National Blockchain Project

In Proceedings of Crypto, 2023.

Shweta Agrawal | Anshu Yadav | Shota Yamada.

In Proceedings of Crypto, 2023.

Shweta Agrawal | Melissa Rossi | Anshu Yadav | Shota Yamada.

Abstract:

Vertical federated learning (VFL) enables the col- laborative training of machine learning (ML) models in settings where the data is distributed amongst multiple parties who wish to protect the privacy of their individual data. Notably, in VFL, the labels are available to a single party and the complete feature set is formed only when data from all parties is combined. Recently, Xu et al. [1] proposed a new framework called FedV for secure gradient computation for VFL using multi- input functional encryption. In this work, we explain how some of the information leakage in Xu et al. can be avoided by using Quadratic functional encryption when training generalized linear models for vertical federated learning.

Shuangyi Chen | Anuja Modiy | Shweta Agrawaly | and Ashish Khisti

Abstract:

A broadcast, trace and revoke system generalizes broadcast encryption as well as traitor tracing. In such a scheme, an encryptor can specify a list L ⊆ N of revoked users so that (i) users in L can no longer decrypt ciphertexts, (ii) ciphertext size is independent of L, (iii) a pirate decryption box supports tracing of compromised users. The “holy grail” of this line of work is a construction which resists unbounded collusions, achieves all parameters (including public and secret key) sizes independent of |L| and |N |, and is based on polynomial hardness assumptions. In this work we make the following contributions:

1. Public Trace Setting: We provide a construction which (i) achieves optimal parameters, (ii) supports embedding identities (from an exponential space) in user secret keys, (iii) relies on polynomial hardness assumptions, namely compact functional encryption (FE) and a key-policy attribute based encryption (ABE) with special efficiency properties, and (iv) enjoys adaptive security with respect to the revocation list. The previous best known construction by Nishimaki, Wichs and Zhandry (Eurocrypt 2016) which achieved optimal parameters and embedded identities, relied on indistinguishability obfuscation, which is considered an inherently subexponential assumption and achieved only selective security with respect to the revocation list.
2. Secret Trace Setting: We provide the first construction with optimal ciphertext, public and secret key sizes and embedded identities from any assumption outside Obfustopia. In detail, our construction relies on Lockable Obfuscation which can be constructed using LWE (Goyal, Koppula, Waters and Wichs, Zirdelis, Focs 2017) and two ABE schemes: (i) the key-policy scheme with special efficiency properties by Boneh et al. (Eurocrypt 2014) and (ii) a ciphertext-policy ABE for P which was recently constructed by Wee (Eurocrypt 2022) using a new assumption called evasive and tensor LWE. This assumption, introduced to build an ABE, is believed to be much weaker than lattice based assumptions underlying FE or iO – in particular it is required even for lattice based broadcast, without trace.

Moreover, by relying on subexponential security of LWE, both our constructions can also support a super-polynomial sized revocation list, so long as it allows efficient representation and membership testing. Ours is the first work to achieve this, to the best of our knowledge.

Shweta Agrawal | Simran Kumari | Anshu Yadav| Shota Yamada

Blind signatures are a fundamental cryptographic primitive with numerous practical applications. While there exist many practical blind signatures from number-theoretic assumptions, the situation is far less satisfactory from post-quantum assumptions. In this work, we provide the first overall practical, lattice-based blind signature, supporting an unbounded number of signature queries and additionally enjoying optimal round complexity. We provide a detailed estimate of parameters achieved – we obtain a signature of size slightly above 45KB, for a core-SVP hardness of 109 bits. The run-times of the signer, user and verifier are also very small. Our scheme relies on the Gentry, Peikert and Vaikuntanathan signature [STOC’08] and non-interactive zero-knowledge proofs for linear relations with small unknowns, which are significantly more efficient than their general purpose counterparts. Its security stems from a new and arguably natural assumption which we introduce, called the one-more-ISIS assumption. This assumption can be seen as a lattice analogue of the one-more-RSA assumption by Bellare et al [JoC’03]. To gain confidence in our assumption, we provide a detailed analysis of diverse attack strategies.

Shweta Agrawal | Elena Kirshanova | Damien Stehle | Anshu Yadav.

Abstract:

In cryptocurrency-based permissionless blockchain networks, the decentralized structure enables any user to join and operate across different regions. The criminal entities exploit it by using cryptocurrency transactions on the blockchain to facilitate activities such as money laundering, gambling, and ransomware attacks. In recent times, different machine learning-based techniques can detect such criminal elements based on blockchain transaction data. However, there is no provision within the blockchain to deal with such elements. We propose a reputation-based methodology for response to the users detected carrying out the aforementioned illicit activities. We select Algorand blockchain to implement our methodology by incorporating it within the consensus protocol. The theoretical results obtained prove the restriction and exclusion of criminal elements through block proposal rejection and attenuation of the voting power as a validator for such entities. Further, we analyze the efficacy of our method and show that it puts no additional strain on the communication resources.

