privacy enhancing overlays in bitcoin
play

Privacy-Enhancing Overlays in Bitcoin Sarah Meiklejohn (University - PowerPoint PPT Presentation

Nov 24, 2023 •319 likes •1.23k views

Privacy-Enhancing Overlays in Bitcoin Sarah Meiklejohn (University College London) Claudio Orlandi (Aarhus University) 1 Anonymity in Bitcoin 2 Anonymity in Bitcoin 2 Anonymity in Bitcoin 2 Anonymity in Bitcoin 2 Anonymity in Bitcoin

  1. Privacy-Enhancing Overlays in Bitcoin Sarah Meiklejohn (University College London) Claudio Orlandi (Aarhus University) 1

  2. Anonymity in Bitcoin 2

  3. Anonymity in Bitcoin 2

  4. Anonymity in Bitcoin 2

  5. Anonymity in Bitcoin 2

  6. Anonymity in Bitcoin How much anonymity does Bitcoin really provide? 2

  7. Outline 3

  8. Outline Background 3

  9. Outline Background Taint resistance 3

  10. Outline Background Taint resistance Achieving taint resistance 3

  11. Outline Background Taint resistance Achieving taint resistance Conclusions 3

  12. Outline Background How Bitcoin works Background Taint resistance Anonymity in Bitcoin Coinjoin Achieving taint resistance Conclusions 3

  13. How Bitcoin works 4

  14. How Bitcoin works peer-to-peer network 4

  15. How Bitcoin works (pk A ,sk A ) (pk B ,sk B ) peer-to-peer network 4

  16. How Bitcoin works (pk A ,sk A ) address (pk B ,sk B ) peer-to-peer network 4

  17. How Bitcoin works (pk A ,sk A ) address (pk B ,sk B ) peer-to-peer network 4

  18. How Bitcoin works (pk A ,sk A ) address tx:Sign(pk B → pk A ) transaction (pk B ,sk B ) peer-to-peer network 4

  19. How Bitcoin works (pk A ,sk A ) address miner tx:Sign(pk B → pk A ) transaction (pk B ,sk B ) peer-to-peer network 4

  20. How Bitcoin works blockchain (pk A ,sk A ) address miner tx:Sign(pk B → pk A ) transaction (pk B ,sk B ) peer-to-peer network 4

  21. Anonymity in Bitcoin How much anonymity does Bitcoin really provide? (pk A ,sk A ) address (pk B ,sk B ) 5

  22. Anonymity in Bitcoin How much anonymity does Bitcoin really provide? in theory, a lot! addresses are not linked to identity (pk A ,sk A ) address (pk B ,sk B ) 5

  23. Input clustering [RH13,RS13,A+13, M +13,SMZ14] 1 7 2 15 6 3 Heuristic: the same user controls these addresses 6

  24. Change clustering [A+13, M +13,SMZ14] 1 1 7 1 2 14 0 3 14 Heuristic: the same user also controls this address 7

  25. Tracking technique [ M +13,HD M +14] cycle theft heists ... = exchange individual thefts service interaction 8

  26. Tracking technique [ M +13,HD M +14] cycle theft heists ... = exchange individual thefts service interaction 8

  27. Anonymity in Bitcoin How much anonymity does Bitcoin really provide? in theory, a lot! addresses are not linked to identity in practice, maybe not so much 9

  28. Privacy-enhancing overlays 10

  29. Privacy-enhancing overlays 10

  30. Privacy-enhancing overlays 10

  31. Privacy-enhancing overlays 10

  32. Privacy-enhancing overlays 10

  33. Privacy-enhancing overlays 10

  34. Privacy-enhancing overlays 10

  35. Coinjoin Introduced on August 22 2013 by Gregory Maxwell “Bitcoin privacy for the real world” 11

  36. Coinjoin 1 1 2 2 3 12

  37. Coinjoin 1 1 2 2 3 12

  38. Coinjoin σ 1 1 1 σ 2 2 2 3 12

  39. Coinjoin σ 1 1 1 σ 2 2 2 σ 3 3 12

  40. Coinjoin σ 1 1 1 3 σ 2 2 2 σ 3 3 3 12

  41. Coinjoin signatures contributed separately σ 1 1 1 3 σ 2 2 2 σ 3 3 3 12

  42. Coinjoin prevents clustering 1 7 2 15 6 3 Heuristic: the same user controls these addresses 13

  43. Coinjoin prevents clustering 1 7 2 15 6 3 Heuristic: the same user controls these addresses 13

  44. Coinjoin signatures contributed separately σ 1 1 1 3 σ 2 2 2 σ 3 3 3 could be: • private communication • IRC (+Tor) • central server (+blind signatures) 14

