KMSchain Zero-knowle ledge, , dec decentraliz ized solu - - PowerPoint PPT Presentation
KMSchain Zero-knowle ledge, , dec decentraliz ized solu solutions for or inclusive pr protection of of da data pr priv ivacy on cl on cloud, , bl blockchain in an and be beyond. . We e ar are experts of of zer ero-knowle
2018
PRES ESENT NTATION
Zero-knowle ledge, , dec decentraliz ized solu solutions for
protection of
data pr priv ivacy
cloud, , bl blockchain in an and be beyond. .
Co Copyrig ight KM KMSchain in 2018
We e ar are experts of
ero-knowle ledge pr priv ivacy solu solutions.
2
Who are we
We are expertized in Blockchain T echnology and development of Zero Knowledge Privacy Protocols. There are three main dimensions of technologies provided by us.
Private blockchain solutions powered by zero knowledge proof protocol (Lelantus) for enterprise grade protection of transactional privacy and anonymity.
TRANSACTIONAL CONFIDENTIALITY
Designed to Power Blockchain Infrastructures Privacy of transaction values and origins
Decentralized, zero-knowledge KMS and easy-to-use end-to-end encryption tools for securing user data in modern distributed applications and beyond
DATA PRIVACY
Enables data privacy on Blockchain and cloud Provides unique scalable solution for encrypted data management
State-of-the-art Zero-knowledge Proof technology developed to enable verification of data without compromising its privacy
ZERO KNOWLEDGE PROOFS
Application of the technology in different domains Develop use case specific privacy protocols to meet your ecosystem needs
Zero Knowledge Privacy
DECENTRALIZED KEY MANAGEMENT SOLUTION
Data is a Core Resource
We live in a data-centric world, where data is the cornerstone of business infrastructures and driving force of social-economic relationships 2.5 2.5 qu quintilli lion byt ytes s of
data is s cr created per per da day
4
90% 90% of
data ha have be been cr created in las ast two yea ears Em Emergence of
audit an and com
liance req equir irements s (GD (GDPR, , HI HIPAA, CJI JIS, , FER FERPA, , PC PCI, I, IT ITAR, etc.)
5
Encryption as a way to Protect Data
Encryption is a robust approach of protecting data from breaches and leaks.
Encrypted Gibberish Plain Text
EnCt2ac4 ac4bfa fa13c7 c762664d 4d5352dee ee620 2eeb360a0 a029d3dac4 ac4bfa fa13c7 c762664d5 4d5 352dee60 e60v1+mjP5 1+mjP5fA fAF Hello
Pub Publi lic c Key ey Cryptog yptograph phy
6
Management of Encrypted Data is a Challenge
As a cryptographic access control mechanism Public Key Encryption is limited in several ways
Does not scale well in case of many to many messaging and multiple intended recipients Requires advanced knowledge of recipient Access can not be revoked after the encrypted message has been shared.
Limit itati ation
s of Stand ndar ard d Publ blic ic Key Cryptog
hy
7
Sample Scalability and Performance Failures in Case
IPFS, S, Swarm, m, Cloud Bob Eve Eve David id Carol
x 1 x 100 00
It d It does not
scale le wel ell
What are Alternatives of Key Management?
8
Amazon, Google, Microsoft, Alibaba provide Key Management as a Service for addressing this technical challenge. But these services have single point of failure
all user keys.
service provider can not serve decentralized applications
9
Combining the Best of Both Words
We provide flexible encryption and data management technology which does not compromise the data security via introducing single point of failure
Federated Key Management Legacy Encryption Method
✓ Secur curit ity y ✓ Privac vacy ✓ Sca calabi ability lity ✓ Convin vinence ence
KM KMSc Schai ain
10
How Proxy Re-encryption Works
The proxy can transform a ciphertext encrypted under Alice’s public-key into ciphertext encrypted under Bob’s public key.
Re Re-Encr ncryption ption Key ey Re Re-Encr ncryption ption
KMSchai Schain n enables bles flexible ible , s scala calable ble and secur ure key manageme agement nt in distribu tributed ted environ
ents. Enables bles re-encr cryp yption tion of alread eady y encrypt pted ed data ta and d access cess delegation gation without
ypting ng data ta as an intermediat mediate e step. p. Highly hly flexible ible user r exper erie ience, ce, revocable
ta access ess. Efficien ficient t utilization zation of data ta stora rage. ge.
