BigData wk13
tina11689
BlockchainTokenisation.pdf
Tokenization: Open Asset Protocol on Blockchain
Xuefeng Li
Zhong An Information and Technology Service Co., Ltd
ShangHai, China
e-mail: [email protected]
Xiaochuan Wu
Zhong An Information and Technology Service Co., Ltd
ShangHai, China
e-mail: [email protected]
Xin Pei
Zhong An Information and Technology Service Co., Ltd
ShangHai, China
e-mail: [email protected]
Zhuojun Yao
Zhong An Information and Technology Service Co., Ltd
ShangHai, China
e-mail: [email protected]
Abstract—Token represents the right to do some operations in
software. In blockchain, there are two types of tokens: utility
token and security token. They endow the items of token more
value in blockchain world. In order to achieve asset
tokenization, we propose a new kind of token in this paper, the
asset-backed token, which is used for the proposed blockchain
based Open Asset Protocol (OAP). Using OAP, we show to how
to convert both of the real and virtual objects to asset-backed
tokens on blockchain. Then we discussed a new method for
data utilization and privacy-preserving based on OAP and
compare with our previous scheme, the Secure Multi-Party
Computation (SMPC). Additionally, we introduce the Policy-
Backed Token(PBT), which is an instance implementing OAP
in insurance industry. We have applied PBT in the airline
travel insurance product E-life of an insurance company.
Keywords-tokenization; asset; blockchain; token; smart
contract; crypto-currency; data privacy
I. INTRODUCTION
Bitcoin [1,2,3] is the first purely peer-to-peer digital crypto-currency. Blockchain, as the underlying technology of Bitcoin, is the key innovation of Bitcoin. Blockchain is a relatively new technology, however people consider it has the potential to implement in limitless area, such as supply chain, food trace, trading finance, payment, education, insurance etc. However, after a few years of developing, we still have not witnessed implementations that make blockchain or its derivates deployed in heavyweight decentralized application(DApp) or decentralized autonomous organization (DAO). We address three reasons for this:
(1) Technology problem. Blockchain is still developing like other new technology and has its own development life cycle. In Gartner Hype Cycle 2018 it is after the period of the peak of inflated expectations. Some initial issues such as throughput, scalability, storage, privacy, etc. are still not well solved nowadays. Good progress has occurred in terms of throughput from Bitcoin 7 transactions(TX)/s to Ethereum 15 TX/s, and then EOS 1000+ TX/s, which can already support
some applications. Nerveless, once it comes to privacy, the permissionless blockchain is hard to solve, because the data of permissionless blockchain is transparency and each node have a copy of the ledger. These technical issues are important factor for promoting blockchain application.
(2) Blockchain Scenario. After few years of exploration we did not find a very suitable scenario for public blockchain. Even if someone said Bitcoin was the most popular application of Blockchain, to some extent they would be right. However, it is because the potential of blockchain is fully developed according to real requirements, such as trust and transparency.
(3) Token problem. Token represents the right to do some operation in computing, such as access token, session token, token ring etc. In blockchain environment, tokens also has economics properties. More than 1000 projects did Initial Coin Offering(ICO) on blockchain in 2017. Simply speaking, ICO is a mean of crowdfunding that makes full use of the characteristics of Blockchain which is efficient, automatic, tamper-proof and global. Nonetheless, it also brings some problems such as lack of supervision, low investment threshold and frauds. Many teams use ICO only for speculation and do not consider its usefulness for Blockchain, leading to someone advocating that Blockchain does not require token. We argue that token is not just coin, but the core component of Blockchain. We divide the token into three types, respectively, utility, security and asset- backed tokens. Asset-backed token has been proposed before, but in this paper, we refine it as the base for Open Asset protocol.
From the finance property aspect of view, the tokens and coins generated by the blockchain are both regarded as cryptocurrency, which is a kind of encrypted digital or virtual currencies. Cryptocurrencies use cryptographic algorithms[4,5] to secure and verify all transactions. Prior to Bitcoin, some cryptocurrencies are exited, but Bitcoin is an important milestone due to its distributed and decentralized nature. After Bitcoin, other coins within Blockchain are also considered as cryptocurrency coins. Coins are native currencies of Blockchain, like Bitcoin, ETH[6], EOS, etc.
204
2019 IEEE 2nd International Conference on Information and Computer Technologies
978-1-7281-3323-2/19/$31.00 ©2019 IEEE
On the other hand, tokens are always on the top of Blockchain through the use of smart contract [7]. Tokens are digital rights, that represent for utilities, asset and security.