  45. Coinjoin signatures contributed separately σ 1 1 1 3 σ 2 2 2 σ 3 3 3 could be: • private communication • IRC (+Tor) • central server (+blind signatures) 14

  46. “Coinjoin” transactions 15

  47. “Coinjoin” transactions “coinjoin” has: • more than 5 inputs • more than 5 outputs 15

  48. “Coinjoin” transactions “coinjoin” has: # “coinjoins” per block • more than 5 inputs • more than 5 outputs time 15

  49. “Coinjoin” transactions 13 “coinjoin” has: # “coinjoins” per block • more than 5 inputs • more than 5 outputs 3 2011 8/2013 time 15

  50. Anonymity in Bitcoin How much anonymity does Bitcoin really provide? in theory, a lot! addresses are not linked to identity in practice, maybe not so much 16

  51. Anonymity in Bitcoin does Coinjoin How much anonymity does Bitcoin really provide? in theory, a lot! addresses are not linked to identity in practice, maybe not so much 16

  52. Outline Taint resistance Cryptographic background Background Taint resistance Accuracy Taint resistance Achieving taint resistance Conclusions 17

  53. Anonymity in Bitcoin does Coinjoin How much anonymity does Bitcoin really provide? in theory, a lot! addresses are not linked to identity in practice, maybe not so much 18

  54. Anonymity in Bitcoin does Coinjoin How much anonymity does Bitcoin really provide? in theory, a lot! addresses are not linked to identity in practice, maybe not so much 18

  55. Coinjoin σ 1 1 1 3 σ 2 2 2 σ 3 3 3 19

  56. Coinjoin σ 1 1 1 3 σ 2 2 2 σ 3 3 3 should be hard to figure out which input addresses sent to this output address 19

  57. Coinjoin σ 1 1 1 3 σ 2 2 2 σ 3 3 3 should be hard to figure out which input addresses sent to this output address should be hard to figure out permutation 19

  58. Taint resistance taint set σ 1 1 1 3 σ 2 2 2 σ 3 3 3 20

  59. Taint resistance taint set σ 1 1 1 3 σ 2 2 2 σ 3 3 3 accuracy : how accurately can one identify taint set? 20

  60. Taint resistance taint set σ 1 1 1 3 σ 2 2 2 σ 3 3 3 accuracy : how accurately can one identify taint set? |A ∩ T| × |S \ (A ∪ T)| - |A \ T| × |T \ A| MCC = √ (|A||T||S\T||S\A|) 20

  61. Taint resistance taint set σ 1 1 1 3 σ 2 2 2 σ 3 3 3 accuracy : how accurately can one identify taint set? input keys (candidate set) |A ∩ T| × |S \ (A ∪ T)| - |A \ T| × |T \ A| MCC = √ (|A||T||S\T||S\A|) guess for taint set (true) taint set 20

  62. Taint resistance taint set σ 1 1 1 3 σ 2 2 2 σ 3 3 3 accuracy : how accurately can one identify taint set? input keys (candidate set) |A ∩ T| × |S \ (A ∪ T)| - |A \ T| × |T \ A| MCC = √ (|A||T||S\T||S\A|) guess for taint set (true) taint set taint resistance : no adversary can have good accuracy 20

  63. Bad taint resistance: lopsided values 50.123 σ 1 50.123 2 σ 2 1.987 1.987 21

  64. Bad taint resistance: process of elimination σ 1 1 1 3 σ 2 2 2 σ 3 3 3 22

  65. Outline Cryptographic background Background Taint resistance Achieving taint resistance Achieving taint resistance Conclusions Constructive approaches Is Coinjoin taint resistant? 23

  66. Constructing taint-resistant protocols σ 1 1 1 σ 2 2 2 σ 3 3 could be: • private communication • IRC (+Tor) • central server 24

  67. Constructing taint-resistant protocols σ 1 1 1 σ 2 2 2 σ 3 3 could be: if server is trusted • private communication • IRC (+Tor) and A is passive • central server then we can achieve taint resistance 24

  68. Constructing taint-resistant protocols σ 1 1 1 σ 2 2 2 σ 3 3 could be: if server is trusted • private communication if server is • IRC (+Tor) and A is passive • central server passively corrupted then we can achieve then we can achieve taint resistance (1- ε )-taint resistance 24