Mayank Pandey | Rachit Agarwal | Sandeep Kumar Shukla | Nishchal Kumar Verma

Abstract:

Different malicious activities occur in cryptocurrency-based permissionless blockchains such as Ethereum and Bitcoin. Some activities are due to the exploitation of vulnerabilities which are present in the blockchain infrastructure, some activities target its users through social engineering techniques, while some activities use it to facilitate different malicious activities. Since cryptocurrency-based permissionless blockchains provide pseudonymity to its users, bad actors prefer to carry out transactions related to malicious activities on them. Towards this, we aim at automatically flagging blockchain accounts as suspects that indulge in malicious activities, thus reducing the unintended support that cryptocurrency-based permissionless blockchains provide to malicious actors. We first use the cosine similarity metrics to study the similarities between the feature vector of accounts associated with different malicious activities and find that most of the malicious activities associated with the Ethereum blockchain behave similarly. We then use the K-Means clustering algorithm to check if accounts associated with similar malicious activities cluster together. We also study the effect of bias on the performance of a machine learning algorithm, due to the number of accounts associated with a malicious activity. We then compare the different state-of-the-art models and identify that Neural Networks (NN) is resistant to bias associated with a malicious activity and is also robust against adversarial attacks. The previously used ML algorithms for identifying malicious accounts also show bias towards an over-represented malicious activity.

Rachit Agarwal | Tanmay Thapliyal | Sandeep Kumar Shukla

Motivated by several new and natural applications, we initiate the study of multi-input predicate encryption (miPE) and further develop multi-input attribute based encryption (miABE). Our contributions are:

1. Formalizing Security: We provide definitions for miABE and miPE in the symmetric key setting and formalize security in the standard indistinguishability (IND) paradigm, against unbounded collusions.
2. Two-input ABE for NC1 from LWE and Pairings: We provide the first constructions for two-input key-policy ABE for NC1 from LWE and pairings. Our construction leverages a surprising connection between techniques recently developed by Agrawal and Yamada (Eurocrypt, 2020) in the context of succinct single-input ciphertext-policy ABE, to the seemingly unrelated problem of two-input key-policy ABE. Similarly to Agrawal- Yamada, our construction is proven secure in the bilinear generic group model. By leveraging inner product functional encryption and using (a variant of) the KOALA knowledge assumption, we obtain a construction in the standard model analogously to Agrawal, Wichs and Yamada (TCC, 2020).
3. Heuristic two-input ABE for P from Lattices: We show that techniques developed for succinct single-input ciphertext-policy ABE by Brakerski and Vaikuntanathan (ITCS 2022) can also be seen from the lens of miABE and obtain the first two-input key-policy ABE from lattices for P.
4. Heuristic three-input ABE and PE for NC1 from Pairings and Lattices: We obtain the first three-input ABE for NC1 by harnessing the powers of both the Agrawal-Yamada and the Brakerski-Vaikuntanathan constructions.
5. Multi-input ABE to multi-input PE via Lockable Obfuscation: We provide a generic compiler that lifts multi-input ABE to multi-input PE by relying on the hiding properties of Lockable Obfuscation (LO) by Wichs-Zirdelis and Goyal-Koppula-Waters (FOCS 2018), which can be based on LWE. Our compiler generalises such a compiler for single- input setting to the much more challenging setting of multiple inputs. By instantiating our compiler with our new two and three-input ABE schemes, we obtain the first constructions of two and three-input PE schemes.

Our constructions of multi-input ABE provide the first improvement to the compression factor of non-trivially exponentially efficient Witness Encryption defined by Brakerski et al. (SCN 2018) without relying on compact functional encryption or indistinguishability obfuscation. We believe that the unexpected connection between succinct single-input ciphertext-policy ABE and multi-input key-policy ABE may lead to a new pathway for witness encryption

Multi-input functional encryption, MIFE, is a powerful generalization of functional encryption that allows computation on encrypted data coming from multiple different data sources. In a recent work, Agrawal, Goyal, and Tomida (CRYPTO 2021) constructed MIFE for the class of quadratic functions. This was the first MIFE construction from bilinear maps that went beyond inner product computation. We advance the state-of-the-art in MIFE, and propose new constructions with stronger security and broader functionality.

• Stronger Security: In the typical formulation of MIFE security, an attacker is allowed to either corrupt all or none of the users who can encrypt the data. In this work, we study MIFE security in a stronger and more natural model where we allow an attacker to corrupt any subset of the users, instead of only permitting all-or-nothing corruption. We formalize the model by providing each user a unique encryption key, and letting the attacker corrupt all non-trivial subsets of the encryption keys, while still maintaining the MIFE security for ciphertexts generated using honest keys. We construct a secure MIFE system for quadratic functions in this fine-grained corruption model from bilinear maps. Our construction departs significantly from the existing MIFE schemes as we need to tackle a more general class of attackers.
• Broader Functionality: The notion of multi-client functional encryption, MCFE, is a useful extension of MIFE. In MCFE, each encryptor can additionally tag each ciphertext with appropriate metadata such that ciphertexts with only matching metadata can be decrypted together. In more detail, each ciphertext is now annotated with a unique label such that ciphertexts encrypted for different slots can now only be combined together during decryption as long as the associated labels are an exact match for all individual ciphertexts. In this work, we upgrade our MIFE scheme to also support ciphertext labelling. While the functionality of our scheme matches that of MCFE for quadratic functions, our security guarantee falls short of the general corruption model studied for MCFE. In our model, all encryptors share a secret key, therefore this yields a secret-key version of quadratic MCFE, which we denote by SK-MCFE. We leave the problem of proving security in the general corruption model as an important open problem.

