Journal of Cyber Security DOI:10.32604/jcs.2022.027693 | |
Article |
A Certificateless Homomorphic Encryption Scheme for Protecting Transaction Data Privacy of Post-Quantum Blockchain
1Information Security Center, State Key Laboratory of Networking and Switching Technology, Beijing University of Posts and Telecommunications, Beijing, 100876, China
2Department of Computer Science National Textile University, Faisalabad, 37610, Pakistan
3School of Information Science and Technology, North China University of Technology, Beijing, 100144, China
4Beijing Key Laboratory of Security and Privacy in Intelligent Transportation, Beijing Jiaotong University, Beijing, 100044, China
*Corresponding Author: Gang Xu. Email: gangxu_bupt@163.com
Received: 05 March 2022; Accepted: 08 April 2022
Abstract: Blockchain has a profound impact on all areas of society by virtue of its immutability, decentralization and other characteristics. However, blockchain faces the problem of data privacy leakage during the application process, and the rapid development of quantum computing also brings the threat of quantum attack to blockchain. In this paper, we propose a lattice-based certificateless fully homomorphic encryption (LCFHE) algorithm based on approximate eigenvector firstly. And we use the lattice-based delegate algorithm and preimage sampling algorithm to extract part of the private key based on certificateless scheme, which is composed of the private key together with the secret value selected by the user, thus effectively avoiding the problems of certificate management and key escrow. Secondly, we propose a post-quantum blockchain transaction privacy protection scheme based on LCFHE algorithm, which uses the ciphertext calculation characteristic of homomorphic encryption to encrypt the account balance and transaction amount, effectively protecting the transaction privacy of users and having the ability to resist quantum attacks. Finally, we analyze the correctness and security of LCFHE algorithm, and the security of the algorithm reduces to the hardness of learning with errors (LWE) hypothesis.
Keywords: Blockchain; homomorphic encryption; lattice; privacy protection
In 2008, Nakamoto [1] introduced bitcoin, also known as cryptocurrency or electronic cash. Its transaction records are in blockchain. As a public distributed ledger, blockchain has the characteristics of decentralization, non-tampering and traceability, which has attracted more and more attention and research from all walks of life.
With the rapid development of blockchain technology, the problem of sensitive data privacy disclosure is becoming more and more prominent. First of all, in blockchain transactions, the transaction record of the whole network is open to all nodes in the blockchain, and the transaction amount of users on the blockchain ledger is stored in plaintext, which causes the problem of privacy disclosure.
There have been some researches on blockchain data privacy protection [2–7]. Among them, the homomorphic encryption technology, as a special encryption scheme, can realize that the decrypted result of the encrypted data obtained after calculation is the same as the result obtained by performing the calculation on plaintext, which can significantly improve the security of user data privacy. However, the existing technology still uses classic cryptographic algorithms, and the traditional solutions designed based on the difficult assumptions of number theory are no longer safe in the quantum environment. The privacy and security issues of sensitive data leakage and quantum attacks on the blockchain urgently need specific and effective privacy protection schemes to protect. As one of the most important post-quantum cryptographic algorithms, lattice cryptography has gradually become a research hotspot in cryptography.
At present, there is no quantum algorithm for solving difficult problems on the lattice, and the lattice cipher is simple to calculate and has high security. However, lattice cryptographic algorithms are mostly designed based on the traditional PKI cryptosystem or based on the identity-based cryptosystem, and there will be problems with certificate management and key escrow. In 2003, Al-Riyami et al. [8] proposed the idea of certificateless public key cryptosystem. In the certificateless system, the user’s private key is composed of a part of the private key generated by KGC and a random number selected by the user. KGC cannot know the complete private key information, so the above problems can be avoided, which gives us a lot of inspiration.
In this paper, we propose a post-quantum blockchain privacy protection scheme based on lattice homomorphic encryption. The main contributions of this paper are as follows:
(1) We propose a lattice-based certificateless fully homomorphic encryption (LCFHE) algorithm. The security of the algorithm is based on LWE difficult problem and can resist quantum computing attacks. In addition, the algorithm can solve the key escrow and certificate management problems effectively based on the certificateless system.
(2) Based on the LCFHE algorithm, we propose a post-quantum blockchain transaction data protection scheme, which effectively protects the user’s transaction privacy by homomorphically encrypting the available balance and transaction amount during the transaction process.
(3) We analyze the algorithm and prove that the algorithm satisfies the correctness and has the security of chosen-plaintext attack.
