Aim and relevant protocols Two-tier blockchain timestamping Proof of Security
Two-tier blockchain timestamped notarization with incremental security
A. Meneghetti, A. Ottaviano Quintavalle, M. Sala, A. Tomasi
University of Trento - University of Sheffield - Bruno Kessler Foundation
DLT 19 - Pisa - February 12th 2019
Two-tier blockchain timestamped notarization with incremental security University of Trento - University of Sheffield - Bruno Kessler Foundation Aim and relevant protocols Two-tier blockchain timestamping Proof of Security
Overview
Aim
Protocol to provide
I Integrity
I Authenticity
I Existence at a given time of data.
Customer: financial sector
Two-tier blockchain timestamped notarization with incremental security University of Trento - University of Sheffield - Bruno Kessler Foundation Aim and relevant protocols Two-tier blockchain timestamping Proof of Security
Related Protocols
Two-tier blockchain timestamped notarization with incremental security University of Trento - University of Sheffield - Bruno Kessler Foundation Aim and relevant protocols Two-tier blockchain timestamping Proof of Security
Known protocols - Seminal Work
I The hash h(d) of data d is sent to a Trusted Timestamping Authority A I returns a signed statement τ A
τ = h(d) t σA (...) || || Stuart Haber and W. Scott Stornetta. How to time-stamp a digital document. Journal of Cryp- tology, 3(2):99–111, 1991. Presented at CRYPTO 1990.
Two-tier blockchain timestamped notarization with incremental security University of Trento - University of Sheffield - Bruno Kessler Foundation Aim and relevant protocols Two-tier blockchain timestamping Proof of Security
Known protocols - RFC 3161
I The hash h(d) of data d is sent to a Trusted Timestamping Authority A I returns a signed statement τ A
τ = h ( h(d) t ) σA (...) || || IETF RFC 3161. Internet X.509 Public Key Infrastructure Time-Stamp Protocol (TSP), 08 2001.
Two-tier blockchain timestamped notarization with incremental security University of Trento - University of Sheffield - Bruno Kessler Foundation Aim and relevant protocols Two-tier blockchain timestamping Proof of Security
Known protocols - RFC3161
These schemes place all trust in the hands of the authority A in practice trust is distributed among several stakeholders with successive timestamps.
Two-tier blockchain timestamped notarization with incremental security University of Trento - University of Sheffield - Bruno Kessler Foundation Aim and relevant protocols Two-tier blockchain timestamping Proof of Security
Known protocols - Tree-Linked timestamping
I The server collects all requests made in a time interval A [tk−1, tk ). I constructs a Merkle tree using the requests. A I The root of the Merkle tree is linked to the Merkle trees of previous time intervals. Dave Bayer, Stuart Haber, and W. Scott Stornetta. Improving the efficiency and reliability of digital time-stamping. Sequences II - Methods in Communication, Security, and Computer Science, pages 329–334. Springer, New York, NY, 1991.
Stuart Haber and W. Scott Stornetta. Secure names for bit-strings. In 4th ACM conference on Computer and communications security (CCS), pages 28–35. ACM New York, NY, USA, 1997.
Two-tier blockchain timestamped notarization with incremental security University of Trento - University of Sheffield - Bruno Kessler Foundation Aim and relevant protocols Two-tier blockchain timestamping Proof of Security
Known protocols - Tree-Linked timestamping
R4
R3 r4
h(d1) h(d ) R2 r3 2 . . h(d1) h(d ) R1 r2 2 . .
R0 r1
Two-tier blockchain timestamped notarization with incremental security University of Trento - University of Sheffield - Bruno Kessler Foundation Aim and relevant protocols Two-tier blockchain timestamping Proof of Security
Known protocols - Tree-Linked timestamping
The integrity of the public repository of root hashes is the only requirement on which the authenticity of a document with receipt relies.