Abstract:

The recent work of Agrawal et al., [Crypto ’21] and Goyal et al. [Eurocrypt ’22] concurrently introduced the notion of dynamic bounded collusion security for functional encryption (FE) and showed a construction satisfying the notion from identity based encryption (IBE). Agrawal et al., [Crypto ’21] further extended it to FE for Turing machines in non-adaptive simulation setting from the sub-exponential learining with errors assumption (LWE). Concurrently, the work of Goyal et al. [Asiacrypt ’21] constructed attribute based encryption (ABE) for Turing machines achieving adaptive indistinguishability based security against bounded (static) collusions from IBE, in the random oracle model. In this work, we significantly improve the state of art for dynamic bounded collusion FE and ABE for Turing machines by achieving adaptive simulation style security from a broad class of assumptions, in the standard model. In more detail, we obtain the following results:

1. We construct an adaptively secure (AD-SIM) FE for Turing machines, supporting dynamic bounded collusion, from sub-exponential LWE. This improves the result of Agrawal et al. which achieved only non-adaptive (NA-SIM) security in the dynamic bounded collusion model.
2. Towards achieving the above goal, we construct a ciphertext policy FE scheme (CPFE) for circuits of unbounded size and depth, which achieves AD-SIM security in the dynamic bounded collusion model from IBE and laconic oblivious transfer (LOT). Both IBE and LOT can be instantiated from a large number of mild assumptions such as the computational Diffie-Hellman assumption, the factoring assumption, and polynomial LWE. This improves the construction of Agrawal et al. which could only achieve NA-SIM security for CPFE supporting circuits of unbounded depth from IBE.
3. We construct an AD-SIM secure FE for Turing machines, supporting dynamic bounded collusions, from LOT, ABE for NC1 (or NC) and private information retrieval (PIR) schemes which satisfy certain properties. This significantly expands the class of assumptions on which AD-SIM secure FE for Turing machines can be based. In particular, it leads to new constructions of FE for Turing machines including one based on polynomial LWE and one based on the combination of the bilinear decisional Diffie-Hellman assumption and the decisional Diffie-Hellman assumption on some specific groups. In contrast the only prior construction by Agrawal et al. achieved only NA-SIM security and relied on sub-exponential LWE. To achieve the above result, we define the notion of CPFE for read only RAM programs and succinct FE for LOT, which may be of independent interest.
4. We also construct an ABE scheme for Turing machines which achieves AD-IND security in the standard model supporting dynamic bounded collusions. Our scheme is based on IBE and LOT. Previously, the only known candidate that achieved AD-IND security from IBE by Goyal et al. relied on the random oracle model.

Abstract:

Blind signatures are a fundamental cryptographic primitive with numerous practical applications. While there exist many practical blind signatures from number-theoretic assumptions, the situation is far less satisfactory from post-quantum assumptions. In this work, we provide the first overall practical, lattice-based blind signature, supporting an unbounded number of signature queries and additionally enjoying optimal round complexity. We provide a detailed estimate of parameters achieved – we obtain a signature of size slightly above 45KB, for a core-SVP hardness of 109 bits. The run-times of the signer, user and verifier are also very small. Our scheme relies on the Gentry, Peikert and Vaikuntanathan signature [STOC’08] and non-interactive zero-knowledge proofs for linear relations with small unknowns, which are significantly more efficient than their general purpose counterparts. Its security stems from a new and arguably natural assumption which we introduce, called the one-more-ISIS assumption. This assumption can be seen as a lattice analogue of the one-more-RSA assumption by Bellare et al [JoC’03]. To gain confidence in our assumption, we provide a detailed analysis of diverse attack strategies.

Shweta Agrawal | Damien Stehle | Anshu Yadava

Abstract:

The electronic Health (eHealth) record transforms the conventional healthcare domain into a digital healthcare domain that advances the service to the people. The eHealthcare gained more attention these days due to its benefits such as ease in transferring the record, available at all times, and effortless search and access. However, security and user privacy slow down the broader implementation of eHealthcare in various hospitals and countries. To utilize the effectiveness of eHealthcare and protect the data against various attacks, this chapter proposes a blockchain-based electronic health record management system. The encrypted eHealth records are stored on the cloud or Inter Planetary File System (IPFS) and the meta-data of the records on the blockchain to ensure data availability, integrity, and confidentiality. The proposed system provides immutable logging of access information for audit and regulatory compliance. In addition, the patient’s redundant account problem and data inaccessibility during the patient’s unresponsive state are addressed. The proposed system is implemented by modifying the goethereum implementation to analyze the overhead and applicability. The implementation results, security, and overhead analysis substantiate the proposed eHealthcare management system

Subramanian Venkatesan | Shubham Sahai | Sandeep Kumar Shukla | Jaya Singh

Abstract:

The rise in the adoption of blockchain technology has led to increased illegal activities by cyber-criminals costing billions of dollars. Many machine learning algorithms are applied to detect such illegal behavior. These algorithms are often trained on the transaction behavior and, in some cases, trained on the vulnerabilities that exist in the system. In our approach, we study the feasibility of using metadata such as Domain Name (DN) associated with the account in the blockchain and identify whether an account should be tagged malicious or not. Here, we leverage the temporal aspects attached to the DNs. Our results identify 144930 DNs that show malicious behavior, and out of these, 54114 DNs show persistent malicious behavior over time. Nonetheless, none of these identified malicious DNs were reported in new officially tagged malicious blockchain DNs.

