KMSchain Zero-knowledge, decentralized solutions for inclusive protection of data privacy on cloud, blockchain and beyond. We are experts of ...
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
KMSchain Zero-knowledge, decentralized solutions for inclusive protection of data privacy on cloud, blockchain and beyond. We are experts of zero-knowledge privacy solutions. 2018 PRESENTATION Copyright KMSchain 2018
Who are we We are expertized in Blockchain Technology and development of Zero Knowledge Privacy Protocols. There are three main dimensions of technologies provided by us. Zero Knowledge Privacy DATA PRIVACY TRANSACTIONAL ZERO KNOWLEDGE PROOFS CONFIDENTIALITY Decentralized, zero-knowledge KMS and Private blockchain solutions powered State-of-the-art Zero-knowledge Proof easy-to-use end-to-end encryption tools for by zero knowledge proof protocol technology developed to enable securing user data in modern distributed (Lelantus) for enterprise grade verification of data without applications and beyond protection of transactional privacy compromising its privacy and anonymity. Enables data privacy on Blockchain and cloud Designed to Power Blockchain Infrastructures Application of the technology in different domains Provides unique scalable solution for Privacy of transaction values and origins Develop use case specific privacy protocols encrypted data management to meet your ecosystem needs 2
Data is a Core Resource We live in a data-centric world, where data is the cornerstone of business infrastructures and driving force of social-economic relationships 2.5 quintillion bytes of data is created per day 90% of data have been created in last two years Emergence of audit and compliance requirements (GDPR, HIPAA, CJIS, FERPA, PCI, ITAR, etc.) 4
Encryption as a way to Protect Data Encryption is a robust approach of protecting data from breaches and leaks. Plain Text Encrypted Gibberish EnCt2ac4bfa13c762664d5352dee620 Hello World! 2eeb360a029d3dac4bfa13c762664d5 352dee60v1+mjP5fAF Public Key Cryptography 5
Management of Encrypted Data is a Challenge As a cryptographic access control mechanism Public Key Encryption is limited in several ways Limitations of Standard Public Key Cryptography Requires advanced knowledge of recipient Does not scale well in case of many to many messaging and multiple intended recipients Access can not be revoked after the encrypted message has been shared. 6
Sample Scalability and Performance Failures in Case of Legacy system Bob Eve David x 100 Carol IPFS, Swarm, Cloud It does not scale well 7
What are Alternatives of Key Management? Amazon, Google, Microsoft, Alibaba provide Key Management as a Service for addressing this technical challenge. But these services have single point of failure 1. Service providers get access and manage all user keys. 2. Centralized Services with an undue trust put on the service provider can not serve decentralized applications 8
Combining the Best of Both Words We provide flexible encryption and data management technology which does not compromise the data security via introducing single point of failure Legacy Encryption Federated Key Method Management KMSchain ✓ Security ✓ Scalability ✓ Privacy ✓ Convinence 9
How Proxy Re-encryption Works The proxy can transform a ciphertext encrypted under Alice’s public-key into ciphertext encrypted under Bob’s public key. Re-Encryption Re-Encryption Key 10
Advantages of Our Technology Proxy re-encryption allows KMSchain to split document access management from cryptographic operations without the need to always-trusted, centralized entity KMSchain enables flexible , scalable and secure key management in distributed environments. Enables re-encryption of already encrypted data and access delegation without decrypting data as an intermediate step. Highly flexible user experience, revocable data access. Efficient utilization of data storage.
