Paper 2020/464

Can a Public Blockchain Keep a Secret?

Fabrice Benhamouda, Craig Gentry, Sergey Gorbunov, Shai Halevi, Hugo Krawczyk, Chengyu Lin, Tal Rabin, and Leonid Reyzin


Blockchains are gaining traction and acceptance, not just for cryptocurrencies, but increasingly as an architecture for distributed computing. In this work we seek solutions that allow a \emph{public} blockchain to act as a trusted long-term repository of secret information: Our goal is to deposit a secret with the blockchain, specify how it is to be used (e.g., the conditions under which it is released), and have the blockchain keep the secret and use it only in the specified manner (e.g., release only it once the conditions are met). This simple functionality enables many powerful applications, including signing statements on behalf of the blockchain, using it as the control plane for a storage system, performing decentralized program-obfuscation-as-a-service, and many more. Using proactive secret sharing techniques, we present a scalable solution for implementing this functionality on a public blockchain, in the presence of a mobile adversary controlling a small minority of the participants. The main challenge is that, on the one hand, scalability requires that we use small committees to represent the entire system, but, on the other hand, a mobile adversary may be able to corrupt the entire committee if it is small. For this reason, existing proactive secret sharing solutions are either non-scalable or insecure in our setting. We approach this challenge via "player replaceability", which ensures the committee is anonymous until after it performs its actions. Our main technical contribution is a system that allows sharing and re-sharing of secrets among the members of small dynamic committees, without knowing who they are until after they perform their actions and erase their secrets. Our solution handles a fully mobile adversary corrupting roughly 1/4 of the participants at any time, and is scalable in terms of both the number of parties and the number of time intervals.

Available format(s)
Publication info
A minor revision of an IACR publication in TCC 2020
BlockchainMobile AdversaryPlayer ReplacabilityProactive Secret Sharing
Contact author(s)
fabrice benhamouda @ normalesup org
craigbgentry @ gmail com
sgorbunov @ uwaterloo ca
shaih @ alum mit edu
hugokraw @ gmail com
chengyu lin @ columbia edu
talrny @ yahoo com
reyzin @ cs bu edu
2020-09-29: last of 2 revisions
2020-04-24: received
See all versions
Short URL
Creative Commons Attribution


      author = {Fabrice Benhamouda and Craig Gentry and Sergey Gorbunov and Shai Halevi and Hugo Krawczyk and Chengyu Lin and Tal Rabin and Leonid Reyzin},
      title = {Can a Public Blockchain Keep a Secret?},
      howpublished = {Cryptology ePrint Archive, Paper 2020/464},
      year = {2020},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.