and Distributed Systems Building Blocks for Blockchains SBA … · Philipp Schindler, Aljosha...
Transcript of and Distributed Systems Building Blocks for Blockchains SBA … · Philipp Schindler, Aljosha...
![Page 1: and Distributed Systems Building Blocks for Blockchains SBA … · Philipp Schindler, Aljosha Judmayer, Nicholas Stifter, and Edgar Weippl. ETHDKG: Distributed Key Generation with](https://reader033.fdocuments.us/reader033/viewer/2022042017/5e74f53d0266b17bba34fee5/html5/thumbnails/1.jpg)
1
Building Blocks for Blockchains and Distributed SystemsPhilipp [email protected]
SBA Research, 2019
SBA Research
![Page 2: and Distributed Systems Building Blocks for Blockchains SBA … · Philipp Schindler, Aljosha Judmayer, Nicholas Stifter, and Edgar Weippl. ETHDKG: Distributed Key Generation with](https://reader033.fdocuments.us/reader033/viewer/2022042017/5e74f53d0266b17bba34fee5/html5/thumbnails/2.jpg)
2
Randomness BeaconsPhilipp Schindler, Aljosha Judmayer, Nicholas Stifter, and Edgar Weippl. Hydrand: Practical continuous distributed randomness. In Proceedings of IEEE Symposium on Security and Privacy (IEEE S&P). IEEE, 2020. to appear.
SBA Research, 2019
SBA Research
![Page 3: and Distributed Systems Building Blocks for Blockchains SBA … · Philipp Schindler, Aljosha Judmayer, Nicholas Stifter, and Edgar Weippl. ETHDKG: Distributed Key Generation with](https://reader033.fdocuments.us/reader033/viewer/2022042017/5e74f53d0266b17bba34fee5/html5/thumbnails/3.jpg)
3
https://xkcd.com/221
![Page 4: and Distributed Systems Building Blocks for Blockchains SBA … · Philipp Schindler, Aljosha Judmayer, Nicholas Stifter, and Edgar Weippl. ETHDKG: Distributed Key Generation with](https://reader033.fdocuments.us/reader033/viewer/2022042017/5e74f53d0266b17bba34fee5/html5/thumbnails/4.jpg)
4
Why Randomness Beacons?
![Page 5: and Distributed Systems Building Blocks for Blockchains SBA … · Philipp Schindler, Aljosha Judmayer, Nicholas Stifter, and Edgar Weippl. ETHDKG: Distributed Key Generation with](https://reader033.fdocuments.us/reader033/viewer/2022042017/5e74f53d0266b17bba34fee5/html5/thumbnails/5.jpg)
5
Properties
?
Bias-Resistance Scalability
Unpredictability
LivenessPublic-Verifiability
Energy Efficiency
Guaranteed Output Delivery
![Page 6: and Distributed Systems Building Blocks for Blockchains SBA … · Philipp Schindler, Aljosha Judmayer, Nicholas Stifter, and Edgar Weippl. ETHDKG: Distributed Key Generation with](https://reader033.fdocuments.us/reader033/viewer/2022042017/5e74f53d0266b17bba34fee5/html5/thumbnails/6.jpg)
6
ApproachesPublicly-Verifiable Secret Sharing (PVSS)
• Ouroboros, Scrape, RandHerd, HydRand
Verifiable Random Functions (VRFs)• Algorand, Ouroboros Praos
(Verifiable) Delay Functions (VDFs)• Bünz et. al. [1], Ethereum Casper?
Threshold Signatures (e.g. BLS)• HoneyBadger BFT, Dfinity
[1] B. Bunz, S. Goldfeder, and J. Bonneau. Proofs-of-delay and randomness beacons in Ethereum. In S&B ’17: Proceedings of the 1st IEEE Security & Privacy on the Blockchain Workshop, April 2017.
