privacy and selective transparency of Txs by using zero-knowledge proofs (zk-SNARK) on special shielded transactions [7]. The major disadvantage of Zcash is the large

Transaction privacy

One of the challenging part for privacy in blockchain is the confidentiality of the transaction amount. The major difficulty is how to verify the Tx that (1) the total committed input amount is equal to the total committed output amount; (2) all committed amounts fall within a valid range, e.g., from 0 to 264. This requirement is commonly known as the confidential transaction. Theoretically, it can be achieved by combining additive homomorphic commitment with zero-knowledge range proof. One

Recipient privacy

In blockchain, the user address is the hash of his public key, and hence it represents his identity. If we want to preserve the recipient privacy, we can always use a new public key for each Tx. However, this approach is problematic in some consortium blockchain which only allows Txs between authenticated users. It means that all recipient (and sender) address should be authenticated. A straightforward approach is to associate each address with a certificate issued by a CA. The key challenge is

Sender privacy

In the UTXO model, the sender has to specify the UTXOs that he wants to use. The UTXOs include the information of the owner’s address as well as the transaction amount. The linkage between the current transaction and UTXOs guarantees the validity of the transaction and ensures that there is no double spending. However, this linkage violates the privacy of the sender (no matter the address is used for one time only and the transaction amount is encrypted). It is a dilemma to preserve the

Performance analysis

We analyze our PAChain in terms of throughput and latency, two of the most important metrics for analyzing the performance of a blockchain system. The latency of our PAChain is affected by the running time of the modules. The throughput of our PAChain is affected by both the running time of our three modules, and the size of each transaction.

Building PAChain with Hyperledger

Following our PAChain framework in [1], we show how to integrate PAChain with the Hyperledger fabric. We first describe how the entities in PAChain is mapped to the entities in Hyperledger fabric. Then we give some modifications for combining our cryptographic building blocks. Finally, we demonstrate the system setup followed by the transaction flow in our privacy-preserving auditable consortium blockchain. The complete system architecture described in this section is shown in Fig. 2.

Conclusion

In this paper, we propose efficient solution for privacy, auditability and authentication in consortium blockchain. We give module solutions for them, so that they can be added to blockchain according to actual business need. We implemented our schemes and they are more efficient than the existing solutions in public blockchain. We showed that it can be integrated with Hyperledger fabric framework.

CRediT authorship contribution statement

Tsz Hon Yuen: Conceptualization, Formal analysis, Software, Writing - original draft, Writing - review & editing.

Declaration of Competing Interest

The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.

Acknowledgment

The author is supported by HKU Project Funding no. 201901159007.

Dr Tsz Hon Yuen is an assistant professor in the Department of Computer Science at the University of Hong Kong. He received his Ph.D. degree from the University of Wollongong in 010. His current research interests include cryptography (such as public key encryption, digital signatures, identity-based encryption), privacy preserving protocols (such as anonymous credential, zero-knowledge proof system) and blockchain (such as consensus, payment channel, confidential transactions).

References (22)

  • CamenischJ. et al.

    A formal model of identity mixer

  • Cited by (28)

    • Blockchain types: A characteristic view

      2023, Distributed Computing to Blockchain: Architecture, Technology, and Applications
    • Efficient sharing of privacy-preserving sensing data on consortium blockchain via group key agreement

      2022, Computer Communications
      Citation Excerpt :

      By combining proxy re-encryption with a layered key distribution scheme, CROSS can effectively improve the privacy of the blockchain while maintaining security. Yuen proposed PAChain [14], which uses encryption technologies such as anonymous credentials and zero-knowledge range proof to protect and audit the privacy of sender, recipient, and transaction privacy on the consortium blockchain. In addition, PAChain was shown to integrate well with the Hyperledger Fabric framework.

    • zkrpChain: Towards multi-party privacy-preserving data auditing for consortium blockchains based on zero-knowledge range proofs

      2022, Future Generation Computer Systems
      Citation Excerpt :

      Besides cryptocurrency, more privacy-preserving solutions for public blockchains specialized in different areas are proposed, such as IoT [37], health care [38], thin client authentication [39], auction [40] and energy trading [41]. Existing solutions for confidential transactions on consortium blockchains include Solidus [10], zkLedger [11], FabZK [12], PAChain [42] and PrivChain [43]. Solidus and zkLedger perform zero-knowledge range proofs by using GSPs and Borromean ring signature separately, which both need relatively significant overheads.

    • Blockchain for IoT-based smart cities: Recent advances, requirements, and future challenges

      2021, Journal of Network and Computer Applications
      Citation Excerpt :

      She et al. in (She et al., (2019)) proposed a homomorphic consortium blockchain model for sensitive data privacy-preserving (HCB-SDPP) in traditional SHS. The consortium blockchain offers high scalability and interoperability with enhanced organizational jurisdiction (Yuen, 2020). The physical structure of HCB-SDPP consists of sensory nodes, gateway nodes, and verification nodes.

    View all citing articles on Scopus

    Dr Tsz Hon Yuen is an assistant professor in the Department of Computer Science at the University of Hong Kong. He received his Ph.D. degree from the University of Wollongong in 010. His current research interests include cryptography (such as public key encryption, digital signatures, identity-based encryption), privacy preserving protocols (such as anonymous credential, zero-knowledge proof system) and blockchain (such as consensus, payment channel, confidential transactions).

    1

    This is the full version of the paper in CANS 2019 (Yuen, 2019) (()).

    View full text