Two-tier blockchain timestamped notarization with incremental security University of Trento - University of Sheffield - Bruno Kessler Foundation Aim and relevant protocols Two-tier blockchain timestamping Proof of Security
Two-tier blockchain timestamping
Two-tier blockchain timestamped notarization with incremental security University of Trento - University of Sheffield - Bruno Kessler Foundation Aim and relevant protocols Two-tier blockchain timestamping Proof of Security
The Network
U8
U9 M6 M4 U1
U7 M5 M7
M8 M2 U2 A U3
M9 M3 U4
U6 M1 U5
Two-tier blockchain timestamped notarization with incremental security University of Trento - University of Sheffield - Bruno Kessler Foundation Aim and relevant protocols Two-tier blockchain timestamping Proof of Security
Users
U2
U4
U1
U3
I Send the signature of a document on a public ledger (through a proxy ledger)
I Verify the integrity of the document at any time
Two-tier blockchain timestamped notarization with incremental security University of Trento - University of Sheffield - Bruno Kessler Foundation Aim and relevant protocols Two-tier blockchain timestamping Proof of Security
Miners
M2
M1 M3
I Receive the data from Users
I Create the blocks of a proxy ledger containing the informations to save Users’ data
I Create receipts for the users to perform data integrity verification
Two-tier blockchain timestamped notarization with incremental security University of Trento - University of Sheffield - Bruno Kessler Foundation Aim and relevant protocols Two-tier blockchain timestamping Proof of Security
Auxiliary Node
A
I Periodically anchors the proxy blockchain into a public ledger
Two-tier blockchain timestamped notarization with incremental security University of Trento - University of Sheffield - Bruno Kessler Foundation Aim and relevant protocols Two-tier blockchain timestamping Proof of Security
The Protocol
Transactions
tr1,1
tr1,2 RI1 ··· 1st BLOCK 2nd BLOCK 3rd BLOCK tr1,n1
tr2,1 Other Data Other Data Other Data
tr2,2 RI2 ··· RI1 RI1 RI1 tr2,n 2 RI2 RI2 RI2 RI RI RI tr3,1 3 3 3
R1 R2 R2 tr3,2 RI3 ···
tr3,n3
R1 HASH1 R2 HASH2 R3 HASH3
RE
Transaction to Public Ledgers [ ID RE signature ] || ||
Two-tier blockchain timestamped notarization with incremental security University of Trento - University of Sheffield - Bruno Kessler Foundation Aim and relevant protocols Two-tier blockchain timestamping Proof of Security
Three-steps incremental security
1. First Receipt: evidence issued by the service node receiving data. 2. Second Receipt: evidence issued by the service node that create blocks in the proxy blockchain. 3. Third Receipt: evidence issued by the auxiliary node and referring to a public blockchain. A
Two-tier blockchain timestamped notarization with incremental security University of Trento - University of Sheffield - Bruno Kessler Foundation Aim and relevant protocols Two-tier blockchain timestamping Proof of Security
Proof of Security
Two-tier blockchain timestamped notarization with incremental security University of Trento - University of Sheffield - Bruno Kessler Foundation Aim and relevant protocols Two-tier blockchain timestamping Proof of Security
Proofs of Security - Assumptions
I everyone’s keys are managed by a trusted PKI;
I the public blockchain is trustworthy;
I the Hash function is collision resistant;
I the Digital Signature d = DS(hash(document)) does not allow to retrieve hash(document).
Two-tier blockchain timestamped notarization with incremental security University of Trento - University of Sheffield - Bruno Kessler Foundation Aim and relevant protocols Two-tier blockchain timestamping Proof of Security
Proofs of Security
Users
I Transaction Forgery: the attacker pretend to be a valid user and send a fake transaction; Digital Signature ←− I Ghost Document: a valid user protects a new document with a previous or fake transaction. Hash Function ←− Miner
I Transaction Forgery: modification of a valid transaction to damage a valid user; Digital Signature ←− I Receipt Forgery: creation of a fake receipt for a valid transaction from a valid user. Hash Function ←−
Two-tier blockchain timestamped notarization with incremental security University of Trento - University of Sheffield - Bruno Kessler Foundation Aim and relevant protocols Two-tier blockchain timestamping Proof of Security
Proofs of Security
Auxiliary Node
I Anchoring Forgery: creation of a fake anchor (transaction to a public ledger) or creation of fake informations on a valid anchor. Hash Function ←− Together
I Fake Ownership: the Auxiliary Node, all the miners and a malevolent user work together to steal the property of a document from an honest user. Digital Signature ←−
Two-tier blockchain timestamped notarization with incremental security University of Trento - University of Sheffield - Bruno Kessler Foundation Aim and relevant protocols Two-tier blockchain timestamping Proof of Security
Next steps...
I Distribute the role of the Auxiliary node A I Detail and discuss possible consensus algorithms
I Proxy blockchain: permissioned VS permissionless
Two-tier blockchain timestamped notarization with incremental security University of Trento - University of Sheffield - Bruno Kessler Foundation Aim and relevant protocols Two-tier blockchain timestamping Proof of Security
Thank you!
Some partial results of this paper have been presented at the Euregio Blockchain Conference (2018). The more advanced results have been funded by the project MIUR PON “Distributed Ledgers for Secure Open Communities”.
Two-tier blockchain timestamped notarization with incremental security University of Trento - University of Sheffield - Bruno Kessler Foundation