Invented by Andres Garagiola, John B. Geagan, III, Jeronimo IRAZABAL, Guillermo R. Lopez, Diego A. Masini, Dulce Ponceleon, International Business Machines Corp
To address this issue, a new market has emerged for blockchain transaction privacy enhancement through broadcast encryption. Broadcast encryption is a cryptographic technique that allows a sender to encrypt a message and send it to a group of receivers, where only authorized members of the group can decrypt the message. This technique can be applied to blockchain transactions to enhance privacy by limiting the visibility of transaction details to authorized parties only.
The market for blockchain transaction privacy enhancement through broadcast encryption is still in its early stages, but it is growing rapidly. Many blockchain companies are now offering solutions that use broadcast encryption to enhance transaction privacy. These solutions are designed to provide users with greater control over their financial information and protect them from potential fraud and theft.
One of the key benefits of broadcast encryption is that it allows for selective disclosure of transaction details. This means that users can choose who they want to share their transaction details with, rather than having them publicly available to anyone who wants to view them. This can be particularly useful for businesses that need to keep their financial transactions private, as well as for individuals who want to protect their personal financial information.
Another benefit of broadcast encryption is that it can help to prevent double-spending attacks. Double-spending is a type of fraud where a user attempts to spend the same cryptocurrency twice. By limiting the visibility of transaction details to authorized parties only, broadcast encryption can make it more difficult for attackers to carry out double-spending attacks.
Overall, the market for blockchain transaction privacy enhancement through broadcast encryption is poised for significant growth in the coming years. As more users become aware of the importance of financial privacy and security, demand for these solutions is likely to increase. This will drive innovation and competition in the market, leading to even more advanced and effective solutions for enhancing blockchain transaction privacy.
The International Business Machines Corp invention works as follows
The example operation can include one or more operations such as storing a broadcast cryptographic tree that includes a set cryptographic key arranged in a hierarchical format, distributing partial sets of keys among peers in a group, receiving from a device an identification of one peer in the group for processing a transaction on a blockchain, selecting from the cryptographic set keys in the broadcast tree a subset which allows at least one of the peers in the group to decrypt the transactions but does not enable the other peers in the group to decrypt the a a a a a a a a a a a a a a a identifying a a subset a a a subset a subset a
Background for Blockchain Transaction Privacy Enhancement through Broadcast Encryption
A blockchain can be used to store digital assets, for example. This is because anyone or any entity can add information to a Blockchain. Therefore, it should be checked and verified. Consensus is the name of this operation. Decentralized and centralized consensus are both types of consensus. Centralized consensus uses a central database to determine the validity of transactions. Decentralized consensus transfers trust and authority to a network decentralized and allows its nodes record transactions continuously and sequentially on a public “block”, creating a unique “chain”. A blockchain is also known as. “Blockchains use cryptography via hash codes to authenticate a transaction source, removing the need for an intermediary.
In most cases, the blockchain platform (also known as distributed ledger) requires a peer to peer network to process blockchain transactions. It also needs the consensus algorithms mentioned above to replicate the blockchain across the peers of the network. Due to the distributed nature, it can be difficult to control the processing or restrict the processing of transactions through a central authority.
In one example embodiment, there is a method for blockchain transaction processing that involves one or more of: storing a broadcast cryptographic tree consisting of a set cryptographic key arranged in a hierarchical format; distributing a part of the keys from the tree to each peer in a group including a network of peers, receiving from a device an identification of one peer in the group for processing a transaction on the blockchain; selecting a subset from the cryptographic set in the broadcast tree that enables one peer to
In another example embodiment, there is provided a computing system which includes one or multiple storage devices configured to perform at least the following: store a broadcast cryptographic tree comprising a set cryptographic key arranged in a hierarchical format, a networking interface configured for distributing a partial set keys from the cryptographic tree to each peer among a group included in a Blockchain network and to receive from a device an identification of at lease one peer in the group for processing a transaction on the blockchain, and a processor
The invention is a non-transitory medium containing program instructions which, when executed, cause a computer perform the following: storing a tree of broadcast encryption keys comprising a hierarchy of cryptographic key structures, distributing partial sets of cryptographics keys from the tree of broadcast encryption to each peer in a group including peers in a Blockchain network, receiving from a device an identification of the peer authorized to process a transaction in the blockchain network, selecting from the set of keys in the tree of broadcast encryption a
Other features or modifications may be apparent in the following description when taken together with the drawings, and the claims.