  69. Constructing taint-resistant protocols σ 1 1 1 σ 2 2 2 (like CoinShuffle [RM-SK14]) σ 3 if an active A controls 3 τ fraction of n parties then we can achieve (1-n τ n-1 )-taint resistance could be: if server is trusted • private communication if server is • IRC (+Tor) and A is passive • central server passively corrupted then we can achieve then we can achieve taint resistance (1- ε )-taint resistance 24

  70. Analyzing taint-resistant protocols 25

  71. Analyzing taint-resistant protocols participated in 108 transactions ourselves 25

  72. Analyzing taint-resistant protocols implemented simple subset-sum algorithm: (roughly) if sum of input values is output value, input addresses might be in taint set for output address 26

  73. Analyzing taint-resistant protocols implemented simple subset-sum algorithm: (roughly) if sum of input values is output value, input addresses might be in taint set for output address (Atlas,Coinjoin Sudoku) 26

  74. Analyzing taint-resistant protocols implemented simple subset-sum algorithm: (roughly) if sum of input values is output value, input addresses might be in taint set for output address active adversary knows addresses and knows coinjoins (Atlas,Coinjoin Sudoku) 26

  75. Analyzing taint-resistant protocols implemented simple subset-sum algorithm: (roughly) if sum of input values is output value, input addresses might be in taint set for output address active adversary knows addresses passive adversary and knows coinjoins knows no addresses and guesses coinjoins (Atlas,Coinjoin Sudoku) 26

Recommend

Bitcoin Privacy : Bitcoin On- and Ofg-Chain On- and Ofg-Chain with Janine Janine Teacher

Bitcoin Privacy : Bitcoin On- and Ofg-Chain On- and Ofg-Chain with Janine Janine Teacher

Privacy : Bitcoin Privacy : Bitcoin On- and Ofg-Chain On- and Ofg-Chain with Janine Janine Teacher Independent investigative journalist Research focus: Bitcoin / cryptocurrencies, information security, privacy, surveillance, and

1.3k views • 85 slides
PRIVACY ENHANCING TECHNOLOGIES INTRODUCTION INTRODUCTION TO PRIVACY ENHANCING TECHNOLOGIES OUR

PRIVACY ENHANCING TECHNOLOGIES INTRODUCTION INTRODUCTION TO PRIVACY ENHANCING TECHNOLOGIES OUR

PRIVACY ENHANCING TECHNOLOGIES INTRODUCTION INTRODUCTION TO PRIVACY ENHANCING TECHNOLOGIES OUR MISSION Least Authoritys mission is to build and support ethical and usable technology solutions that advance digital security and privacy as

552 views • 13 slides
Zerocash: addressing Bitcoin's privacy problem Alessandro Chiesa UC Berkeley 1 Bitcoin's

Zerocash: addressing Bitcoin's privacy problem Alessandro Chiesa UC Berkeley 1 Bitcoin's

Zerocash: addressing Bitcoin's privacy problem Alessandro Chiesa UC Berkeley 1 Bitcoin's Privacy Problem 2 Would you like a new credit card? You will pay almost no fees! Sure! Any fine print? We will publicly broadcast every payment that

473 views • 34 slides
Privacy Enhancing Technologies Spring 2006 Outline Privacy Overview Course Topics

Privacy Enhancing Technologies Spring 2006 Outline Privacy Overview Course Topics

ECE598NB Privacy Enhancing Technologies Spring 2006 Outline Privacy Overview Course Topics Course Structure Privacy Define privacy Privacy History Privacy has always existed Cities / large populations have made

173 views • 14 slides
On the Privacy Provisions of Bloom Filters in Lightweight Bitcoin Clients Arthur Gervais, Ghassan

On the Privacy Provisions of Bloom Filters in Lightweight Bitcoin Clients Arthur Gervais, Ghassan

On the Privacy Provisions of Bloom Filters in Lightweight Bitcoin Clients Arthur Gervais, Ghassan O. Karame, Damian Gruber, Srdjan apkun ETH Zurich, NEC Research ACSAC 2014 Bitcoin Bitcoin Peer-to-peer decentralized currency

1.06k views • 74 slides
Privacy in Bitcoin On the Effectiveness of Clustering Jonas Nick March 15, 2016 Privacy in

Privacy in Bitcoin On the Effectiveness of Clustering Jonas Nick March 15, 2016 Privacy in

Bitcoin Clustering P2P wallet leak Analysis Conclusion Privacy in Bitcoin On the Effectiveness of Clustering Jonas Nick March 15, 2016 Privacy in Bitcoin Jonas Nick 1/34 Bitcoin Clustering P2P wallet leak Analysis Conclusion Privacy

1.22k views • 96 slides
Introduc)on to Bitcoin CONTENTS What is Bitcoin Who created it? Who prints it? How does Bitcoin

Introduc)on to Bitcoin CONTENTS What is Bitcoin Who created it? Who prints it? How does Bitcoin

Introduc)on to Bitcoin CONTENTS What is Bitcoin Who created it? Who prints it? How does Bitcoin work? The characteris5cs of Bitcoin WHAT IS BITCOIN Bitcoin is a form of digital currency, created and held electronically. No one controls it.