Utility tokens are application coins. They represent the right to operate the App or access services provided by the App. Therefore, utility tokens have no investment attributes. Security token is a new kind of a crypto token. Its design came from the shares of companies, but it is created on the top of blockchain. The value of security token is driven from external value of companies or applications, and it is subject to federal securities regulations and follows supervision. Security token is a new thing and there is no successful example to refer. Asset-backed tokens represent the real world assets. The assets could be real estate, art, derivatives markets, non-fungible assets, commodities, services and even identity. As for the name of a specified token, it depends on what kind of things back. For example, the backed asset is policy in insurance, thus it is called the Policy-backed token(PBT). We will describe a PBT case in the later. Someone might argue that a good stable coin is also Asset-backed token, that the stable coins are usually pegged to a fungible currency.
In this paper, we propose the Open Asset Protocol (OAP), and utilize the blockchain technique to promote the liquidity of assets. Different from the baseless blockchains and “air coins” , we link each token with a thing in reality so that the value of the tokens will vary with the things. For example, a contract, a company, an insurance policy as well as a car, a box of chocolate, any object that we could touch and see can be the backed thing mapping to a token on the blockchain. Thus, the assets of an individual can be described in tokens, which can be searchable by an identified blockchain address and computed under the owner’s authentication. The OAP provides a new method for secure data utilization and promotes the assets liquidity in policy, finance and healthcare(PHR) fields by means of tokenization. Next we take PBT, a sub-class of OAP, to demonstrate the benefits.
II. THE OPEN ASSET PROTOCOL
TABLE I. THE TYPICAL PROTOCOLS IN OAP
OAP501. OAP501 is an open standard which describes how to build non-fungible, non-permutable or unique tokens on blockchain. This kind of token is not the same, Tokens in OPA501 are all unique. OAP502. OAP502 is an open standard which describes how to build fungible tokens on blockchain. It gives the functions and events that a smart contract must implement to. Mutual crowd
funding asset tokens can use OAP502. Every token is the same. OAP701. OAP701 is an open standard which allow for infinite numbers of OAP501 or OAP502 tokens in a single smart contract. It is easy and efficient for the network to handle. They don’t need contain boundless amounts of repeated data. OAP702. OAP702 is similar with OAP701 except that OAP702 allows for infinite numbers of OAP501 and OAP502 tokens in a single smart contract.
OAP is an asset tokenization protocol family[8]. Table I
describe four OAP protocols, OAP501, OAP502, OAP701, OAP702. These protocols define minimum interfaces that
smart contracts must implement to allow tokens to be traded and managed. According to specific cases, supplemental functions can be added to the smart contract.
Each OAP protocol contains a series of interfaces defined by the smart contract. For example, OAP701 defines the following interfaces: ● Sub-token purchase Interface: Since OAP701 is a
combined token, this interface enables the user to
purchase the sub token (501, 502 tokens) separately.
● Token query Interface: Takes a blockchain address as
input, and returns all the tokens under this address.
● Address query Interface: Takes a token as input, and
returns the address of token owner.
● State query Interface: Takes an OAP701 token as input,
and returns the states of all its sub tokens.
● Certificate query Interface: Takes a sub token as input,
and returns the certificate of that token.
● Detail query Interface: Takes a token/sub token as
input, and returns the product details corresponding to
that token.
● Setting interface(s): Takes a token/sub token and the
values as input, set the , key value pair.
● Token transfer Interface: This interface is used to
transfer a token from address A to address B, which
also means the transference of the backed assets.
● Authentication Interface: The owner of the token uses
this interface to authenticate others on the token data
access.
● Attachment query Interface: Takes a token as input,
and returns the attachment or additional messages
attached to this token. The OAP protocols can be applied to scenarios of co-
insurance, re-insurance and policy pledge in a logical way based on the carriers(e.g., the tokens) of insurance asset rights according to the unified product standards. Moreover, companies in the insurance industry can establish a standardized distributed business system, thus to improve business capacities and service qualities by taking advantage of the transparent and opening properties of blockchain as well as the living insurance asset tokens.
The PBT is a tokenized instance of OAP applies in the insurance industry. Correspondingly, we have the token categories: PBT501, PBT502, PBT701, PBT702.
