Together with privacy pEOS evolves elliptic curves cryptography in EOS

Published by eosnetworkxx 10 Nov 2019

Together with privacy pEOS evolves elliptic curves cryptography in EOS

“...anyone who looked for a source of power in the transformation of the atoms was talking moonshine” Rutherford, September 1933

Privacy is a fundamental right of each individual. Concerns around surveillance and data mining are always growing and the blockchain technology going always more in the direction of unique identity implementation is a threat to this right. There are several privacy-focused cryptocurrencies and Bitcoin and Ethereum have their own transaction anonymization techniques. On EOS there’s no privacy enabled solution yet and pEOS is taking the lead with Monero style ring signatures, UTXOs as well as with the elliptic curves cryptography (ECC) implementation.

While Ethereum uses zk-Snarks to hide identities and Bitcoin uses CoinJoin or MimbleWimble, Monero relies on ring signatures. pEOS enables Monero style anonymity and untraceability on EOS. Thanks to this evolution, PEOS tokens can be transferred anonymously among shadow addresses and eosio accounts. The implementation of the original Bitcoin type unspent transaction outputs (UTXOs) model will also permit for all other privacy algorithms implemented on top of it. The result is that with pEOS we can have a secure system without trusting third parties or intermediaries and without compromising our privacy.

How it works

Some wallets will support pEOS privacy features. To ensure privacy, a wallet will need to generate two sets of private-public keys for the user which will be specific to pEOS. These keys will be used to generate and validate private transactions. The public address is not related to any of the public keys or accounts on the EOS blockchain and can be distributed to other users, who can, in turn, send money to that address. If Alice generates a public address then she receives payments from the transaction outputs UTXOs. While no one can see the payments to Alice’s address, Alice can see the outputs in transactions using her view key and she can also spend them by using her spend key.

Elliptic curve cryptography (ECC)

pEOS relies on elliptic curve cryptography and specifically on the secp256r1 curve recommended by NIST. Bitcoin and Monero use secp256k1 curve.

The secp256r1 curve is the standard created by NIST and used by Apple, Android, and many Smart Cards. This gives every cell phone user a hardware wallet with biometric 2nd factor validation.

While the pEOS or EOS choice of using these curves seems to derive from the need to adapt to the hardware devices currently in use, it is unknown why Satoshi or NIST have chosen one or the other curve or why any of the companies like Apple, Google, Facebook etc. use secp256r1 curve and not some other one.

In 1976 Whit Diffie and Martin Hellman pioneered the use of key pairs in the cryptography: one public, which can be known to all, and one private, which is kept secret. This discovery enabled the authentication of messages encrypted by the owner of a public key. These key-pairs rely on “trapdoor functions” which make it easy to close the door but they require an enormous computational effort to be expended to derive the private key from the public key and open this door.

ECC is interesting because it allows for achieving the same level of security as with other cryptosystems but with a smaller key size. ECC is preferenced in smartphones because it uses less memory and because key generation and signing are considerably faster.

An elliptic curve resembles more a complex torus or a doughnut rather than an ellipse

The pEOS team created the first EOS Improvement Proposal (EIP) inspired by the way Ethereum improvement proposals are handled where they suggest “the addition of native intrinsic functions in the EOSIO platform that expose native implementations of elliptic curve scalar multiplication and addition.”

It will permit us to save on the CPU needed, and bigger ring sizes that make the system more secure. The new EOS Virtual Machine (EOS VM) will increase performance up to 6X more (than WABT) making WebAssembly (WASM) execution in EOSIO 2 up to 12X faster than the EOSIO from the initial state at launch and will allow for parallel execution being also lightweight and standards-compliant. Although parallel computing won’t be a thing of one night but rather a long process due to the limits in single-core computing performance, to an EOSIO chain the increase in efficiency will be significant.

EOS VM, ECC, and pEOS are closely related to the new Internet security and performance standards. It could be even said that EOS.IO is at the forefront of establishing what the new Internet security standards should be.

In the new Internet based on the blockchain, EOS VM is the running environment for smart contracts. If smart contract is our HTML standard markup language for documents to be designed in a web browser, blockchain system is an operating system, VM is a browser, and various dapps based on smart contract are various websites in the Internet then we have a full-fledged EOSIO Internet with speed and the most advanced security standards based on ECC and the privacy from pEOS.