Rohit Kumar Sachan | Rachit Agarwal | Sandeep Kumar Shukla

Abstract:

The decentralization, redundancy, and pseudo-anonymity features have made permission-less public blockchain platforms attractive for adoption as technology platforms for cryptocurrencies. However, such adoption has enabled cybercriminals to exploit vulnerabilities in blockchain platforms and target the users through social engineering to carry out malicious activities. Most of the state-of-the-art techniques for detecting malicious actors depend on the transactional behavior of individual wallet addresses but do not analyze the money trails. We propose a heuristics-based approach that adds new features associated with money trails to analyze and find suspicious activities in cryptocurrency blockchains. Here, we focus only on the cyclic behavior and identify hidden patterns present in the temporal transactions graphs in a blockchain. We demonstrate our methods on the transaction data of the Ethereum blockchain. We find that malicious activities (such as Gambling, Phishing, and Money Laundering) have different cyclic patterns in Ethereum. We also identify two suspicious temporal cyclic path-based transfers in Ethereum. Our techniques may apply to other cryptocurrency blockchains with appropriate modifications adapted to the nature of the crypto-currency under investigation.

Banwari Lal | Rachit Agarwal | Sandeep Kumar Shukla

Abstract:

The growing chain’s storage requirements are al- ways an issue with blockchain platforms, and devices may not allocate the required storage to replicate an entire blockchain instance. To overcome this issue, we propose a storage constraint-free blockchain model that divides the growing blockchain into fixed-size sets of blocks, excluding the genesis block and allowing the participating nodes to store the recent blocks according to their storage capacity. Suppose a node decides not to replicate a few sets of old blocks to accommodate the blockchain according to its storage availability. In that case, it stores the corresponding set’s last block hash and the XOR of the remaining blocks’ hashes and then drops those blocks. Nodes that receive blocks, equivalent to the deleted blocks from other nodes will validate it by comparing the previous set’s last block hash with the received set’s first block parent hash and XOR hash with the block hashes. If they match, the node will accept the equivalent set of deleted blocks; otherwise, reject. This will guarantee to avoid any uncertainty, single collision multi-block replacement, and partial chain replacement attack. The analysis and experimental results show that the proposed model is storage efficient and needs less overhead. The proposed model provides security equivalent to the traditional blockchain and allows the storage constrained devices to participate in the application for a long time compared with the other models.

Yuvaraj Rajendra | Sachin Sahu | Venkatesan Subramanian | Sandeep Kumar Shukla

Abstract:

Directed Graph based models of a blockchain that capture accounts as nodes and transactions as edges, evolve over time. This temporal nature of a blockchain model enables us to understand the behavior (malicious or benign) of the accounts. Predictive classification of accounts as malicious or benign could help users of the permissionless blockchain platforms to operate in a secure manner. Motivated by this, we introduce temporal features such as burst and attractiveness on top of several already used graph properties such as the node degree and clustering coefficient. Using identified features, we train various Machine Learning (ML) models and identify the algorithm that performs the best in detecting malicious accounts. We then study the behavior of the accounts over different temporal granularities of the dataset before assigning them malicious tags. For the Ethereum blockchain, we identify that for the entire dataset—the ExtraTreesClassifier performs the best among supervised ML algorithms. On the other hand, using cosine similarity on top of the results provided by unsupervised ML algorithms such as K-Means on the entire dataset, we were able to detect 554 more suspicious accounts. Further, using behavior change analysis for accounts, we identify 814 unique suspicious accounts across different temporal granularities.

Shikhar Barve | Rachit Agarwal | Sandeep Kumar Shukla

Abstract:

The temporal aspect of blockchain transactions enables us to study the address's behavior and detect if it is involved in any illicit activity. However, due to the concept of change addresses (used to thwart replay attacks), temporal aspects are not directly applicable in the Bitcoin blockchain. Several pre-processing steps should be performed before such temporal aspects are utilized. We are motivated to study the Bitcoin transaction network and use the temporal features such as burst, attractiveness, and inter-event time along with several graph-based properties such as the degree of node and clustering coefficient to validate the applicability of already existing approaches known for other cryptocurrency blockchains on the Bitcoin blockchain. We generate the temporal and non-temporal feature set and train the Machine Learning (ML) algorithm over different temporal granularities to validate the state-of-the-art methods. We study the behavior of the addresses over different time granularities of the dataset. We identify that after applying change-address clustering, in Bitcoin, existing temporal features can be extracted and ML approaches can be applied. A comparative analysis of results show that the behavior of addresses in Ethereum and Bitcoin is similar with respect to in-degree, out-degree and inter-event time. Further, we identify 3 suspects that showed malicious behavior across different temporal granularities. These suspects are not marked as malicious in Bitcoin.

Deepesh Chaudhari | Rachit Agarwal | Sandeep Kumar Shukla

Abstract:

The metadata aspect of Domain Names (DNs) enables us to perform a behavioral study of DNs and detect if a DN is involved in in-browser cryptojacking. Thus, we are motivated to study different temporal and behavioral aspects of DNs involved in cryptojacking. We use temporal features such as query frequency and query burst along with graph-based features such as degree and diameter, and non-temporal features such as the string-based to detect if a DNs is suspect to be involved in the in-browser cryptojacking. Then, we use them to train the Machine Learning (ML) algorithms over different temporal granularities such as 2 hours datasets and complete dataset. Our results show DecisionTrees classifier performs the best with 59.5% Recall on cryptojacked DN, while for unsupervised learning, K-Means with K=2 perform the best. Similarity analysis of the features reveals a minimal divergence between the cryptojacking DNs and other already known malicious DNs. It also reveals the need for improvements in the feature set of state-of-the-art methods to improve their accuracy in detecting in-browser cryptojacking. As added analysis, our signature-based analysis identifies that none-of-the Indian Government websites were involved in cryptojacking during October-December 2021. However, based on the resource utilization, we identify 10 DNs with different properties than others.

