We now proceed to outlining a number of novel and innovative applications that leverage Bitcoin's blockchain.

Robust Decentralized Storage

As mentioned earlier, the blockchain allows different entities, such as banks, governments, and industrial players, to efficiently and securely reach consensus on the order of transactions, correctness of data, and so on. One of the envisioned exploitations of the blockchain lies in the construction of decentralized storage systems. The beauty behind this approach is that all data stored in the blockchain is expected to be replicated across a large number of nodes which ensures a high level of reliability.

In what follows, we start by discussing how to leverage the blockchain in order to store information. In the sequel, we assume that users have access to n storage nodes (e.g., public clouds), which have considerable storage capacity.

• Prior to storing object O on the nodes, the user generates a master secret K.

Using the blockchain as a metadata store

Figure 8.1 Using the blockchain as a metadata store.

  • • The user then computes Enc(K, O), which denotes the semantic secure encryption of object O under key K using function Enc.
  • • The user then stores the encrypted object Enc(K, O) redundantly on the n nodes and acquires n URIs P,... ,Pn that point to the location of Enc(K, O) on each of the n nodes, respectively.
  • • The user then encrypts P,... ,Pn using key K and stores the resulting encryption Enc(K, Pi),..., Enc(K, Pn) as well as H(Enc(K, O)) on the blockchain. Here, H(.) refers to a cryptographic hash function. That is, given H(x), it is computationally infeasible to compute x (i.e., H(.) is a one-way function), and it is likewise infeasible to compute y = x such that H(x) = H(y) (i.e., H(.) is collision-resistant).
  • • Once the information stored by the user is confirmed in the blockchain, the user is certain that the metadata information (i.e., the object hash, the URIs) can never be modified by any entity.
  • • To retrieve the information, the user’s client simply retrieves the encrypted URIs, decrypts them using key K, and uses them to fetch the data stored on one of the storage nodes.

• The user verifies that the hash of the downloaded object matches H(Enc(K, O)) before decrypting and acquiring O.

Note that the aforementioned system (see Figure 8.1) is generic in the sense that the storage nodes could be emulated by the blockchain itself provided that the blockchain has enough storage capacity to store large objects. For instance, the PDF of Bitcoin’s white paper was included in a Bitcoin transaction [9]. Currently, Bitcoin’s blockchain contains a considerable amount of data [10], such as the biography of Nelson Mandela, Wikileaks documents, software, and so on.

However, in the particular case of Bitcoin, it is not practical to store large objects in the blockchain due to the various limitations imposed by the developers; recall that Bitcoin implements practices to ensure system scalability and to avoid large storage overhead. The main challenge therefore when utilizing Bitcoin’s blockchain would be to store the minimum amount of data in the blockchain itself while still realizing robust storage.

This can be achieved by storing the actual objects onto dedicated storage nodes, while only storing the metadata within Bitcoin’s blockchain. Recall that in Bitcoin, transactions can optionally have a field that can be used by developers to insert such metadata to transactions. Alternatively, metadata can be encoded within transactions in the form of (invalid) public keys. That is, instead of specifying a valid public key, developers can encode metadata (e.g., in HEX format) and include them in this field. Note that Bitcoin enables multioutput transactions and multisignature transactions. This would allow developers to encode considerable metadata in the fields reserved for multiple public keys. Clearly, by issuing such transactions, one has to pay the minimum Bitcoin fee to ensure that these transactions are included in the blockchain. Currently, the minimum fee is 0.0001 BTCs, which corresponds to almost 2 Euro cents given the current exchange rate.

This basic scheme is secure even when n - 1 storage nodes are arbitrarily malicious and as long as the there are enough honest blockchain nodes to ensure the security of the metadata stored therein. Note that a similar scheme can be used to construct erasure-coded storage. In this case, instead of storing exact replicas at the storage nodes, the user can invoke an information dispersal algorithm to encode object O into n chunks in such a way that any of the m chunks are enough to reconstruct O. The user stores the URIs of the chunks, as well as their individual cryptographic hashes in the blockchain. This variant scheme is secure even when n- m storage nodes are arbitrarily malicious and as long as there are enough honest blockchain nodes to ensure the security of the metadata stored therein.

< Prev   CONTENTS   Source   Next >