Smart Contract-based Decentralized Privacy System for Securing Data Ownership Management

Keywords: Decentralized privacy system, Smart contracts, Encryption, Ownership, Access control.

Yunmin He^1,2 , Yu-Chi Chen^1* , Zhong-Yi Guo¹ , Raylin Tso³ , and Shaozhen Ye²

¹ Department of Computer Science and Engineering, Yuan Ze University, Taiwan
² College of Mathematics and Computer Science, Fuzhou University, China
³ Department of Computer Science, National Chengchi University, Taiwan * This email address is being protected from spambots. You need JavaScript enabled to view it.

Abstract

Recently, Zyskind et al. proposed a decentralized personal data management system which keeps privacy through blockchain and off-blockchain storage, so-called the decentralized privacy (DP) system. This system helps users ensure data ownership and fine-grained access control for third-party service providers. However, in this DP system, the permission power is delegated to blockchain and the users' data are stored in the off-blockchain distributed hashtable. Therefore, this induces extra communication overhead to connect these two distinct functionalities. In this paper, we present a conceptually simple solution directly from smart contracts with cryptographic primitives. This system is called the smart contract-based decentralized privacy (SCDP) system to overcome the above-mentioned efficiency issues. We propose the basic SCDP system as a warm-up to introduce the design principle based on symmetric encryption. Moreover, the strong SCDP system is provided by using ciphertextpolicy attribute-based encryption to support more flexible scenarios of access control and also eliminate some limitations of the basic system. Finally, we discuss some analyses in the aspects of security, access control, and data segmentation.

References

1. A. Sahai and B. Waters, “Fuzzy identity-based encryption,” in Annual International Conference on the Theory and Applications of Cryptographic Technique. Springer, 2005, pp. 457–473. Google Scholar
2. G. Wood, “Ethereum: A secure decentralised generalised transaction ledger,” Ethereum project yellow paper, vol. 151, pp. 1–32, 2014.
3. G. Zyskind and O. Nathan, “Decentralizing privacy: Using blockchain to pro- tect personal data,” in Security and Privacy Workshops (SPW), 2015 IEEE. IEEE, 2015, pp. 180–184. Google Scholar
4. J. Bethencourt, A. Sahai, and B. Waters, “Ciphertext-policy attribute-based encryption,” in Security and Privacy, 2007. SP’07. IEEE Symposium on. IEEE, 2007, pp. 321–334. Google Scholar
5. J. Kehrli, “Blockchain 2.0-from bitcoin transactions to smart contract applications,” Niceideas, November. Available at:
   https://www. niceideas.ch/roller2/badtrash/entry/blockchain-2-0-frombitcoin (Accessed:5 January 2018), 2016.
6. J. P. Cruz, Y. Kaji, and N. Yanai, “Rbac-sc: Role-based access control using smart contract,”IEEE Access, vol. 6, pp. 12 240–12 251, 2018. Google Scholar
7. K. Christidis and M. Devetsikiotis, “Blockchains and smart contracts for the internet of things,” IEEE Access, vol. 4, pp. 2292–2303, 2016. Google Scholar
8. K. Delmolino, M. Arnett, A. Kosba, A. Miller, and E. Shi, “Step by step towards creating a safe smart contract: Lessons and insights from a cryptocurrency lab,” in International Conference on Financial Cryptography and Data Security. Springer, 2016, pp. 79–94. Google Scholar
9. K. Korpela, J. Hallikas, and T. Dahlberg, “Digital supply chain transformation toward blockchain integration,” in Proceedings of the 50th Hawaii international conference on system sciences, 2017. Google Scholar
10. M. Haferkorn and J. M. Q. Diaz, “Seasonality and interconnectivity within cryptocurrencies-an analysis on the basis of bitcoin, litecoin and namecoin,” in International Workshop on Enterprise Applications and Services in the Finance Industry. Springer, 2014, pp. 106–120. Google Scholar
11. N. Szabo, “Smart contracts,” Unpublished manuscript, 1994.
12. P. McCorry, S. F. Shahandashti, and F. Hao, “A smart contract for boardroom voting with maximum voter privacy,” in International Conference on Financial Cryptography and Data Security. Springer, 2017, pp. 357–375. Google Scholar
13. R. L. Rivest, A. Shamir, and L. Adleman, “A method for obtaining digital signatures and public-key cryptosystems,” Communications of the ACM, vol. 21, no. 2, pp. 120–126, 1978. Google Scholar
14. S. King and S. Nadal, “Ppcoin: Peer-to-peer crypto-currency with proof-of-stake,” selfpublished paper, August, vol. 19, 2012. Google Scholar
15. S. Nakamoto, “Bitcoin: A peer-to-peer electronic cash system,” 2008. Google Scholar
16. V. Buterin, “A next-generation smart contract and decentralized application platform,” Google Scholar
17. V. Goyal, O. Pandey, A. Sahai, and B. Waters, “Attribute-based encryption for finegrained access control of encrypted data,” in Proceedings of the 13th ACM conference on Computer and communications security. Acm, 2006, pp. 89–98. Google Scholar
18. V. Jacynycz, A. Calvo, S. Hassan, and A. A. S ́anchez-Ruiz, “Betfunding: A distributed bounty-based crowdfunding platform over ethereum,” in Distributed Computing and Artificial Intelligence, 13th International Conference. Springer, 2016, pp. 403–411. Google Scholar
19. V. Odelu, A. K. Das, M. K. Khan, K.-K. R. Choo, and M. Jo, “Expressive cp-abe scheme for mobile devices in iot satisfying constant-size keys and ciphertexts,” IEEE Access, vol. 5, pp. 3273–3283, 2017.Google Scholar

For more information about this article, please contact us here