Advantages of Our Technology
Proxy re-encryption allows KMSchain to split document access management from cryptographic operations without the need to always-trusted, centralized entity
Decentralized Privacy Layer
KMSchain enables to build decentralized, zero-knowledge Key Management Services to solve a significant market need enabling DApps and other data critical applications to integrate data encryption and KMS technologies without compromising decentralization. Re-encryption key are split into multiple re- encryption shares.
We leverage cutting-edge cryptography techniques and blockchain technology to decentralize our service into multiple standalone KMS Services (nodes)
Re Re-encry ryption Key
13
Comparison with Alternative Solution
None of the existing methods enables safe, scalable and decentralized key management service for modern distributed applications and other data critical use cases.
Federated Key Management (FKM) KMSchain KMS No Deploying On-Premise KSM/HSM Legacy Encryption Methods (LEM)
User Exclusive Control Over the Encryption Keys Cost Efficient Solution Simple User Experience, Scalable, Flexible Data Sharing Easy-to-deploy and maintain
Yes Yes Yes No Yes Yes Yes Yes Yes No Yes Yes No No Yes
Distributed KMS, No Single Point of Failure
No No Yes
No
14
Data Access Policies for Automatic KMS, Integration to Smart Contracts
Time: enabling or disabling user to get data access after a certain point of time, Transaction value: enabling users to get access to data when a amount is sent to an address Other Events: other easily verifiable, blockchain based events.
Lorem ipsum is dummy text
Conditional Data Access Delegation
1.1 KMSchain Nodes and White Lables
16
Key Management Service Providers in KMSchain Network, White-label System
Pr Proxy 1 xy 1 Pr Proxy 2 xy 2 Pr Proxy 3 xy 3 Pr Proxy 4 xy 4 Pr Proxy xy 5 5 Bob Alice
17
Decentralized Proxy Re-Encryption Network
Considering the data privacy needs and regulatory requirements, enterprises from several sectors will be well motivated to run their nodes to use the proxy re-encryption technology internally as well as to provide KMS services to clients
HOSPITALIT ITY PUBLIC SECTOR MANUFACTURIN RING HEALTHC HCAR ARE & PHARMA LEGAL SERVIC VICES TECH & SOFTWARE SERVIC VICES RETAIL IL FINANCIA IAL L SERVICE ICES
1.2 KMSCHAIN: SCALABLE END TO END ENCRYPTION
19
Application of KMSchain End to end Encryption
at at-rest est
Hi Melanie, , I am fine. Encrypt pted
. htt https ps htt https ps
Hi Melanie, , I am fine. Encrypt pted
Fronte
nd Server er Database tabase
Encrypt ypted ed Encrypt ypted ed
In
Re Re-enc encryp yptio tion opera eratio tion done e with thin in device ice
Data a is o
y effect ctive ively ly encrypt ypted ed in t tran ansit sit and has sever eral al vulner erabili ability y points s In
In case e of our end to end encryption ion data a is effec ectiv ivel ely y encrypted at all times
KMSCH MSCHAIN
20
SDK That can be Licensed
Our easy to use cryptographic libraries turn every developer into applied cryptographer. Add data encryption and cryptographic trust management into your app with just a few lines of code.
Generate and Manage User's Public and Private keys. Enable users to generate Re-Encryption keys for their peers. Encapsulate a symmetric encryption key via given Public Key (similar to Diffie-Hellman Key Exchange) Perform Re-Encryption for the given ciphertext and the re-encryption key Decrypt both the original or transformed ciphertexts in
1.3 USE CASES OF THE TECHNOLOGY
22
Big Data Systems
Development of the big data systems which enables secure transfer of data, development of collaborative data lakes, monetization of the enterprise data.
23
Data Marketplaces (Financial, Insurance, etc.)
KMSChain provides robust infrastructure for the development of decentralized data marketplaces. Anonymity ymity and Privac ivacy protectio ection Decent entraliz alizati ation
Trans nspar parency ency Control
24
KYC, KYT, Digital Identity Systems
Secure and flexible control over digital IDs, streamlining travel, KYC, insurance claims, and more.
25
Social Networks, Secure Chat Rooms
Via KMSchain users can create very secure social groups by assigning different attributes and keys to their social contacts, and then encrypt data such that only particular users with desired set of attributes can decrypt it.
