KMSchain Zero-knowledge, decentralized solutions for inclusive protection of data privacy on cloud, blockchain and beyond. We are experts of ...
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
KMSchain
Zero-knowledge, decentralized solutions for inclusive protection of data privacy
on cloud, blockchain and beyond.
We are experts of zero-knowledge privacy solutions.
2018
PRESENTATION
Copyright KMSchain 2018
Who are we
We are expertized in Blockchain Technology and development of Zero Knowledge Privacy Protocols. There are three main
dimensions of technologies provided by us.
Zero Knowledge Privacy
DATA PRIVACY TRANSACTIONAL
ZERO KNOWLEDGE PROOFS
CONFIDENTIALITY
Decentralized, zero-knowledge KMS and Private blockchain solutions powered State-of-the-art Zero-knowledge Proof
easy-to-use end-to-end encryption tools for by zero knowledge proof protocol technology developed to enable
securing user data in modern distributed (Lelantus) for enterprise grade verification of data without
applications and beyond protection of transactional privacy compromising its privacy
and anonymity.
Enables data privacy on Blockchain and cloud Designed to Power Blockchain Infrastructures Application of the technology in different
domains
Provides unique scalable solution for Privacy of transaction values and origins Develop use case specific privacy protocols
encrypted data management to meet your ecosystem needs
2
1. KMSCHAIN:
DECENTRALIZED KEY
MANAGEMENT
SOLUTION
Data is a Core Resource
We live in a data-centric world, where data is the cornerstone of business infrastructures and driving force of
social-economic relationships
2.5 quintillion bytes of data is created per day
90% of data have been created in last two years
Emergence of audit and compliance requirements
(GDPR, HIPAA, CJIS, FERPA, PCI, ITAR, etc.)
4
Encryption as a way to Protect Data
Encryption is a robust approach of protecting data from breaches and leaks.
Plain Text Encrypted Gibberish
EnCt2ac4bfa13c762664d5352dee620
Hello World! 2eeb360a029d3dac4bfa13c762664d5
352dee60v1+mjP5fAF
Public Key Cryptography
5
Management of Encrypted Data is a Challenge
As a cryptographic access control mechanism Public Key Encryption is limited in several ways
Limitations of Standard Public Key
Cryptography
Requires advanced knowledge of
recipient
Does not scale well in case of many to many
messaging and multiple intended recipients
Access can not be revoked after the
encrypted message has been shared.
6
Sample Scalability and Performance Failures in Case
of Legacy system
Bob Eve David
x 100
Carol
IPFS, Swarm, Cloud
It does not scale well
7
What are Alternatives of Key Management?
Amazon, Google, Microsoft, Alibaba provide Key Management as a Service for addressing
this technical challenge.
But these services have single point of failure
1. Service providers get access and manage
all user keys.
2. Centralized Services with an undue trust put on the
service provider can not serve decentralized
applications
8
Combining the Best of Both Words
We provide flexible encryption and data management technology which does not compromise the data
security via introducing single point of failure
Legacy Encryption Federated Key
Method Management
KMSchain
✓ Security ✓ Scalability
✓ Privacy ✓ Convinence
9
How Proxy Re-encryption Works
The proxy can transform a ciphertext encrypted under Alice’s public-key into ciphertext encrypted under Bob’s public key.
Re-Encryption
Re-Encryption Key
10Advantages of Our Technology
Proxy re-encryption allows KMSchain to split document access management from cryptographic operations without the
need to always-trusted, centralized entity
KMSchain enables flexible , scalable and secure key
management in distributed environments.
Enables re-encryption of already encrypted data and access
delegation without decrypting data as an intermediate step.
Highly flexible user experience, revocable data access.
Efficient utilization of data storage.Decentralized Privacy Layer
KMSchain enables to build decentralized, zero-knowledge Key Management Services to solve a significant market need enabling DApps
and other data critical applications to integrate data encryption and KMS technologies without compromising decentralization.
Re-encryption Key
Re-encryption key
are split into
multiple re-
encryption shares.
We leverage cutting-edge
cryptography techniques and
blockchain technology to
decentralize our service into
multiple standalone KMS
Services (nodes)Comparison with Alternative Solution
None of the existing methods enables safe, scalable and decentralized key management
service for modern distributed applications and other data critical use cases.
User Exclusive Simple User Distributed KMS, No
Cost Efficient Easy-to-deploy
Control Over the Experience, Scalable, Single Point of
Solution and maintain
Encryption Keys Flexible Data Sharing Failure
Federated Key
Management (FKM) No Yes Yes Yes No
Deploying On-Premise
Yes No Yes No No
KSM/HSM
Legacy Encryption Yes Yes No No No
Methods (LEM)
KMSchain KMS Yes Yes Yes Yes Yes
13Data Access Policies for Automatic KMS, Integration
to Smart Contracts
Conditional Data Access Delegation
Time: enabling or disabling user to
get data access after a certain
point of time,
Transaction value: enabling users
to get access to data when a
amount is sent to an address
Other Events: other easily
verifiable, blockchain based
events.
