MatRiCT: A quantum-safe and privacy-preserving blockchain protocol

Researchers from CSIRO’s Data61 and the Monash Blockchain Technology Centre have developed the world’s most efficient blockchain protocol that is both secure against quantum computers and protects the privacy of its users and their transactions.

MatRiCT

The technology can be applied beyond cryptocurrencies, such as digital health, banking, finance and government services, as well as services which may require accountability to prevent illegal use.

The protocol — a set of rules governing how a blockchain network operates — is called MatRiCT.

Cryptocurrencies vulnerable to attacks by quantum computers

The cryptocurrency market is currently valued at more than $325 billion, with an average of approximately $50 billion traded daily over the past year.

However, blockchain-based cryptocurrencies like Bitcoin and Ethereum are vulnerable to attacks by quantum computers, which are capable of performing complex calculations and processing substantial amounts of data to break blockchains, in significantly faster times than current computers.

“Quantum computing can compromise the signatures or keys used to authenticate transactions, as well as the integrity of blockchains themselves,” said Dr Muhammed Esgin, lead researcher at Monash University and Data61’s Distributed Systems Security Group. “Once this occurs, the underlying cryptocurrency could be altered, leading to theft, double spend or forgery, and users’ privacy may be jeopardised.

“Existing cryptocurrencies tend to either be quantum-safe or privacy-preserving, but for the first time our new protocol achieves both in a practical and deployable way.”

The MatRiCT protocol is based on hard lattice problems, which are quantum secure, and introduces three new key features: the shortest quantum-secure ring signature scheme to date, which authenticates activity and transactions using only the signature; a zero-knowledge proof method, which hides sensitive transaction information; and an auditability function, which could help prevent illegal cryptocurrency use.

Blockchain challenged by speed and energy consumption

Speed and energy consumption are significant challenges presented by blockchain technologies which can lead to inefficiencies and increased costs.

“The protocol is designed to address the inefficiencies in previous blockchain protocols such as complex authentication procedures, thereby speeding up calculation efficiencies and using less energy to resolve, leading to significant cost savings,” said Dr Ron Steinfeld, associate professor, co-author of the research and a quantum-safe cryptography expert at Monash University.

“Our new protocol is significantly faster and more efficient, as the identity signatures and proof required when conducting transactions are the shortest to date, thereby requiring less data communication, speeding up the transaction processing time, and reducing the amount of energy required to complete transactions.”

“Hcash will be incorporating the protocol into its own systems, transforming its existing cryptocurrency, HyperCash, into one that is both quantum safe and privacy protecting,” said Dr Joseph Liu, associate professor, Director of Monash Blockchain Technology Centre and HCash Chief Scientist.

New technique protects consumers from voice spoofing attacks

Researchers from CSIRO’s Data61 have developed a new technique to protect consumers from voice spoofing attacks.

voice spoofing attacks

Fraudsters can record a person’s voice for voice assistants like Amazon Alexa or Google Assistant and replay it to impersonate that individual. They can also stitch samples together to mimic a person’s voice in order to spoof, or trick third parties.

Detecting when hackers are attempting to spoof a system

The new solution, called Void (Voice liveness detection), can be embedded in a smartphone or voice assistant software and works by identifying the differences in spectral power between a live human voice and a voice replayed through a speaker, in order to detect when hackers are attempting to spoof a system.

Consumers use voice assistants to shop online, make phone calls, send messages, control smart home appliances and access banking services.

Muhammad Ejaz Ahmed, Cybersecurity Research Scientist at CSIRO’s Data61, said privacy preserving technologies are becoming increasingly important in enhancing consumer privacy and security as voice technologies become part of daily life.

“Voice spoofing attacks can be used to make purchases using a victim’s credit card details, control Internet of Things connected devices like smart appliances and give hackers unsolicited access to personal consumer data such as financial information, home addresses and more,” Mr Ahmed said.

“Although voice spoofing is known as one of the easiest attacks to perform as it simply involves a recording of the victim’s voice, it is incredibly difficult to detect because the recorded voice has similar characteristics to the victim’s live voice. Void is game-changing technology that allows for more efficient and accurate detection helping to prevent people’s voice commands from being misused”.

Relying on insights from spectrograms

Unlike existing voice spoofing techniques which typically use deep learning models, Void was designed relying on insights from spectrograms — a visual representation of the spectrum of frequencies of a signal as it varies with time to detect the ‘liveness’ of a voice.

This technique provides a highly accurate outcome, detecting attacks eight times faster than deep learning methods, and uses 153 times less memory, making it a viable and lightweight solution that could be incorporated into smart devices.

Void has been tested using datasets from Samsung and Automatic Speaker Verification Spoofing and Countermeasures challenges, achieving an accuracy of 99 per cent and 94 per cent for each dataset.

Research estimates that by 2023, as many as 275 million voice assistant devices will be used to control homes across the globe — a growth of 1000 percent since 2018.

How to protect data when using voice assistants

Dr Adnene Guabtni, Senior Research Scientist at CSIRO‘s Data61, shares tips for consumers on how to protect their data when using voice assistants:

  • Always change your voice assistant settings to only activate the assistant using a physical action, such as pressing a button.
  • On mobile devices, make sure the voice assistant can only activate when the device is unlocked.
  • Turn off all home voice assistants before you leave your house, to reduce the risk of successful voice spoofing while you are out of the house.
  • Voice spoofing requires hackers to get samples of your voice. Make sure you regularly delete any voice data that Google, Apple or Amazon store.
  • Try to limit the use of voice assistants to commands that do not involve online purchases or authorizations – hackers or people around you might record you issuing payment commands and replay them at a later stage.