26
Role based Data Management and Access Control
If there are different classes of nodes in the network (master nodes, service providers, Oracles, etc.) our technology can be applied to segregate the permission levels of these users, also enabling dynamic self-management.
27
Other Use Cases for Blockchain applications
File Sharing
Easily manage the data access, enabling scalable access control for file sharing applications. Will empower secure bridges between devices & different blockchains Create a more transparent, safe, and efficient systems without compromising the business privacy
Internet of Things Supply Chains
28
Other Use Cases for blockchain applicaticon
Medical Health Record’s Processing
Application of KMSchain to empower patient centric approach
Infrastructure for media producers to distribute, and monetize their content . Apply the technology to create effective protection and monetization of DRM systems
Social Media Platforms Digital Rights Management
29
Our Proxy Re-encryption Technology in Production
The technology has wide application as a core layer nearly in any distributed solution which deals with data control and management.
Norbloc provides blockchain based KYC solution for Sweden and Benelux market. It will exploit PRE for securing customer data and manage digital trust among various financial institutions. BeSafe IO uses PRE to enable companies of all sizes to encrypt, control and monitor their business documents
devices, in cloud (Box, Slack, Dropbox, OneDrive) and beyond BigchainDB applies proxy re-encryption technology to add data governance layer into its blockchain platform for addressing previously inaccessible markets. Racing Pigeon chain will use
technology to enable secure and scalable management & sharing
the pigeon related data, including pedigree data, pigeon profiles and reports
PRIVACY ON BLOCKCHAIN
31
Blockchain Technology is Missing Privacy
Blockch ckchain ain Transact nsactions ions
32
Is blockchain technology well suited for enterprises ?
Publi lic c (in other words ds, , permiss missionl ionless ess) block ckchain chain systems ems like e Bitcoi coin n were the first to face e privacy vacy chall llenges enges. Trans nsac actio ion n details ails are in the clear ar, and avail ilable able on the public ic ledger er of the system. em. It is deplorable challenge for most enterprises to adopt the technology.
Why? ?
Imagine ine a business ess obtainin ining g compute puter parts from a v vendor
en the large ge volum ume of c compute puter parts s purchased chased, , the supplie ier provi vides des a d disco coun unt to the business ess when n tradi ding ng the asset for currency
ly sensit sitive ive information mation for supplie ier, which h can not be protected ected on b block ckchain chain
33
Transactional Privacy on Blockchain
One of the main concerns about on-blockchain privacy is that the inputs used in a transaction can be traced to the previous transactions that created them.
Hiding the transferred amounts,
Confidentiality
Hiding the identities of the sender and/or receiver in a transaction
Anonymity
For cryptocurrency payments to be truly private, transactions have to have two properties:
34
Lelantus Protocol Developed by Us: www.lelantus.io
34
35
Lelantus Zero Knowledge Proof of Transactions
Blockch ckchain ain Transact nsactions ions
Bob John
The network nodes can verify the legitimacy of transaction without seeing the transactional details ( who is transacting and what is the amount)
36
The Protocol Alternatives Applied for Transactional Privacy
36
All trans nsact action ion amounts nts are hidden n from public ic view using a commitment mitment to the amount. nt. Enable les s users s to gener erate ate coins ns with no prior trans nsact action ion histor
y which ch can then be spent anonym nymous usly ly witho hout ut disclo losing sing the source ce This design, gn, however ver, , does
es not ensure e transa nsaction ction anon
ymity ty,
, a highly ly desirable able privacy vacy featur ure e for financial ncial trans nsact action ions. This constr struct uction ion works ks only with fixed denom
nated coins ns and hence e
does es not hide transa nsaction ction amount unts
Provi
des a v very y effici cient nt private vate trans nsact action ion system em which ch is capab able le
hiding ng trans nsact action ion values ues, , their ir
ins, , and destinati ination
s. It relie ies on k knowle ledge ge of exponent ent assumptio mptions ns and a trust
sted d setup p process,
trust st in the correctnes ectness s of this setup up
What Provides vides Confidential idential Transact nsactio ion n
g Maxwel ell Zerocoin
Zerocas
What are Drawb awbac acks ks
We are expertized on all of these cryptographic protocols.
