Asymmetric Key Management in Consortium Blockchain Networks

Glossary

Term DefinitionsA distributed ledger system (DLS), also known as a consensus network or blockchain network, is a system that allows participating entities to store data securely and immutably.Blockchain NetworkA type of DLS in which data is stored in blocks, each of which is linked to the previous block, forming an immutable record of transactions.Public blockchain networkA blockchain network open to all entities, where anyone can participate in the consensus process.Private blockchain networkA blockchain network where read and write permissions are centrally controlled by a specific entity.Consortium blockchain networkA blockchain network provided to a specific group of entities, which controls the consensus process and manages access control.Service keyAn asymmetric cryptographic key pair (private-public key pair) used to encrypt transactions in a consortium blockchain network.Blockchain as a Service (BaaS)A service model through which an enterprise provides infrastructure and services for setting up and managing a blockchain network.Identity certificateA digital document provided by a participant to a BaaS platform to verify their identity and enable secure communications.Key derivation function (KDF)An algorithm that generates one or more keys from an initial key. KDF key tree uses KDF to generate a hierarchy of multiple subkeys from a single root key.

Short answer question

What is the main difference between a consortium blockchain network and a public blockchain network?

A consortium blockchain network has restrictions on participants and a selected group of entities controls the consensus process, while a public blockchain network is open to everyone and anyone can participate in the consensus process. In addition, data in a consortium blockchain network is usually encrypted, while data on a public blockchain network is usually publicly visible.

What role does a service key play in a consortium blockchain network?

Service keys are used to encrypt transactions in a consortium blockchain network, ensuring that only authorized participants can access and decrypt transaction data. Each service key can be associated with a specific type of transaction or group of participants.

How does a BaaS platform manage service key distribution without storing service keys?

The BaaS platform generates service keys using asymmetric key derivation technology, but does not save them. The platform maintains a data table that records each participant's access rights to the corresponding service key. When a participant requests a service key, the platform verifies its access rights, generates a key, encrypts the key with the participant's public key, and then sends the encrypted key to the participant.

Why are traditional key distribution technologies not suitable for managing multiple service keys in a consortium blockchain network?

Traditional key distribution technologies have difficulty managing multiple service keys, each of which may have a different combination of participants. In addition, in traditional technologies, service keys need to be stored in a centralized database, which increases security risks.

What role does the participant's identity certificate play in service key management?

The participant's identity certificate contains a public key, which the BaaS platform uses to encrypt the private key of the service key. Only the participant with the corresponding private key can decrypt the service key and access the transaction data.

Describe the service key request and distribution process.

The participant sends a service key request to the BaaS platform. The platform verifies the participant's access rights, generates a service key using a KDF key tree, encrypts the private key of the service key using the participant's public key, and finally sends the encrypted key to the participant.

What role does the KDF key tree play in service key generation?

The KDF key tree allows multiple unique service keys to be generated from a single root key. This ensures that each service key is unique and cannot be derived from other keys.

Why is it important that the BaaS platform does not store service keys?

BaaS platforms can improve security by not storing service keys. If the platform is compromised, the attacker will not be able to access the service keys because the keys are only stored with authorized participants.

Explain how service keys promote privacy isolation in consortium blockchain networks.

By encrypting transactions with service keys, only authorized participants with the corresponding keys can access and decrypt the data. This ensures that unauthorized participants cannot access sensitive information, even if they have access to the blockchain network.

Describe the process of encrypting transactions using service keys.

Participants sign transaction data using their service key's private key, generating a digital signature. This signature is attached to the transaction data, and anyone can verify the authenticity of the signature using the participant's public key and ensure that the data has not been tampered with during transmission.

Paper Title

Discuss the advantages and disadvantages of using asymmetric key management versus symmetric key management in consortium blockchain networks.

Analyze the security of different service key distribution methods in BaaS platforms and evaluate their impact on overall system risk.

Explore the potential of integrating biometrics or multi-factor authentication into the service key management process to enhance security in consortium blockchain networks.

Evaluate the role of service key management in supporting different use cases in consortium blockchain networks, such as supply chain management, identity management, and data sharing.

Investigate the application of decentralized key management systems in consortium blockchain networks and discuss how they can potentially eliminate the need for centralized BaaS platforms.