International Association for Cryptologic Research

International Association
for Cryptologic Research


Can a Blockchain Keep a Secret?

Fabrice Benhamouda
Craig Gentry
Sergey Gorbunov
Shai Halevi
Hugo Krawczyk
Chengyu Lin
Tal Rabin
Leonid Reyzin
Search ePrint
Search Google
Presentation: Slides
Abstract: Blockchains are gaining traction and acceptance, not just for cryptocurrencies, but increasingly as an architecture for distributed computing. In this work we seek solutions that allow a \emph{public} blockchain to act as a trusted long-term repository of secret information: Our goal is to deposit a secret with the blockchain, specify how it is to be used (e.g., the conditions under which it is released), and have the blockchain keep the secret and use it only in the specified manner (e.g., release only it once the conditions are met). This simple functionality enables many powerful applications, including signing statements on behalf of the blockchain, using it as the control plane for a storage system, performing decentralized program-obfuscation-as-a-service, and many more. Using proactive secret sharing techniques, we present a scalable solution for implementing this functionality on a public blockchain, in the presence of a mobile adversary controlling a small minority of the participants. The main challenge is that, on the one hand, scalability requires that we use small committees to represent the entire system, but, on the other hand, a mobile adversary may be able to corrupt the entire committee if it is small. For this reason, existing proactive secret sharing solutions are either non-scalable or insecure in our setting. We approach this challenge via "player replaceability", which ensures the committee is anonymous until after it performs its actions. Our main technical contribution is a system that allows sharing and re-sharing of secrets among the members of small dynamic committees, without knowing who they are until after they perform their actions and erase their secrets. Our solution handles a fully mobile adversary corrupting roughly 1/4 of the participants at any time, and is scalable in terms of both the number of parties and the number of time intervals.
Video from TCC 2020
  title={Can a Blockchain Keep a Secret?},
  booktitle={Theory of Cryptography},
  author={Fabrice Benhamouda and Craig Gentry and Sergey Gorbunov and Shai Halevi and Hugo Krawczyk and Chengyu Lin and Tal Rabin and Leonid Reyzin},