Lorem ipsum is
dummy text
141.1 KMSchain
Nodes and White
LablesKey Management Service Providers in KMSchain
Network, White-label System
Proxy 2 Proxy 3
Proxy 4
Proxy 1
Proxy 5
Bob Alice
16Decentralized Proxy Re-Encryption Network
Considering the data privacy needs and regulatory requirements, enterprises from several sectors will be well motivated to
run their nodes to use the proxy re-encryption technology internally as well as to provide KMS services to clients
FINANCIAL SERVICES
HEALTHCARE & PHARMA SERVICES
MANUFACTURING TECH & SOFTWARE
PUBLIC SECTOR LEGAL SERVICES
HOSPITALITY RETAIL
171.2 KMSCHAIN: SCALABLE END TO END ENCRYPTION
Application of KMSchain End to end Encryption
Data is only effectively encrypted in transit and
In
has several vulnerability points
. Frontend
Server
Database
3
Re-encryption operation
done within device 1 2
Hi Melanie, I am fine.
Encrypted Hi Melanie,
Encrypted
I am fine.
KMSCHAIN
https https at-rest
Encrypted Encrypted
In case of our end to end encryption data is
effectively encrypted at In
all times
19SDK That can be Licensed
Our easy to use cryptographic libraries turn every developer into applied cryptographer. Add data encryption and
cryptographic trust management into your app with just a few lines of code.
Perform Re-Encryption for the given ciphertext and
Generate and Manage User's Public and Private keys.
the re-encryption key
Enable users to generate Re-Encryption keys Decrypt both the original or transformed ciphertexts in
for their peers. order to reveal the encapsulated symmetric encryption key
Encapsulate a symmetric encryption key via given Public Key
(similar to Diffie-Hellman Key Exchange)
201.3 USE CASES OF THE TECHNOLOGY
Big Data Systems
Development of the big data systems which enables secure transfer of data, development of collaborative data lakes,
monetization of the enterprise data.
22Data Marketplaces (Financial, Insurance, etc.)
KMSChain provides robust infrastructure for the development of decentralized data marketplaces.
Anonymity and Privacy protection
Decentralization
Transparency
Control
23KYC, KYT, Digital Identity Systems
Secure and flexible control over digital IDs, streamlining travel, KYC, insurance claims, and more.
24Social Networks, Secure Chat Rooms
Via KMSchain users can create very secure social groups by assigning different attributes and keys to their social contacts,
and then encrypt data such that only particular users with desired set of attributes can decrypt it.
25Role based Data Management and Access Control
If there are different classes of nodes in the network (master nodes, service providers, Oracles, etc.) our technology
can be applied to segregate the permission levels of these users, also enabling dynamic self-management.
26Other Use Cases for Blockchain applications
File Sharing Internet of Things Supply Chains
Easily manage the data access, Will empower secure bridges Create a more transparent, safe,
enabling scalable access control for between devices & different and efficient systems without
file sharing applications. blockchains compromising the business privacy
27Other Use Cases for blockchain applicaticon
Medical Health Record’s
Social Media Platforms Digital Rights Management
Processing
Application of KMSchain to Infrastructure for media Apply the technology to create
empower patient centric approach producers to distribute, and effective protection and
on medical data management monetize their content . monetization of DRM systems
28Our Proxy Re-encryption Technology in Production
The technology has wide application as a core layer nearly in any distributed solution which
deals with data control and management.
Norbloc provides BeSafe IO uses PRE to BigchainDB applies proxy Racing Pigeon chain will
blockchain based KYC enable companies of all re-encryption technology use our technology to
solution for Sweden and sizes to encrypt, control to add data governance enable secure and
Benelux market. It will and monitor their layer into its blockchain scalable management &
exploit PRE for securing business documents on platform for addressing sharing of the pigeon
customer data and devices, in cloud (Box, previously inaccessible related data, including
manage digital trust Slack, Dropbox, OneDrive) markets. pedigree data, pigeon
among various financial and beyond profiles and reports
institutions.
292. TRANSACTIONAL
PRIVACY ON
BLOCKCHAINBlockchain Technology is Missing Privacy
Blockchain Transactions
31Is blockchain technology well
suited for enterprises ?
Public (in other words, permissionless) blockchain systems like
Bitcoin were the first to face privacy challenges.
Transaction details are in the clear, and available on the public
ledger of the system.
It is deplorable challenge for most enterprises to
adopt the technology.
