anonymity in bitcoin
play

Anonymity in Bitcoin Tumbler/Mixer Oct 9, 2019 Anonymity and - PowerPoint PPT Presentation

Oct 05, 2023 •95 likes •438 views

Anonymity in Bitcoin Tumbler/Mixer Oct 9, 2019 Anonymity and Pseudonymity anonymous = Nameless, unidentifiable pseudonymous = Fake name, still traceable Tracing Bitcoin transactions Normal redeem script: Provide public key pk and proof

  1. Anonymity in Bitcoin Tumbler/Mixer Oct 9, 2019

  2. Anonymity and Pseudonymity • anonymous = Nameless, unidentifiable • pseudonymous = Fake name, still traceable

  3. Tracing Bitcoin transactions Normal redeem script: Provide public key pk and proof of ownership (through a signature) Out 1 Out 2 ∑ Out 3

  5. Privacy problems • Your family can detect where you spend your money • Your employer might detect unfavorable donations • Every business partner knows all other Address reuse is discouraged, but not always possible

  6. Mixers • Mixing many di ff erent inputs and outputs reduces traceability

  7. Mixers in Bitcoin • Mixers are not a first class citizen in Bitcoin • Bitcoin is flexible • Many di ff erent varieties exist to disassociate inputs and outputs • Most popular one is CoinJoin

  8. Bitcoin transaction f5d8ee39a43… Out 1 ∑ Out 2 0b82c0e88ff… c6b64e3e6b3…

  9. Transaction Details Input1 : scriptSig : Transaction: f5d8ee39a43… 304502206e21… Transaction Output: 1 43b0b82c0e88… Input2 : scriptSig : Transaction: 0b82c0e88ff… 304502206e21… Transaction Output: 4 43b0b82c0e88… Input3 : scriptSig : Transaction: c6b64e3e6b3… 304502206e21… Transaction Output: 0 43b0b82c0e88… Output1 : value: 5000000000 OP_DUP OP_HASH160 304371705fa… OP_EQUALVERIFY OP_CHECKSIG Output2 : value: 2300530000 OP_DUP OP_HASH160 3b24a405fa… OP_EQUALVERIFY OP_CHECKSIG

  10. Transaction Details Input1 : scriptSig : Transaction: f5d8ee39a43… 304502206e21… Transaction Output: 1 43b0b82c0e88… Same Input2 : scriptSig : public key Transaction: 0b82c0e88ff… 304502206e21… = Transaction Output: 4 43b0b82c0e88… same ID Input3 : scriptSig : Transaction: c6b64e3e6b3… 304502206e21… Transaction Output: 0 43b0b82c0e88… Output1 : value: 5000000000 OP_DUP OP_HASH160 304371705fa… OP_EQUALVERIFY OP_CHECKSIG Output2 : value: 2300530000 OP_DUP OP_HASH160 3b24a405fa… OP_EQUALVERIFY OP_CHECKSIG

  11. Transaction Details Input1 : scriptSig : Transaction: f5d8ee39a43… b022100e2acb… Transaction Output: 1 ae2ac980643b… Di ff erent Input2 : scriptSig : people or Transaction: 0b82c0e88ff… 80643b0b82ca… Transaction Output: 4 467f11e8c0e8… not? Input3 : scriptSig : Transaction: c6b64e3e6b3… 8d9e14466dad… Transaction Output: 0 222eed3ee373… Output1 : value: 5000000000 OP_DUP OP_HASH160 304371705fa… OP_EQUALVERIFY OP_CHECKSIG Output2 : value: 2300530000 OP_DUP OP_HASH160 3b24a405fa… OP_EQUALVERIFY OP_CHECKSIG

  12. CoinJoin Details • Many di ff erent parties create one single transaction • How can that work?

  13. Bad approach • Naïve way: Give your money to a bank and hope that the money will be returned

  14. CoinJoin Details • Trusting other parties with your money is not neccessary • ScriptSig signatures are su ffi ciently well designed