In view of security issues such as exposure of sensitive transaction data faced by blockchain, relevant researchers have done a lot of studies [9–16]. In 2013, Maxwell proposed the CoinJoin mechanism [17]. The core idea of the mechanism is to merge multiple transactions into one transaction, so as to hide the corresponding relationship between the input and output parties. However, the credibility of participating nodes cannot be guaranteed during the process, so attackers can realize DoS attacks at low cost. In 2014, Ruffing et al. [18] proposed a completely decentralized CoinShuffle protocol for bitcoin. But it requires all users to be online at the same time, which does not solve the DoS attack. In 2014, Sasson et al. [19] proposed Zerocash protocol which hides the amount of each transaction in addition to providing anonymous function. However, the process of generating a proof is very slow. Homomorphic encryption, as a ciphertext processing technology, can avoid the disclosure of privacy in the process of data verification or operation, and has been widely concerned by researchers.
Homomorphic encryption can achieve the same decryption result of ciphertext calculation as that of plaintext calculation, which can significantly improve the security of user data privacy. In 2009, Gentry [20] proposed the first homomorphic encryption algorithm, which realized homomorphic encryption using Bootstrapping. In 2011, Brakerski et al. implemented holomorphic encryption [21] using LWE hypothesis for the first time and [22] under RLWE hypothesis, which is called BGV algorithm. It is the first hierarchical holomorphic encryption algorithm without bootstrapping technology. In 2013, Gentry et al. [23] realized fully homomorphic encryption for the first time by using the method of approximate feature vector, which is the most classical Gentry-Sahai-Waters (GSW) scheme at present. Although the biggest advantage of this scheme is that it no longer relies on public key calculation in homomorphic operation. In fact, the size of its public and private keys is not significantly different from many other algorithms. Homomorphic encryption has been studied, but the current homomorphic encryption schemes generally have the problems of large key space, high operation difficulty and low efficiency, so it is urgent to put forward a more high-performance homomorphic encryption scheme.
In order to solve the problem of exposing the privacy of transaction data, some researchers study the block chain data privacy protection scheme based on homomorphic encryption. In 2015, Cheon et al. [24] from South Korea proposed a ciphertext processing framework based on the homomorphic encryption scheme proposed by Brakerski et al. [21] to realize the homomorphic calculation of ciphertext data. However, the homomorphic encryption algorithm used in the scheme has problems such as large public key size and large computation. In 2019, Yu et al. [25] in China proposed a blockchain privacy protection method based on Paillier homomorphic encryption, but it has the problem of limited calculation. In 2020, Wang et al. [26] in China used Paillier homomorphic encryption combined with zero-knowledge proof to realize transaction protection in view of the security problems of traditional Internet of vehicles devices, but the scheme had problems of large key space and low computational efficiency. At present, most of the existing blockchain transaction privacy protection schemes use Paillier homomorphic encryption algorithm, but it cannot resist quantum attacks. How to make use of lattice cryptography theory [27–30] in the blockchain system to study the block chain sensitive data security processing scheme based on lattice homomorphic encryption algorithm is an urgent problem to be solved.
In view of the problem of exposing sensitive transaction data of blockchain, this project conducts in-depth research on high-performance homomorphic encryption algorithm based on lattice cryptography, mode exchange, key exchange and other technologies on blockchain. In addition, a lattice-fully homomorphic crypto blockchain scheme that can implicitly process sensitive transaction data is constructed to realize the privacy protection of blockchain sensitive data security processing.
Definition 1: Given n linearly independent vectors
and
Definition 2: Given modulus q, dimension
Definition 3(LWE): Given a parameter
(1) SLWE: Given the polynomial samples
(2) DLWE: Determine whether a sample
The SLWE problem and the DLWE problem can be mutually regulated.
3.2 Lattice Sampling Algorithms
Proposition 1: Given prime
Proposition 2: Given a matrix
A homomorphic (public key) encryption algorithm
(1) Key generation algorithm:
(2) Encryption algorithm:
(3) Decryption algorithm:
(4) Homomorphic calculation algorithm:
4 Lattice-based Certificateless Fully Homomorphic Encryption (LCFHE)
We design a lattice-based certificateless homomorphic encryption algorithm, in which the private key consists of part of the KGC private key and the secret value randomly selected by the user. The specific steps of the algorithm are as follows:
(1)
a) Input the safety parameter
b) Execute the trapdoor generation algorithm
c) Select secure Hash functions
d) Output public parameters
(2)
a) KGC generates part of the private key for the user and calculates
b) Calculate
(3)
(4)
a) Output public key
b) Output private key
(5)
(6)
(7)
a) Add(
b) Mult(
According to the above encryption algorithm, we have
let the error vector be
where
For the additive homomorphism, we have
Therefore, the additive homomorphism satisfies the correctness. In the same way, it can be proved that multiplication satisfies correctness.
