Privacy-Preserving Solutions for Blockchain: Review and Challenges

Jorge Bernal Bernabe,Rafael Torres Moreno,Antonio Skarmeta,Jose Luis Canovas,Jose L Hernandez-Ramos

doi:10.1109/access.2019.2950872

Jorge Bernal Bernabe, Rafael Torres Moreno + Show 3 more

Open Access

https://doi.org/10.1109/access.2019.2950872

Copy DOI

Journal: IEEE Access	Publication Date: Jan 1, 2019
Citations: 393	License type: CC BY 4.0

Affiliation: University of Murcia

Abstract

Blockchains offer a decentralized, immutable and verifiable ledger that can record transactions of digital assets, provoking a radical change in several innovative scenarios, such as smart cities, eHealth or eGovernment. However, blockchains are subject to different scalability, security and potential privacy issues, such as transaction linkability, crypto-keys management (e.g. recovery), on-chain data privacy, or compliance with privacy regulations (e.g. GDPR). To deal with these challenges, novel privacy-preserving solutions for blockchain based on crypto-privacy techniques are emerging to empower users with mechanisms to become anonymous and take control of their personal data during their digital transactions of any kind in the ledger, following a Self-Sovereign Identity (SSI) model. In this sense, this paper performs a systematic review of the current state of the art on privacy-preserving research solutions and mechanisms in blockchain, as well as the main associated privacy challenges in this promising and disrupting technology. The survey covers privacy techniques in public and permissionless blockchains, e.g. Bitcoin and Ethereum, as well as privacy-preserving research proposals and solutions in permissioned and private blockchains. Diverse blockchain scenarios are analyzed, encompassing, eGovernment, eHealth, cryptocurrencies, Smart cities, and Cooperative ITS.

Highlights

The disintermediation provided by blockchain is changing the democratization, verifiability and universal access to tokenized digital assets of any kind, causing a revolution on diverse types of scenarios [1] beyond cryptocurrencies, such as healthcare [2], smart cities [3], decentralized Internet of Things (IoT) [4], intelligent transport systems [5] or e-Administration [6], to name a few
This paper surveyed the current state of the art on privacy-preserving technologies for blockchain
Several open research challenges and issues related to privacy-preservation on blockchain were identified, encompassing transaction linkability, crypto-keys management, issues with crypto-privacy resistance to quantum computing, on-chain data privacy, usability, interoperability, or compliance with privacy regulations, such as the General Data Protection Regulation (GDPR)

Summary

INTRODUCTION

The disintermediation provided by blockchain is changing the democratization, verifiability and universal access to tokenized digital assets of any kind, causing a revolution on diverse types of scenarios [1] beyond cryptocurrencies, such as healthcare [2], smart cities [3], decentralized Internet of Things (IoT) [4], intelligent transport systems [5] or e-Administration [6], to name a few. User-centric identity federations are still subject to privacy issues, identity theft and data leakage, as user data related to his identity is still hold in the server side, and authentication is validated in the server (usually through a knowledge-base and some other weak authentication mechanisms, such as passwords) Unlike those traditional approaches, IdM based on self-sovereign identities [21] (SSI) focuses on providing a privacy-respectful solution, enabling users with full control and management of their personal identity data without needing a third-party centralized authority taking over the identity management operations. In this regard, [90] presented Lition, a public blockchain that allows storage and deletion of private data It requires setting trusted knowledge groups of nodes to manage the blockchain, that need to commit (e.g. through legal agreement) to not store real data hashes, and delete the data upon user request (without maintaining back-up copies). The inspection capabilities envisaged in certain SSI IdMs that will allow de-anonymize and reveal the user real identity behind a pseudonym, in case of inspection grounds are met (e.g. as demanded by Law Enforcement Authorities in case of cyber-crime), might become a point of attacks and vulnerabilities

PRIVACY ENFORCEMENT IN CONSTRAINED SYSTEMS

FUTURE RESEARCH DIRECTIONS

Findings

CONCLUSIONS