DSC-decentralized secure comparison

Blockchain helps bridge different service providers and provides secure, auditable data comparison of GPS and bluetooth contact. We also deploy proxy-reencryption for access control of personal data.

Comment

Inspiration

Different tracing apps hold their own data, and user can only enjoy the service from their own service providers. Thus, blockchain brings great convenience to build a shared database or index for the tracing, according to Zyskind, Guy, and Oz Nathan. "Decentralizing privacy: Using blockchain to protect personal data." 2015 IEEE Security and Privacy Workshops. IEEE, 2015. Also, current tracing apps mainly rely on two types of comparison to detect the contact, GPS and Bluetooth, for example, trace together collects Bluetooth information in Singapore, Corona 100m uses GPS information helps for detection, and so on... The privacy issue should be under seriously consideration, because these two types data leak a lot of personal information. Additionally, MIT proposed PACT: Private Automated Contact Tracing to protect client's privacy by comparing with random token. Furthermore, the "Zyskind, Guy, Oz Nathan, and Alex Pentland. "Enigma: Decentralized computation platform with guaranteed privacy." arXiv preprint arXiv:1506.03471 (2015)." proposed the combination of sMPC and blockchain which gives more privacy of on-chain data.

What it does

  1. We proposed systems allow data comparison cross different service providers, blockchain bridges the service providers and build trust among them.
  2. Considering the data and key ownership, once people infected, they need handover their data to service providers for further use. We deploy the proxy-reencryption, which helps user give the access right to the service providers, but doesn't need to leak their encryption key.
  3. We deployed several security schemes for data comparison. GPS data are encrypted by homomorphic encryption(both of paillier and threshold-paillier are worked). For example, user A has lon_1, lat_1, user B has lon_2 and lat_2, it's easy to compute (lon_1 - lon_2)^2+(lat_1-lat_2)^2. With homomorphic encryption, it becomes Dec(Enc(lon_1^2)+Enc(lat_1^2)+Enc(lon_2^2)+En(lat_2^2)-Enc(2*lon_1*lon_2)-Enc(2*lat_1*lat_2)), which makes the comparison in a encrypted way.
  4. Bluetooth contact comparison, we deploy the RSA Accumulator for the zero knowledge membership proof check. Service providers accumulate the infected users' device id in a accumulated value, other user can use their local data to check whether local contacted devices belong to the infected users' devices.

How I built it

I built the system in Golang, the blockchain framework is Hyperledger Fabric, Service providers are built by Go-Micro a micro service framework, I wrote a cmd line tool to simulate the client(infected and ordinary user) GPS comparison achieved via Paillier, Bluetooth comparison achieved by RSA Accumulator, Data ownership transfer achieved by Proxy-Reencryption.

Challenges I ran into

short time and no-partner, the shortage of blockchain which is pretty slow

Accomplishments that I'm proud of

A quick start of Go-Micro

What I learned

Go-Micro

What's next for DSC-decentralized secure comparison

Optimize the code and design

Built With

  • blockchain
  • go-micro
  • golang
  • homomorphicencryption
  • hyperledger
  • proxyreencryption
  • rsaaccumulator
Share this project:

Updates