  15. Transaction Details Input1 : scriptSig : Transaction: f5d8ee39a43… b022100e2acb… Transaction Output: 1 ae2ac980643b… Input2 : scriptSig : What are Transaction: 0b82c0e88ff… 80643b0b82ca… Transaction Output: 4 467f11e8c0e8… these signatures? Input3 : scriptSig : Transaction: c6b64e3e6b3… 8d9e14466dad… Transaction Output: 0 222eed3ee373… Output1 : value: 5000000000 OP_DUP OP_HASH160 304371705fa… OP_EQUALVERIFY OP_CHECKSIG Output2 : value: 2300530000 OP_DUP OP_HASH160 3b24a405fa… OP_EQUALVERIFY OP_CHECKSIG

  16. Signatures • s = sign ( sk , document ) • verify ( pk , s , document ) ∈ { True , False }

  17. Signatures • s = sign ( sk , document ) • verify ( pk , s , document ) ∈ { True , False } Input2 : scriptSig : Transaction: 0b82c0e88ff… 80643b0b82ca… Transaction Output: 4 467f11e8c0e8… pk s

  18. Signatures • s = sign ( sk , document ) • verify ( pk , s , document ) ∈ { True , False } Input2 : scriptSig : Transaction: 0b82c0e88ff… 80643b0b82ca… Transaction Output: 4 467f11e8c0e8… pk s Where is the document ?

  19. The document to sign: Input1 : scriptSig : Transaction: f5d8ee39a43… b022100e2acb… Transaction Output: 1 ae2ac980643b… Input2 : scriptSig : Transaction: 0b82c0e88ff… 80643b0b82ca… Transaction Output: 4 467f11e8c0e8… Input3 : scriptSig : Transaction: c6b64e3e6b3… 8d9e14466dad… Transaction Output: 0 222eed3ee373… Output1 : value: 5000000000 OP_DUP OP_HASH160 304371705fa… OP_EQUALVERIFY OP_CHECKSIG Output2 : value: 2300530000 OP_DUP OP_HASH160 3b24a405fa… OP_EQUALVERIFY OP_CHECKSIG

  20. Nearly… • The signature cannot be part of the document itself

  21. The actual document: Input1 : scriptSig : Transaction: f5d8ee39a43… Transaction Output: 1 Input2 : scriptSig : Transaction: 0b82c0e88ff… Transaction Output: 4 Input3 : scriptSig : Transaction: c6b64e3e6b3… Transaction Output: 0 Output1 : value: 5000000000 OP_DUP OP_HASH160 304371705fa… OP_EQUALVERIFY OP_CHECKSIG Output2 : value: 2300530000 OP_DUP OP_HASH160 3b24a405fa… OP_EQUALVERIFY OP_CHECKSIG

  22. Signing a bitcoin transaction 1. Create the transaction, with all inputs and all outputs 2. Remove the scriptSig field 3. Compute s=sign(sk,tx without scriptSig) 4. Insert signatures

  23. CoinJoin input tx, output script input tx, output script CoinJoin coordinator input tx, output script 1. Participants send their inputs and outputs to a central coordinator

  24. CoinJoin joined tx joined tx CoinJoin coordinator joined tx 2. The coordinator joins all inputs and outputs into one transaction and sends this to the participants

  25. CoinJoin CoinJoin coordinator 3. Each participant creates a signature Transaction valid only if all participants sign it

  26. CoinJoin signature, pubKey signature, pubKey CoinJoin coordinator signature, pubKey 4. Participants send their scriptSig (i.e. signature & public keys)

  27. CoinJoin CoinJoin coordinator 5. CoinJoin coordinator publishes transaction

  28. Anonymity through mixing • Mixing does not guarantee anonymity • Size of the anonymity set important • If small, use multiple rounds of mixing

  29. CoinJoin limitation • In the given implementation, the server learns the mapping input -> output • One person can refuse to sign (DoS attack vector) • CoinJoin transaction themselves are tainted

  30. TumbleBit • More complicated implementations exist • In RSA, signing a document = same mathematical operation as decryption • Possible to devise a scheme where the coordinators does not learn anything about the input-output mapping • Round 1: Clients send Bitcoins to a server in exchange for an anonymous voucher • Round 2: Clients use the voucher to redeem Bitcoins • Related: Atomic Swaps

  31. DoS Attack on CoinJoin • Transactions can easily be blocked • If a client does not sign, a new transaction can be signed without security risks • CoinJoin servers might be attacked