Rohit K. Sachan | Rachit Agarwal | Sandeep K. Shukla

Abstract:

We initiate the study of multi-party functional encryption (MPFE) which unifies and abstracts out various notions of functional encryption which support distributed ciphertexts or secret keys, such as multi-input FE, multi-client FE, decentralized multi-client FE, multi-authority FE, dynamic decentralized FE, adhoc multi-input FE and such others. Using our framework, we identify several gaps in the literature and provide some constructions to fill these:

1. Multi-Authority ABE with Inner Product Computation. The recent work of Abdalla et al. (ASIACRYPT’20) constructed a novel “composition” of Attribute Based Encryption (ABE) and Inner Product Functional Encryption (IPFE), namely functional encryption schemes that combine the access control functionality of attribute based encryption with the possibility of performing linear operations on the encrypted data. In this work, we extend the access control component to support the much more challenging multi-authority setting, i.e. “lift” the primitive of ABE in their construction to multi-authority ABE for the same class of access control policies (LSSS structures). This yields the first construction of a nontrivial multi-authority FE beyond ABE from simple assumptions on pairings to the best of our knowledge. Our techniques can also be used to generalize the decentralized attribute based encryption scheme of Michalevsky and Joye (ESORICS’18) to support inner product computation on the message. While this scheme only supports inner product predicates which is less general than those supported by the Lewko-Waters (EUROCRYPT’11) construction, it supports policy hiding which the latter does not. Our extension inherits these features and is secure based on the k-linear assumption, in the random oracle model.
2. Function Hiding DDFE. The novel primitive of dynamic decentralized functional encryption (DDFE) was recently introduced by Chotard et al. (CRYPTO’20), where they also provided the first construction for inner products. However, the primitive of DDFE does not support function hiding, which is a significant limitation for several applications. In this work, we provide a new construction for inner product DDFE which supports function hiding. To achieve our final result, we define and construct the first function hiding multi-client functional encryption (MCFE) scheme for inner products, which may be of independent interest. 3. Distributed Ciphertext-Policy ABE. We provide a distributed variant of the recent ciphertext- policy attribute based encryption scheme, constructed by Agrawal and Yamada (EUROCRYPT’20). Our construction supports NC1 access policies, and is secure based on “Learning With Errors” and relies on the generic bilinear group model as well as the random oracle model.

Shweta Agrawal | Rishab Goyal | Junichi Tomida

Abstract:

Advances in the healthcare sector are entering into a new era in the form of Health 4.0. The integration of innovative technologies like Cyber-Physical Systems (CPS), Big Data, Cloud Computing, Machine Learning, and Blockchain with Healthcare services has led to improved performance and efficiency through data-based learning and interconnection of systems. On the other hand, it has also increased complexities and has brought its own share of vulnerabilities due to the heavy influx, sharing and storage of healthcare data. Its protection from cyberattacks along with privacy preservation through authenticated access is one of the significant challenges for the healthcare sector. For this purpose, the use of blockchain-based networks can lead to a considerable reduction in the vulnerabilities of the healthcare systems and secure their data. This chapter explores blockchain’s role in strengthening healthcare data security by answering the questions related to what data to use, when we need, why we need, who needs, and how state-of-the-art techniques use blockchains to secure healthcare data. As a case study, we also explore and analyze the state-of-the-art implementations for blockchain in healthcare data security for the Covid-19 pandemic. In order to provide a path for the direction of future research, we identify and discuss the technical limitations and regulatory challenges associated with blockchain-based healthcare data security implementation.

Mayank Pandey | Rachit Agarwal | Sandeep Kumar Shukla | Nishchal Kumar Verma

Abstract:

We have constructed the first multi-input functional encryption (MIFE) scheme for quadratic functions from pairings. Our construction supports a polynomial number of users, where user i, for i ∈ [n], encrypts input xi ∈ Zm to obtain ciphertext CTi. The key generator provides a key SKc for vector c ∈ Z(mn)2, and decryption, given CT1, . . . , CTn and SKc, recovers 〈c, x ⊗ x〉 and nothing else.
We have achieved indistinguishability-based (selective) security against unbounded collusions under the standard bilateral matrix Diffie-Hellman assumption. It is worth noting that all previous MIFE schemes either support only inner products (linear functions) or rely on strong cryptographic assumptions such as indistinguishability obfuscation or multi-linear maps.

Shweta Agrawal | Rishab Goyal | Junichi Tomida

Abstract:

Boneh, Waters and Zhandry (CRYPTO 2014) used multilinear maps to provide a solution to the long-standing problem of public-key broadcast encryption (BE) where all parameters in the system are small. In this work, we improve their result by providing a solution that uses only bilinear maps and Learning With Errors (LWE). Our scheme is fully collusion-resistant against any number of colluders, and can be generalized to an identity-based broadcast system with short parameters. Thus, we reclaim the problem of optimal broadcast encryption from the land of “Obfustopia”.
Our main technical contribution is a ciphertext policy attribute based encryption (CP-ABE) scheme which achieves special efficiency properties – its ciphertext size, secret key size, and public key size are all independent of the size of the circuits supported by the scheme. We show that this special CP-ABE scheme implies BE with optimal parameters; but it may also be of independent interest. Our constructions rely on a novel interplay of bilinear maps and LWE, and are proven secure in the generic group model.

