Cryptology ePrint Archive: Report 2018/1050

Automated Penalization of Data Breaches using Crypto-augmented Smart Contracts

Easwar Vivek Mangipudi and Krutarth Rao and Jeremy Clark and Aniket Kate

Abstract: This work studies the problem of automatically penalizing intentional or unintentional data breach (APDB) by a receiver/custodian receiving confidential data from a sender. We solve this problem by augmenting a blockchain on-chain smart contract between the sender and receiver with an off-chain cryptographic protocol, such that any significant data breach from the receiver is penalized through a monetary loss. Towards achieving the goal, we develop a natural extension of oblivious transfer called doubly oblivious transfer (DOT) which, when combined with robust watermarking and a claim-or-refund blockchain contract provides the necessary framework to realize the APDB protocol in a provably secure manner. In our APDB protocol, a public data breach by the receiver leads to her Bitcoin (or other blockchain) private signing key getting revealed to the sender, which allows him to penalize the receiver by claiming the deposit from the claim-or-refund contract. Interestingly, the protocol also ensures that the malicious sender cannot steal the deposit, even as he knows the original document or releases it in any form. We implement our APDB protocol, develop the required smart contract for Bitcoin and observe our system to be efficient and easy to deploy in practice. We analyze our DOT-based design against partial adversarial leakages and observe it to be robust against even small leakages of data.

Category / Keywords: applications / Data leakage, Oblivious transfer, Smart Contracts, Escrow account

Date: received 30 Oct 2018

Contact author: emangipu at purdue edu

Available format(s): PDF | BibTeX Citation

Version: 20181102:010559 (All versions of this report)

Short URL: ia.cr/2018/1050


[ Cryptology ePrint archive ]