It will be apparent that components of the present invention, as described and illustrated in the figure herein, can be arranged in many different ways. The following description of at least one embodiment of a method or apparatus, non-transitory computer-readable medium, and system as illustrated in the attached figures is not intended as limiting the scope of this application. It is only representative of some embodiments.
The features, structure, and characteristics described in this specification can be combined in any way that is appropriate throughout the embodiments. The use of phrases like?example embodiments’,?some embodiments?”, or similar language throughout this specification indicates that a particular feature or structure described in connection to an embodiment could be included in at least one embodiment. It is not to be taken to mean that it is omitted from any other embodiments. The phrases “example embodiments”, “in some embodiments,” or “in other embodiments” or similar terms may refer to the same group. Furthermore, the features, structures, and characteristics described may be combined in any way in one or more embodiments.
In addition, the term’message’ may be used in the description of embodiments. While the term?message? may be used to describe embodiments, the application can be applied to any type of network data such as packet, frame, or datagram. The term “message” is used here. The term?message? or?request’ can be used interchangeably. or?request? may contain packet, frame, datagram and any equivalents thereof. While certain types of signals and messages may be shown in certain embodiments, they are not limited by a particular type of message or signaling request. The application, however, is not restricted to a specific type of signaling.
The instant application, in one embodiment, relates blockchain transactions. In another embodiment, it relates managing a cryptographic key set and broadcasting only a subset to authorized blockchain peers.
The example embodiments refer to a broadcast-encryption technology that restricts the blockchain transaction processing only to a small subset of peers within a larger group of peers which composes a blockchain network. A blockchain platform or ecosystem typically includes a number of entry points, i.e. peers, which manage a blockchain in a distributed manner (i.e. peer-to-peer). The peers are responsible for maintaining the replica of blockchain data and processing transactions. In order to guarantee that the replication is identical across peers, peers typically use a consensus algorithm to verify the replica. It may be necessary or beneficial to only allow a selected subset of peers to process a transaction in a blockchain network. It may, for example, be desirable or necessary to limit blockchain transaction processing to only a subset of peers from a total set of peers in the blockchain network. This is due to security concerns, internal group requirements, contract parties, etc.
The example embodiments refer to a broadcast certification authority (BCA), which is capable of managing a large set of private keys and distributing them to each peer. This allows the peers to selectively unlock blockchain transactions when they are authorized. Although peers may share cryptographic keys, they may also have a unique set of partial keys with respect to other peers. This distribution of cryptographics keys allows for some overlap among the peers, so that no specific cryptographic key is required to be assigned to each peer. The BCA can also receive a request by a user indicating a subset from the group of peers who are authorized to perform a blockchain transaction. The subset of peers will be able process a transaction on the blockchain while the rest are restricted or prevented from doing so.
The BCA can generate a cryptographic key that is unique to the user, based on the subsets of private keys. This subset only has access to a certain subset and the rest of the peers are unaware of it. The subset of keys can be selected from a set of all private keys using a hierarchical structure of keys. This allows specific peers to decrypt a transaction, while preventing other peers from doing so. Accordingly, the remaining peers may be prevented from interpreting the content of the blockchain transaction and interfering with the result of the blockchain transaction on a transaction-by-transaction basis. The BCA can provide the user with the broadcast certificate that includes the transaction encryption key. This is to be used by users for encrypting data on blockchain processing.
In order for the BCA to manage the broadcast tree, it may determine a hierarchy of nodes at multiple levels based on the number of peers that the BCA manages, and assign private key to each peer when the peer enrolls with the BCA. Or, during a later process or update. Each peer can be assigned keys at multiple levels in the broadcast tree, based on its location within the tree. The BCA can also maintain a list of unique subsets that are assigned to each peer it manages. The broadcast encryption tree can be organized in a hierarchical shape, such as a quadtree or binary tree. Each node in the tree can have its own key. The peers can also correspond to the nodes at the leaves of the tree. “Each peer can be assigned a unique subset from an overall set private keys in the broadcasting encryption tree.
FIG. According to an example embodiment, FIG. 1 shows a broadcast encryption 100 system with a plurality 120 peers. The system 100 also includes a broadcast certificate authority (BCA) and a user device, both of which are connected via a network. The user device 110, peers 120 and BCAs 130 can be connected to a network via peer-to-peer or distributed networks. The system 100 can be scaled up or down by adding BCAs to the system as it adds peers. In this example, system 100 has eight peers 120, and two BCAs, but embodiments do not limit themselves to that. Each BCA 130 can manage encryption keys for a peer 120.