  32. CoinJoin is tainted • CoinJoin transactions are significantly more involved in criminal activities • Pure participation in CoinJoin can be seen negatively

  33. CoinJoin can be detected • CoinJoin might seems like a normal transaction, but network analysis can detect CoinJoins • Number of input/outputs • Origins • etc. Fee to coordinator

Recommend

Bitcoin and Anonymity Anonymity Basics How to de-anonymize Bitcoin Mixing

Bitcoin and Anonymity Anonymity Basics How to de-anonymize Bitcoin Mixing

Cryptocurrency Technologies Bitcoin and Anonymity Bitcoin and Anonymity Anonymity Basics How to de-anonymize Bitcoin Mixing Decentralized Mixing Zerocoin and Zerocash Tor and the Silk Road Bitcoin and Anonymity

524 views • 39 slides
Privacy-Enhancing Overlays in Bitcoin Sarah Meiklejohn (University College London) Claudio

Privacy-Enhancing Overlays in Bitcoin Sarah Meiklejohn (University College London) Claudio

Privacy-Enhancing Overlays in Bitcoin Sarah Meiklejohn (University College London) Claudio Orlandi (Aarhus University) 1 Anonymity in Bitcoin 2 Anonymity in Bitcoin 2 Anonymity in Bitcoin 2 Anonymity in Bitcoin 2 Anonymity in Bitcoin

1.23k views • 90 slides
Anonymity in Cryptocurrencies Foteini Baldimtsi Bitcoin Anonymity? Satoshi Nakamoto, 2008

Anonymity in Cryptocurrencies Foteini Baldimtsi Bitcoin Anonymity? Satoshi Nakamoto, 2008

Anonymity in Cryptocurrencies Foteini Baldimtsi Bitcoin Anonymity? Satoshi Nakamoto, 2008 Bitcoin is only pseudonymous Public Key Address 133GT5661q8RuSKrrv8q2Pb4RwS 146KL5461d8KuSPxvv8q2Nd6K2q Posted on the ... Blockchain Alice

821 views • 40 slides
Anonymity in the Bitcoin Peer-to-Peer Network Shaileshh Bojja Venkatakrishnan, Giulia Fanti,

Anonymity in the Bitcoin Peer-to-Peer Network Shaileshh Bojja Venkatakrishnan, Giulia Fanti,

Anonymity in the Bitcoin Peer-to-Peer Network Shaileshh Bojja Venkatakrishnan, Giulia Fanti, Pramod Viswanath Untraceable Bitcoin https://www.youtube.com/watch?v=k8LqlMzEe-I This is false. Blockchain sd93fjj2 Bitcoin Primer

284 views • 26 slides
Anonymity in the Bitcoin Peer-to-Peer Network Shaileshh Bojja Venkatakrishnan, Giulia Fanti,

Anonymity in the Bitcoin Peer-to-Peer Network Shaileshh Bojja Venkatakrishnan, Giulia Fanti,

Anonymity in the Bitcoin Peer-to-Peer Network Shaileshh Bojja Venkatakrishnan, Giulia Fanti, Andrew Miller, Pramod Viswanath Why do People Use Cryptocurrencies? Technical Properties/ Currency Stability Investment Ideology Untraceable

692 views • 58 slides
Blockchain Intelligence and Anonymity Dr. Adam Joyce Agenda Who we are Bitcoin + Financial

Blockchain Intelligence and Anonymity Dr. Adam Joyce Agenda Who we are Bitcoin + Financial

Blockchain Intelligence and Anonymity Dr. Adam Joyce Agenda Who we are Bitcoin + Financial compliance What and who are the entities? How are entities interacting? 2 Who we are Elliptic is (now) a blockchain intelligence company. We work

699 views • 36 slides
Introduc)on to Bitcoin CONTENTS What is Bitcoin Who created it? Who prints it? How does Bitcoin

Introduc)on to Bitcoin CONTENTS What is Bitcoin Who created it? Who prints it? How does Bitcoin

Introduc)on to Bitcoin CONTENTS What is Bitcoin Who created it? Who prints it? How does Bitcoin work? The characteris5cs of Bitcoin WHAT IS BITCOIN Bitcoin is a form of digital currency, created and held electronically. No one controls it.