Shweta Agrawal | Rishab Goyal | Junichi Tomida

Abstract:

Boneh, Waters and Zhandry (CRYPTO 2014) used multilinear maps to provide a solution to the long-standing problem of public-key broadcast encryption (BE) where all parameters in the system are small. In this work, we improve their result by providing a solution that uses only bilinear maps and Learning With Errors (LWE). Our scheme is fully collusion-resistant against any number of colluders, and can be generalized to an identity-based broadcast system with short parameters. Thus, we reclaim the problem of optimal broadcast encryption from the land of “Obfustopia”.
Our main technical contribution is a ciphertext policy attribute based encryption (CP-ABE) scheme which achieves special efficiency properties – its ciphertext size, secret key size, and public key size are all independent of the size of the circuits supported by the scheme. We show that this special CP-ABE scheme implies BE with optimal parameters; but it may also be of independent interest. Our constructions rely on a novel interplay of bilinear maps and LWE, and are proven secure in the generic group model.

Shweta Agrawal | Shota Yamada

Abstract:

In general, applications use Trusted Third Party to authenticate users, application servers, and devices. Since Trusted Third Party based solutions are centralized, a decentralized scheme is preferred for applications, and blockchain is one of the best solutions for decentralization. Hence, this paper proposes a trust score based decentralized authentication model using the blockchain technology for dynamic networks. In our proposed model, any device can join the network at any time through existing nodes by sending the join transaction to the blockchain. A new device in the network can do messaging with other existing devices; however, the receiving device may not accept until the sender gains a full trust score in the network. The trust score of nodes is built based on its behavior and contributions to the network viz. mining, voting, introducing new node, and fact creation. The proposed model does not give incentives to the miners in the form of currency. At the same time, it should support the network, which is public, dynamic, and untrusted. Hence, we introduce a private and public nodes based blockchain model with incentives such as subsidy, green corridor, etc. We analyze the proposed model for security effectiveness, resource usage, communication overhead, and computational performance to prove lightweight devices' applicability.

Venkatesan Subramanian | Yuvaraj Rajendra | Shubham Sahai | Sandeep K Shukla

Abstract:

Ethereum is the second most valuable cryptocurrency, right after Bitcoin. The most distinguishing feature of Ethereum was the introduction of smart contracts which are essentially small computer programs that sit on top of the blockchain. They are written in programming languages like Solidity and are executed by the Ethereum Virtual Machine (EVM). Since these contracts are present on the blockchain itself, they become immutable as long as the blockchains integrity is not compromised. This makes it a nightmare for security researchers as the vulnerabilities found cannot be patched. Also, since Ethereum is a public blockchain, all the contract bytecodes are available publicly. The DAO and the Parity attack are two prominent attacks that have caused great monetary losses. There are many tools that have been developed to cope with these challenges. However, the lack of a benchmark to compare these tools, non-standard vulnerability naming conventions, etc. make the job of a security analyst very difficult.

Bishwas C Gupta | Nitesh Kumar | Anand Handa | Sandeep K Shukla

Abstract:

Consider sources that supply sensitive data to an aggregator. Standard encryption only hides the data from eavesdroppers, but using specialized encryption one can hope to hide the data (to the extent pos- sible) from the aggregator itself. For flexibility and security, we envision schemes that allow sources to supply encrypted data, such that at any point a dynamically-chosen subset of sources can allow an agreed-upon joint function of their data to be computed by the aggregator. A primi- tive called multi-input functional encryption (MIFE), due to Goldwasser et al. (EUROCRYPT 2014), comes close, but has two main limitations:

- It requires trust in a third party, who is able to decrypt all the data
- It requires function arity to be fixed at setup time and to be equal to the number of parties

To drop these limitations, we introduce a new notion of ad hoc MIFE. In our setting, each source generates its own public key and issues in- dividual, function-specific secret keys to an aggregator. For successful decryption, an aggregator must obtain a separate key from each source whose ciphertext is being computed upon. The aggregator could obtain multiple such secret-keys from a user corresponding to functions of vary- ing arity. For this primitive, we obtain the following results:

– We show that standard MIFE for general functions can be boot- strapped to ad hoc MIFE for free, i.e. without making any additional assumption.
– We provide a direct construction of ad hoc MIFE for the inner prod- uct functionality based on the Learning with Errors (LWE) assump- tion. This yields the first construction of this natural primitive based on a standard assumption.

At a technical level, our results are obtained by combining standard MIFE schemes and two-round secure multiparty computation (MPC) protocols in novel ways highlighting an interesting interplay between MIFE and two-round MPC in the construction of non interactive prim- itives.

Abstract:

Integrity and security of the data in database systems are typically maintained with access control policies and fire-walls. However,insider attacks– where someone with an intimate knowledge of the system and administrative priv-ileges tampers with the data – pose a unique challenge.Measures like append only logging prove to be insufficient because an attacker with administrative privileges can alter logs and login records to eliminate the trace of attack, thus making insider attacks hard to detect.In this paper, we proposeVerity– first of a kind system to the best of our knowledge. Verity serves as a dataless frame-work by which any blockchain network can be used to store fixed-length metadata about tuples from any mySQL database,without complete migration of the database. Verity uses a formalism for parsing SQL queries and query results to check the respective tuples’ integrity using blockchains to detect insider attacks. We have implemented our technique us-ing Hyperledger Fabric, Composer REST API, and SQLitedatabase. Using TPC-H data and SQL queries of varying complexity and types, our experiments demonstrate that any overhead of integrity checking remains constant per tu-ple in a query’s results, and scales linearly.