Figure 1 illustrates the use of “E-life token”, which is an application of PBT701 that describes the insurance combination on aviation risks. The E-life tokens consists of the main aviation policy and a series of minor policies such as luggage policy and delay policy, that are respectively belonging to the class of PBT501 and PBT502. The E-life token can be queried and accessed via sub-token interfaces separately. Similar to other insurance product, the sub-tokens PBT501 and PBT502 has an upper limit of insured amounts. Upon the case that a malicious insurant tries to buy the same insurance in multiple insurance company for fraud of compensation, the immutable PBT tokens of the insurant on the blockchain will help the insurers to make decisions.
205
Figure 1. The use of PBT701 on E-life insurance product.
The standard protocol of insurance token contributes to the regulation on insurance business. In the process of insurance business supervision, the problems are: (1) The integrity and authenticity of data collections can not be guaranteed. (2) Current regulation model is after-business supervision, rather than process-oriented supervision.
The blockchain based standard insurance protocol solves this by two ways, one is to provide a unified business interface and data standard for supervision, and the other is to realize trust-less supervision relying on the blockchain
properties, such as transparency, real-time broadcasting, and non-tampered with.
For regulators, the terms and procedures of insurance business become completely transparent and controllable because of the tokenized insurance assets. The running of insurance business has come from the blackbox to transparency and under control. The regulatory node in the blockchain can adjust and stop non-compliance business at any time.
III. AUTHENTICATION ON ASSET DATA BEHIND TOKEN
Most of the user data are stored in business companies and data centers. For sake of privacy-preserving, the private data are encrypted, which is against to data utilization. In the tokenized system, each item of asset record corresponds to a queryable token on the blockchain. We can view the token and its descriptions without knowing the detailed contents unless authenticated by its owner. This satisfies the GDPR rules[9], that individuals should have full control over their data, even if the data is outsourced. Note that the private content of data assets or contracts belongs to the user, rather than the corresponding tokens. The tokens are generated by the alliance blockchain of companies and cannot be tempered with by anyone, while user tokens are non-sensitive and queryable.
Figure 2. The signature based proof of asset possession.
Figure 3. The PRE based proof of asset possession.
206
The asset owner can authenticate individuals or companies on the detailed contents according to the token descriptions. Due to the encrypted private data are stored in separate companies, we provide two methods for owner to convince the requestor of the assets possessed. Figure 2 illustrates the signature based [10, 11] proof of asset possession (PAP), while figure 3 shows the Proxy re- encryption based[12,13] PAP.
IV. COMPARISON BETWEEN SMPC AND OAP PROTOCOL
The requirements on data utilization are increasing in fields such as finance, insurance, healthcare, academic research and supply chain, etc. Nevertheless, the paradox is “opening without sharing”, which means to keep data available on search and use without revealing the data contents. Before the proposal of OAP, the secure multi-party computation (SMPC) [14,15,16] is the widely applied data opening scheme with privacy-preserving property. In this section, we analyze the usabilities of both SMPC and OAP schemes, and compare the advantages in an over loan scenario, described as follow.
“Alice is an employee in a factory, and her salary is 10,000 per month. The bank evaluates Alice’s asset and job to decide a credit ceiling of 20,000. However, Alice intends to ask for a loan of 200,000. On condition that banks and loan companies fail to query each other for Alice’s loan records, she will apply to as many as banks and companies to achieve 200,000 loan.”
A. SMPC Based Data Utilization
The SMPC aims to achieve the secure cooperative computing for a designated result among a group of parties who join to contribute data and compute resources. During the computation, the SMPC requires input isolation, correctness of computation, as well as prevention on input retrieval by other parties.
Figure 4 shows the computing environment of a SMPC scheme, and the coordinator can be a Trusted Authority (TA) or a smart contract on the blockchain[17]. The use of blockchain-based SMPC gains the decentralization property, making the computing public verifiable and transparent, but is not as efficient as TA based scheme. Simply, we describe the TA based SMPC working flow next.
Figure 4. An example of SMPC based data utilization.
In the over loan case, the user (e.g., a loan company) requests to the TA for a multi-party computation. Upon
receiving, the TA coordinates each participant(e.g., banks or other loan companies) to prepare required data and computation resources. Then, the participants take the given sub-functions and data as input, and return computed results to the TA. The TA responds to the user with the aggregation of sub-results. Table II describes the detailed procedures of SMPC, which helps the loan company to make a decision.
The SMPC can perform privacy-preserving computation on behalf of each party’s raw data, and reach the intended result in an efficient manner. Moreover, each party can generate a proof in the computing phase for TA or blockchain based public verification and error location.
