by Joseph Young
At the IEEE Symposium on Security and Privacy held over May 22-24, MIT researchers presented a paper on a new encryption method which utilizes the underlying technologies of Bitcoin to prevent identity theft and encryption attacks.
Alin Tomescu, an MIT graduate student in electrical engineering and computer science, and his thesis advisor, Srini Devadas, the Edwin Sibley Webster Professor of Electrical Engineering and Computer Science at MIT, presented their paper at the event to entail how Bitcoin’s immutable blockchain can be utilized to protect data for individuals and organizations.
Essentially, the MIT research team’s encryption attack prevention method uses a Bitcoin-based detection system which alerts the network if a false encryption key tries to decertify the actual encryption key.
In an encryption attack, the attacker hacks into a public-key encryption system and certifies a false encryption key to convince users to reveal confidential information. By using the encryption key, attackers can breach into systems and steal sensitive data and valuable information.
The issue with the encryption attack method is that because the false encryption key cannot decertify the actual encryption key without alerting the system, usually, the system ends up with two encryption keys. That way, the system and the users will not know whether the actual encryption key is being used to extract information or not.
According to Devadas, the paper and the system developed by his MIT research team solves this equivocation issue with encryption attacks using the Bitcoin public blockchain.
Bitcoin’s blockchain is immutable and decentralized by nature. To alter data sets implemented onto Bitcoin’s blockchain, the entire distributed ledger needs to be hacked and modified. Hence, hacking and altering data sets integrated onto Bitcoin blocks is not possible.
Using Bitcoin’s immutability, the MIT research team has found a method to prevent online services and attacks from lying and using false encryption keys. According to the paper drafted by the two researchers, the utilization of Bitcoin would allow systems to prevent identity theft and if the method is implemented on a commercial scale, it could potentially save large-scale corporations millions of dollars on an annual basis.
Tomescu, the lead author of the paper, said:
“Our paper is about using Bitcoin to prevent online services from getting away with lying. When you build systems that are distributed and send each other digital signatures, for instance, those systems can be compromised, and they can lie. They can say one thing to one person and one thing to another. And we want to prevent that”
The key aspect of the system called Catena is not to record all public keys certified by a public-key cryptography system. Bitcoin transactions provide space for an 80-character text annotation, and it is not enough to store all public keys. However, it can be used to store the cryptographic signature that is linked to the public keys.
Bryan Ford, an associate professor of computer science at the Swiss Federal Institute of Technology in Lausanne, stated that the method outlined by the paper is a viable and practical idea that can be used and implemented fairly easily.
“The abstraction that the paper lays out is a really good idea — the idea of making it possible to create, you might say, smaller blockchains or linked lists within a blockchain specific to a particular account or a particular object. It’s very cool, nice, clean, useful primitive, clearly explained. It’s very synergistic with an idea we’ve been working on, which creates an efficiently traversable timeline, which we call a skip chain, meaning a timeline you can skip around on arbitrarily forward and back, where from any point you can verify any other point in the timeline very efficiently.”
The elimination of equivocation, that is saying different things to different agents, would lead to more secure algorithms, which is an important problem says Ford. The full paper, ‘Catena: Efficient Non-equivocation via Bitcoin,’ is available here.