The “Mirror Chains”: the solution for protection financial protocols and fintech products

Version 1.0, November 2019

Authors: Vasily Sumanov, Yaroslav Lunev.

Abstract

Both centralized and decentralized systems are vulnerable to several major attack types (table 1). We developed a particular product on top of the Cellframe Network named the “Mirror chains” aimed at providing additional security to the fintech products.

The “Mirror chains” use case is designed to protect financial protocols and products from the mentioned attacks by running a special type of blockchain (we call it a “mirrored chain”), which stores the primary system data and is secured by post-quantum cryptography.

The application scenarios of “Mirror chains” for protection centralized fintech products, such as exchanges:

1. Storage and verification of system states during operation;
2. Backup and verification of critical system data, such as account balances, deals, etc.;
3. Protection from attacks of a quantum computer on cryptography;

The application of Mirror chains can allow improving public trust in the company, decrease insurance costs, and automate relationships with watchdogs (based on interview with our customers (cryptocurrency exchanges) and insurance companies).

The application scenarios of “Mirror chains” for protection of decentralized networks, such as public and private blockchains:

1. Protection from attacks of a quantum computer on cryptography;
2. Protection from other terminal attacks by setting up verified checkpoints and scheme of authorized fork launch/network re-launch;

The application of Mirror chains to a decentralized network allows us to protect it from terminal attacks without affecting its performance, user experience, and not request any technology changing.

Introduction

The main attack vectors that we address by applying the Mirror Chains approach are listed in table 1:

Table 1. Attacks and protection approach for centralized and decentralized systems.

The principal scheme of Mirror Chains operation is presented below. Every state of the system is recorded into the ledger in realtime and signed by PoA participants. The Mirror Chains is the solution designed for the needs of the enterprises. However, consensus can be modified to PoW/PoS if it is required.

In the simplest case, it is a highly-secured distributed database of a system states. Every state is approved to be legit by all involved PoA consensus participants. The particular use cases for applying the Mirror Chains approach are described below.

Application of the Mirror Chains approach to centralized systems

Centralized exchanges: backing data concerning account balances, deposits, internal transactions (if it is necessary according to a technical task.), and withdrawals to quantum-safe Cellframe subchain with Proof-Of-Authority consensus (PoA validators: exchange itself, the regulator, the insurance company). Any user of exchange can launch a node and store all information in a read-only regime (all data is encrypted). In case of attack, all information can be retrieved from the chain and can be used for insurance claims/system restoration. The fact of an attack is defined by PoA validators. Thus, the system is protected by transparent (for accredited parties) and secure storage of principal system states, which cannot be modified or forged in the future even if centralized data custody would be damaged or destroyed.

Application of the Mirror Chains approach to decentralized systems

Quantum attack on cryptographic signatures of the blockchain system. Initially, there is public or private blockchain (specified further as Existing Blockchain or EB), using elliptical cryptography. The system needs protection from a quantum attack: an attacker can get access to any address by using a quantum computer to get the private keys.

In such a case, the main problem is that a trustworthy system becomes untrustworthy, so nobody knows who can be trusted unless the user has a PQ key from the Mirror chain issued beforehand. However, there is another problem, which comes down to a simple question — how to distinguish mass leak of private keys, for example, by hacking a major centralized exchange or custody with the real quantum attack? There is no simple and verified approach yet. We propose the following mechanism: every mass-hacking event is a reason to hold voting using the largest capital holders in the network. The network participants vote on both chains — the original one and the mirrored one. The voting power is calculated as an average account balance during the last N blocks. This approach is introduced to solve the problem of rapidly balances changing during attacks: there is a possibility that the attacker will move a large sum of core network assets to capture the majority in Mirror Chain. We will research it to find the optimal value of the N variable.The core part of our solution for this issue is the Mirror Chain. The mirrored chain duplicates all the information recorded in the Existing Blockchain (EB) but with an application of the post-quantum encryption for protecting the private keys.

Any address owner of the EB can use the service of PQ key issuance after proof of ownership procedure, which is shown at Pic.2. The user saves this PQ key in a safe place just as he did it with the private key of EB.

In case of a terminal attack in the system where every key gets insured in the Mirror Chain, it is possible to restore all the balances and keep everybody safe, i.e., this procedure creates a situation where a quantum attack has no point at all. The re-launch of the chain is based on the voting procedure, described above. Besides, it is possible to protect each EB address with more than one key, even with several types of encryption.

Future work
The approach proposed in this article is intensively explored by Cellframe, and some new results will be published soon. There is a significant field to customization this idea to specific needs of fintech and blockchain companies and protocols that can be carried out only in collaboration with such companies. If you are a company or a security enthusiast, we invite you to contribute to this open-source research.

Contacts

cellframe.net

wiki.cellframe.net

Instruction to launch a Cellframe node.

Telegram group where you can ask your questions directly to the CTO: https://t.me/cellframe