PAChain: Private, authenticated & auditable consortium blockchain and its implementation
Introduction
Blockchain is a fast-growing field of technology since it is recognized as the core component of Bitcoin [2]. Blockchain can serve as a distributed ledger in a peer-to-peer network to provide publicly verifiable data. The public blockchain is an open, permissionless system such that every one is allowed to join as a user or miner freely. Cryptocurrencies like Bitcoin is an example of public blockchain. They usually have limited throughput. The consortium blockchain is a partly private blockchain. The submission of transactions can be performed by many (authorized) users, but the verification of transactions is only permitted by a few predetermined parties. Consortium blockchain provides a higher efficiency (more than 10k transactions per second (tps)) than the public blockchain. Consortium blockchain is suitable for organizational collaboration. Hyperledger, an umbrella project of open source consortium blockchain, has 130 members including members from the IT industry (e.g., IBM, Intel) and the financial industry (e.g., JP Morgan, American Express).
Privacy in blockchain. Privacy is important for commercial system, especially in the financial sector where money is transferred from one party to another. No one would like to have his bank account transaction history posted on a public blockchain. We define three key privacy properties that we want to achieve in this paper:
- 1.
Sender Privacy: the sender’s identity is not known by any third party and two valid transactions of the same sender should not be linked.
- 2.
Recipient Privacy: the recipient’s identity is not known by any third party and two valid transactions of the same recipient should not be linked.
- 3.
Transaction Privacy: the content of the transaction is not known by any third party. General transaction privacy for smart contract is difficult to achieve without using general zero-knowledge proof of circuit or fully homomorphic encryption, which are both not quite practical. In this paper, we only consider the privacy for transaction amount.
The above conditions should hold for any third party (including the parties running the consensus algorithm). There are also a number of academic and industrial solutions for privacy-preserving blockchain as shown in Table 1. Details will be discussed in Section 3.1.
Our contributions: Private, authenticated & auditable in consortium blockchain. Auditability is essential for financial blockchain applications and unconditional anonymity may not be desirable. Financial institution has to check if there is any money laundering or terrorist-related activities. In case of court order, the institute has to provide the complete information of a particular transaction to the court. For the above situations, the privacy of certain transaction has to be revoked if necessary. For simplicity, we denote the party to legally revoke privacy as the auditor.
Authentication is important for consortium blockchain in two aspects. First, the consortium companies need to ensure that the user is authenticated to use the system (e.g., he has paid /subscribed for the blockchain service). The consortium companies do not earn from the “mining” process and no new coin is generated from consortium blockchain. Second, authentication is useful for tracing real user identity during the auditing process. If users can transact in the consortium blockchain without registration, then the auditor can only discover the self-generated public key after opening the transaction. The real world identity can only be recovered if the user was registered before and is authenticated during the transaction.
In this paper, we show how to construct a private, authenticated and auditable consortium blockchain: PAChain. We give the sender privacy, recipient privacy and transaction privacy by three separate modules. Auditability is provided for all three modules. Authentication is analyzed for the sender privacy and recipient privacy modules. It allows us to analysis the security of each module clearly. It gives the flexibility for system architects to choose the properties according to the business requirements. In our construction, we use a number of cryptographic techniques (e.g., anonymous credential, zero-knowledge range proof, additive homomorphic encryption) and modify them for higher efficiency in consortium blockchain. Table 1 gives the comparison of our paper and related works described in Section 3.1.
Finally, we give the system architecture for integrating our PAChain with Hyperledger Fabric, the open source consortium blockchain platform. We demonstrate how to incorporate various parties in PAChain (e.g., peers, auditors, certificate authorities) into the concrete framework of Hyperledger Fabric. We highlight the changes in each individual steps, such as user registration, transaction proposal and transaction endorsement.
Section snippets
PAChain overview
In this paper, we show the high level overview of how to achieve privacy and auditability in consortium blockchain.
Related works
Public blockchain. Monero is a cryptocurrency providing privacy by linkable ring signature, stealth address and ring confidential transactions [6]. The major disadvantage of Monero is the size of the linkable ring signature, which is proportional to the size of the ring (related to the level of sender anonymity).
Zcash offers privacy and selective transparency of Txs by using zero-knowledge proofs (zk-SNARK) on special shielded transactions [7]. The major disadvantage of Zcash is the large
Transaction privacy
One of the challenging part for privacy in blockchain is the confidentiality of the transaction amount. The major difficulty is how to verify the Tx that (1) the total committed input amount is equal to the total committed output amount; (2) all committed amounts fall within a valid range, e.g., from 0 to . This requirement is commonly known as the confidential transaction. Theoretically, it can be achieved by combining additive homomorphic commitment with zero-knowledge range proof. One
Recipient privacy
In blockchain, the user address is the hash of his public key, and hence it represents his identity. If we want to preserve the recipient privacy, we can always use a new public key for each Tx. However, this approach is problematic in some consortium blockchain which only allows Txs between authenticated users. It means that all recipient (and sender) address should be authenticated. A straightforward approach is to associate each address with a certificate issued by a CA. The key challenge is
Sender privacy
In the UTXO model, the sender has to specify the UTXOs that he wants to use. The UTXOs include the information of the owner’s address as well as the transaction amount. The linkage between the current transaction and UTXOs guarantees the validity of the transaction and ensures that there is no double spending. However, this linkage violates the privacy of the sender (no matter the address is used for one time only and the transaction amount is encrypted). It is a dilemma to preserve the
Performance analysis
We analyze our PAChain in terms of throughput and latency, two of the most important metrics for analyzing the performance of a blockchain system. The latency of our PAChain is affected by the running time of the modules. The throughput of our PAChain is affected by both the running time of our three modules, and the size of each transaction.
