search

ethberlin-hackathon / ETHBerlin-Teambuilding

[ATTN] The TeamBuilding repository for 2019 moved >>>
https://github.com/ethberlinzwei/Find-A-Team
MIT License
24 stars 8 forks source link

Inexpensive proofs for resource-constrained devices (i.e. Lord of the Rings) #59

Closed kkom closed 5 years ago

kkom commented 6 years ago

Pitch

Problem

Devices constrained on bandwidth, CPU and memory ("IoT") still cannot securely verify data integrity. Secure methods are resource expensive, cheap methods are insecure.

Secure:

  1. Blockchain light clients aren't light enough.

Insecure:

  1. Blockchain gateways need to be trusted.
  2. You can use a Public Key Infrastructure, but it is centralised and not very secure.

Solution

We want to explore efficient data verification solutions which do not compromise security.

Current idea:

Use BLS threshold signatures to sign data. They are cheap to verify (linear in the number of participants, rather than exponential) and provide stronger security guarantees (independent parties hold the keys).

More details:

  1. Ethereum smart contract to create the initial group public key.
  2. Ethereum smart contract has the ability to rotate the group public keys. (To support adding/removing group members.)
  3. Device manufacturer flashes the device with the group public key. (Uses a full Ethereum client to get this information in a trusted way).
  4. Device is able to rotate the key.
  5. Device can verify messages signed with the current threshold signature.

The end result is cool, because we are now able to cheaply verify the integrity of any message (provided that the device was initially flashed with the right public key and that the key wasn't compromised, but using group signatures lowers this risk)!

We want to hack on 1-2 (and call it Lord of the Rings), and also 4-5 if we get more team members.

Team

So far we're two engineers with experience in distributed systems, machine learning and basic cryptography.

https://www.linkedin.com/in/akosenkov/ https://www.linkedin.com/in/komorowskik/

Skills wanted

We're looking for more people knowledgeable about fundamental cryptography and embedded, resource-constrained systems.

Communication

https://t.me/komorowski https://t.me/sinisterkitty

ligi commented 6 years ago

Did you look into INCUBED?

kkom commented 6 years ago

Yup, we did - it uses economically incentivised gateways AFAIK. This is problematic in situations when gateways are sparse - you can’t get access to another gateway to verify the information. Also @akosenkov can speak more about reservations he has for the economic model for gateway verification itself.

ligi commented 6 years ago

Great! Just wanted to make sure you are aware of the other approaches in the space - enjoy hacking!