Free and Easy Weekly Review | "House N" Reflects the Weakness of Privacy and Sees How the "Sky Eye" of the Chinese Academy of Sciences Breaks the Game

Write in front:

Regarding SkyEye, we can easily think of the "SkyEye" digital surveillance system that monitors video, or the SkyEye check that can query corporate information, or the Skynet in the film and television work "Terminator". These systems Some can help us find useful information, and some can have very serious consequences. For example, the US version of the Sky Eye Project Prism (PRISM) caused global concerns after being exposed by Snowden.

Just like in the real world, there will also be some illegal and criminal phenomena in the blockchain world. Therefore, the need for supervision is very urgent. However, as with the prism plan, giving supervisors too much power may eventually lead to new disasters.

Because of this, blockchain regulation must inevitably make trade-offs, not only to track potential illegal acts, but also to ensure that regulators will not abuse their powers.

In this issue of academic research sharing, we will introduce a blockchain identity traceability solution BTSOF proposed by a scholar of the Chinese Academy of Sciences, Ma Tianjun and others, which is an upgraded version of the SkyEye solution of the Chinese Academy of Sciences. The regulator must obtain the committee's consent to track user data.

In the hardcore technical article selection section, we will also see the content of Ethereum Merkel tree structure switching, cryptographic primitive obfuscation circuits.

In addition, in the past week, the Bitcoin Lightning Network, Ethereum 1.X and 2.0 R & D have ushered in some new developments.

洒脱喜一周评 | “N号房”折射隐私之殇,看中科院区块链“天眼”如何破局

(Picture from:

I. "House N" raises privacy technology controversy, how can the "Sky Eye" of the Chinese Academy of Sciences break the game

At present, there are many blockchain researches focusing on privacy protection. However, for ordinary users with very weak privacy awareness, the development of strong privacy technology is not necessarily a good thing.

This is because criminals can also use their powerful privacy protection functions to cover their crimes, such as the recent sensation in the South Korean house N. This is an example of this. The principal criminal, Zhao Zhubin, mainly uses privacy coins Monero and Telegram to Hide the traces of its transactions. In this incident, fortunately, criminals used cryptocurrency exchanges, thus revealing their identity. If they did not use these third-party tools, it would bring huge resistance to the case. .

Therefore, research on the traceability mechanism of blockchain identity seems to be more important in the current context.

1.1 Research on the traceability mechanism of blockchain identity

For blockchain projects that protect privacy, some researchers have proposed their own identity traceability mechanisms, such as:

Ateniese and Faonio proposed an identity traceability scheme for Bitcoin. In their scheme, if a user obtains a certified Bitcoin address from a trusted certificate authority, the user is authenticated. Regulators can then use a certificate authority to confirm the identity of users of Bitcoin transactions. This scheme is similar to the KYC scheme of exchanges.

Garman, Green, and Miers have built a decentralized anonymous payment system based on Zerocash. Their solution is to implement tracking by adding a privacy protection policy enforcement mechanism.

Narula, Vasquez, and Virza designed a distributed ledger called zkLedger, which can provide strong privacy protection, public verifiability and auditability. Their scheme is mainly used to audit digital asset transactions of certain banks. It is reported that the ledger exists in the form of a table in zkLedger, and the identity of each user corresponds to each column in the table. Therefore, the supervisor can determine the identity of each user accordingly.

Tianjun Ma and others from the Chinese Academy of Sciences have proposed SkyEye, a blockchain solution that traces user identities, allowing regulators to track the identity of blockchain users without any restrictions, so there is supervision Possible abuse.

In the latest research, researchers from the State Key Laboratory of Information Security Tianjun Ma, Haixia Xu and Peili Li proposed a blockchain identity tracking scheme with monitoring measures based on SkyEye. User data can only be tracked with the consent of the committee.

Paper link:

In addition, the researchers constructed a non-interactive, verifiable multi-secret sharing scheme (VMSS scheme), and used the VMSS scheme to design a distributed multi-key generation (DMKG) protocol for the Cramer-Shoup public-key encryption scheme. A protocol used by BTSOF.