Building PAChain with Hyperledger
Following our PAChain framework in [1], we show how to integrate PAChain with the Hyperledger fabric. We first describe how the entities in PAChain is mapped to the entities in Hyperledger fabric. Then we give some modifications for combining our cryptographic building blocks. Finally, we demonstrate the system setup followed by the transaction flow in our privacy-preserving auditable consortium blockchain. The complete system architecture described in this section is shown in Fig. 2.
Conclusion
In this paper, we propose efficient solution for privacy, auditability and authentication in consortium blockchain. We give module solutions for them, so that they can be added to blockchain according to actual business need. We implemented our schemes and they are more efficient than the existing solutions in public blockchain. We showed that it can be integrated with Hyperledger fabric framework.
CRediT authorship contribution statement
Tsz Hon Yuen: Conceptualization, Formal analysis, Software, Writing - original draft, Writing - review & editing.
Declaration of Competing Interest
The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.
Acknowledgment
The author is supported by HKU Project Funding no. 201901159007.
Dr Tsz Hon Yuen is an assistant professor in the Department of Computer Science at the University of Hong Kong. He received his Ph.D. degree from the University of Wollongong in 010. His current research interests include cryptography (such as public key encryption, digital signatures, identity-based encryption), privacy preserving protocols (such as anonymous credential, zero-knowledge proof system) and blockchain (such as consensus, payment channel, confidential transactions).
References (22)
- et al.
Privacy preservation in blockchain based iot systems: Integration issues, prospects, challenges, and future research directions
Future Gener. Comput. Syst.
(2019) - et al.
Privacy-friendly platform for healthcare data in cloud based on blockchain environment
Future Gener. Comput. Syst.
(2019) - et al.
PTAS: privacy-preserving thin-client authentication scheme in blockchain-based PKI
Future Gener. Comput. Syst.
(2019) Pachain: Private, authenticated and auditable consortium blockchain
Bitcoin: A peer-to-peer electronic cash system
(2009)- et al.
Accountable privacy for decentralized anonymous payments
- et al.
Towards scalable and private industrial blockchains
- et al.
Prcash: Centrally-Issued Digital Currency with Privacy and RegulationCryptology ePrint Archive, Report 2018/412
(2018) Ring Signature Confidential Transactions for MoneroCryptology ePrint Archive, Report 2015/1098
(2015)- et al.
Zerocash: Decentralized anonymous payments from bitcoin
A formal model of identity mixer
Cited by (28)
Blockchain-powered distributed data auditing scheme for cloud-edge healthcare system
2023, Cyber Security and ApplicationsBlockchain types: A characteristic view
2023, Distributed Computing to Blockchain: Architecture, Technology, and ApplicationsEfficient sharing of privacy-preserving sensing data on consortium blockchain via group key agreement
2022, Computer CommunicationsCitation Excerpt :By combining proxy re-encryption with a layered key distribution scheme, CROSS can effectively improve the privacy of the blockchain while maintaining security. Yuen proposed PAChain [14], which uses encryption technologies such as anonymous credentials and zero-knowledge range proof to protect and audit the privacy of sender, recipient, and transaction privacy on the consortium blockchain. In addition, PAChain was shown to integrate well with the Hyperledger Fabric framework.
zkrpChain: Towards multi-party privacy-preserving data auditing for consortium blockchains based on zero-knowledge range proofs
2022, Future Generation Computer SystemsCitation Excerpt :Besides cryptocurrency, more privacy-preserving solutions for public blockchains specialized in different areas are proposed, such as IoT [37], health care [38], thin client authentication [39], auction [40] and energy trading [41]. Existing solutions for confidential transactions on consortium blockchains include Solidus [10], zkLedger [11], FabZK [12], PAChain [42] and PrivChain [43]. Solidus and zkLedger perform zero-knowledge range proofs by using GSPs and Borromean ring signature separately, which both need relatively significant overheads.
Blockchain for IoT-based smart cities: Recent advances, requirements, and future challenges
2021, Journal of Network and Computer ApplicationsCitation Excerpt :She et al. in (She et al., (2019)) proposed a homomorphic consortium blockchain model for sensitive data privacy-preserving (HCB-SDPP) in traditional SHS. The consortium blockchain offers high scalability and interoperability with enhanced organizational jurisdiction (Yuen, 2020). The physical structure of HCB-SDPP consists of sensory nodes, gateway nodes, and verification nodes.
A reliable blockchain and edge-cloud architecture for facilitating fault-tolerant IoT applications
2021, Blockchain for Smart Cities
Dr Tsz Hon Yuen is an assistant professor in the Department of Computer Science at the University of Hong Kong. He received his Ph.D. degree from the University of Wollongong in 010. His current research interests include cryptography (such as public key encryption, digital signatures, identity-based encryption), privacy preserving protocols (such as anonymous credential, zero-knowledge proof system) and blockchain (such as consensus, payment channel, confidential transactions).