Decentralized Privacy Layer KMSchain enables to build decentralized, zero-knowledge Key Management Services to solve a significant market need enabling DApps and other data critical applications to integrate data encryption and KMS technologies without compromising decentralization. Re-encryption Key Re-encryption key are split into multiple re- encryption shares. We leverage cutting-edge cryptography techniques and blockchain technology to decentralize our service into multiple standalone KMS Services (nodes)
Comparison with Alternative Solution None of the existing methods enables safe, scalable and decentralized key management service for modern distributed applications and other data critical use cases. User Exclusive Simple User Distributed KMS, No Cost Efficient Easy-to-deploy Control Over the Experience, Scalable, Single Point of Solution and maintain Encryption Keys Flexible Data Sharing Failure Federated Key Management (FKM) No Yes Yes Yes No Deploying On-Premise Yes No Yes No No KSM/HSM Legacy Encryption Yes Yes No No No Methods (LEM) KMSchain KMS Yes Yes Yes Yes Yes 13
Data Access Policies for Automatic KMS, Integration to Smart Contracts Conditional Data Access Delegation Time: enabling or disabling user to get data access after a certain point of time, Transaction value: enabling users to get access to data when a amount is sent to an address Other Events: other easily verifiable, blockchain based events. Lorem ipsum is dummy text 14
1.1 KMSchain Nodes and White Lables
Key Management Service Providers in KMSchain Network, White-label System Proxy 2 Proxy 3 Proxy 4 Proxy 1 Proxy 5 Bob Alice 16
Decentralized Proxy Re-Encryption Network Considering the data privacy needs and regulatory requirements, enterprises from several sectors will be well motivated to run their nodes to use the proxy re-encryption technology internally as well as to provide KMS services to clients FINANCIAL SERVICES HEALTHCARE & PHARMA SERVICES MANUFACTURING TECH & SOFTWARE PUBLIC SECTOR LEGAL SERVICES HOSPITALITY RETAIL 17
1.2 KMSCHAIN: SCALABLE END TO END ENCRYPTION
Application of KMSchain End to end Encryption Data is only effectively encrypted in transit and In has several vulnerability points . Frontend Server Database 3 Re-encryption operation done within device 1 2 Hi Melanie, I am fine. Encrypted Hi Melanie, Encrypted I am fine. KMSCHAIN https https at-rest Encrypted Encrypted In case of our end to end encryption data is effectively encrypted at In all times 19
SDK That can be Licensed Our easy to use cryptographic libraries turn every developer into applied cryptographer. Add data encryption and cryptographic trust management into your app with just a few lines of code. Perform Re-Encryption for the given ciphertext and Generate and Manage User's Public and Private keys. the re-encryption key Enable users to generate Re-Encryption keys Decrypt both the original or transformed ciphertexts in for their peers. order to reveal the encapsulated symmetric encryption key Encapsulate a symmetric encryption key via given Public Key (similar to Diffie-Hellman Key Exchange) 20
1.3 USE CASES OF THE TECHNOLOGY
Big Data Systems Development of the big data systems which enables secure transfer of data, development of collaborative data lakes, monetization of the enterprise data. 22
Data Marketplaces (Financial, Insurance, etc.) KMSChain provides robust infrastructure for the development of decentralized data marketplaces. Anonymity and Privacy protection Decentralization Transparency Control 23
KYC, KYT, Digital Identity Systems Secure and flexible control over digital IDs, streamlining travel, KYC, insurance claims, and more. 24
Social Networks, Secure Chat Rooms Via KMSchain users can create very secure social groups by assigning different attributes and keys to their social contacts, and then encrypt data such that only particular users with desired set of attributes can decrypt it. 25
Role based Data Management and Access Control If there are different classes of nodes in the network (master nodes, service providers, Oracles, etc.) our technology can be applied to segregate the permission levels of these users, also enabling dynamic self-management. 26
Other Use Cases for Blockchain applications File Sharing Internet of Things Supply Chains Easily manage the data access, Will empower secure bridges Create a more transparent, safe, enabling scalable access control for between devices & different and efficient systems without file sharing applications. blockchains compromising the business privacy 27
Other Use Cases for blockchain applicaticon Medical Health Record’s Social Media Platforms Digital Rights Management Processing Application of KMSchain to Infrastructure for media Apply the technology to create empower patient centric approach producers to distribute, and effective protection and on medical data management monetize their content . monetization of DRM systems 28
Our Proxy Re-encryption Technology in Production The technology has wide application as a core layer nearly in any distributed solution which deals with data control and management. Norbloc provides BeSafe IO uses PRE to BigchainDB applies proxy Racing Pigeon chain will blockchain based KYC enable companies of all re-encryption technology use our technology to solution for Sweden and sizes to encrypt, control to add data governance enable secure and Benelux market. It will and monitor their layer into its blockchain scalable management & exploit PRE for securing business documents on platform for addressing sharing of the pigeon customer data and devices, in cloud (Box, previously inaccessible related data, including manage digital trust Slack, Dropbox, OneDrive) markets. pedigree data, pigeon among various financial and beyond profiles and reports institutions. 29