Shubham S. Srivastava | Medha Atre | Shubham Sharma | Rahul Gupta | Sandeep K. Shukla

Abstract:

Land is immovable property, and to prove the ownership of the land, ideally, one must provide a legal document that should conclusively prove it. But, land record in India is a loosely defined term. Here, one is presumed to be the owner, until proven otherwise. Land record is a generic term that could mean a record of rights,Khasra, Shajra, etc. Moreover, different documents are maintained by different departments, and any one of them could be used to stake a claim on the land. This leads to numerous disputes, and it is evident from the number of cases, which are pending in Indian courts. In this paper,we aim to solve this problem of coordination between the various departments, and multiplicity of land records, via entanglement of blockchains.

Rishab Chatterjee | Aswin Sekhari | Ras Dwivedi | Rohit Negi | Sandeep Shukla

Abstract:

Privacy is a fundamental right for every human,but in today’s world, this is not ensured in every sector.The health sector is such an example where patients privacy is not respected, and sensitive data like prescription dosages, medical bill amounts, and their entire medical history are leaked online without any encryption. We designed, implemented and deployed an architecture in this research where we tried to usePublic Key Infrastructure (PKI) and Hyperledger Fabric and simulated workflow of healthcare sector while ensuring that patients' medical records are in complete control of patient only. Hyperledger Fabric, which is a blockchain framework,provides integrity to the medical records, which can be verified at any later point of time. Proxy re-encryption has been used to provide medical records access to others but only with permission from the patient. Besides patients and hospitals, this architecture also involves other institutions like insurance companies and pharmacies to provide various services to the patients. Lastly, we performed some performance experiments on the architecture to check the throughput and latencies.

Devendra K Meena | Ras Dwivedi | Sandeep Shukla

Abstract:

Ethereum is a blockchain platform where users can transact cryptocurrency as well as build and deploy decentralized applications using smart contracts. The participants in the Ethereum platform are ‘pseudo- anonymous’ and same user can have multiple accounts under multiple cryptographic identities. As a result, detecting malicious users engaged in fraudulent activities as well as attribution are quite difficult. In the recent past, multiple such activities came to light. In the famous Ethereum DAO attack, hackers exploited bug in smart contracts stole large amount of cryptocurrency using fraudulent transactions. However, activities such as ponzi-scheme, tax evasion by transacting in cryptocurrency, using pseudo-anonymous accounts for receiving ransom payment, consolidation of funds accumulated under multiple identities etc. should be monitored and detected in order to keep legitimate users safe on the platform. In this work, we detect malicious nodes by using supervised machine learning based anomaly detection in the transactional behavior of the accounts. Depending on the two prevalent account types – Externally Owned Account (EOA) and smart contract accounts, we apply two distinct machine learning models. Our models achieve a detection accuracy of 96.54% with 0.92% false-positive ratio and 96.82% with 0.78% false- positive ratio for EOA and smart contract account analysis, respectively. We also find the listing of 85 new malicious EOA and 1 smart contract addresses between 20 January 2020 and 24 February 2020. We evaluate our model on these, and the accuracy of that evaluation is 96.21% with 3% false positive.

Nitesh Kumar | Ajay Singh | Anand Handa | Sandeep Shukla

Thesis

Towards Malicious account identification in Bitcoin

Abstract:

DETECTING MALICIOUS ACCOUNTS IN PERMISSIONLESS BLOCKCHAINS USING TEMPORAL GRAPH PROPERTIES

Abstract:

INVESTMENT COMPLIANCE IN HEDGE FUNDS USING ZERO-KNOWLEDGE PROOFS ON ETHEREUM

Abstract:

SYMBOLIC EXECUTION TOOL TO FIND DOS VULNERABILITIES IN ETHEREUM SMART CONTRACTS

Abstract:

HONEYBADGERBFT AS AN ORDERING SERVICE IN HYPERLEDGER FABRIC

Abstract:

SBFT : AN IMPLEMENTATION OF ORDERING SERVICE FOR PERMISSIONED BLOCKCHAIN

Abstract:

DEVELOPING A SELF-SOVEREIGN IDENTITY ECOSYSTEM

Abstract:

PROPERTY REGISTRATION AND LAND RECORD MANAGEMENT VIA BLOCKCHAINS

Abstract:

PRESERVING PATIENT’S PRIVACY USING PROXY RE-ENCRYPTION IN PERMISSIONED BLOCKCHAIN

Abstract:

ELASTICO AS AN ORDERING SERVICE IN HYPERLEDGER FABRIC

Abstract:

ANOMALY DETECTION IN THE ETHEREUM NETWORK

Abstract:

ANALYSIS OF ETHEREUM SMART CONTRACTS - A SECURITY PERSPECTIVE

Abstract:

Papers

Attribute-Based Multi-Input FE (and more) for Attribute-Weighted Sums. Shweta Agrawal, Anshu Yadav and Junichi Tomida. In Proceedings of Crypto, 2023.

Constant Input Attribute Based (and Predicate) Encryption from Evasive and Tensor LWE. Shweta Agrawal, Melissa Rossi, Anshu Yadav and Shota Yamada. In Proceedings of Crypto, 2023.

Quadratic Functional Encryption for Secure Training in Vertical Federated Learning. Shuangyi Chen, Anuja Modi, Shweta Agrawal and Ashish Khisti. In Proceedings of IEEE International Symposium on Information Theory (ISIT), 2023.

Abstract:

Broadcast, Trace and Revoke with Optimal Parameters from Polynomial Hardness. Shweta Agrawal, Simran Kumari, Anshu Yadav, and Shota Yamada | Eurocrypt, 2023.