EOS VM will improve the overall chain’s performance, and benefit users with reduced resources consumption on-chain by using smart contracts running on EOS VM.

In the world where the standards are not being set from above but rather come as a result of the adoption, EOS.IO is well-positioned to win.

In this regard, the security standards based on ECC will slowly become prevalent in websites that make extensive use of ECC already today. ECC secures HTTPS connections, the way the data passes between centers, it encrypts and authenticates the channel using Transport Layer Security (TLS). ECC applied to the EOS DNS service means higher confidentiality over the usual DNS where requests and responses are not encrypted and broadcast to any attacker, higher integrity because the attackers can’t forge DNS records, and higher availability because of the protection against denial of service (DoS).

ECC has also other applications:

  • The U.S. government uses it to protect internal communications

  • Bitcoin uses it as a mechanism to prove ownership and verify transactions

  • The Tor project uses it to help assure anonymity. Each relay node creates keys through EDDH for every new session. These secret keys are then used to wrap data with protection.

  • ECC provides signatures in Apple’s iMessage service

  • ECC is used to encrypt DNS information with DNSCurve

  • ECC is the preferred method for authentication for secure web browsing over SSL/TLS

  • ECC is in your bank card, your smart watch, and virtually every other well designed IoT device.

  • ECDH is the method of choice too in the new WPA-3 standard and which finally gets rid of the horrible four-way handshake in WPA-2 for home wi-fi networks.

Due to enormous improvements in speed resulting from the signature with a 256-bit key which is over 20 times faster than an RSA signature with a 2,048-bit key, the widespread use of ECC will save time, power, and computational resources for both the server and the browser. This will make the web both faster and more secure. Still, the security is bound mainly to NIST standards and the random number generator.

The pEOS team wants to promote the ECC function on the smart contract level as standard core level API used by any smart contract codes on the EOS chain.

Ring signatures, UTXOs and Pedersen commitments

While the ECC is all about keys, ring signatures have been introduced to pEOS to make traceability of transactions impossible. They hide inputs of transactions among inputs from transactions of other users and the security of this system depends on the number of total transactions chosen.

A ring signature is a digital signature that is created by a member of a group, the actual signer, with non-signers who form a ring. It is impossible to determine the person in the group who has created the signature because the signer and non-signers in this ring are all considered to be equal and valid.

Confidential transactions in pEOS work in concert and involve ECC, UTXOs and Pedersen commitments. pEOS transactions anonymization relies on Pedersen Commitments for hiding token amounts.

pEOS uses the Bitcoin UTXO model to determine the output of a blockchain transaction that has not been spent. This is necessary to prevent double-spending and fraud. Only what has been unspent can enter the new transaction’s input. The pEOS smart contract hides the amounts of tokens transmitted while verifying that the amounts specified in a transaction’s input, and the sum of amounts in the transaction’s outputs are equal so no double spend can be done.

Pedersen Commitments are applied to transactions inputs and outputs to hide the amounts. A commitment scheme lets the user keep a piece of data secret but commit to it so that it cannot be changed in a second moment. A commitment scheme is constructed using a cryptographic hash and a blinding factor. If the factor used to blind the data is truly random then it is impossible to guess the amount. It is not enough to know the commitment to determine the data committed. Only by revealing both the data and the blinding factor someone can run the hash and verify that the data committed match. Our specific Pedersen commitments are constructed using elliptic curve points. But this kind of commitment and its checking are quite simple and require additional measures to be secure. An additional cryptosystem to prove the range of a Pedersen commitment without revealing amounts and blinding factors needs to be introduced. This is why ECC and ring signatures are necessary.

Committing pEOS transactions on the EOS platform will require RAM. This is considered to be a fee to get the transaction included. The bigger the level of anonymization chosen, the bigger the fee because RAM usage increases linearly to the number of mixing keys chosen.

While pEOS allows for anonymous transfers from normal EOS accounts to anonymous addresses, transfers from anonymous addresses to anonymous addresses and finally transfers from anonymous addresses to regular EOS accounts the work behind it, which involves elliptic curves cryptography, the introduction of first EOS Improvement Proposal, UTXOs and ring signatures implementation into EOS smart contract prove the elasticity of the EOSIO software and help with the development of a faster and more secure web.