When the device 110 wants to limit which peers 120 in the system 100 are authorized to process a Blockchain transaction, it may send a request to the BCAs 130 specifying the target peers that the device 110 wishes to have the ability to encrypt and complete a Blockchain transaction. The BCA 130 can generate a transaction key for the device based on which peers are managed by it and are authorized to process a blockchain transaction. The BCA 130 can provide the transaction encryption keys to the user devices 110, allowing the user devices 110 to create and send encrypted transactions that are only decryptable by the target peers. In FIGS. Below, we will discuss 3A and 3B. The user device 110 may encrypt the blockchain transaction when it receives the encryption key. It can then broadcast the encrypted transaction to all peers. Only those peers who have a private key that is associated with the key can decrypt the details of the transaction. The remaining peers cannot decrypt the transaction on the blockchain and are therefore unable process the transaction. They are therefore prevented from interfering in the blockchain processing.
The system 100 offers a number advantages over the previous blockchain authorisation techniques. The system 100, for example, uses broadcast encryption in order to ensure that only peers who are authorized can decrypt and process transactions on the blockchain. A set of private key is distributed among the peers who make up the system 100. This distribution allows a smaller group of peers to decrypt transactions without needing to use a linear amount of encryptions to decrypt transaction payloads. The BCA 130 is also responsible for selecting a subset from an overall set private encryption keys in order to allow only a limited number of peers to process a blockchain transaction that comes from a large group of peers. This invention allows the blockchain transaction to propagate throughout the blockchain network by broadcast transmission, while also limiting the peers who can process the broadcast transactions.
During the enrollment process (or any other process, such as an update or the initiation of broadcast encryption), peers receive a unique set of partial private keys in accordance with the BCA 130. The BCA 130 can determine how the partial sets are distributed, as well as the size of a tree and other characteristics. Each BCA 130 can generate and maintain a broadcast encryption tree that is based on peers it manages. Each BCA 130 can distribute private subsets to peers it manages and generate broadcast certificates for those users who want to transmit blockchain transactions but restrict which peers are authorized to process them.
A broadcast certification may be determined by the encryption keys assigned to a subset of peers who are authorized to process a transaction. A BCA’s secret key can be used to sign the broadcast certificate. The transaction key is a symmetrical key that’s used to encrypt the blockchain transaction content. This key is generated and encrypted by the BCA using a user’s private key. The BCA may choose the TKey based on which peers are authorized to process. The broadcast certificate can also include a TKB (transaction key block) that contains the transaction key encrypted with one or more private keys of the subset of peers authorized for processing.
As an example that is not limited, the broadcast certificate can include the transaction key encrypted with different private encryption keys assigned to different authorized peers (or groups of peers). A first private key assigned by a peer to the first subgroup may be used for the encryption of the transaction, while a second key assigned to the second peer to the second subgroup may be used in order to encrypt another copy of the key. This allows both peers to decrypt the key using different private keys. The user device can encrypt content from multiple transactions using the TKey encrypted by a public key of the user that is included in the broadcast certification. As a result, the changes in the shared ledger can be generated and sent to all peers. In this way, peers who have access to private encryption keys can decrypt the key for the transaction and execute it. Peers without the key will not be able interfere with the operation. A single private key can be used by multiple peers while remaining unknown to others due to the hierarchical structure of the broadcasting encryption tree. This reduces the number of private keys. The system also does not require that a private encryption key be used separately for each peer.
FIG. According to an example embodiment, FIG. 2 shows a blockchain database configuration. Referring to FIG. 2 may contain certain elements common to all blockchain systems, such as a group of peer nodes 281-284 that participate in the consensus process for adding and validating blockchain transactions. For example, in FIG. The peer blockchain nodes 281-284 may be included in FIG. The peer blockchain nodes 280 can initiate a Blockchain authentication and attempt to write to an immutable blockchain ledger in the blockchain layer 220. A copy of this ledger may be also stored on the physical infrastructure 210. This configuration includes one or more applications 270 that are linked to APIs 260 in order to access and execute program/application code (e.g. chain code and/or Smart Contracts) 250. These are created according the customized configuration desired by the participants, can maintain its own state, control their own assets and receive external data. This code can then be installed on all peer nodes via the distributed ledger by deploying it as a transaction.
Click here to view the patent on Google Patents.
Leave a Reply