Conclusion: Based on the LWE difficulty hypothesis, given the security parameters required by the above LCFHE scheme, if the LWE difficulty hypothesis is true, the LCFHE algorithm we proposed is chosen-plaintext attack security, and the proof is as follows.
Proof: Let A be a probabilistic polynomial time attacker, and the challenge ciphertext can be distinguished by probability under the chosen-plaintext attack security model. Specific steps are as follows:
(1) Setup: Input each security parameter, challenger generates public parameter
(2) Queries1: The challenger executes
(3) Challenge: After the query, A outputs two different plaintext
(4) Queries2: Similar to Queries1, but the challenge public key cannot be queried.
(5) Output: A outputs the guess result
We build a distributed discriminator D to distinguish
As shown in Tab. 1, we compared the efficiency of scheme [31] and scheme [32] with the LCFHE algorithm proposed in this paper. In this scheme, the dimension m of the lattice is reduced to
6 Post-quantum Blockchain Transaction Data Protection Scheme Based on LCFHE
According to the lattice-based certificateless homomorphic encryption algorithm mentioned above, we design a post-quantum blockchain transaction data protection scheme. There are three roles in the scheme: key generation center, transaction node and validation node. Specific definitions are as follows:
KGC: Used to generate system public parameters, system master keys, and user private keys.
Transaction node: The node on the blockchain for transactions, which are divided into the transaction sender and transaction receiver.
Validation node: The network-wide verification node on the blockchain that is responsible for verifying the transaction information and maintaining the public ledger. We designed the public ledger to store the real balance of the network accounts as homomorphic encrypted ciphertext.
The cryptic transaction scheme design of blockchain based on LCFHE mainly includes the following three parts: hiding transaction amount, transaction verification and updating account available balance. Compared with blockchain transactions without privacy protection, the research focus and difficulty lies in how to verify the ciphertext transaction after the encrypted transaction amount and dynamically update the available balance of the encrypted account in real time. The following are designed for these three parts respectively.
In blockchain hidden transactions, the amount to be hidden mainly consists of two parts: one is the balance of each account stored in the blockchain public ledger, and the other is the transaction amount in a transaction. The available balance exists in two forms: one is ciphertext stored in the global ledger after being encrypted by the LCFHE algorithm, and the other is plaintext stored locally only for the user to see personally. And there is
(1) Initialization phase: According to the first three stages of LCFHE algorithm, KGC selects parameters, implements trap door generation algorithm, selects Hash function, and generates system public parameter
(2) Partial key extraction phase: KGC generates part of private keys
(3) Secret value selection phase: The transaction node, including the transaction initiator and the transaction receiver, selects their own secret value
(4) Key generation phase: Perform the fourth step of the LCFHE algorithm to generate transaction nodes, including the transaction initiator and the transaction receiver, and obtain their respective public and private key pairs of homomorphic encryption
(5) Transaction data encryption stage: The available balance of the entire network transaction account is homomorphically encrypted using the user’s homomorphic public key and stored in the public ledger. The available balances of the initiator and receiver of this transaction are
(6) Transaction verification stage: The verification nodes of the entire network receive the homomorphic encrypted transaction data, verify the correctness of the transaction according to the homomorphic nature of the algorithm, that is
(7) Update the balance phase: The sender of the transaction updates its available balance. The transaction receiver uses the homomorphic private key to decrypt the transaction amount and update its available balance.
(8) Re-verification phase: After the transaction is over, the verification node requires the user to review the user’s local available balance. If the homomorphic encrypted available balance is inconsistent with the real balance ciphertext of the public ledger, the transaction is determined to be invalid and the verification node cancels the transaction, the data of the public ledger is withdrawn to the state before the transaction. And this user cannot make the next transaction, which effectively prevents the user from changing the local available balance at will.
In this paper, a new lattice-based certificateless homomorphic encryption LCFHE algorithm based on approximate eigenvectors is proposed, which can satisfy the correctness of addition homomorphism and multiplication homomorphism. Certificateless system uses the advantages and disadvantages of certificate-based system and identity-based system to avoid certificate management and key escrow. Among them, lattice delegation algorithm and original image sampling algorithm are used to extract part of the private key, and the secret value selected by the user is combined to form the private key, which protects the security of the user private key. In addition, the correctness and security of LCFHE algorithm are analyzed, and it is proved that the algorithm satisfies the correctness and the security of selecting plaintext attack. Based on LCFHE algorithm, this paper puts forward the quantum block chain transaction privacy protection scheme, calculated by use of homomorphic encryption cipher decryption and clear again the calculation results of the same features, the account of the available amount into the remaining amount and transaction, and the user’s real balance stored encrypted in a public books, and the remaining amount in the trading and transaction amount for homomorphic encryption, It is invisible to other nodes, which effectively protects users’ transaction privacy and can resist quantum attacks.