2. TRANSACTIONAL PRIVACY ON BLOCKCHAIN
Blockchain Technology is Missing Privacy Blockchain Transactions 31
Is blockchain technology well suited for enterprises ? Public (in other words, permissionless) blockchain systems like Bitcoin were the first to face privacy challenges. Transaction details are in the clear, and available on the public ledger of the system. It is deplorable challenge for most enterprises to adopt the technology. Imagine a business obtaining computer parts from a vendor. Given the large volume of computer parts purchased, the supplier Why? provides a discount to the business when trading the asset for currency. This is highly sensitive information for supplier, which can not be protected on blockchain 32
Transactional Privacy on Blockchain One of the main concerns about on-blockchain privacy is that the inputs used in a transaction can be traced to the previous transactions that created them. For cryptocurrency payments to be truly private, transactions have to have two properties: Confidentiality Hiding the transferred amounts, Anonymity Hiding the identities of the sender and/or receiver in a transaction 33
Lelantus Protocol Developed by Us: www.lelantus.io 34 34
Lelantus Zero Knowledge Proof of Transactions The network nodes can verify the legitimacy of transaction without seeing the transactional details ( who is transacting and what is the amount) Blockchain Transactions John Bob 35
The Protocol Alternatives Applied for Transactional Privacy We are expertized on all of these cryptographic protocols. What Provides What are Drawbacks This design, however, does not Confidential Transaction All transaction amounts are hidden from public view using a ensure transaction anonymity, a of Greg Maxwell highly desirable privacy feature for commitment to the amount. financial transactions. Enables users to generate coins with This construction works only with no prior transaction history which fixed denominated coins and hence Zerocoin can then be spent anonymously does not hide transaction without disclosing the source amounts Provides a very efficient private It relies on knowledge of exponent Zerocash transaction system which is capable assumptions and a trusted setup of hiding transaction values, their process, necessitating the user’s origins, and destinations. trust in the correctness of this setup Lenantus Protocol Solves the problems 36 36
Unique Advantages of Lelantus Protocol Does Not Take Trade-offs Ensures both anonymity and confidentiality Multicoin Transactional Efficient Cryptographically Secure A single transaction can contain Relies only on standard simultaneous spends and output cryptographic assumptions multiple coins Lelantus Small Proof Size No Trusted Setup Reduction of proof sizes and Does not require a trusted setup proof generation times process, there are no backdoors 37 37
Unique Functionalities of Lelantus Protocol NON TRACKABLE TRANSACTIONS Proves that the transaction balance is preserved without revealing either the input coin origins or the transaction amounts FULL PRIVACY OF TRANSACTION HISTORY . It enables the users to destroy coins in their possession and redeem a new coin with no prior transaction history. These coins can then be sent anonymously. NO BACKDOORS ARE DESIGNED IN THE STSEM In Contrast Zerocoin implementations based on RSA accumulators, it does not rely on a trusted setup process, excludes backdoors. OPTIONAL DENOMINATIONS In Contrast to Zerocoin the need for fixed denominations is removed. Allows to mints of arbitrary amounts and partial spends of any amount EFFICIENT TRANSACTION PROOF PROCESS It enables efficient batching of the verification of transaction proofs, bring higher efficiency to the network 38 38
Innovative Approaches Applied to Cryptographic Primitives Innovative approach to One out of N Double-Blinded Commitments To verify the validness of the transaction, the verifier should first check the provided Sigmaproofs for each spend transfer and the range-proof for all output transfers. Next, in order to ensure that the transaction balance is preserved, the verifier should go over the following steps Modifications to the original Bulletproofs protocol 39 For complete information see the paper 39
Performance of the Implemented Protocol We implemented a reference implementation in C++ over the popular library libsecp256k1. table below we bring the proof size and performance parameters for different anonymity set size and configurations. 40 40
3. ZERO KNOWLEDGE PROOF TECHNOLOGY
Zero Knowledge Proofs Prover Verifier Completeness – Prover can always convince the verifier when statement is true Soundness – Can not convince the verifier when the statement is actually false Zero-knowledge – No leakage of information (except truth of statement) even if interacting with a cheating verifier 42 42
Services that can be powered by our Zero Knowledge Proofs Asset Based Financing Hedge Funds Trade Finance Companies can prove asset Fund manager can verify and All players can contribute valuation to banks and communicate portfolio risk to overall trade process insurance without revealing characteristics to an investor without revealing trade underlying data without revealing holdings details to all Supply Chain Credit Score Security Compliance Clients can control Clients can prove their credit Operators can prove that supplier risks without score using their financial deployments complies with overreaching into transactions history without security policy without operations revealing it revealing configuration files 43 43