Lenantus antus Protocol
ves the proble lems ms
37
Unique Advantages of Lelantus Protocol
37
Lela Lelantus
Do Does es Not Take Tra rade-offs
Ensures both anonymity and confidentiality
Multi lticoin in Tra ransactional Effic fficien ent
A single transaction can contain simultaneous spends and output multiple coins
Small ll Pro roof Size ize
Reduction of proof sizes and proof generation times
Cry Cryptographicall lly Secu cure
Relies only on standard cryptographic assumptions
No
ruste ted Setu etup
Does not require a trusted setup process, there are no backdoors
38
Unique Functionalities of Lelantus Protocol
38
Proves that the transaction balance is preserved without revealing either the input coin origins or the transaction amounts
NO NON TRA TRACKABLE TRAN TRANSACTI CTIONS
. It enables the users to destroy coins in their possession and redeem a new
coin with no prior transaction history. These coins can then be sent anonymously.
FU FULL LL PR PRIVACY OF OF TRA TRANSACT CTION HISTORY
In Contrast Zerocoin implementations based on RSA accumulators, it does not rely on a trusted setup process, excludes backdoors.
NO NO BACKDOORS ARE ARE DE DESI SIGNED IN N TH THE E STSE SEM
In Contrast to Zerocoin the need for fixed denominations is
any amount
OP OPTI TIONAL DE DENOMINATI TIONS
It enables efficient batching of the verification of transaction proofs, bring higher efficiency to the network
EFFI EFFICIENT TRAN TRANSACTI TION PROOF F PROCESS SS
39
Innovative Approaches Applied to Cryptographic Primitives
39
Innovative approach to One out of N Double-Blinded Commitments To verify the validness of the transaction, the verifier should first check the provided Sigmaproofs for each spend transfer and the range-proof for all output transfers. Next, in order to ensure that the transaction balance is preserved, the verifier should go over the following steps Modifications to the original Bulletproofs protocol
For complete information see the paper
40
Performance of the Implemented Protocol
40
We implemented a reference implementation in C++ over the popular library libsecp256k1. table below we bring the proof size and performance parameters for different anonymity set size and configurations.
KNOWLEDGE PROOF TECHNOLOGY
42
Zero Knowledge Proofs
42
Complet leteness eness – Prover can always convince the verifier when statement is true So Soundness ess – Can not convince the verifier when the statement is actually false Zero-know
ledge ge – No leakage of information (except truth of statement) even if interacting with a cheating verifier
Prover Verifier
43
Services that can be powered by our Zero Knowledge Proofs
43
Asse Asset t Ba Base sed Fina Financing ing Companies can prove asset valuation to banks and insurance without revealing underlying data Hed Hedge ge Fu Fund nds Fund manager can verify and communicate portfolio risk characteristics to an investor without revealing holdings Trad ade Fina e Financ nce All players can contribute to overall trade process without revealing trade details to all Supp Supply Chain y Chain Clients can control supplier risks without
Cr Cred edit it Scor Score Clients can prove their credit score using their financial transactions history without revealing it Secu Security C rity Comp
lian ance ce Operators can prove that deployments complies with security policy without revealing configuration files
44
Application of the Technology in Hedge Funds
44
Investor can ensure that an appropriate level and type of risk is taken, yet the fund can pursue competitive strategies which would not be possible if the restriction of perfect transparency were imposed. Prove
estors Fund Manager How solve e confl flic ict of i inter erest est and agency ncy proble lem m betwee een n fund manag ager er and investor stors s Investors Without Revealing Strategy
45
Application of the Technology in Private Auctions
45
Auctioneers can organize sealed-bid, but publicly verifiable auctions, where the bidders keep their bids private from the public view, but reveal them to a trustless auctioneer. Later the auctioneer determines and claims the winner and provides publicly verifiable non-interactive zero-knowledge proofs for the claim correctness. Prove
ders s which ch one is t the winnin ing g bid Auctioneer How solve e confl flic ict of i inter erest est and retain ain privacy vacy among g compet petin ing g bidder ers Bidder Without Revealing any bid value
46
Sealed-Bid Auction Protocol Developed by Us
46
MSc at University of Cambridge, PhD Candidate at SJTU (Blockchain Research), MSc CS at Georgia Tech (Machine Learning), MBA at AUA. 2+y blockchain industry experience as lead of product design & project management (over 8 different projects), early investor, 3+y academic career in blockchain, 5+y experience in business and corporate finance.