839 views • 17 slides
Meanings of "Privacy" in Privacy Enhancing Technologies

Meanings of "Privacy" in Privacy Enhancing Technologies

Meanings of "Privacy" in Privacy Enhancing Technologies Claudia Diaz KU Leuven COSIC Digital IdenBty Management (DIM) November 8, 2013 Claudia

565 views • 19 slides
Provisions Privacy-preserving proofs of solvency for Bitcoin exchanges Real World Crypto 2016

Provisions Privacy-preserving proofs of solvency for Bitcoin exchanges Real World Crypto 2016

Provisions Privacy-preserving proofs of solvency for Bitcoin exchanges Real World Crypto 2016 eprint.iacr.org/2015/1008.pdf github.com/bbuenz/provisions Jeremy Clark Dan Boneh Gaby Dagher Benedikt Bnz Joseph Bonneau Many users use Bitcoin

768 views • 28 slides
Mechanics of Bitcoin Bitcoin Transactions Bitcoin Scripts Applications of Bitcoin

Mechanics of Bitcoin Bitcoin Transactions Bitcoin Scripts Applications of Bitcoin

Cryptocurrency Technologies Mechanics of Bitcoin Mechanics of Bitcoin Bitcoin Transactions Bitcoin Scripts Applications of Bitcoin Scripts Bitcoin Blocks The Bitcoin Network Limitations and Improvements Mechanics of

695 views • 33 slides
Privacy Enhancing T echnologies Carmela Troncoso, Gradiant PRIPARE Workshop on Privacy by Design

Privacy Enhancing T echnologies Carmela Troncoso, Gradiant PRIPARE Workshop on Privacy by Design

T rialog, Atos, T rilateral, Inria , AUP, Gradiant, UPM, UUlm, Fraunhofer SIT, WIT , KU Leuve Privacy Enhancing T echnologies Carmela Troncoso, Gradiant PRIPARE Workshop on Privacy by Design Ulm 9 th -10 th March 2015 11/03/2015 Privacy

668 views • 48 slides
Quantifying Privacy Loss of Human Mobility Graph Topology The 18th Privacy Enhancing Technologies

Quantifying Privacy Loss of Human Mobility Graph Topology The 18th Privacy Enhancing Technologies

Quantifying Privacy Loss of Human Mobility Graph Topology The 18th Privacy Enhancing Technologies Symposium July 2427, 2018 Dionysis Manousakas , Cecilia Mascolo , , Alastair R. Beresford , Dennis Chan , Nikhil Sharma

758 views • 45 slides
Privacy Enhancing Technologies for the Internet, Parts I and II Ian Goldberg, David Wagner, Eric

Privacy Enhancing Technologies for the Internet, Parts I and II Ian Goldberg, David Wagner, Eric

Privacy Enhancing Technologies for the Internet, Parts I and II Ian Goldberg, David Wagner, Eric Brewer presented by Nikita Borisov ECE598NB - Spring 2006 Motivation Threats to privacy Online actions monitored Information

776 views • 26 slides
Tips and Tricks to enhancing transparency in personal information management Victorian Privacy

Tips and Tricks to enhancing transparency in personal information management Victorian Privacy

Tips and Tricks to enhancing transparency in personal information management Victorian Privacy Network Meeting 10 April 2019 Presentation by Melanie Casley www.salingerprivacy.com.au The cause of so much confusion Back to Basics Privacy

388 views • 19 slides
Bitcoin vs. Bitcoin Cash: Coexistence or Downfall of Bitcoin Cash? Yujin Kwon* , Hyoungshick Kim

Bitcoin vs. Bitcoin Cash: Coexistence or Downfall of Bitcoin Cash? Yujin Kwon* , Hyoungshick Kim

Bitcoin vs. Bitcoin Cash: Coexistence or Downfall of Bitcoin Cash? Yujin Kwon* , Hyoungshick Kim , Jinwoo Shin*, Yongdae Kim* *KAIST, Sungkyunkwan University 1 Governance conflict The number of Bitcoin transaction per month Bad scala bility

