Astraea: Anonymous and Secure Auditing Based on Private Smart Contracts for Donation Systems

ABSTRACT

Many regions are in urgent need of facial masks for slowing down the spread of COVID-19. To fight the pandemic, people are contributing masks through donation systems. Most existing systems are built on a centralized architecture which is prone to the single point of failure and lack of transparency. Blockchain-based solutions neglect fundamental privacy concerns (donation privacy) and security attacks (collusion attack, stealing attack). Moreover, current auditing solutions are not designed to achieve donation privacy, thus not appropriate in our context. In this work, we design a decentralized, anonymous, and secure auditing framework Astraea based on private smart contracts for donation systems. Specifically, we integrate a Distribute Smart Contract (DiSC) with an SGX Enclave to distribute donations, prove the integrity of donation number (intention) and donation sum while preserving donation privacy. With DiSC, we design a Donation Smart Contract to refund deposits and defend against the stealing attack the collusion attack from malicious collector and transponder. We formally define and prove the privacy and security of Astraea by using security reduction. We build a prototype of Astraea to conduct extensive performance analysis. Experimental results demonstrate that Astraea is practically efficient in terms of both computation and communication. IEEE