![Page 7: and Distributed Systems Building Blocks for Blockchains SBA … · Philipp Schindler, Aljosha Judmayer, Nicholas Stifter, and Edgar Weippl. ETHDKG: Distributed Key Generation with](https://reader033.fdocuments.us/reader033/viewer/2022042017/5e74f53d0266b17bba34fee5/html5/thumbnails/7.jpg)
7
Secret SharingDistribution Reconstruction
S1
S2
S3
S4
S5
SS
S2
S4
S5
Dealer
Participants Subset of Participants
![Page 8: and Distributed Systems Building Blocks for Blockchains SBA … · Philipp Schindler, Aljosha Judmayer, Nicholas Stifter, and Edgar Weippl. ETHDKG: Distributed Key Generation with](https://reader033.fdocuments.us/reader033/viewer/2022042017/5e74f53d0266b17bba34fee5/html5/thumbnails/8.jpg)
8
(Publicly-Verifiable) Secret Sharing
Shamir’s Secret Sharing• (t, n) threshold scheme• dealer distributes secret value
s to n participants• any set of at least t participants
can reconstruct s• dealer must be trusted
Schoenmakers’ PVSS• (t, n) threshold scheme• correctness of shares can be
verified prior to reconstruction• uses non-interactive zero
knowledge proofs• malicious dealers are
detected
![Page 9: and Distributed Systems Building Blocks for Blockchains SBA … · Philipp Schindler, Aljosha Judmayer, Nicholas Stifter, and Edgar Weippl. ETHDKG: Distributed Key Generation with](https://reader033.fdocuments.us/reader033/viewer/2022042017/5e74f53d0266b17bba34fee5/html5/thumbnails/9.jpg)
9
Randomness Beacon via PVSS
Every node performs the following steps1. share a random secret with all parties
2. run (BFT) consensus protocol to agree on the shared values
3. a) reveal previously shares secretb) recover missing shared secrets
4. output new random beacon as combination of shares values
![Page 10: and Distributed Systems Building Blocks for Blockchains SBA … · Philipp Schindler, Aljosha Judmayer, Nicholas Stifter, and Edgar Weippl. ETHDKG: Distributed Key Generation with](https://reader033.fdocuments.us/reader033/viewer/2022042017/5e74f53d0266b17bba34fee5/html5/thumbnails/10.jpg)
10
HydRand's Approach in a Nutshell• integrated low overhead BFT protocol • pipelining: only one PVSS per round
![Page 11: and Distributed Systems Building Blocks for Blockchains SBA … · Philipp Schindler, Aljosha Judmayer, Nicholas Stifter, and Edgar Weippl. ETHDKG: Distributed Key Generation with](https://reader033.fdocuments.us/reader033/viewer/2022042017/5e74f53d0266b17bba34fee5/html5/thumbnails/11.jpg)
11
![Page 12: and Distributed Systems Building Blocks for Blockchains SBA … · Philipp Schindler, Aljosha Judmayer, Nicholas Stifter, and Edgar Weippl. ETHDKG: Distributed Key Generation with](https://reader033.fdocuments.us/reader033/viewer/2022042017/5e74f53d0266b17bba34fee5/html5/thumbnails/12.jpg)
12
Verifiable Random Functions (VRFs)
• each node commits to a VRF public key pk• obtain new random number R privately
R, π = VRF(sk, seed || round)• reveal (R, π) if R < threshold as
leadership-credentials• correctness verified using pk• implemented e.g. using unique signatures and
hashes in practice
![Page 13: and Distributed Systems Building Blocks for Blockchains SBA … · Philipp Schindler, Aljosha Judmayer, Nicholas Stifter, and Edgar Weippl. ETHDKG: Distributed Key Generation with](https://reader033.fdocuments.us/reader033/viewer/2022042017/5e74f53d0266b17bba34fee5/html5/thumbnails/13.jpg)
13
Verifiable Delay Function (VDFs)
VDF
VDF
VDF
VDF
VDF
![Page 14: and Distributed Systems Building Blocks for Blockchains SBA … · Philipp Schindler, Aljosha Judmayer, Nicholas Stifter, and Edgar Weippl. ETHDKG: Distributed Key Generation with](https://reader033.fdocuments.us/reader033/viewer/2022042017/5e74f53d0266b17bba34fee5/html5/thumbnails/14.jpg)
14
Unique Threshold Signatures1. sign message using individual secret key
3. check signature via group public key
2. aggregate signatures
![Page 15: and Distributed Systems Building Blocks for Blockchains SBA … · Philipp Schindler, Aljosha Judmayer, Nicholas Stifter, and Edgar Weippl. ETHDKG: Distributed Key Generation with](https://reader033.fdocuments.us/reader033/viewer/2022042017/5e74f53d0266b17bba34fee5/html5/thumbnails/15.jpg)
15
Unique Threshold Signatures
• share master secret key among nodeso requires trusted dealer oro distributed key generation protocol (DKG)
• each node signs seed (e.g. round index) using its private key share
• shares are checked for correctness• aggregation of shares as soon as enough
correct shares are obtained
![Page 16: and Distributed Systems Building Blocks for Blockchains SBA … · Philipp Schindler, Aljosha Judmayer, Nicholas Stifter, and Edgar Weippl. ETHDKG: Distributed Key Generation with](https://reader033.fdocuments.us/reader033/viewer/2022042017/5e74f53d0266b17bba34fee5/html5/thumbnails/16.jpg)
16
Unique Threshold Signatures cont.