731 views • 46 slides
Schnorr Signature & MimbleWimble Oct. 5, 2019 Overview of today Lack of Privacy in

Schnorr Signature & MimbleWimble Oct. 5, 2019 Overview of today Lack of Privacy in

Schnorr Signature & MimbleWimble Oct. 5, 2019 Overview of today Lack of Privacy in Bitcoin MimbleWimble cryptocurrency ECC math Schnorrs signatures scheme Pedersen Commitments Motivation Bitcoin is decentralized

430 views • 40 slides
Efficiency and Privacy Improvements for Bitcoin with Schnorr Signatures Yannick Seurin (Based on

Efficiency and Privacy Improvements for Bitcoin with Schnorr Signatures Yannick Seurin (Based on

Digital Signature Schemes Signature and Key Aggregation Other Applications Conclusion Efficiency and Privacy Improvements for Bitcoin with Schnorr Signatures Yannick Seurin (Based on joint work with G. Maxwell, A. Poelstra, and P. Wuille)

1.82k views • 171 slides
Current state and the future of wallets Building On Bitcoin 3th of July 2018 dev@ jonasschnelli

Current state and the future of wallets Building On Bitcoin 3th of July 2018 dev@ jonasschnelli

Current state and the future of wallets Building On Bitcoin 3th of July 2018 dev@ jonasschnelli .ch PGP: CA1A2908DCE2F13074C62CDE1EB776BB03C7922D Privacy Security Trust Privacy Transaction / scripts privacy Security Trust No-trust

700 views • 43 slides
Bitcoin as a Platform We have built Bitcoin. What can we build on top of it? Commitments

Bitcoin as a Platform We have built Bitcoin. What can we build on top of it? Commitments

Cryptocurrency Technologies Bitcoin as a Platform Bitcoin as a Platform We have built Bitcoin. What can we build on top of it? Commitments Token tracking Multiparty lotteries Public randomness Prediction markets A fine stew

714 views • 38 slides
Enhancing Privacy in Machine Learning Mathias Humbert INSA Toulouse/CNRS Toulouse, January 22,

Enhancing Privacy in Machine Learning Mathias Humbert INSA Toulouse/CNRS Toulouse, January 22,

Enhancing Privacy in Machine Learning Mathias Humbert INSA Toulouse/CNRS Toulouse, January 22, 2019 Enhancing Privacy in Machine Learning data ML What ML? What data? What threat? Mathias Humbert - Enhancing Privacy in Machine Learning

1.04k views • 51 slides
Website Fingerprinting Attacking Popular Privacy Enhancing Technologies with the Multinomial

Website Fingerprinting Attacking Popular Privacy Enhancing Technologies with the Multinomial

Website Fingerprinting Attacking Popular Privacy Enhancing Technologies with the Multinomial Nave-Bayes Classifier Dominik Herrmann , Hannes Federrath Rolf Wendolsky University of Regensburg, Germany JonDos GmbH Motivation To Whom It May

901 views • 34 slides
Information Propagation in the Bitcoin Network Christian Decker ETH Zurich Distributed

Information Propagation in the Bitcoin Network Christian Decker ETH Zurich Distributed

Information Propagation in the Bitcoin Network Christian Decker ETH Zurich Distributed Computing Group www.disco.ethz.ch What is Bitcoin? What is Bitcoin? + What is Bitcoin? = + Whats it worth? USD / Bitcoin exchange price 300

752 views • 48 slides
THE NIST PROJECT ON PRIVACY ENHANCING CRYPTOGRAPHY Lus Brando*, Ren Peralta, Angela

THE NIST PROJECT ON PRIVACY ENHANCING CRYPTOGRAPHY Lus Brando*, Ren Peralta, Angela

THE NIST PROJECT ON PRIVACY ENHANCING CRYPTOGRAPHY Lus Brando*, Ren Peralta, Angela Robinson Presentation at ICMC20 International Cryptographic Module Conference September 23, 2020 @ Virtual event * At NIST as a Foreign Guest Researcher

335 views • 20 slides
Bitcoin Mining The Task of Bitcoin Miners Mining Hardware Energy Consumption &

Bitcoin Mining The Task of Bitcoin Miners Mining Hardware Energy Consumption &

Cryptocurrency Technologies Bitcoin Mining Bitcoin Mining The Task of Bitcoin Miners Mining Hardware Energy Consumption & Ecology Mining Pools Mining Incentives and Strategies Recap: Bitcoin Miners Bitcoin depends on

821 views • 35 slides

More recommend