Application of the Technology in Hedge Funds Investor can ensure that an appropriate level and type of risk is taken, yet the fund can pursue competitive strategies which would not be possible if the restriction of perfect transparency were imposed. How solve conflict of interest and agency problem between fund manager and investors Prove to Investors Without Revealing Strategy Fund Manager Investors 44 44
Application of the Technology in Private Auctions Auctioneers can organize sealed-bid, but publicly verifiable auctions, where the bidders keep their bids private from the public view, but reveal them to a trustless auctioneer. Later the auctioneer determines and claims the winner and provides publicly verifiable non-interactive zero-knowledge proofs for the claim correctness. How solve conflict of interest and retain privacy among competing bidders Prove to Bidders which one is the winning bid Without Revealing any bid value Auctioneer Bidder 45 45
Sealed-Bid Auction Protocol Developed by Us 46 46
4. TEAM
Arman Abgaryan Aram Jivanyan David Hong Martun Karapetyan CEO CTO & Chief Cryptographer Director of BD Senior Software Developer MSc at University of Cambridge, Entrepreneur and 10+y experience in US and Ph.D. in Cryptography, 7+y PhD Candidate at SJTU Cryptographer. Founder of Asia focusin on TMT, foreign software development experience (Blockchain Research), MSc CS at Skycryptor, a Techstars direct investment and M7A. (C++, Python). Former senior Georgia Tech (Machine Learning), company pioneering the David is a counsel at KWM and cryptography researcher (created MBA at AUA. 2+y blockchain development of Proxy Re- a founding member of Heyi novel white-box algorithms) at industry experience as lead of Encryption technologies. 5+ Blockchain. He has been American University. Former product design & project years in dev. team management. consultant for Coursera, software engineer in Google management (over 8 different 8+ years in security R&D. advisors for several blockchain (developed features on Youtube projects), early investor, 3+y Cryptography advisor of ZCoin. and ICO projects. monetization and claiming). academic career in blockchain, Co-authored 2 security patents 5+y experience in business and for Samsung. Author of the . corporate finance. Lelantus protocol ( and brand new transaction privacy system)
Arsen Mamikonyan Genie Chen Saren Abgaryan Karen Kirakosyan Senior Software Developer Senior Marketing Officer Senior Operations Officer Senior Software Developer MEng in Engineering & Computer Genie Chien is a Senior Advisor LLM at SUFE, PhD Candidate in 8+y experience as full-stack Science from MIT. Early ML for companies on marketing and International Investment Law developer, highly skilled in employee in Locu, SF based startup promotion activities in Asia. Genie (SJTU), 1+y blockchain industry Blockchain, Solidity, PHP, acquired by GoDaddy. Adjunct has significant experience & blockchain legal consulting, 3+ PHP Frameworks (Laravel, Lecturer at AUA teaching ML to providing marketing advice and y academic legal research Symfony, Yii, Codelgniter, Masters students. Founded HiLearn, support to a range of experience, 2+y assistant ets.), MySQL, MongoDB AI startup focused on algorithmic multinational companies, with editorial experience in legal Javascript (Jquery, Node.js, cryptocurrency trading. focus on the Taiwan market. journal (AsianJLS), 2+ y Express). experience in corporate law 49
Sergey Sargsyan Gegham Jivanyan Mesrop Manukyan Senior Software Engineer Software Engineer Legal Counsel Senior Architect and developer Full-stack senior developer. LLM University of Cambridge, with an extensive background in Founding employee at Skycryptor Lecturer at AUA in corporate and cryptographic algorithms & Besafe.io. 4+y experience in transactional law, 1+y development for Samsung, low- Python, Django, Front-End crypto/blockchain research and level algorithmic chip design at technologies and C++. trading experience, 6+y VMWare and architecting scalable experience in legal advisory & web applications in Zalando. 3+y of managerial experience. 50
Team Experience b
5. Development Milestones
Development Milestones of OneDApp Our Vision Step by Step Idea inception, Cryptographic Research & Team Development 2015 2015 Development of Key Management 2016 Service and APIs 2016 Q2 Launch of BeSafe IO, Proxy Re-Encryption empowered solution 2017 2017 Q3 First enterprise deployment and paid pilot 2018 with FDJ , Instigated the work on Lelnatus 2018 Q1 Development of SDKs for key management, and trust management. Completed Lelantus 2018 2018 Q4 Development of Threshold Proxy Re- 2019 Encryption Technology 2019 Q1 53
Extension of the KMSchain ecosystem via partnerships 2019 2019 Q1 Completion of Series A round to further 2019 support platform development 2019 Q1 Collaboration with Dapps to add privacy into their applications via our SDKs 2019 2019 Q1, Q2 Further extension of the KMSchain 2019 ecosystem, Development of ZK Software 2019 Q2 Launch of the Decentralized KMS network 2019 2019 Q2 Monetization of KMSChain via enterprise 2019 nodes and DApps integrations. 2019 Q3 Development of industry-specific private collaboration solutions 2020 2020 Further extension of functionality, development of new cryptographic solutions 54 *See slide 18. in the ecosystem and maintenance
THANK YOU https://onedapp.io
You can also read