839 views • 17 slides
Mechanics of Bitcoin Bitcoin Transactions Bitcoin Scripts Applications of Bitcoin

Mechanics of Bitcoin Bitcoin Transactions Bitcoin Scripts Applications of Bitcoin

Cryptocurrency Technologies Mechanics of Bitcoin Mechanics of Bitcoin Bitcoin Transactions Bitcoin Scripts Applications of Bitcoin Scripts Bitcoin Blocks The Bitcoin Network Limitations and Improvements Mechanics of

695 views • 33 slides
Bitcoin Anonymity Mike Fleder Mike Kester Sudeep Pillai "Voodah"

Bitcoin Anonymity Mike Fleder Mike Kester Sudeep Pillai "Voodah"

Bitcoin Anonymity Mike Fleder Mike Kester Sudeep Pillai "Voodah" "darkskypoet" 1G6EQwiAfTVyTpK4j3XZ65CvonjDGrPsQ 1QEZohXPbh4ywbzPJATjMBDnSjJsZrZtQ1 Goal & Results Attacker Goal Tie real name to

331 views • 13 slides
Bitcoin vs. Bitcoin Cash: Coexistence or Downfall of Bitcoin Cash? Yujin Kwon* , Hyoungshick Kim

Bitcoin vs. Bitcoin Cash: Coexistence or Downfall of Bitcoin Cash? Yujin Kwon* , Hyoungshick Kim

Bitcoin vs. Bitcoin Cash: Coexistence or Downfall of Bitcoin Cash? Yujin Kwon* , Hyoungshick Kim , Jinwoo Shin*, Yongdae Kim* *KAIST, Sungkyunkwan University 1 Governance conflict The number of Bitcoin transaction per month Bad scala bility

731 views • 46 slides
Measures of Anonymity/Privacy: k-Anonymity, L-Diversity,

Measures of Anonymity/Privacy: k-Anonymity, L-Diversity,

Measures of Anonymity/Privacy: k-Anonymity, L-Diversity, t-Closeness CompSci 590.03 Instructor: Ashwin Machanavajjhala Lecture 4 : 590.03 Fall 12 1

647 views • 61 slides
but quite a lot is. Coordination among users can help with anonymity. Debajyoti Das 1 Sebastian

but quite a lot is. Coordination among users can help with anonymity. Debajyoti Das 1 Sebastian

Not all is lost for anonymity but quite a lot is. Coordination among users can help with anonymity. Debajyoti Das 1 Sebastian Meiser 2 Esfandiar Mohammadi 3 Aniket Kate 1 1 Purdue University 2 Visa Research 3 ETH Zurich 1 Sender Anonymity

551 views • 44 slides
Bitcoin as a Platform We have built Bitcoin. What can we build on top of it? Commitments

Bitcoin as a Platform We have built Bitcoin. What can we build on top of it? Commitments

Cryptocurrency Technologies Bitcoin as a Platform Bitcoin as a Platform We have built Bitcoin. What can we build on top of it? Commitments Token tracking Multiparty lotteries Public randomness Prediction markets A fine stew

714 views • 38 slides
CoinShuffle anonymity in the Block chain Jan-Willem Selij July 2, 2015 Jan-Willem Selij

CoinShuffle anonymity in the Block chain Jan-Willem Selij July 2, 2015 Jan-Willem Selij

CoinShuffle anonymity in the Block chain Jan-Willem Selij July 2, 2015 Jan-Willem Selij CoinShuffle anonymity in the Block chain July 2, 2015 1 / 28 Outline Bitcoin fundamentals 1 Anonymity 2 Mixing 3 CoinShuffle 4 CoinShuffle

649 views • 28 slides
Online Anonymity Andrew Lewman andrew@torproject.org June 8, 2010 What is anonymity? Anonymity

Online Anonymity Andrew Lewman andrew@torproject.org June 8, 2010 What is anonymity? Anonymity

Online Anonymity Andrew Lewman andrew@torproject.org June 8, 2010 What is anonymity? Anonymity isnt cryptography Cryptography protects the contents in transit You still know who is talking to whom, how often, and how much data is

764 views • 54 slides
Information Propagation in the Bitcoin Network Christian Decker ETH Zurich Distributed