Imagine a business obtaining computer parts from a vendor. Given
the large volume of computer parts purchased, the supplier
Why? provides a discount to the business when trading the asset for
currency. This is highly sensitive information for supplier, which can
not be protected on blockchain
32Transactional Privacy on Blockchain
One of the main concerns about on-blockchain privacy is that the
inputs used in a transaction can be traced to the previous
transactions that created them.
For cryptocurrency payments to be truly private, transactions
have to have two properties:
Confidentiality
Hiding the transferred amounts,
Anonymity
Hiding the identities of the sender and/or
receiver in a transaction
33Lelantus Protocol Developed by Us: www.lelantus.io
34
34Lelantus Zero Knowledge Proof of Transactions
The network nodes can verify the legitimacy of transaction without seeing the
transactional details ( who is transacting and what is the amount)
Blockchain Transactions
John
Bob
35The Protocol Alternatives Applied for Transactional Privacy
We are expertized on all of these cryptographic protocols.
What Provides What are Drawbacks
This design, however, does not
Confidential Transaction All transaction amounts are hidden
from public view using a ensure transaction anonymity, a
of Greg Maxwell highly desirable privacy feature for
commitment to the amount.
financial transactions.
Enables users to generate coins with This construction works only with
no prior transaction history which fixed denominated coins and hence
Zerocoin can then be spent anonymously does not hide transaction
without disclosing the source amounts
Provides a very efficient private It relies on knowledge of exponent
Zerocash transaction system which is capable assumptions and a trusted setup
of hiding transaction values, their process, necessitating the user’s
origins, and destinations. trust in the correctness of this setup
Lenantus Protocol Solves the problems
36
36Unique Advantages of Lelantus Protocol
Does Not Take Trade-offs
Ensures both anonymity and
confidentiality
Multicoin Transactional Efficient Cryptographically Secure
A single transaction can contain
Relies only on standard
simultaneous spends and output
cryptographic assumptions
multiple coins
Lelantus
Small Proof Size No Trusted Setup
Reduction of proof sizes and
Does not require a trusted setup
proof generation times
process, there are no backdoors
37
37Unique Functionalities of Lelantus Protocol
NON TRACKABLE TRANSACTIONS
Proves that the transaction balance is preserved without revealing either
the input coin origins or the transaction amounts
FULL PRIVACY OF TRANSACTION HISTORY
. It
enables the users to destroy coins in their possession and redeem a new
coin with no prior transaction history. These coins can then be sent
anonymously.
NO BACKDOORS ARE DESIGNED IN THE STSEM
In Contrast Zerocoin implementations based on RSA accumulators, it does
not rely on a trusted setup process, excludes backdoors.
OPTIONAL DENOMINATIONS
In Contrast to Zerocoin the need for fixed denominations is
removed. Allows to mints of arbitrary amounts and partial spends of
any amount
EFFICIENT TRANSACTION PROOF PROCESS
It enables efficient batching of the verification of transaction
proofs, bring higher efficiency to the network
38
38Innovative Approaches Applied to Cryptographic Primitives
Innovative approach to One out of N Double-Blinded Commitments
To verify the validness of the transaction, the verifier should first
check the provided Sigmaproofs for each spend transfer and the
range-proof for all output transfers.
Next, in order to ensure that the transaction balance is preserved,
the verifier should go over the following steps
Modifications to the original Bulletproofs protocol
39 For complete information see the paper 39Performance of the Implemented Protocol
We implemented a reference implementation in C++ over the popular library libsecp256k1. table below we bring the
proof size and performance parameters for different anonymity set size and configurations.
40
403. ZERO KNOWLEDGE PROOF TECHNOLOGY
Zero Knowledge Proofs
Prover Verifier
Completeness – Prover can always convince the verifier when statement is true
Soundness – Can not convince the verifier when the statement is actually false
Zero-knowledge – No leakage of information (except truth of statement) even if
interacting with a cheating verifier
42
42Services that can be powered by our Zero Knowledge
Proofs
Asset Based Financing Hedge Funds Trade Finance
Companies can prove asset Fund manager can verify and All players can contribute
valuation to banks and communicate portfolio risk to overall trade process
insurance without revealing characteristics to an investor without revealing trade
underlying data without revealing holdings details to all
Supply Chain Credit Score Security Compliance
Clients can control Clients can prove their credit Operators can prove that
supplier risks without score using their financial deployments complies with
overreaching into transactions history without security policy without
operations revealing it revealing configuration files
43
43Application of the Technology in Hedge Funds
Investor can ensure that an appropriate level and type of risk is taken, yet the fund can pursue competitive strategies
which would not be possible if the restriction of perfect transparency were imposed.
How solve conflict of interest and agency problem between fund manager and investors
Prove to Investors
Without Revealing Strategy
Fund Manager Investors
44
44Application of the Technology in Private Auctions
Auctioneers can organize sealed-bid, but publicly verifiable auctions, where the bidders keep their bids private from
the public view, but reveal them to a trustless auctioneer. Later the auctioneer determines and claims the winner and
provides publicly verifiable non-interactive zero-knowledge proofs for the claim correctness.