Open source algorithms for network graph analysis help discover patterns in data

StellarGraph has launched a series of new algorithms for network graph analysis to help discover patterns in data, work with larger data sets and speed up performance while reducing memory usage.

network graph analysis

Problems like fraud and cybercrime are highly complex and involve densely connected data from many sources.

One of the challenges data scientists face when dealing with connected data is how to understand relationships between entities, as opposed to looking at data in silos, to provide a much deeper understanding of the problem.

Tim Pitman, Team Leader StellarGraph Library said solving great challenges required broader context than often allowed by simpler algorithms.

“Capturing data as a network graph enables organizations to understand the full context of problems they’re trying to solve – whether that be law enforcement, understanding genetic diseases or fraud detection. We’ve developed a powerful, intuitive graph machine learning library for data scientists—one that makes the latest research accessible to solve data-driven problems across many industry sectors.”

Lower memory usage and better performance

The version 1.0 release by the team at CSIRO’s Data61 delivers three new algorithms into the library, supporting graph classification and spatio-temporal data, in addition to a new graph data structure that results in significantly lower memory usage and better performance.

The discovery of patterns and knowledge from spatio-temporal data is increasingly important and has far-reaching implications for many real-world phenomena like traffic forecasting, air quality and potentially even movement and contact tracing of infectious disease—problems suited to deep learning frameworks that can learn from data collected across both space and time.

Testing of the new graph classification algorithms included experimenting with training graph neural networks to predict the chemical properties of molecules, advances which could show promise in enabling data scientists and researchers to locate antiviral molecules to fight infections, like COVID-19.

The broad capability and enhanced performance of the library is the culmination of three years’ work to deliver accessible, leading-edge algorithms.

Mr Pitman said, “The new algorithms in this release open up the library to new classes of problems to solve, including fraud detection and road traffic prediction.”We’ve also made the library easier to use and worked to optimize performance allowing our users to work with larger data.”

Network graph analysis implementation

StellarGraph has been used to successfully predict Alzheimer’s genes, deliver advanced human resources analytics, and detect Bitcoin ransomware, and as part of a Data61 study, the technology is currently being used to predict wheat population traits based on genomic markers which could result in improved genomic selection strategies to increase grain yield.

The technology can be applied to network datasets found across industry, government and research fields, and exploration has begun in applying StellarGraph to complex fraud, medical imagery and transport datasets.

Alex Collins, Group Leader Investigative Analytics, CSIRO’s Data61 said, “The challenge for organizations is to get the most value from their data. Using network graph analytics can open new ways to inform high-risk, high-impact decisions.”

seL4 creates open source foundation to enable more secure computing systems

CSIRO‘s Data61, the digital specialist arm of Australia’s national science agency, announced the creation of the seL4 Foundation, a not-for-profit organization, to accelerate the development of the seL4 microkernel and related technologies.

seL4 Foundation

An Australian innovation, seL4 is the world’s first operating system (OS) kernel that is mathematically proved secure, and is the world’s fastest and most advanced OS microkernel.

The kernel is the piece of software that runs at the core of any computer system and is responsible for ensuring overall security, safety and reliability. seL4’s growing list of deployments range from defence systems to autonomous air and ground vehicles, safeguarding them from cyber threats.

The seL4 Foundation will provide a global, independent and neutral organization for funding and steering the future evolution of seL4. Importantly, it will be a forum for developers and researchers to collaborate on growing and integrating the seL4 ecosystem, to maximise seL4’s benefits to critical systems across industry sectors around the world.

Dr June Andronick, Leader of Trustworthy Systems at CSIRO’s Data61 said, “seL4 is a game changer for safety- or security-critical systems; it forms a dependable base for building a trustworthy software stack. We are taking this step to increase participation from the seL4 community, to aid further adoption and provide a sustainable, long-term trajectory for seL4. We are impressed with the strong support for this move from developers and adopters around the world.”

The original developers of seL4 will remain highly engaged in steering the direction of the technology. Scientia Professor Gernot Heiser from UNSW Sydney and CSIRO’s Data61 said, “This is about taking the seL4 ecosystem to the next level. While broadening the community of contributors and adopters, at Trustworthy Systems we will continue to drive the kernel’s evolution and the research that ensures it will remain the world’s most advanced OS technology.”

Founding members of the seL4 Foundation, set up under the umbrella of the Linux Foundation, are CSIRO’s Data61, UNSW Sydney, HENSOLDT Cyber GmbH, Ghost Locomotion Inc, Cog Systems Inc, and DornerWorks Ltd.

Gernot Heiser (as Chair) and June Andronick serve on the initial governing board together with Gerwin Klein, Chief Principal Research Scientist, CSIRO’s Data61, who led the original seL4 verification and leads verification research in the Trustworthy Systems group.

Also on the Board is Dr John Launchbury, who was the program manager of the DARPA funded HACMS program that put seL4 on real-world unmanned helicopters, demonstrating protection against cyber attacks, he then became Director of DARPA’s Information Innovation Office, before re-joining Galois Inc.

They are joined by representatives of two major adopters of seL4: Sascha Kegreiß, Chief Technology Officer of HENSOLDT Cyber, a Munich-based company which develops embedded IT products that meet the highest security requirements, combining an operating system based on verified seL4 with a RISC-V processor that is protected from supply-chain attacks.

Finally, Dr Daniel Potts, Engineering Director of Ghost Locomotion, a California-based company which is converting cars to drive themselves, using seL4 to keep them safe. The directors are united in their desire to see seL4 secure the critical systems of the future.

Simon Barry, Acting Director at CSIRO’s Data61, “Cyber security is a core focus for Data61, and it’s fantastic to see our work further expanding its global relevance and reach. We are proud to lead the creation of the seL4 Foundation to enable safer, more secure and more reliable systems and this is an example of the international impact that Data61’s research and development is creating.”