Yiqing Diao , Ayong Ye , Yuexin Zhang , Ji Zhang , Li Xu
{"title":"P-Chain: Towards privacy-aware smart contract using SMPC","authors":"Yiqing Diao , Ayong Ye , Yuexin Zhang , Ji Zhang , Li Xu","doi":"10.1016/j.jisa.2024.103872","DOIUrl":null,"url":null,"abstract":"<div><p>Smart contract, as the representative application of blockchain, has recently fueled extensive research interests from both academia and industry. However, with its wide applications, the weaknesses of smart contract have been gradually revealed. The major barrier to the widespread adoption of smart contract involves concerns about on-chain privacy which refers to the details of input/output privacy. To address privacy concerns, we propose in this paper, P-Chain, a privacy-aware framework for smart contracts of permissioned blockchain to protect sensitive data of users based on Secure Multi-party Computation (SMPC). Unlike existing work that suffer several key drawbacks, including introducing a third party who could get the details of the deal, and high overhead for on-chain and off-chain communication, as well as lacking a privacy protection for output data, we enhance the privacy protection for smart contracts system by adding a new secure multi-party computation layer in P-Chain. Through secure multi-party computing, sensitive inputs of smart contracts are divided into multiple sub-inputs and sent to computing participants for operation respectively, which ensures that each participant can only access part of the user’s information. A stochastic strategy based on <span><math><mrow><mo>(</mo><mi>t</mi><mo>;</mo><mi>n</mi><mo>)</mo></mrow></math></span> threshold secret sharing to select calculating parties is also been proposed, which makes it difficult for an attacker to aggregate <span><math><mi>t</mi></math></span> of <span><math><mi>n</mi></math></span> participants for launching a collusive attack. In addition, we propose the output privacy protection method that makes it possible to reach a consensus without the need to know the output. The extensive experimental evaluation and analysis demonstrate that our scheme enjoys the advantages of calculation correctness, input–output privacy as well as anti-collusion.</p></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"86 ","pages":"Article 103872"},"PeriodicalIF":3.8000,"publicationDate":"2024-09-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Information Security and Applications","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2214212624001741","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0
Abstract
Smart contract, as the representative application of blockchain, has recently fueled extensive research interests from both academia and industry. However, with its wide applications, the weaknesses of smart contract have been gradually revealed. The major barrier to the widespread adoption of smart contract involves concerns about on-chain privacy which refers to the details of input/output privacy. To address privacy concerns, we propose in this paper, P-Chain, a privacy-aware framework for smart contracts of permissioned blockchain to protect sensitive data of users based on Secure Multi-party Computation (SMPC). Unlike existing work that suffer several key drawbacks, including introducing a third party who could get the details of the deal, and high overhead for on-chain and off-chain communication, as well as lacking a privacy protection for output data, we enhance the privacy protection for smart contracts system by adding a new secure multi-party computation layer in P-Chain. Through secure multi-party computing, sensitive inputs of smart contracts are divided into multiple sub-inputs and sent to computing participants for operation respectively, which ensures that each participant can only access part of the user’s information. A stochastic strategy based on threshold secret sharing to select calculating parties is also been proposed, which makes it difficult for an attacker to aggregate of participants for launching a collusive attack. In addition, we propose the output privacy protection method that makes it possible to reach a consensus without the need to know the output. The extensive experimental evaluation and analysis demonstrate that our scheme enjoys the advantages of calculation correctness, input–output privacy as well as anti-collusion.
智能合约作为区块链的代表性应用,近年来引起了学术界和产业界的广泛研究兴趣。然而,随着智能合约的广泛应用,其弱点也逐渐暴露出来。智能合约广泛应用的主要障碍涉及对链上隐私的担忧,即输入/输出隐私的细节问题。为了解决隐私问题,我们在本文中提出了P-Chain,这是一个隐私感知框架,用于许可区块链的智能合约,以保护基于安全多方计算(SMPC)的用户敏感数据。与现有工作的几个主要缺点不同,包括引入第三方获取交易细节、链上和链下通信开销高以及缺乏对输出数据的隐私保护,我们通过在P-Chain中添加一个新的安全多方计算层来增强智能合约系统的隐私保护。通过安全多方计算,智能合约的敏感输入被分成多个子输入,分别发送给计算参与方进行运算,确保每个参与方只能获取用户的部分信息。我们还提出了一种基于(t;n)阈值秘密共享的随机策略来选择计算参与方,这使得攻击者很难聚合 n 个参与方中的 t 个参与方来发起合谋攻击。此外,我们还提出了输出隐私保护方法,使得在不知道输出的情况下达成共识成为可能。大量的实验评估和分析表明,我们的方案具有计算正确性、输入输出隐私性和防串通等优点。
期刊介绍:
Journal of Information Security and Applications (JISA) focuses on the original research and practice-driven applications with relevance to information security and applications. JISA provides a common linkage between a vibrant scientific and research community and industry professionals by offering a clear view on modern problems and challenges in information security, as well as identifying promising scientific and "best-practice" solutions. JISA issues offer a balance between original research work and innovative industrial approaches by internationally renowned information security experts and researchers.