Hi Ivan.> you try to argue that the salted hash on the public
chain is a proof that some data is "valid". this itself is a
terrible argument because hashes (unlike digital signature, homomorphic
encryption) is not something that others can verify when the data (hash)
it put on public chain.
No, that's not what I am arguing. I said: , and
the receiving peers validate the hash pre-images indeed correspond to the
hashes on the public blockwhich means that they do just that -
ensure that the hash pre-image of the private data corresponds to the hash
in the public block. That's what private data is - a means
for several organizations to send each other information without putting
it on the blockchain, but still bind the data to the blockchain for non
repudiation of the fact that the data was put there (not of any other world
/ business facts as in your example).> first of all,
I appreciate you agree that another point 2 point connection must be established
between orgs to pass the salt and the image itself, anything on chain can
be used to launch pre-image/dictionary attack
Well, but this is already what is done
now. This is how private data works in Fabric:- You (as the user) have the ability to
put on the blockchain hashes of salted data.
- The data is disseminated in a secure
point to point connection between peers that are eligible of receiving
the data.
- YacovFrom:
"Ivan Ch"
<acizlan@...>To:
fabric@...Date:
10/23/2019 05:59 AMSubject:
[EXTERNAL] Re:
[Hyperledger Fabric] Major security hole in Hyperledger Fabric - Private
Data is not private #fabric #fabric-questions #fabric-dstorage #database
#dstorage #dstorage-fabric #fabric-chaincode #sslSent by:
fabric@...
Hi Yacov,
thanks for your reply, let me clarify the jargon here so more people can
understand
pre-image: data itself and its salt
"Private data is disseminated in a point to point
manner among peers even now.The peers that posses the private data, send
the peers that don't (but are eligible of receiving it) the hash pre-images,
and the receiving peers validate the hash pre-images indeed correspond
to the hashes on the public block.
I don't see any technical obstacle that prevents you to add a salt per
collection name for a given transaction, that will be concatenated to the
computation of the hash of the key and the value for the said collection.The
salt can be part of the data element that is generated at the time of chaincode
invocation, and will be passed along with the private data itself."first of all, I appreciate you agree that another point
2 point connection must be established between orgs to pass the salt and
the image itself, anything on chain can be used to launch pre-image/dictionary
attack
of course there is no technical obstacle to create salt, but the issue
here is that it creates a
false sense that data is private and can be
validated. let me explain:
you try to argue that the salted hash on the public chain is a proof that
some data is "valid". this itself is a terrible argument because
hashes (unlike digital signature, homomorphic encryption) is not something
that others can verify when the data (hash) it put on public chain.
here is an example: my national ID is "1234567", but I am
a bad guy and want others to believe that my national ID number is "7654321".
so I put the false hash(salt, "7654321") on chain, and then send
pre-images (salt, "7654321") to whoever I want to convince.
Since nobody can verify the hash(salt, "7654321") when
the hash was put on chain without prior knowledge of the data, an adversary
can use the claims about private data functionality to trick people to
believe forged data.
my point is that the claims about private data mislead people to believe
this feature will either help to orgs to protect data or validate a pre-existing
data, but neither is true and can be easily used by an adversary to decode
data (if there is no salt or salt is known) or to trick people believe
in wrong data like the sample above.
