Traceability in Permissioned Blockchain

In this paper, we have achieved privacy protection and high transparency in a permissioned blockchain. There is a sidechain that connects the permissionless blockchain and the permissioned blockchain. The behavior in the permissioned blockchain is almost a black box from the perspective of the permissionless blockchain. While this fact is useful for privacy protection, there is room for improvement in terms of transparency. To improve the transparency of the permissioned blockchain under privacy protection, we consider traceability in the permissioned blockchain consisting of the following three properties: trade privacy (who trades with whom and at what asset amount), preservation (the total amount inside the permissioned blockchain, including deposits and withdrawals to the permissionless blockchain, is immutable), and noninvolvement (some members in the permissioned blockchain are not involved in some trades, and it is possible to prove that specified members performed the transaction). To the best of our knowledge, we are the first to achieve both preservation and noninvolvement while protecting the privacy of transactions. Our approach is as follows. We model traceability based on the hidden Markov model. Because the proof of traceability requires the calculation of more than quadratic degrees, we encrypt this model by homomorphic encryption. The number of participants in the permissioned blockchain corresponds to the number of additions in the model. Then, we can construct the encrypted model by employing somewhat homomorphic encryption. The establishment of the original model is verifiable by applying the noninteractive zero-knowledge proof of the knowledge that the plaintext is equal to zero. This is an adaptation of Benhamouda et al. (Asiacrypt 2014).