Privacy in Raylz

Raylz is designed for customization. Different institutions have different business needs, and Raylz can accommodate them with extensions.

Extensions (or plugins) serve to strengthen the security, privacy, and performance of the core Raylz platform. We've collected some common reasons that warrant extensions below, along with our recommended solutions.

Private Information Retrieval

Malicious nodes in a Commit Chain can infer about private cross-chain transaction information. For example, if one relayer sends private signaling identifiers for a specific blockchain, then the party providing the data for this request now knows the exact number of transactions destined for that relayer.

For those who don't see this as an acceptable leakage, extend the initial protocol to feature a private information retrieval protocol. Including an additional information retrieval protocol ensures that the party providing the transaction data doesn't gain any additional information.

By using a trivial private information retrieval (PIR) approach, relayers can download the entire payload list and perform data processing locally. No information is leaked to those serving the data.

Sender Privacy

The initial Raylz design allows anyone looking at the public blockchain to infer how many cross-chain transaction occur in every time window. These inferences can be made because of the ciphertext published for each transaction.

To mask the identity of the entity publishing these state update, extend the system to use different cryptographic primitives. For those who don't mind a non-quantum-secure approach, consider ring signatures or Merkle proofs to protect senders.

Ring signatures allow signers to be part of an anonymity set. This approach is great for smaller groups, but becomes much more expensive as the set size increases.

Operators may also choose to post a random number of Merkle proofs on the Commit Chain. These proofs, along with dummy data, conceal the number of valid transactions from the public. While not a zero-knowledge solution, Merkle proofs keep private information between the sender and the destination. At most, external parties can infer the number of cross-chain transactions that have a certain destination.

Post-quantum security

Non-Interactive Key Exchange

To ensure long-term security against quantum-computing adversaries, use different primitives to perform the non-interactive key exchange. Raylz recommends a hybrid approach relying on two post-quantum non-interactive key exchanges: CSIDH and Swoosh.

CSIDH and Swoosh are reliable primitives that can back up their security assurances. CSIDH wasn't affected by the devasting attacks on SIDH, while Swoosh provides a practical, efficient approach for real-world applications. Combined, CSIDH and Swoosh provide a higher-performing alternative to existing non-interactive key exchange (NIKE) approaches.

Pedersen Commitments

Raylz uses Pedersen commitments as the foundation of used range proofs. While an adversary capable of breaking the discrete logarithm can generate range proofs for a value, that value won't be present in the correct range. Additionally, the adversary won't learn the values behind previously posted commitments due to Pedersen's unconditional hiding property.

Our design uses the Ruffing and Malavolta techniques to ensure that computationally bound proofs can be switched to quantum-secure proof systems. This is achieved by transforming a Pedersen commitment into an EIGamal commitment.

Alternatively, use the commitment scheme defined in the following equation:

This commitment approach provides hiding and binding properties that are inherently computational. However, a quantum adversary cannot subvert either property.

Raylz is working on a more formal analysis to this approach.

Key Rotation

Integrate a key rotation protocol to ensure perfect forward security (PFS). With this protocol, past messages are secured against future key compromises.

We recommend that key rotation protocols follow the X3DH protocol used in the Signal protocol. Besides PFS, this protocol ensures the self-healing property.

The architecture and communication assumptions of the Raylz platform are well suited for integrating a key rotation protocol.

Asset Sovereignty

Raylz supports sovereign and shared assets.

Shared assets allow trusted parties to record transactions on their own Privacy Ledgers, regardless of whether they were involved. Sovereign assets can only be burned and minted by a single key pair from an issuer position, and capture the regulatory and monetary policy requirements for certain types of digital assets. No matter the asset type, the issuance is verifiable, preventing bad parties from minting invalid assets.

Last updated