• aggregated signature serves as new random number
• can be checked against master public key• typically using pairing based cryptography
o BLS signature scheme
![Page 17: and Distributed Systems Building Blocks for Blockchains SBA … · Philipp Schindler, Aljosha Judmayer, Nicholas Stifter, and Edgar Weippl. ETHDKG: Distributed Key Generation with](https://reader033.fdocuments.us/reader033/viewer/2022042017/5e74f53d0266b17bba34fee5/html5/thumbnails/17.jpg)
17
ComparisonPVSS VRFs VDFs Thres. Sig.
+ bias-resistance
+ no DKG
+ low communication+ overhead
+ no DKG
+ leader privacy
+ low communication+ overhead
+ bias-resistance
+ low communication+ overhead
+ bias-resistance
- communication- overhead
- bias-resistance - not ensured
- timing assumptions
- throughput
- computation compl.
- parameter setup
- requires DKG
- requires pairings
![Page 18: and Distributed Systems Building Blocks for Blockchains SBA … · Philipp Schindler, Aljosha Judmayer, Nicholas Stifter, and Edgar Weippl. ETHDKG: Distributed Key Generation with](https://reader033.fdocuments.us/reader033/viewer/2022042017/5e74f53d0266b17bba34fee5/html5/thumbnails/18.jpg)
18
Detailed Comparison & Our Protocol
Philipp Schindler, Aljosha Judmayer, Nicholas Stifter, and Edgar Weippl. Hydrand: Practical continuous distributed randomness. In Proceedings of IEEE Symposium on Security and Privacy (IEEE S&P). IEEE, 2020. to appear.
![Page 19: and Distributed Systems Building Blocks for Blockchains SBA … · Philipp Schindler, Aljosha Judmayer, Nicholas Stifter, and Edgar Weippl. ETHDKG: Distributed Key Generation with](https://reader033.fdocuments.us/reader033/viewer/2022042017/5e74f53d0266b17bba34fee5/html5/thumbnails/19.jpg)
19
Distributed Key GenerationPhilipp Schindler, Aljosha Judmayer, Nicholas Stifter, and Edgar Weippl. ETHDKG: Distributed Key Generation with Ethereum Smart Contracts. Cryptology ePrint Archive, Report 2019/985.
SBA Research, 2019
SBA Research
![Page 20: and Distributed Systems Building Blocks for Blockchains SBA … · Philipp Schindler, Aljosha Judmayer, Nicholas Stifter, and Edgar Weippl. ETHDKG: Distributed Key Generation with](https://reader033.fdocuments.us/reader033/viewer/2022042017/5e74f53d0266b17bba34fee5/html5/thumbnails/20.jpg)
20
Applications
• randomness beacons• (BFT) consensus protocols• custodian and escrow schemes• smart contracts• threshold and time-lock encryption• ...
![Page 21: and Distributed Systems Building Blocks for Blockchains SBA … · Philipp Schindler, Aljosha Judmayer, Nicholas Stifter, and Edgar Weippl. ETHDKG: Distributed Key Generation with](https://reader033.fdocuments.us/reader033/viewer/2022042017/5e74f53d0266b17bba34fee5/html5/thumbnails/21.jpg)
21
1. sign message using individual secret key
3. check signature via group public key
2. aggregate signatures

![Page 22: and Distributed Systems Building Blocks for Blockchains SBA … · Philipp Schindler, Aljosha Judmayer, Nicholas Stifter, and Edgar Weippl. ETHDKG: Distributed Key Generation with](https://reader033.fdocuments.us/reader033/viewer/2022042017/5e74f53d0266b17bba34fee5/html5/thumbnails/22.jpg)
22
individual secret / public key pairs
group public key
![Page 23: and Distributed Systems Building Blocks for Blockchains SBA … · Philipp Schindler, Aljosha Judmayer, Nicholas Stifter, and Edgar Weippl. ETHDKG: Distributed Key Generation with](https://reader033.fdocuments.us/reader033/viewer/2022042017/5e74f53d0266b17bba34fee5/html5/thumbnails/23.jpg)
23
individual secret / public key pairs
group public key
![Page 24: and Distributed Systems Building Blocks for Blockchains SBA … · Philipp Schindler, Aljosha Judmayer, Nicholas Stifter, and Edgar Weippl. ETHDKG: Distributed Key Generation with](https://reader033.fdocuments.us/reader033/viewer/2022042017/5e74f53d0266b17bba34fee5/html5/thumbnails/24.jpg)