1, 2 About Blockchain SkyEye

In the design of the SkyEye blockchain scheme of the Chinese Academy of Sciences, some cryptographic primitives (such as the chameleon hash function scheme) are used. SkyEye is composed of polynomial time algorithms ( Setup , Geninfo , Verinfo , Genproof , Verproof and T race ). Among them, Setup generates public parameters pp for the system, Geninfo and Verinfo respectively create and verify user registration information, Genproof and Verproof respectively generate and verify the user's identity certificate, and the T race algorithm tracks the user's real identity in the Verproof data.

洒脱喜一周评 | “N号房”折射隐私之殇,看中科院区块链“天眼”如何破局

As shown in the figure above, when user u generates registration information reginfo , this reginfo information will be sent to the regulatory agency. If the reginfo information is successfully verified, the supervisor can extract some information from reginfo recordu =(PKcu,IDu,CHidu) and store it in the database (Database), and add PKcu and CHidu information to the Merkle tree (MT ), And broadcast this information. If user u's (PKcu || CHidu) appears in the Merkle tree (MT), it indicates that its registration was successful. Then, user u can generate datau data datau , which is sent to the node network. (Composed of ordinary nodes and verification nodes). Unlike the traditional verification process in the blockchain, the verification process here verifies:

  1. Data content
  2. Proof of identity in the data;

If datau data validation is successful, add datau to the block generated by the validation node. According to the consensus mechanism, the nodes in the network will select a final block and add it to the blockchain, and the tracking process is as follows:

The supervisor obtains datau data from the datau and decrypts each ciphertext of the chameleon hash public key in skreg by using the private key skreg to obtain the chameleon hash public key set PKc . Finally, the supervisor can search the database based on the PKc To obtain the user's real identity set ID in datau .

And such a system uses these cryptographic primitives: Cramer-Shoup encryption scheme, non-interactive zero-knowledge, digital signature scheme, and multi-secret sharing scheme (for a detailed description of these cryptographic components, see the original paper);

For the SkyEye scheme, the prerequisite for tracking is to use the traceable private key skreg to decrypt all the chameleon hash public key ciphertext in the blockchain data datau to obtain the chameleon hash public key set PKc.

However, in the SkyEye scheme, the excessive power of the regulator has become a major problem. It can arbitrarily track the identity of blockchain users without any restrictions and supervision, which has caused some concerns.

1.3 Blockchain Traceability Scheme with Supervisory Function (BTSOF)

In order to supervise the regulatory agency, researchers proposed a new scheme BTSOF, whose main design idea is shown in the following figure:

洒脱喜一周评 | “N号房”折射隐私之殇,看中科院区块链“天眼”如何破局

If the regulator wants to track blockchain data datau, it must send the data datau and corresponding evidence witu to the committee. If the committee agrees to follow up, it will send the tracking information to the regulatory body, and finally, the regulatory body can track the data datau based on the information sent by the committee.

As mentioned above, the Cramer-Shoup encryption scheme is used in the SkyEye scheme. In the new scheme, the committee is required to generate the public and private key pairs of the Cramer-Shoup encryption scheme on a regular basis. Can be tracked, which is equivalent to playing a monitoring role.

The key in this process is an encryption protocol called DMKG. It is designed by researchers based on the distributed key generation protocol DKG for the Cramer-Shoup encryption scheme. Its responsibility is to generate traceability of the committee. Public and private key pair.

1, 4 BTSOF threat model, target and structure

In the BTSOF scheme, a threat model we have to consider is the proportion of non-honest members of the committee. If the opponent controls more than 1/3 of the committee members, it may pose a threat to the final result.

The goal of BTSOF is to ensure that the regulatory agency must obtain the committee's consent to follow up, and can only track the data set sent to the committee. So how does this work?

