Skip to content

Latest commit

 

History

History
135 lines (93 loc) · 6.24 KB

README.md

File metadata and controls

135 lines (93 loc) · 6.24 KB

Thesis

Master's Thesis on the design of a privacy-preserving car sharing protocol implemented on the Ethereum blockchain for the department Electrical Engineering of the KU Leuven.

Smart Contract Address on the Rinkeby testnet: 0x85f8e621548c9c2114Edca97FBd4D9B64Eb6820c

Prerequisites:

  • zkay v. 0.1 (https://github.com/eth-sri/zkay/tree/ccs2019). This module is used to generate zk-proofs by following the instructions provided on their github repository. This boils down to configuring the scenario.py file according to the specific needs of the program and running the scenario generator of zkay.

Steps to reproduce with additional data in data.txt:

Step 1)

Deploy all smart contracts on the blockchain:

  • PKI: Contains the Public Key Infrastructure necessary to support zk-proofs and ring signatures. (gas = 324 046)
  • Signature: Contains the functions to generate and verify ring signatures. (gas = 1 578 566)
  • Verify_deployRenter: Contains the verification circuit of the zk-proof that is used to deploy a renter. It checks whether the encrypted value of the inital balance >= Deposit. (gas = 1 306 091)
  • Verify_renterBooking: Contains the verification circuit for the zk-proof used to book a car by the renter. It checks whether the encrypted balance >= necessary deposit. (gas = 1 306 079)
  • Verify_renterPayment: Contains the verification circuit for the zk-proof that is supplied when the renter pays the fee. It checks whether the encrypted new balance equals the encrypted current balance minus the encrypted fee. (gas = 1 305 647)
  • dPACE: handles the functions related to booking and payment of a smart contract. This is the interface with which the actors (Car Owner,Car Renter and Car interact with). Upon deployment the constructor expects the addresses of the previously defined smart contracts. (gas = 4 731 498)

Together with the deployment of the Verify smart contracts, the library that performs elliptic curve operations (BN256G2) and pairings (Pairing) is deployed. The linking of the verification smart contracts and the libraries happen automatically in Remix. (gas = 1 271 585 + 912 773)

Step 2)

Announce public key of the renter in the PKI-contract -> This used for the zero-knowledge proofs and the encryption of the balance of the renter. Warning: this is done through dummy encryption enc(msg,pk) = msg+pk!

Step 3)

Generate alt_bn 128 keys in Sage, which are used to generate ring signatures.

Script:

F = FiniteField(0x30644e72e131a029b85045b68181585d97816a916871ca8d3c208c16d87cfd47)
C = EllipticCurve(F,[0,3])
G = C.point((1,2))
PrivateKey = getrandbits(256)
PublicKey = PrivateKey*G

Step 4)

Announce compressed public keys of car and renter in PKI. These can be used by anyone as mix-in keys. The renter can use the private key corresponding to their public key once to mitigate replay attacks. (An adversary could otherwise impersonate someone by using previously published key material.)

Step 5)

Deploy Car (by car owner) The following parameters are included as the transaction parameters: Address: the Ethereum address of the car's on-board unit.
Details: Hash of a file containing the exact details of the car.
Price: The price of the car per second. (gas = 86 560):

Step 6)

Validate Car (by car) The following parameters are included as the transaction parameters: token: This is used by the renter for accountability purposes. location: The location of the car. (gas = 49 149)

Step 7)

Deploy Renter The following parameters are included as the transaction parameters: PPC: A privacy-preserving credential.
R,S,V: The signature of the Registration Service Provider.
verify_deployRenterProof: a zk-SNARK that the encrypted value of the balance equals the sent deposit.
genParam: The encrypted balance of the renter.
(gas = 541 610)

Step 8)

The car generates a hashlock for the renter and a ring signature that it sends to the renter through an off-chain communication channel.

Step 9)

renterBooking The following parameters are included as the transaction parameters:
Cars: The addresses that belong to the entities inside the ring.
SecretLink: the token of the car encrypted with the renter's private key and the car's public key.
Signature: The ring signature generated by Signature.sol.
message: The message that contains the hashlock.
Verify_renterBooking: The zk-SNARK that testifies that the balance of the renter is enough to cover the deposit.
GenParam: The parameter that signifies true/false on the question above (equals to [1] in case renter has enough balance.

Step 10)

The renter generates a hashlock for the car and a ring signature that it sends to the car through an off-chain communication channel. (gas = 1 058 655)

Step 11)

Car Booking The following parameters are included as the transaction parameters:
Renters: The addresses that belong to the entities inside the ring.
Signature: The ring signature generated by Signature.sol.
Message: The message that contains the hashlock.
(gas = 673 825)

Step 12)

Car signs the encrypted fee through a ring signature with the same members as the ring signature of the hashlock of the renter.

Step 13)

The renter generates a ring signature on the timestamp provided by the car. The same identitities should be used as in the ring of the ring signature at the booking phase. The timestamp is measured in unix time and used for calculating the fee of the rental. The signature and the preimage are sent to the car

Step 14)

Car Payment

The following parameters are included as the transaction parameters: Preimage: This is used to open the hashlock.
EncryptedPreimage: Contains the renter's preimage encrypted with the renter's public key and the car's private key. NewToken: The newly generated token. Location: The updated location of the car. Message: The message containing the timestamp. Signature: The ring signature on the timestamp.

(gas = 610 567)

Step 15)

Renter Payment The following parameters are included as the transaction parameters: Preimage: This is used to open the hashlock.
Message: The message containing the encrypted fee. Signature: The ring signature on the encrypted fee.
Verify_renterPayment: The zk-SNARK that the encrypted new balance equals the previous balance minus the encrypted fee. GenParam: The encrypted updated balance.

(gas = 1 038 611)