In the next step, we will further study the application of zero-knowledge proof and other technologies to blockchain privacy protection to further improve the security and practicability of the scheme. The content proposed in this paper can provide new ideas for post-quantum blockchain research and promote the development of post-quantum blockchain.
Funding Statement: This work is supported by NSFC (Grant Nos. 92046001, 61671087, 61962009, 61971021), the Fundamental Research Funds for Beijing Municipal Commission of Education, the Scientific Research Launch Funds of North China University of Technology, and Beijing Urban Governance Research Base of North China University of Technology.
Conflicts of Interest: The authors declare that they have no conflicts of interest to report regarding the present study.
1. S. Nakamoto, “Bitcoin: A peer-to-peer electronic cash system,” Decentralized Business Review, 2008. [Online]. Available: https://bitcoin.org/bitcoin.pdf. [Google Scholar]
2. R. Mercer, “Privacy on the blockchain: Unique ring signatures,” arXiv preprint arXiv, 2016. [Online]. Available: https://arxiv.org/pdf/1612.01188.pdf. [Google Scholar]
3. C. Y. Li, Y. Tian, X. B. Chen and J. Li, “An efficient anti-quantum lattice-based blind signature for blockchain-enabled systems,” Information Sciences, vol. 546, pp. 253–264, 2020. [Google Scholar]
4. P. Mundhe, V. K. Yadav and A. Singh, “Ring signature-Based conditional privacy-Preserving authentication in VANETs,” Wireless Personal Communications, vol. 114, no. 1, pp. 853–881, 2020. [Google Scholar]
5. G. G. Dagher, J. Mohler and M. Milojkovic, “Ancile: Privacy-preserving framework for access control and interoperability of electronic health records using blockchain technology,” Sustainable Cities and Society, vol. 39, pp. 283–297, 2018. [Google Scholar]
6. A. Sahai, H. Seyalioglu and B. Waters, “Dynamic credentials and ciphertext delegation for attribute-based encryption,” in Annual Cryptology Conf., Berlin, Heidelberg, Springer, pp. 199–217, 2012. [Google Scholar]
7. J. Xu, K. Xue and S. H. Li, “Healthchain: A blockchain-based privacy preserving scheme for large-scale health data,” IEEE Internet of Things Journal, vol. 6, no. 5, pp. 8770–8781, 2019. [Google Scholar]
8. S. S. Al-Riyami and K. G. Paterson, “Certificateless public key cryptography,” in Int. Conf. on the Theory and Application of Cryptology and Information Security, Berlin, Heidelberg, Springer, pp. 452–473, 2003. [Google Scholar]
9. J. A. Kassem, S. Sayeed and H. Marco-Gisbert, “DNS-IdM: A blockchain identity management system to secure personal data sharing in a network,” Applied Sciences, vol. 9, no. 15, pp. 2953, 2019. [Google Scholar]
10. A. Sahai and B. Waters, “Fuzzy identity-based encryption,” in Annual Int. Conf. on the Theory and Applications of Cryptographic Techniques, Berlin, Heidelberg, Springer, pp. 457–473, 2005. [Google Scholar]
11. S. Gusmeroli, S. Piccione and D. Rotondi, “A Capability-based security approach to manage access control in the internet of things,” Mathematical and Computer Modelling, vol. 58, no. 5–6, pp. 1189–120, 2013. [Google Scholar]
12. H. Es-Samaali, A. Outchakoucht and J. P. Leroy, “A Blockchain-based access control for big data,” International Journal of Computer Networks and Communications Security, vol. 5, no. 7, pp. 137, 2017. [Google Scholar]
13. C. Y. Li, M. X. Dong and J. Li, “Healthchain: Secure EMRs management and trading in distributed healthcare service system,” IEEE Internet of Things Journal, vol. 8, no. 9, pp. 7192–7202, 2020. [Google Scholar]
14. T. Feng, H. Pei, R. Ma, Y. Tian and X. Feng, “Blockchain data privacy access control based on searchable attribute encryption,” Computers, Materials & Continua, vol. 66, no. 1, pp. 871–890, 2021. [Google Scholar]
15. X. Peng, J. Zhang, S. Zhang, W. Wan, H. Chen et al., “A secure signcryption scheme for electronic health records sharing in blockchain,” Computer Systems Science and Engineering, vol. 37, no. 2, pp. 265–281, 2021. [Google Scholar]