Information Propagation in the Bitcoin Network Christian Decker ETH Zurich Distributed

Information Propagation in the Bitcoin Network Christian Decker ETH Zurich Distributed Computing Group www.disco.ethz.ch What is Bitcoin? What is Bitcoin? + What is Bitcoin? = + Whats it worth? USD / Bitcoin exchange price 300

752 views • 48 slides
Bitcoin Mining The Task of Bitcoin Miners Mining Hardware Energy Consumption &

Bitcoin Mining The Task of Bitcoin Miners Mining Hardware Energy Consumption &

Cryptocurrency Technologies Bitcoin Mining Bitcoin Mining The Task of Bitcoin Miners Mining Hardware Energy Consumption & Ecology Mining Pools Mining Incentives and Strategies Recap: Bitcoin Miners Bitcoin depends on

821 views • 35 slides
Bitcoin Tom Anderson Bitcoin Network of bitcoin peers (servers) run by volunteers Peers

Bitcoin Tom Anderson Bitcoin Network of bitcoin peers (servers) run by volunteers Peers

Bitcoin Tom Anderson Bitcoin Network of bitcoin peers (servers) run by volunteers Peers are not trusted: may be greedy or corrupt Each peer knows about all bitcoins and transactions Transaction (sender -> receiver): sender

958 views • 23 slides
Intro to Bitcoin Research or Why Bitcoin is a full employment act for security engineers

Intro to Bitcoin Research or Why Bitcoin is a full employment act for security engineers

Intro to Bitcoin Research or Why Bitcoin is a full employment act for security engineers Joseph Bonneau CITP, Princeton Thanks to Andrew Miller, Arvind Narayanan, Jeremy Clark, Joshua Kroll, Ed Felten Part I: Bitcoin in 6 easy steps

752 views • 32 slides
Regulation of Bitcoin Jerry Brito Coin Center coincenter.org Is Bitcoin regulated? Is Bitcoin

Regulation of Bitcoin Jerry Brito Coin Center coincenter.org Is Bitcoin regulated? Is Bitcoin

Regulation of Bitcoin Jerry Brito Coin Center coincenter.org Is Bitcoin regulated? Is Bitcoin regulated? The so far unregulated digital currency has courted controversy because of its volatile value and its popularity among

1.17k views • 51 slides
Bitcoin CS 161: Computer Security Prof. Raluca Ada Poipa April 24, 2018 What is Bitcoin?

Bitcoin CS 161: Computer Security Prof. Raluca Ada Poipa April 24, 2018 What is Bitcoin?

Bitcoin CS 161: Computer Security Prof. Raluca Ada Poipa April 24, 2018 What is Bitcoin? Bitcoin is a cryptocurrency: a digital currency whose rules are enforced by cryptography and not by a trusted party (e.g., bank) Core ideal: avoid

1.02k views • 36 slides
nix-bitcoin robust Lightning nodes for hackers github.com/fort-nix/nix-bitcoin 2019-06-01

nix-bitcoin robust Lightning nodes for hackers github.com/fort-nix/nix-bitcoin 2019-06-01

nix-bitcoin robust Lightning nodes for hackers github.com/fort-nix/nix-bitcoin 2019-06-01 @n1ckler A smart home A Bitcoin node A lonely datacenter Robustness Do you trust binaries from some cache or do you build from source? Do

411 views • 29 slides
Anonymity Jiayi Fu What is Anonymity - Describe the situation in which someone's name is not

Anonymity Jiayi Fu What is Anonymity - Describe the situation in which someone's name is not

Anonymity Jiayi Fu What is Anonymity - Describe the situation in which someone's name is not given or known - Anonymity != Privacy != Security - Anonymity: they can see what you do, but not who you are - Privacy: they can see

379 views • 33 slides
Lecture 24 Anonymity and Privacy Stephen Checkoway University of Illinois at Chicago CS 487

Lecture 24 Anonymity and Privacy Stephen Checkoway University of Illinois at Chicago CS 487

Lecture 24 Anonymity and Privacy Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Slides based on Miller and Baileys ECE 422 Anonymity Anonymity: Concealing your identity In the context of the Internet, we

860 views • 61 slides

More recommend