TABLE II. THE SMPC BASED DECISION MAKING ON LOAN
1. The loan company asks TA for Alice’s credit and the amount of loan records, without requesting the details on the records.
2. TA defines the multi-party computation rules so as to decompose the request into sub-tasks and distribute to each
party’s SMPC client. Usually, such a client can do both data
pre-processing and computation.
3. During the data pre-processing, each party executes searching and ETL operations on its own database or warehouse to form
the desired and structured data set according to the assigned
sub-task.
4. The SMPC client takes the company’s public key to processe data encryption, segmentation and distribution, etc. in the data
pre-processing phase.
5. Each SMPC client performs homomorphic operations (e.g., additive or multiplicative), and outputs the computed result.
6. TA aggregates all the outputs from parties, and returns a ciphertext indicating Alice’s current loan to the company.
7. The company decrypts the ciphertext with its secret key and makes the decision.
However, the SMPC scheme requires all the parties to
install a SMPC client and authorize it with data access, in order for client based sub-tasks execution. Besides, the performance of data pre-precessing is quite slow for the first time, especially for mass input with strict security requirements.
B. The OAP Based Data Utilization
The asset tokenization brings up a new method for data opening. Compared with the SMPC scheme, the OAP scheme avoids the disadvantages of forced client installation, low efficiency and high cost of hardware deployment.
The OAP scheme is implemented in alliance blockchain, where each node only stores the partial data including business related data and public data. The public data refers to the smart contract of data opening interfaces. Upon an external request, the alliance blockchain informs related nodes of the event, and returns a fetched or computed result under data owner’s authentication.
In the designing of smart contract, each token has an access list. The owner of the token is qualified to query details on the blockchain and authenticate others to query. Meanwhile, the companies acting as members of the alliance blockchain are able to query statistic via data opening interface. Taking the insurance industry for example, the
207
chain member can query the overview of mortgage bills, the total number of such bills, as well as the inssrant’s risking limit. Note that a token can represent a possitive asset as well as a negtive asset, such as a loan. Next describe the utilization of asset token in Alice’s over loan case, where the token is negtive.
Different from SMPC scheme, each bank or company in the alliance blockchain will generate a token for Alice, recording the hash of loan data. Although the amount and details of the loans cannot be retrieved from the token, loan companies are able to enum Alice’s loan records and ask her for record authentication upon a loan request.
Compared with SMPC schemes, the asset tokenization scheme liberates the worries of installing designated client,
and release the members of alliance blockchain from heavy computing works.
Figure 5. An example of OAP based data utilization.
Figure 6. The security and privacy protection on asset token.
Additionally, we extend the model of asset token to achieve anonymous amount query. As shown in figure 5, a temporary amount pool is introduced to store the anonymous
value. The construction is described as follows:
1 2 3 4 , , ,S S S S are the ciphertext of user’s amount (e.g.,
loan or insurance) generated by the companies A, B, C and D respectively, with each encrypted by the user’s identity public key. These ciphertext are anonymous and stored in the token amount pool.
Once the user authenticates to a requestor for data
querying, the requestor is able to decrypt 1 2 3 4 , , ,S S S S to
obtain the user’s loan or insurance amount. Further, the requestor can verify the sum of the amount by calling the smart contract interface under the user’s authentication. During this procedure, the requestor cannot retrieve the relations between companies and the amounts.
Thus, both the alliance member and external requestor are able to query the amount of user to make business decision, while the data privacy of both users and alliance members is well protected all through this query procedure.
V. SECURITY AND PRIVACY ANALYSIS
The requirements of security and privacy-preserving always conflict with the flexibility of data utilization. Different from traditional data protection schemes, the security of OAP scheme is based on blockchain data protection and fine-grained user authentication, as shown in the figure 6. We discuss the alliance blockchain based tokenization privacy from the aspect of data life cycle.
A. Generation Phase
The user tokens are generated by the alliance members, and supports model extension for various scenarios. In a standard user token, the form is as
208
, token list plaintext . Each token item is a hash value representing for a real thing which is under consensus of all consortium members. Due to the one-way property of hash and the detail content are stored in each member’s local database, the token itself is not sensitive. On the other hand, the plaintext are token descriptions, public titles and non- sensitive data abstracts, etc.
B. Usage Phase
The usage of token includes both direct access and user authentication access. As for the plaintext in token, requestors can access in the alliance blockchains. But for the hash value in the token, only if the owner authenticates and broadcast to all the alliance members, the requestors can read and combine related nodes for specific computation.