Abstract:

Practical, Round-Optimal Lattice-Based Blind Signatures. Shweta Agrawal and Elena Kirshanova and Damien Stehle and Anshu Yadav | ACM Conference on Computer and Communications Security (CCS), 2022.

Reputation-based PoS for the Restriction of Illicit Activities on Blockchain: Algorand Usecase Mayank Pandey, Rachit Agarwal, Sandeep Kumar Shukla, Nishchal Kumar Verma

Abstract:

Analyzing malicious activities and detecting adversarial behavior in cryptocurrency based permissionless blockchains: An Ethereum usecase Authors: Rachit Agarwal, Tanmay Thapliyal , Sandeep Kumar Shukla

Abstract:

Multi-Input Attribute Based Encryption and Predicate Encryption. Shweta Agrawal and Anshu Yadav and Shota Yamada. In Proceedings of Crypto, 2022.

Multi-Input Quadratic Functional Encryption: Stronger Security, Broader Functionality. Shweta Agrawal and Rishab Goyal and Junichi Tomida | Theory of Cryptography Conference (TCC), 2022.

Bounded Functional Encryption for Turing Machines: Adaptive Security from General Assumptions. Shweta Agrawal and Fuyuki Kitagawa and Anuja Modi and Ryo Nishimaki and Shota Yamada and Takashi Yamakawa | Theory of Cryptography Conference (TCC), 2022.

Abstract:

Round-Optimal Lattice-Based Threshold Signatures, Revisited. Shweta Agrawal and Damien Stehle and Anshu Yadav | EATCS International Colloquium on Automata, Languages, and Programming (ICALP), 2022.

Abstract:

Venkatesan, S., Sahai, S., Shukla, S.K., Singh, J. (2021). Secure and Decentralized Management of Health Records. In: Namasudra, S., Deka, G.C. (eds) Applications of Blockchain in Healthcare. Studies in Big Data, vol 83. Springer, Singapore. https://doi.org/10.1007/978-981-15-9547-9_5

Abstract:

Rohit Kumar Sachan, Rachit Agarwal, Sandeep Kumar Shukla.Identifying malicious accounts in Blockchains using Domain Names and associated temporal properties

Abstract:

Banwari Lal, Rachit Agarwal, Sandeep Kumar Shukla.Understanding Money Trails of Suspicious Activities in a cryptocurrency-based Blockchain

Abstract:

Y. Rajendra, S. Sahu, V. Subramanian and S. K. Shukla, "A Storage Efficient Blockchain Model for Constrained Applications," 2021 Third International Conference on Blockchain Computing and Applications (BCCA), 2021, pp. 73-80, doi: 10.1109/BCCA53669.2021.9656967.

Abstract:

Agarwal, R., Barve, S. & Shukla, S.K. Detecting malicious accounts in permissionless blockchains using temporal graph properties. Appl Netw Sci 6, 9 (2021). https://doi.org/10.1007/s41109-020-00338-3

Abstract:

D. Chaudhari, R. Agarwal and S. K. Shukla, "Towards Malicious address identification in Bitcoin," 2021 IEEE International Conference on Blockchain (Blockchain), 2021, pp. 425-432, doi: 10.1109/Blockchain53845.2021.00066.

Abstract:

DNS based In-Browser Cryptojacking Detection Rohit Kumar Sachan, Rachit Agarwal, Sandeep Kumar Shukla

Abstract:

Multi-party Functional Encryption. Shweta Agrawal and Rishab Goyal and Junichi Tomida | Theory of Cryptography Conference (TCC), 2021.

Abstract:

Security of Healthcare Data Using Blockchains ByMayank Pandey, Rachit Agarwal, Sandeep K Shukla, Nishchal K Verma

Abstract:

Multi-Input Quadratic Functional Encryption from Pairings. Shweta Agrawal and Rishab Goyal and Junichi Tomida | Crypto, 2021.

Abstract:

Optimal Broadcast Encryption from LWE and Pairings in the Standard Model. Shweta Agrawal and Rishab Goyal and Junichi Tomida | Crypto, 2021.

Abstract:

Optimal Broadcast Encryption from Pairings and LWE. Shweta Agrawal and Shota Yamada | Eurocrypt,2020 (Best Paper Award).

Abstract:

V. Subramanian, Y. Rajendra, S. Sahai and S. K. Shukla, "Decentralized Device Authentication Model using the Trust Score and Blockchain Technology for Dynamic Networks, " 2020 IEEE International Conference on Blockchain (Blockchain), 2020, pp. 116-125, doi: 10.1109/Blockchain50366.2020.00022.

Abstract:

Abstract:

Ad hoc Multi-Input Functional Encryption.Shweta Agrawal, Michael Clear, Ophir Frieder, Sanjam Garg, Adam O'Neill and Justin Thaler. | Innovations in Theoretical Computer Science (ITCS), 2020

Abstract:

S. Sahai, M. Atre, S. Sharma, R. Gupta and S. K. Shukla, "Verity: Blockchain Based Framework to Detect Insider Attacks in DBMS," 2020 IEEE International Conference on Blockchain (Blockchain), 2020, pp. 26-35, doi: 10.1109/Blockchain50366.2020.00012.

Abstract:

Entangled Blockchains in Land Registry

Abstract:

D. K. Meena, R. Dwivedi and S. Shukla, "Preserving Patient’s Privacy using Proxy Re-encryption in Permissioned Blockchain," 2019 Sixth International Conference on Internet of Things: Systems, Management and Security (IOTSMS), 2019, pp. 450-457, doi: 10.1109/IOTSMS48152.2019.8939226.

Abstract:

Abstract: