Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Stock Exchange. Show all posts
ZKP
Blockchain Security cryptocurrency Data Privacy Stock Exchange Technology Transactions ZKP

Zero-Knowledge Proofs: How They Improve Blockchain Privacy?



Zero-knowledge proofs (ZKPs) are emerging as a vital component in blockchain technology, offering a way to maintain transactional privacy and integrity. These cryptographic methods enable verification without revealing the actual data, paving the way for more secure and private blockchain environments.

At its core, a zero-knowledge proof allows one party (the prover) to prove to another party (the verifier) that they know certain information without disclosing the information itself. This is particularly valuable in the blockchain realm, where transparency is key but privacy is also crucial. For example, smart contracts often contain sensitive financial or personal data that must be protected from unauthorised access.

How ZKPs Operate

A ZKP involves the prover performing actions that confirm they know the hidden data. If an unauthorised party attempts to guess these actions, the verifier's procedures will expose the falsity of their claim. ZKPs can be interactive, requiring repeated verifications, or non-interactive, where a single proof suffices for multiple verifiers.

The concept of ZKPs was introduced in a 1985 MIT paper by Shafi Goldwasser and Silvio Micali, which demonstrated the feasibility of proving statements about data without revealing the data itself. Key characteristics of ZKPs include:

  • Completeness: If the prover's statement is true, the verifier will be convinced.
  • Soundness: If the prover's statement is false, the verifier will detect the deception. 
  • Zero-Knowledge: The proof does not reveal any additional information beyond the validity of the statement.

Types of Zero-Knowledge Proofs

Zero-knowledge proofs come in various forms, each offering unique benefits in terms of proof times, verification times, and proof sizes:

  • PLONK: An acronym for "Permutations over Lagrange-bases for Oecumenical Non-interactive arguments of Knowledge," PLONK is known for its versatility. It supports various applications and allows a large number of participants, making it one of the most widely used and trusted ZKP setups.cyber 
  • ZK-SNARKs: Short for "Succinct Non-interactive Argument of Knowledge," ZK-SNARKs are popular due to their efficiency. These proofs are quick to generate and verify, requiring fewer computational resources. They use elliptic curves for cryptographic proofs, making them suitable for systems with limited processing power.

  • ZK-STARKs: "Scalable Transparent ARgument of Knowledge" proofs are designed for scalability and speed. They require minimal interaction between the prover and verifier, which speeds up the verification process. ZK-STARKs are also transparent, meaning they do not require a trusted setup, enhancing their security.
  • Bulletproofs: These are short, non-interactive zero-knowledge proofs that do not require a trusted setup, making them ideal for applications needing high privacy, such as confidential cryptocurrency transactions. Bulletproofs are efficient and compact, providing strong privacy guarantees without significant overhead.

Advantages for Blockchain Privacy

ZKPs are instrumental in preserving privacy on public blockchains, which are typically transparent by design. They enable the execution of smart contracts—self-executing programs that perform agreed-upon actions—without revealing sensitive data. This is particularly important for institutions like banks, which need to protect personal data while complying with regulatory requirements.

For instance, financial institutions can use ZKPs to interact with public blockchain networks, keeping their data private while benefiting from the broader user base. The London Stock Exchange is exploring ZKPs to enhance security and handle large volumes of financial data efficiently.

Practical Applications

Zero-knowledge proofs have a wide array of applications across various sectors, enhancing privacy and security:

1. Private Transactions: Cryptocurrencies like Zcash utilise ZKPs to keep transaction details confidential. By employing ZKPs, Zcash ensures that the sender, receiver, and transaction amount remain private, providing users with enhanced security and anonymity.

2. Decentralised Identity and Authentication: ZKPs can secure identity management systems, allowing users to verify their identity without revealing personal details. This is crucial for protecting sensitive information in digital interactions and can be applied in various fields, from online banking to voting systems.

3. Verifiable Computations: Decentralised oracle networks can leverage ZKPs to access and verify off-chain data without exposing it. For example, a smart contract can obtain weather data from an external source and prove its authenticity using ZKPs, ensuring the data's integrity without compromising privacy.

4. Supply Chain Management: ZKPs can enhance transparency and security in supply chains by verifying the authenticity and origin of products without disclosing sensitive business information. This can prevent fraud and ensure the integrity of goods as they move through the supply chain.

5. Healthcare: In the healthcare sector, ZKPs can protect patient data while allowing healthcare providers to verify medical records and credentials. This ensures that sensitive medical information is kept confidential while enabling secure data sharing between authorised parties.

Challenges and Future Prospects

Despite their promise, ZKPs face challenges, particularly regarding the hardware needed for efficient proof generation. Advanced GPUs are required for parallel processing to speed up the process. Technologies like PLONK are addressing these issues with improved algorithms, but further developments are needed to simplify and broaden ZKP adoption.

Businesses are increasingly integrating blockchain technologies, including ZKPs, to enhance security and efficiency. With ongoing investment in cryptocurrency infrastructure, ZKPs are expected to play a crucial role in creating a decentralized, privacy-focused internet.

Zero-knowledge proofs are revolutionising blockchain privacy, enabling secure and confidential transactions. While challenges remain, the rapid development and significant investment in this technology suggest a bright future for ZKPs, making them a cornerstone of modern blockchain applications.


Read more »
Technology INdustry
Cyberattacks CyberCrime Data Breach Data Security Breach EMBARGO Hackers Login Credentials Non Bank Lender Stock Exchange Technology INdustry

Australia's Premier Non-Bank Lender Suffers Data Security Breach

 


One of Australia's largest non-bank mortgage lenders, Firstmac, has suffered a cyberattack, which resulted in customer information such as credit card and passport numbers, Medicare numbers and driver's licence numbers being stolen and published on the dark web. In a letter sent to its customers, the Brisbane-based lender informed them that one of its information technology systems had been successfully breached by an unauthorised third party, making it one of Australia's largest non-bank lenders. 

According to the non-bank lender, hackers have taken possession of nearly ten thousand driver's licenses and two hundred and fifty thousand "customer records" over the last few days. The company notified the Australian Stock Exchange of the incident. As a result of the unusual activity it has detected on its systems "in the last few days," the company has suspended trading until Monday. The hackers were said to be very sophisticated.

There is no indication that the hackers gained access to Latitude information held at two separate service providers by using employee login credentials - whether they have been stolen or if this was a credential stuffing attack - which they were not aware of. A consortium of investors, including KKR and Deutsche Bank, acquired Latitude from GE in 2015 to sell its credit cards and instalment payment plans to retailers. In 2021, the company became public. 

Firstmac Limited, one of the largest firms in the country, has informed its customers that it has suffered a data breach the day after an alleged theft of 500GB of data from the company by the new Embargo cyber-extortion group was uncovered. In the financial services industry of Australia, Firstmac is primarily known for its mortgage lending, investment management, and securitization services, which it provides to its clients. 

Based in Brisbane, Queensland, the company employs 460 people and has issued 100,000 home loans. At the moment, the firm manages around $15 billion in mortgage loans. Troy Hunt, the creator of Have I Been Pwned, published on X yesterday a sample of the notice letter sent to Firstmac's customers informing them of a major data breach. 

Cyberdaily, the technology industry publication, reported that a large amount of data was posted on the dark web by the hackers behind the attack. EMBARGO, a ransomware gang with roots in the Netherlands, is credited with the hack – which was carried out sometime in April, according to the publication. As a report points out, Firstmac was given a ransom deadline of May 8 by the gang, a deadline that seems to have lapsed since the gang did not appear to have met that deadline. 

Cyberdaily posted screenshots of the dark website EMBARGO, which provided customer information such as their loan and financial information, as well as their email addresses. Several FirstMac executives and IT departments were also published by the gang. It is unclear how many customers and employees have been affected by the breach. 

FirstMac has been contacted for further information. While Firstmac's security systems have been strengthened in recent months, it still assured its beneficiaries that their funds and accounts are safe, and the firm's systems have been bolstered to ensure this. There has been a new requirement that everyone who wants to change an account or add a card to an account will need to provide their two-factor authentication code or biometric information to verify their identity as one of the measures that increased security.

IDCare is offering free identity theft protection services for recipients of the notices. Users are advised to be cautious when responding to unsolicited correspondence and to regularly check their account statements for any unusual activity or transactions. As a resOn the newly formed threat group's extortion page, it appears that only two victims have been identified, and it is unclear whether or not the new threat group is doing their own data breaches, or if they have been buying stolen data from others intending to blackmail the owners. 

A sample of Embargo encryption has still not been found, so it is unknown if this is a ransomware group, or if they are simply aiming to profit by extorting funds. A large number of hacks against Australian servers were recorded in the 2022-23 financial year, which is an increase of more than 300 per cent compared to the previous financial year, according to the Australian Signals Directorate, an agency under the federal government responsible for security and information. 

