Looking back at EthCC-Paris -2018

by Amira Bouguera, Cryptographer, HellHound, ConsenSys

The Ethereum Community Conference or EthCC, is an international series of conferences and workshops organized in Paris each year by a non-profit French Ethereum Association Asseth. Since its first edition in 2018, EthCC has gained attraction from the global Ethereum and blockchain community in general as a great developer focused conference, for the variety and excellence of topics introduced.

The topics presented at EthCC 2018 included EVM, Privacy, Data, Security, Identity, Compliance, ÐApps, Protocol & Client, IoT, Public Goods, Tokens, Scalability and Decentralized EXchanges.

In this article, I will talk about the privacy topics that were introduced during last EthCC that I found the most interesting.

But first, let me introduce myself: my name is Amira Bouguera and I am a cryptographer and security engineer at ConsenSys. I graduated from engineering school and specialized in cryptography and cybersecurity, and I hold a Master’s degree in applied math. I have been working in the blockchain space for 2 years now mostly in privacy, scalability and security related topics. I co-founded the HellHound project while at ConsenSys, which allows developers to implement privacy by design in dApps (decentralized applications).

Check my top 3 favourite privacy topics introduced:

1. Cryptographic Approaches to smart contract privacy and scalability

Matthew Di Ferrante the Founder of ZKLabs gave an overview on privacy, and gas issues on Ethereum, and presented a specific use case on private voting systems.

Example: Private on-chain voting contract using ring signatures

What are ring signatures?

A ring signature is a digital signature that allows a member of an authorized group to create a signature that would be valid without determining the key that was used to generate the signature, which means the signer’s identity would stay anonymous.

How does it work?

Source: Ring Signatures And Anonymisation

In this example, we have a group of four people Trent, Bob, Eve and Alice where each has their own public and private keys.

• Bob wants to sign a message from the group. He generates a random value v, and then random values (xi) and corresponding yi=gi(xi) for each of the other participants except himself.
• Bob creates a key k=H(m), where k is the hash of the message to be signed.
• k will be used to encrypt each of the elements of the ring Ek and then each element of the ring uses an EX-OR function from the previous element as follows:

• Solve the ring equation Ck,v(y1,..,y4)=v and find ys.
• Bob uses his private key to determine a different private key

• Bob now releases the overall signature as (v;x1,x2,x3,x4)

Use cases:

1. Private transactions: hide the transaction amount and the identity of the sender as in Monero.

2. Private voting: Anonymization of voter IDs by leveraging linkable ring signatures to verify if signatures were produced by same signer, without revealing the signer’s identity which solves the double voting problem.

Privacy vs Scalability trade-off: by leveraging privacy we lose scalability

With ring signatures, we have indistinguishability between participants, but we hit a scaling problem.

Currently, no ring signature implementation can scale to anything beyond 10–15 participants per ring, per block, due to high gas costs and the block gas limit.

Solution:

• Use pairings based aggregate n-of-n signatures instead of normal EC, this allows one extra multiplication of elliptic curve points to compute the n-of-n signature which is a multiplication of all signatures in the group. This is normally not possible on non-pairing curves.
• In order for the solution to scale, the scheme should allow the key registration, signature generation to be computed off-chain and the verification to be done on-chain.
• By using threshold secret sharing schemes, voting steps will be reduced, since only t signatures will be needed instead of n while t is the threshold parameter and t<n.

ZK Labs Research’s Proposal on a Scalable and Private Voting System

In May 2018, ZK Labs’ Research Proposal submission to Aragon & Placeholder’s Nest was accepted. The proposal was to provide a set of libraries that support the basic components of an e-voting system on Ethereum and a prototype integrated with the Aragon protocol.

Related implementations on Ethereum:

• Linkable ring signature
• RingCT that creates fungible and private token

2. Zokrates — a toolbox for zkSNARKs on ethereum

Jacob gave an overview of the existing on chain transaction processing mechanism and explained the fact that since every node in the network will execute and validate the transaction, this mechanism is not scalable.

Off-chain transaction processing allows the computation to be delegated to third party nodes for execution and only the verification process is done on chain.

Benefits of off-chain processing:

• Scalability: Verification is cheaper than execution.
• Confidentiality and privacy: Private information can be used without revealing it.

ZKSnarks are one of several advanced zero knowledge verifiable computing techniques that are used to provide and verify a computation proof on chain that was generated off-chain.

Zokrates acts as an integration platform that provides a usable abstraction and tooling for ZKSnarks, it supports the whole process from specifying a provable program, to generating a proof and verifying its correctness on a blockchain.

Full Zokrates process

Source: ZoKrates — Scalable Privacy-Preserving Off-Chain Computations

Zokrates’ goal is to provide a toolbox that can be used more conveniently than to try to understand proof systems, in depth and writing your own verification contracts in Ethereum.

Zokrates updates since last year:

• Successful Integration of more efficient ZKSnarks Groth16 which makes the proof much cheaper to verify and also the proof size smaller.
• They also built support for more gadget integration (like libsnark gadgets).

3. NuCypher - Decentralized Key Management System

Problem: How can we securely delegate decryption rights in order to share private data without revealing the encryption keys to intermediary entities?

Solution: Proxy re-encryption(PRE) is a set of algorithms which allows a semi-trusted proxy to transform ciphertext from being encrypted from one key to another, without learning anything about the underlying plaintext.

Main actors and interactions in a PRE environment

Source: Unveiling Umbral — Threshold proxy re-encryption for scalable end-to-end encrypted data sharing

Nucypher, a decentralized key management system, encryption and access control service presented Umbral, which is a threshold proxy re-encryption scheme that powers the NuCypher network.

1. Alice encrypts data with her public key, encapsulates her public key to generate a symmetric key K and a capsule.
2. Alice then generates a new re-encryption key using her private key, Bob’s public key and will be divided into N shares (fragments).
3. Each of these fragments will be shared with a proxy and encapsulated with the previous capsule to output a capsule fragment (in total N proxies).
4. Bob uses his private key to decapsulate the fragments (to retrieve the symmetric key K).
5. By the end, Bob uses K to decrypt the message which was sent by Alice.

The threshold functionality of Umbral reuses ideas from Shamir’s Secret Sharing in order to make re-encryption a distributed process and share encrypted data with multiple parties.

Resources:

PyUmbral: Python implementation of Umbral scheme.

GoUmbral: Golang implementation of Umbral which has speed benefits over the python implementation, but not yet production ready (there might still be vulnerabilities).

EthCC 2019 expectations

EthCC 2018 was one of the best developer conferences I have attended, so I have high expectations for the next one. If you are attending EthCC 2019 and still wondering which talks to watch then stay tuned for my next article with my suggestions for the “Top 10 talks to attend during EthCC 2019.”