Its key ideas are described as follows:

The regulator broadcasts a message to the committee indicating the data set it is tracking, and there are two types of messages:

  1. The message mrtc = (R, dw) = (R,(datal, witl)l∈{1,...,len}) indicates that the regulator wants to use the len element to track the dataset, where R represents the identifier of the regulator, and (datal,witl) represents the l-th data, and corresponding evidence of l l∈{1,...,len} .
  2. The message mrtc =(R,dw)=(R,(T,witT)) indicates that the regulator wants to track all data for the T period, where R is the identifier of the regulator and witT is the corresponding evidence.

After the honest member Pi committee received the above message mrtc , for each i∈Qfinal , Pi would verify the mrtc of the corresponding evidence in mrtc . If the verification is successful, Pi signs dw in the message mrtc, and then sends the signature to the supervisory authority. The supervisory authority verifies the signature each time it receives a signature from a member of the committee, and if the verification is successful, it saves it in the set sigall .

Finally, if the size of sigall is greater than or equal to t, the supervisor broadcasts the message mrtc =(R,dw,sigall) to the committee.

After receiving the above message mrtc =(R,dw,sigall) , each committee member in Qfinal first verifies each signature in the set sigall and calculates the number of valid signatures. If the number is greater than or equal to t, a committee member in Qfinal performs some action.

After receiving the message mi sent by the honest member Pi for i ∈ Qfinal, the supervisor selects the value of the majority of these messages and tracks it according to the value.

Free and easy comments: Blockchain privacy protection and supervision seem to contradict each other. In fact, you can achieve both. The Tianyan upgraded protocol BTSOF can crack down on crimes under the premise of ensuring the privacy of ordinary users, and at the same time ensure that it does not cause excessive regulatory power. To achieve this goal, it depends on the combination of various cryptographic tools, and similar The plan will be more easily accepted by the public and regulators.

Second, hard core technical articles of the week

2.1 Ethereum 2020: Roadmap and Outlook

In this article, the author details the Ethereum roadmap published by Ethereum founder Vitalik and proposes possible highlights of Ethereum in 2020.

Article link:

2.2 Ethereum core developers: MPT hex tree will be replaced

In this article, the author Guillaume Ballet proposed a scheme that can convert Ethereum from the currently used MPT hextree structure to a binary tree structure, thereby greatly reducing the witness data in Ethereum stateless.

Article link:

2.3 Vitalik: Quick Start for Garbled Circuits

In this article, the author Vitalik Buterin popularized the concept of cryptographic primitive obfuscation circuits (Garbled circuits) and proposed some potential applications.

Article link:

Third, Bitcoin & Ethereum development update progress

3.1 Progress of Bitcoin Development Update

  1. Eclair # 1339 prevents users from setting their htlc-minimum amount to 0 millicons, which would violate BOLT2, with a new minimum value of 1 millicons;
  2. LND # 4051 can track up to 10 errors per peer and reconnect to store them if necessary. The latest error message will be returned as part of the ListPeers result, making it easier to diagnose the problem;
  3. BOLT # 751 updated BOLT7 to allow nodes to announce multiple IP addresses of a given type (e.g. IPv4, IPv6 or Tor). This ensures that multi-homed nodes can better inform the network about their network connections.

3.2 Development progress of Ethereum

Ethereum 1.X updates:

  1. Geth v1.9.11's eth / 65 data dissemination proposal reduces bandwidth requirements by 75%;
  2. Nethermind v1.7.12 supports the eth / 65 proposal;
  3. Guillaume Ballet explains why Ethereum switched from a hex-tree structure to a binary tree structure , and introduced how the overlay tree works;
  4. Researchers evaluated the impact of some schemes on reducing the size of Ethereum witness data ;

Ethereum 2.0 research and development update content:

  1. Least Authority released a specification audit report for Ethereum 2.0 ;
  2. Mikerah explored a hybrid network architecture for verifier privacy;
  3. The latest Nimbus client update , full interoperability is the main focus, and the client's processing verification and signature speed is increased by 5 times
  4. RuntimeVerification : verify ewasm code ;
  5. Polynomial commitment scheme based on hash graph ;
  6. Multi-layer hash graph scheme for state storage;

That's it for this issue, see you next week ~