Explorercreate account

Decentralized Attribute-Based Encryption is Possible on a Blockchain

View this thread on: d.buzz | hive.blog | peakd.com | ecency.com
security·@dana-edwards·
0.000 HBD
Decentralized Attribute-Based Encryption is Possible on a Blockchain
![enter image description here](https://upload.wikimedia.org/wikipedia/commons/d/dd/Enigma_rotors_with_alphabet_rings.jpg)

Attribute based encryption is very powerful yet few currently understand it. In addition, so far it has not been implemented in any form that I know of on a blockchain. I decided to investigate whether it's possible to implementt attribute based encryption on a blockchain and I found a paper titiled: "[Decentralizing Attribute-Based Encryption](https://eprint.iacr.org/2010/351.pdf)" which is worth a read.

**A quote from the paper:** 

>In almost all ABE proposals, private keys were issued by one central authority that would need to be in a position to verify all the attributes or credentials it issued for each user in the system.  These systems can be utilized to share information according a policy over attributes issued within a domain or organization, however, in many applications a party will want to share data according to a policy written over attributes or credentials issued across di erent trust domains and organizations.  For instance, a party might want to share medical data only with a user who has the attribute of \Doctor"issued by a medical organization and the attribute \Researcher" issued by the administrators of a clinical trial.  On a commercial application, two corporations such as Boeing and General Electric might both issue attributes as part of a joint project.  Using current ABE systems forthese applications can be problematic since one needs a single authority that is both able to verify attributes across different organizations and issue private keys to every user in the system


Attribute quantification tokens as user issued assets?
=====================================================

Be aware that this paper was written sometime in 2010, before blockchain technology was well known. On a blockchain, permissions could be represented by ownership of access tokens. All who have a certain token issued to them, would be granted access to the special rights and privileges associated with the token. The token alone wouldn't encrypt anything but it would provide a means of tracking who has certain attributes so long as the authority which distributes the token does so in an algorithmic and consistent fashion. Tokens would become badge which represent attributes, qualifications, and these tokens would have to be non-transferable quantifiers of reputation or attribute.

Secure computation is also possible in theory over a blockchain, and in this case a witness or similar role could do the verified computation which generates the private keys from the attributes of the users. Of course with any of these approaches there are non-trivial challenges involved, yet based on the Enigma paper there is at least a theoretical approach which shows you can do computations of this sort over a blockchain data structure. 

In the paper it is shown that you do not need a fixed authority to do attribute based encryption. You can have multiple authorities in a decentralized network and accomplish the same ends. In the case of a blockchain, you might have to rely on witnesses for the role of these authorities. Because this is an entirely new approach to things which is only recently made possible with technologies such as Steemit, Storj, IPFS, SAFE Network, it's unknown whether or not we will see an implementation of attribute based encryption utilizing a blockchain approach.

In a much more [recent paper](http://prlab.tudelft.nl/sites/default/files/LiteratureSurvey-KrisShrishak.pdf), titled: "Incorporating Leveled Homomorphic Encryption-based Private Information Retrieval in Federated eID Schemes to Enhance User Privacy" we do see mention of blockchain technology in the approach. EID is electronic identity and it's popularly used by government backed ID systems such as German, UK, Belgium. These identity systems and more approaches such as E-Estonia are necessary for certain use cases and in combination with Steemit an EID could actually increase the security and recoverablility of Steemit account holders.

The issue with EID is privacy. While it is nice to be able to verify that you are the individual you say you are, and to permanently attach your Steem Power or other digital assets to your unique human identity, it is also very risky in terms of privacy and in terms of identity theft. The paper addresses the issue of privacy and private information retrieval, but to extend on what is in the paper we have to consider the fact that there could be technologies like Storj, SAFE Network, and even Bitcache.  Can these technologies become symbiotic and integrated?

The research paper ends with two open questions:
-------------

• Can somewhat homomorphic encryption provide a scalable and efficient solution to improve the privacy of users at the IDP by preventing the IDP from knowing which user it is authenticating to an SP; which SP’s service has been requested by a user; hiding both the SP and user from the IDP?
• How feasible and scalable is it to decentralize the role of IDP using block chain and what topology of private block chain used to store private data minimizes the latency?


Conclusion
==========

Decentralized attribute based encryption is possible on a blockchain but there remains open problems with regard to privacy. Steemit can be enhanced by attribute based encryption and the EID technologies if there were enhanced privacy which could be integrated into an account recovery scheme. A government issued electronic ID would in theory reveal to the network the true person behind the cryptography and even their attributes, but it would have to be done in ways which protect the pseudo-anonymity of the person, the privacy aspects need to be enhanced. 

Since this is an open problem, does anyone have ideas on how to build an attribute based encryption scheme on top of a  blockchain while also integrating EID for last resort account recovery? Considering Steemit currently relies on Reddit and Facebook, it's only as secure as Reddit and Facebook, which both are US-based companies, and are very much centralized. EID schemes would be nationalist based, but because different countries have different competing systems you would possibly have greater security with that decentralization if the EID schemes were private and secure for purpose.



References

Lewko, A., & Waters, B. (2011, May). Decentralizing attribute-based encryption. In Annual International Conference on the Theory and Applications of Cryptographic Techniques (pp. 568-588). Springer Berlin Heidelberg.

Shrishak, K. (2016). Incorporating Leveled Homomorphic Encryption-based Private Information Retrieval in Federated eID Schemes to Enhance User Privacy (Doctoral dissertation, Delft University of Technology).

Zyskind, G., Nathan, O., & Pentland, A. (2015). Enigma: Decentralized computation platform with guaranteed privacy. arXiv preprint arXiv:1506.03471.
👍 , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
properties (23)vote details (307)