16. S. R. Khonde and V. Ulagamuthalvi, “Blockchain: Secured solution for signature transfer in distributed intrusion detection system,” Computer Systems Science and Engineering, vol. 40, no. 1, pp. 37–51, 2022. [Google Scholar]
17. G. Maxwell, “CoinJoin: Bitcoin privacy for the real world,” Post on Bitcoin Forum, vol. 3, pp. 110, 2013. [Google Scholar]
18. T. Ruffing, P. Moreno-Sanchez and A. Kate, “Coinshuffle: Practical decentralized coin mixing for bitcoin,” in European Symp. on Research in Computer Security, Cham, Springer, pp. 345–364, 2014. [Google Scholar]
19. E. B. Sasson, A. Chiesa and C. Garman, “Zerocash: Decentralized anonymous payments from bitcoin,” in 2014 IEEE Symp. on Security and Privacy, America, IEEE, pp. 459–474, 2014. [Google Scholar]
20. C. Gentry, “Fully homomorphic encryption using ideal lattices,” in Proc. of the Forty-First Annual ACM Symp. on Theory of Computing, America, pp. 169–178, 2009. [Google Scholar]
21. Z. Brakerski and V. Vaikuntanathan, “Efficient fully homomorphic encryption from (standard) LWE,” SIAM Journal on Computing, vol. 43, no. 2, pp. 831–871, 2014. [Google Scholar]
22. Z. Brakerski and V. Vaikuntanathan, “Fully homomorphic encryption from ring-LWE and security for key dependent messages,” in Advances in Cryptology—CRYPTO, Berlin, Heidelberg, Springer, pp. 505–524, 2011. [Google Scholar]
23. C. Gentry, A. Sahai and B. Waters, “Homomorphic encryption from learning with errors: Conceptually-simpler, asymptotically-faster, attribute-based,” in Annual Cryptology Conf., Berlin, Heidelberg, Springer, pp. 75–92, 2013. [Google Scholar]
24. J. H. Cheon, M. Kim and M. Kim, “Search-and-compute on encrypted data,” in Int. Conf. on Financial Cryptography and Data Security, Berlin, Heidelberg, Springer, pp. 142–159, 2015. [Google Scholar]
25. P. Yu, S. F. Zhang and J. Zhong, “Block-chain privacy protection based on fully homomorphic encryption,” in Proc. of the 2019 3rd Int. Conf. on Innovation in Artificial Intelligence, America, pp. 239–242, 2019. [Google Scholar]
26. R. J. Wang, Y. C. Tang, W. Q. Zhang and F. L. Zhang, “Privacy protection scheme for internet of vehicles based on homomorphic encryption and block chain technology,” Chinese Journal of Netword and Information Security, vol. 6, no. 1, pp. 46–53, 2020. [Google Scholar]
27. V. Lyubashevsky, “Fiat-shamir with aborts: Applications to lattice and factoring-based signatures,” in International Conf. on the Theory and Application of Cryptology and Information Security, Berlin, Heidelberg, Springer, pp. 598–616, 2009 [Google Scholar]
28. D. Cash, D. Hofheinz and E. Kiltz, “Bonsai trees, or how to delegate a lattice basis,” in Annual Int. Conf. on the Theory and Applications of Cryptographic Techniques, Berlin, Heidelberg, Springer, pp. 523–552, 2010. [Google Scholar]
29. D. Micciancio and C. Peikert, “Trapdoors for lattices: Simpler, tighter, faster, smaller,” in Annual Int. Conf. on the Theory and Applications of Cryptographic Techniques, Berlin, Heidelberg, Springer, pp. 700–718, 2012. [Google Scholar]
30. L. Mei, C. Xu, L. Xu, X. Yu and C. Zuo, “Verifiable identity-based encryption with keyword search for iot from lattice,” Computers, Materials & Continua, vol. 68, no. 2, pp. 2299–2314, 2021. [Google Scholar]
31. S. Agrawal, D. Boneh and X. Boyen, “Efficient lattice (H)IBE in the standard model, proceedings of eurocrypt,” in Annual Int. Conf. on the Theory and Applications of Cryptographic Techniques, Berlin, Heidelberg, Springer, pp. 553–572, 2010. [Google Scholar]
32. F. H. Wang, Z. H. Liu and C. X. Wang, “Full secure identity-based encryption scheme with short public key size over lattices in the standard model,” International Journal of Computer Mathematics, vol. 93, no. 6, pp. 854–863, 2016. [Google Scholar]
This work is licensed under a Creative Commons Attribution 4.0 International License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited. |