We live in a world of uncertainties, necessitating the need to prepare ourselves for several “what-if” scenarios. The same is true when trying to secure our IT solutions – we have to think through different possibilities and ensure implementation of effective mechanisms.
Blockchain is a technology that brings in some inherent security features to ensure the integrity of transactions and related data. Each blockchain protocol uses a different consensus mechanism to ensure the sanctity of the shared ledger. Blockchain relies heavily on public-private key infrastructure and cryptography to authenticate and securely handle transactions submitted by different parties. This raises some interesting “what-if” questions:
Security is a vast field and there can be several solutions, each with its own benefits and trade-offs. We will describe one such technique called “Secured Multi-Party Computation”, which is aligned to the decentralized and distributed model of blockchain.
In a democratic world, we rely on mechanisms in which all concerned parties are consulted and heard before important decisions are taken. Multi-Party Computation (MPC) imbibes this philosophy in which two or more parties jointly compute an output by combining their individual inputs. The combined computed output could be used for taking important actions such as executing transactions on blockchain. MPC also ensures that the private inputs of each party are kept confidential, thus adding another dimension of Zero Knowledge Proof (ZKP) as described in one of my earlier blogs Establishing Blockchain Privacy through Zero Knowledge Proof.
MPC solutions must adhere to two main principles:
MPC works on the assumption that all concerned parties can communicate on a secured and reliable channel. Each party exchanges an encrypted version of their private input, which undergoes computational operations to build the desired output. MPC systems also need to consider that certain parties can be dishonest (adversaries) and the implementation complexity is directly proportional to the type of adversaries (partially or fully dishonest) expected in a particular use case.
Some of the key use cases where MPC can help enhance the security and privacy of blockchain-based solutions are:
MPC provides a model to enable privacy and distributed trust to secure blockchain solutions. Implementing MPC using blockchain can ensure that all MPC transactions are recorded as timestamped source of truth on blockchain. Blockchain also introduces fairness as the output computed by MPC that can be published on the shared ledger to ensure all participants receive it simultaneously.
Let’s consider a real-life use case of reserved or sealed bid auctions in which each bidding party can submit multiple bids till the auction ends. Each bid has confidential information such as the bid amount, which can’t be revealed to other participants during or even after the auction. Over the last few years, MPC has been leveraged for solving this type of use case but blockchain can be introduced to bring in fairness and transparency.
Here is how a system with blockchain and MPC will work:
The above sequence of actions ensures that all auction related activities are recorded on blockchain for complete transparency. The MPC module ensures that the confidential bid amount is not revealed and only authorized participants of blockchain are able to transact, and malicious usage is prevented.
Secured Multi-Party Computation and blockchain are technologies that have inherent capabilities of supporting a distributed, multi-party ecosystem. MPC provides certain security and privacy features which are missing in some of the blockchain protocols, whereas blockchain provides a level playing field in which the MPC transactions themselves have an immutable representation. In recent years, MPC has evolved to support efficient computations and has been cited by Gartner but the awareness of its true potential and large-scale adoption is yet to happen.
There are plenty of ways to enhance security & privacy of blockchain solutions. Looking for more information? Reach out to us @ firstname.lastname@example.org
Chief Architect, Distinguished Member of Technical Staff, CTO Office, Wipro
Hitarshi has 20 years of experience in IT architecture, consulting, design, and implementation using blockchain, API, SOA, BPM and Java/J2EE technologies. He has led several IT transformation and modernization initiatives and has provided enterprise-wide SOA-based solutions to global clients. In his current role, he leads the Center of Excellence initiatives in the Blockchain practice. He can be reached at email@example.com