24
smart contract on theEthereum blockchain
client applicationrun by all the parties
![Page 25: and Distributed Systems Building Blocks for Blockchains SBA … · Philipp Schindler, Aljosha Judmayer, Nicholas Stifter, and Edgar Weippl. ETHDKG: Distributed Key Generation with](https://reader033.fdocuments.us/reader033/viewer/2022042017/5e74f53d0266b17bba34fee5/html5/thumbnails/25.jpg)
25
Registration Sharing Dispute Key Derivation
Client:• generate BLS keypair• submit public key
Smart Contract:• checks eligibility of client to register
![Page 26: and Distributed Systems Building Blocks for Blockchains SBA … · Philipp Schindler, Aljosha Judmayer, Nicholas Stifter, and Edgar Weippl. ETHDKG: Distributed Key Generation with](https://reader033.fdocuments.us/reader033/viewer/2022042017/5e74f53d0266b17bba34fee5/html5/thumbnails/26.jpg)
26
Registration Sharing Dispute Key Derivation
Client:• run VSS protocol for all registered parties• submit encrypted shares and verification vectors
Smart Contract:• "basic" validity checks on the submitted data• store hash of the submitted data
![Page 27: and Distributed Systems Building Blocks for Blockchains SBA … · Philipp Schindler, Aljosha Judmayer, Nicholas Stifter, and Edgar Weippl. ETHDKG: Distributed Key Generation with](https://reader033.fdocuments.us/reader033/viewer/2022042017/5e74f53d0266b17bba34fee5/html5/thumbnails/27.jpg)
27
Registration Sharing Dispute Key Derivation
Client:• verifies all of its shares received• submits a dispute for all invalid shares
Smart Contract:• checks if a claimed dispute is valid• [withdraw security deposit on success]
![Page 28: and Distributed Systems Building Blocks for Blockchains SBA … · Philipp Schindler, Aljosha Judmayer, Nicholas Stifter, and Edgar Weippl. ETHDKG: Distributed Key Generation with](https://reader033.fdocuments.us/reader033/viewer/2022042017/5e74f53d0266b17bba34fee5/html5/thumbnails/28.jpg)
28
Registration Sharing Dispute Key Derivation
verify that all shares are valid
check that a single share is indeed invalidif a party claims that
![Page 29: and Distributed Systems Building Blocks for Blockchains SBA … · Philipp Schindler, Aljosha Judmayer, Nicholas Stifter, and Edgar Weippl. ETHDKG: Distributed Key Generation with](https://reader033.fdocuments.us/reader033/viewer/2022042017/5e74f53d0266b17bba34fee5/html5/thumbnails/29.jpg)
29
Registration Sharing Dispute Key Derivation
Client:• derive set of qualified nodes• submit / recover final key shares• compute master public key
Smart Contract:• derive set of qualified nodes• verify master public key
![Page 30: and Distributed Systems Building Blocks for Blockchains SBA … · Philipp Schindler, Aljosha Judmayer, Nicholas Stifter, and Edgar Weippl. ETHDKG: Distributed Key Generation with](https://reader033.fdocuments.us/reader033/viewer/2022042017/5e74f53d0266b17bba34fee5/html5/thumbnails/30.jpg)
30
Scalability
![Page 31: and Distributed Systems Building Blocks for Blockchains SBA … · Philipp Schindler, Aljosha Judmayer, Nicholas Stifter, and Edgar Weippl. ETHDKG: Distributed Key Generation with](https://reader033.fdocuments.us/reader033/viewer/2022042017/5e74f53d0266b17bba34fee5/html5/thumbnails/31.jpg)
31
Philipp Schindler, Aljosha Judmayer, Nicholas Stifter, and Edgar Weippl. ETHDKG: Distributed Key Generation with Ethereum Smart Contracts. Cryptology ePrint Archive, Report 2019/985. 2020.
![Page 32: and Distributed Systems Building Blocks for Blockchains SBA … · Philipp Schindler, Aljosha Judmayer, Nicholas Stifter, and Edgar Weippl. ETHDKG: Distributed Key Generation with](https://reader033.fdocuments.us/reader033/viewer/2022042017/5e74f53d0266b17bba34fee5/html5/thumbnails/32.jpg)
32
Building Blocks for Blockchains and Distributed SystemsPhilipp [email protected]
SBA Research, 2019
SBA Research