A data breach was discovered late last year affecting Melbourne travel agency Inspiring Vacations, in which approximately 112,000 records, totalling 26.8 gigabytes of data, were exposed online as a result of an insecure database that couldn't be password protected. The recent data breach of Optus, HWL Ebsworth, Latitude Financial, Medibank, DP World, and Dymocks has been labelled a "new normal" of constant attacks and breaches which have affected millions of Australians including customers of Optus, HWL Ebsworth, Latitude Financial, Medibank, DP World, and Dymocks among others. 

There have now been significant increases in penalties for serious or repeated breaches of customer data, largely due to the Optus breach in particular. As a result of the Embargo extortion group having announced the attack online on its site, there was extensive coverage by Australian media outlets about the attack on Firstmac which occurred at the end of April. Earlier this week, Embargo published all of the data they claimed to have stolen from Firstmac's systems, including documents, source code, email addresses, phone numbers, and database backups, one day after they made a claim it had been stolen.
Read more »
User Privacy
Cyber Security Hackers Phishing Attacks Stock Exchange User Privacy

Hackers Steal 25 Crore From Thane Company's Escrow Account

Hackers took 25 crores from a Thane-based company's escrow bank account during a significant cyberattack. The construction company had placed the funds in the escrow account as a condition of a contract with another business.

The money was transferred to the hackers' own accounts once they got access to the business's computer systems. The police are looking into the situation after receiving a complaint from the corporation.

This is the most recent in a string of cyberattacks against Indian companies. Numerous prominent attacks have occurred recently, including the hacking of the Reserve Bank of India and the National Stock Exchange.

For enterprises in India, the frequency of cyberattacks is a serious problem. The issue has received some attention from the government, but more has to be done to strengthen cyber security.

The Thane company's computer systems had a weakness that the hackers were able to take advantage of. Due to this weakness, the hackers were able to access the company's network and withdraw funds from the escrow account.

For enterprises in India, the frequency of cyberattacks is a serious problem. The issue has received some attention from the government, but more has to be done to strengthen cyber security.

The Thane company's computer systems had a weakness that the hackers were able to take advantage of. Due to this weakness, the hackers were able to access the company's network and withdraw funds from the escrow account.

The company has since taken steps to improve its cyber security. However, this incident highlights the need for businesses to be vigilant about cyber security. Businesses need to ensure that their computer systems are up to date and that they have strong passwords in place. They should also be aware of the latest cyber threats and take steps to mitigate them.

The cyber attack on the Thane company is a reminder that cyber security is a serious issue for businesses in India. Businesses need to take steps to protect themselves from cyber-attacks.

Read more »
Trading
BSE Cyber Security NSE Sebi Stock Exchange Trading

Sebi Collaborates with NSE and BSE to Thwart Cyber Attack Threats

 

The Securities and Exchange Board of India (Sebi) in partnership with the nation’s two popular stock exchange – the National Stock Exchange and the Bombay Stock Exchange – are designing a system to counter the threat of cyber assaults on stock exchanges, its chairperson Madhabi Puri Buch said at an event organized by Indian Institute of Management (IIM) Bangalore earlier this week. 

Under the new mitigation system which will be rolled out in March next year, the data of every customer’s trading and collateral on exchange A will be stored in a server located next to exchange B’s, in their data center. 

“If exchange A goes down, and if it is determined that it is on account of a software attack, or cyber security attack, and it is not possible for their disaster recovery site to come in time, Sebi will press the button for that data to be uploaded on exchange B,” Buch explained. This mechanism will assist all the participants in the market to operate on exchange B as they were operating on exchange A. 

The market regulator has also designed algorithms in-house that can flag cases of misconduct, front-running, and insider trading. 

“We worry a lot about cyber security. When this system kicks in, we would have prevented something (like a cyber-attack),” Buch added. 

 According to the SEBI chief, a line is needed to be drawn on financial influencers and their impact. We cannot act against wrongdoings if there is not a contract signing between an influencer and a person who follows their financial advice. 

Last month, the regulator brought out public service messages, warning customers from taking financial advice from individuals who are not registered with Sebi as investment advisors. 

Additionally, stock exchanges at the behest of the regulator have also ramped up efforts to warn investors against following stock tips via unauthorized texts and sharing dematerialized account details with such entities. 

“Reality is that the regulators will always be one step behind but hopefully not too many steps behind. The modus operandi of wrongdoers in the financial market may continue to evolve as the underlying technology evolves. The idea is to make it harder and harder for people to do bad things, “Buch concluded.
Read more »
Subscribe to: Posts (Atom)