How solve conflict of interest and retain privacy among competing bidders
Prove to Bidders
which one is the winning bid
Without Revealing any bid value
Auctioneer Bidder
45
45Sealed-Bid Auction Protocol Developed by Us
46
464. TEAM
Arman Abgaryan Aram Jivanyan David Hong Martun Karapetyan
CEO CTO & Chief Cryptographer Director of BD Senior Software Developer
MSc at University of Cambridge, Entrepreneur and 10+y experience in US and Ph.D. in Cryptography, 7+y
PhD Candidate at SJTU Cryptographer. Founder of Asia focusin on TMT, foreign software development experience
(Blockchain Research), MSc CS at Skycryptor, a Techstars direct investment and M7A. (C++, Python). Former senior
Georgia Tech (Machine Learning), company pioneering the David is a counsel at KWM and cryptography researcher (created
MBA at AUA. 2+y blockchain development of Proxy Re- a founding member of Heyi novel white-box algorithms) at
industry experience as lead of Encryption technologies. 5+ Blockchain. He has been American University. Former
product design & project years in dev. team management. consultant for Coursera, software engineer in Google
management (over 8 different 8+ years in security R&D. advisors for several blockchain (developed features on Youtube
projects), early investor, 3+y Cryptography advisor of ZCoin. and ICO projects. monetization and claiming).
academic career in blockchain, Co-authored 2 security patents
5+y experience in business and for Samsung. Author of the .
corporate finance. Lelantus protocol ( and brand
new transaction privacy system)Arsen Mamikonyan Genie Chen Saren Abgaryan Karen Kirakosyan
Senior Software Developer Senior Marketing Officer Senior Operations Officer Senior Software Developer
MEng in Engineering & Computer Genie Chien is a Senior Advisor LLM at SUFE, PhD Candidate in 8+y experience as full-stack
Science from MIT. Early ML for companies on marketing and International Investment Law developer, highly skilled in
employee in Locu, SF based startup promotion activities in Asia. Genie (SJTU), 1+y blockchain industry Blockchain, Solidity, PHP,
acquired by GoDaddy. Adjunct has significant experience & blockchain legal consulting, 3+ PHP Frameworks (Laravel,
Lecturer at AUA teaching ML to providing marketing advice and y academic legal research Symfony, Yii, Codelgniter,
Masters students. Founded HiLearn, support to a range of experience, 2+y assistant ets.), MySQL, MongoDB
AI startup focused on algorithmic multinational companies, with editorial experience in legal Javascript (Jquery, Node.js,
cryptocurrency trading. focus on the Taiwan market. journal (AsianJLS), 2+ y Express).
experience in corporate law
49Sergey Sargsyan Gegham Jivanyan Mesrop Manukyan
Senior Software Engineer Software Engineer Legal Counsel
Senior Architect and developer Full-stack senior developer. LLM University of Cambridge,
with an extensive background in Founding employee at Skycryptor Lecturer at AUA in corporate and
cryptographic algorithms & Besafe.io. 4+y experience in transactional law, 1+y
development for Samsung, low- Python, Django, Front-End crypto/blockchain research and
level algorithmic chip design at technologies and C++. trading experience, 6+y
VMWare and architecting scalable experience in legal advisory &
web applications in Zalando. 3+y of managerial experience.
50Team Experience
b5. Development Milestones
Development
Milestones of OneDApp
Our Vision Step by Step
Idea inception, Cryptographic Research &
Team Development 2015
2015
Development of Key Management
2016 Service and APIs
2016 Q2
Launch of BeSafe IO, Proxy Re-Encryption
empowered solution 2017
2017 Q3 First enterprise deployment and paid pilot
2018 with FDJ , Instigated the work on Lelnatus
2018 Q1
Development of SDKs for key management,
and trust management. Completed Lelantus 2018
2018 Q4
Development of Threshold Proxy Re-
2019 Encryption Technology
2019 Q1
53Extension of the KMSchain ecosystem via
partnerships 2019
2019 Q1
Completion of Series A round to further
2019
support platform development
2019 Q1
Collaboration with Dapps to add privacy
into their applications via our SDKs 2019
2019 Q1, Q2
Further extension of the KMSchain
2019 ecosystem, Development of ZK Software
2019 Q2
Launch of the Decentralized KMS network
2019
2019 Q2 Monetization of KMSChain via enterprise
2019 nodes and DApps integrations.
2019 Q3
Development of industry-specific private
collaboration solutions 2020
2020
Further extension of functionality,
development of new cryptographic solutions
54
*See slide 18. in the ecosystem and maintenanceTHANK YOU https://onedapp.io
You can also read