C. Output Phase
The output in the OAP scheme refers to the responses to the requestor, which keep the privacy preserving property for all blockchain members. The output is based on user’s fine- grained authentication, such as access to token lists, token validation times, etc. The alliance blockchain also remains user anonymity against external requestors.
D. Deposition Phase
Due to the unforgettability of blockchain itself, the forgettability[18] is extremely hard for on-chain data. A theoretical scheme[19] is to find a special string which has the same hash value as the protected string. Thus, the forgettability is equivalent to replacement of string mapping. However, the hash collusion is too difficult to find such the twin strings.
VI. CONCLUSIONS
In the traditional economic system, only things, which can be recorded in the ledger, can be traded and have liquidity value. However, in real world most things can’t be quantified, tokenization solves this problem. Open asset protocol can be applied various fields and we first applied OAP in insurance and instanced Policy-backed token. OAP provide methods of how to quantify, map and authenticate real or virtual asset. Trading and exchanging of Asset-backed token is still open question. We are very pleased to discuss with this information with who are interested.
REFERENCES
[1] S. Nakamoto. “Bitcoin: A Peer-to-Peer Electronic Cash System”, 2008.
[2] Reid F, Harrigan M. “An Analysis of Anonymity in the Bitcoin System”. IEEE Third International Conference on IEEE Third International Conference on Privacy, Security. IEEE, 2012.
[3] Nadarajah S, Chu J. “On the inefficiency of Bitcoin”. Economics Letters, 2017, 150:6-9.
[4] Stallings W. “Cryptography and network security (2nd ed.): principles and practice”. International Journal of Engineering & Computer Science, 2012, 01(01):121-136.
[5] Kosba A, Miller A, Shi E, et al. “Hawk: The Blockchain Model of Cryptography and Privacy-Preserving Smart Contracts”. 2016 IEEE Symposium on Security and Privacy (SP). IEEE, 2016.
[6] Vitalik B. “Ethereum: A Next-Generation Smart Contract and Decentralized Application Platform.”, 2013. URL {http://ethereum.org/ethereum.html}.
[7] Clack C, Bakshi V, Braine L. “Smart Contract Templates: foundations, design landscape and research directions”. 2017.
[8] ZhongAn R&D Group. “The introduction on open asset protocol and the policy backed token”. URL {http://annchain.io/}, 2018.
[9] Voigt P, Bussche A. D. “The EU General Data Protection Regulation (GDPR)”. Springer International Publishing, 2017.
[10] Shamir A. “Identity-Based Cryptosystems and Signature Schemes”. Lect.notes Comput.sci, 1985, 196(2):47-53.
[11] Cheon J. “An Identity-Based Signature from Gap Diffie-Hellman Groups”. International Workshop on Theory & Practice in Public Key Cryptography: Public Key Cryptography. Springer-Verlag, 2003.
[12] Nuez D, Agudo I, Lopez J. “Proxy Re-Encryption”. Academic Press Ltd. 2017.
[13] Canetti R, Hohenberger S. “Chosen-ciphertext secure proxy re- encryption”. ACM Conference on Computer & Communications Security. DBLP, 2007.
[14] I. Damgård, V. Pastro, N. Smart, et al. “Multiparty Computation from Somewhat Homomorphic Encryption”. Cryptology Conference on Advances in Cryptology, CRYPTO. Springer-Verlag New York, Inc. pp.643-662, 2012.
[15] J. B. Nielsen, P. S. Nordholt, C. Orlandi, and S. S. Burra. “A new approach to practical active-secure two-party computation”. IACR Cryptology ePrint Archive, 2011:91.
[16] R.Bendlin, I.Damg ard, C.Orlandi, et al. “Semi-homomorphic encryption and multi-party computation”. In EUROCRYPT, pp. 169– 188, 2011.
[17] Pei X, Li X, Wu X. “Smart Contract based Multi-Party Computation with Privacy Preserving and Settlement Addressed”. World Conference on Smart Trends in Systems, Security and Sustainability(WS4), 2018.
[18] Greenleaf G. “International Data Privacy Agreements after the GDPR and Schrems”. Social Science Electronic Publishing, 2016.
[19] Ateniese G, Magri B, Venturi D. “Redactable Blockchain -or- Rewriting History in Bitcoin and Friends”. IEEE European Symposium on Security & Privacy. IEEE, 2017.
209