.
Arman man Abgary aryan an
Entrepreneur and
Skycryptor, a Techstars company pioneering the development of Proxy Re- Encryption technologies. 5+ years in dev. team management. 8+ years in security R&D. Cryptography advisor of ZCoin. Co-authored 2 security patents for Samsung. Author of the Lelantus protocol ( and brand new transaction privacy system) Ph.D. in Cryptography, 7+y software development experience (C++, Python). Former senior cryptography researcher (created novel white-box algorithms) at American University. Former software engineer in Google (developed features on Youtube monetization and claiming).
Martun Karapetya yan
10+y experience in US and Asia focusin on TMT, foreign direct investment and M7A. David is a counsel at KWM and a founding member of Heyi
consultant for Coursera, advisors for several blockchain and ICO projects.
.
Davi vid Hong CEO Aram m Jivany nyan an CTO & Chief ef Cryptog yptogra rapher her Direc rector
Senior ior Software Devel veloper
49
MEng in Engineering & Computer Science from MIT. Early ML employee in Locu, SF based startup acquired by GoDaddy. Adjunct Lecturer at AUA teaching ML to Masters students. Founded HiLearn, AI startup focused on algorithmic cryptocurrency trading. 8+y experience as full-stack developer, highly skilled in Blockchain, Solidity, PHP , PHP Frameworks (Laravel, Symfony, Yii, Codelgniter, ets.), MySQL, MongoDB Javascript (Jquery, Node.js, Express).
Karen n Kirak akosyan
Senior ior Software Devel veloper
Genie Chien is a Senior Advisor for companies on marketing and promotion activities in Asia. Genie has significant experience providing marketing advice and support to a range of multinational companies, with focus on the Taiwan market.
Genie Chen
LLM at SUFE, PhD Candidate in International Investment Law (SJTU), 1+y blockchain industry & blockchain legal consulting, 3+ y academic legal research experience, 2+y assistant editorial experience in legal journal (AsianJLS), 2+ y experience in corporate law
Saren Abga garya ryan Arsen en Mamik mikonyan
Senior ior Software Devel veloper
Senior ior Mar arket eting ng Offi fice cer Senior ior Operation
s Offic icer er
50
Senior Architect and developer with an extensive background in cryptographic algorithms development for Samsung, low- level algorithmic chip design at VMWare and architecting scalable web applications in Zalando. Full-stack senior developer. Founding employee at Skycryptor & Besafe.io. 4+y experience in Python, Django, Front-End technologies and C++.
Gegham am Jivanya anyan
LLM University of Cambridge, Lecturer at AUA in corporate and transactional law, 1+y crypto/blockchain research and trading experience, 6+y experience in legal advisory & 3+y of managerial experience.
Mesrop
kyan Sergey y Sargsya syan
Senior ior Software Enginee eer Softw tware e Engi ginee eer Legal al Counsel sel
b
Team Experience
Milestones
53
Development Milestones of OneDApp
2018 2017 2016 2015
2015
Launch of BeSafe IO, Proxy Re-Encryption empowered solution
2017 Q3 2016 Q2
Development of Key Management Service and APIs
2018 Q1
First enterprise deployment and paid pilot with FDJ , Instigated the work on Lelnatus
2019 2018
2018 Q4 2019 Q1
Development of Threshold Proxy Re- Encryption Technology
Our r Vis isio ion Step ep by Step ep
Idea inception, Cryptographic Research & Team Development Development of SDKs for key management, and trust management. Completed Lelantus
54
2019 2019 2019 2019
2019 Q1
Extension of the KMSchain ecosystem via partnerships
2019 Q1, Q2
Collaboration with Dapps to add privacy into their applications via our SDKs
2019 Q1
Completion of Series A round to further support platform development
2019 Q2
Further extension of the KMSchain ecosystem, Development of ZK Software
2019
2019 Q2
Further extension of functionality, development of new cryptographic solutions in the ecosystem and maintenance Launch of the Decentralized KMS network
*See slide 18.
2019
2019 Q3
Monetization of KMSChain via enterprise nodes and DApps integrations.
2020
2020
Development of industry-specific private collaboration solutions
https: ps://o //onedap nedapp.i p.io