ABSTRACT
Bitcoin seems to be the most successful cryptocurrency so far given the growing real life deployment and popularity. While Bitcoin requires clients to be online to perform transactions and a certain amount of time to verify them, there are many real life scenarios that demand for offline and immediate payments (e.g., mobile ticketing, vending machines, etc). However, offline payments in Bitcoin raise non-trivial security challenges, as the payee has no means to verify the received coins without having access to the Bitcoin network. Moreover, even online immediate payments are shown to be vulnerable to double-spending attacks. In this paper, we propose the first solution for Bitcoin payments, which enables secure payments with Bitcoin in offline settings and in scenarios where payments need to be immediately accepted. Our approach relies on an offline wallet and deploys several novel security mechanisms to prevent double-spending and to verify the coin validity in offline setting. These mechanisms achieve probabilistic security to guarantee that the attack probability is lower than the desired threshold. We provide a security and risk analysis as well as model security parameters for various adversaries. We further eliminate remaining risks by detection of misbehaving wallets and their revocation.
We implemented our solution for mobile Android clients and instantiated an offline wallet using a microSD security card. Our implementation demonstrates that smooth integration over a very prevalent platform (Android) is possible, and that offline and online payments can practically co-exist. We also discuss alternative deployment approach for the offline wallet which does not leverage secure hardware, but instead relies on a deposit system managed by the Bitcoin network.
- Android Bitcoin wallet. https://play.google.com/store/apps/details?id=de.schildbach.wallet.Google Scholar
- Apple Pay payment solution. http://www.apple.com/apple-pay/.Google Scholar
- Average electricity prices around the world: USD/kWh. https://www.ovoenergy.com/guides/energy-guides/average-electricity-prices-kwh.html.Google Scholar
- Bitcoin contracts. https://en.bitcoin.it/.Google Scholar
- Blockchain taking years to download? http://www.reddit.com/r/Bitcoin/comments/1pssvp/blockchain_taking_years_to_download/.Google Scholar
- DOGE. http://dogecoin.com.Google Scholar
- Google Wallet: Shop. Save. Pay. With your phone.Google Scholar
- Greenaddress. https://greenaddress.it/en/.Google Scholar
- LTC. http://litecoin.org.Google Scholar
- The NIST authenticated NTP service. http://www.nist.gov/pml/div688/grp40/auth-ntp.cfm.Google Scholar
- Coinblesk, a mobile bitcoin payment solution, 2014. https://github.com/coinblesk.Google Scholar
- Edgar Dunn & Company. Advanced payments report, 2014. http://www.paymentscardsandmobile.com/wp-content/uploads/2014/02/PCM_EDC_Advanced_Payments_Report_2014_MWC.pdf.Google Scholar
- 10 best payment processors for Bitcoin for merchants, 2016. https://toughnickel.com/personal-finance/Best-Payment-Processors-for-Bitcoin-Bitcoin-for-Merchants.Google Scholar
- T. Alves and D. Felton. TrustZone: Integrated hardware and software security. Information Quaterly, 3(4), 2004.Google Scholar
- E. Androulaki, G. Karame, M. Roeschlin, T. Scherer, and S. Capkun. Evaluating user privacy in Bitcoin. In Financial Cryptography and Data Security, 2013.Google ScholarCross Ref
- M. Babaioff, S. Dobzinski, S. Oren, and A. Zohar. On Bitcoin and red balloons. In ACM Conference on Electronic Commerce, 2012. Google ScholarDigital Library
- T. Bamert, C.Decker, L. Elsen, R. Wattenhofer, and S. Welten. Have a snack, pay with Bitcoins. In 13-th IEEE International Conference on Peer-to-Peer Computing, 2013.Google Scholar
- T. Bamert, C. Decker, R. Wattenhofer, and S. Welten. BlueWallet: the secure Bitcoin wallet. In International Workshop on Security and Trust Management, 2014.Google ScholarCross Ref
- L. Bångens and B. Söderberg. Mobile banking -- financial services for the unbanked 2008. http://spidercenter.org/polopoly_fs/1.146036.1378747792!/menu/standard/file/Mobile%20banking%20-%20financial%20services%20for%20the%20unbanked.pdf.Google Scholar
- S. Barber, X. Boyen, E. Shi, and E. Uzun. Bitter to better -- how to make Bitcoin a better currency. In Financial Cryptography and Data Security, 2012.Google ScholarCross Ref
- E. Ben-Sasson, A. Chiesa, C. Garman, M. Green, I. Miers, E. Tromer, and M. Virza. Zerocash: Practical decentralized anonymous e-cash from Bitcoin. In IEEE Symposium on Security and Privacy, May 2014.Google Scholar
- J. Bonneau, A. Miller, J. Clark, A. Narayanan, J. A. Kroll, and E. W. Felten. Research perspectives and challenges for Bitcoin and cryptocurrencies. In IEEE Symposium on Security and Privacy, 2015. Google ScholarDigital Library
- J.-P. Buntinx. 27 million more merchants can now accept Bitcoin, 2016. https://news.bitcoin.com/bitpay-enables-27-million-ingenico-retailers-accept-bitcoin/.Google Scholar
- V. Buterin. A next-generation smart contract and decentralized application platform, 2014. https://github.com/ethereum/wiki/wiki/White-Paper.Google Scholar
- Certgate. Certgate products. cgCard. Texas Instruments White Paper, 2012. http://www.certgate.com/wp-content/uploads/2012/09/20131113_cgCard_Datasheet_EN.pdf .Google Scholar
- D. Chaum. Blind signatures for untraceable payments. In Advances in cryptology, 1983.Google ScholarCross Ref
- D. Chaum, A. Fiat, and M. Naor. Untraceable electronic cash. In Advances in Cryptology, 1990. Google ScholarDigital Library
- K. Croman, C. Decker, I. Eyal, A. E. Gencer, A. Juels, A. Kosba, A. Miller, P. Saxena, E. Shi, E. G. Sirer, D. Song, and R. Wattenhofer. On scaling decentralized blockchains (a position paper). In Bitcoin Workshop, 2016.Google Scholar
- A. Cuthbertson. Bitcoin now accepted by 100,000 merchants worldwide. http://www.ibtimes.co.uk/bitcoin-now-accepted-by-100000-merchants-worldwide-1486613.Google Scholar
- G. Danezis, C. Fournet, M. Kohlweiss, and B. Parno. PinocchioCoin: building Zerocoin from a succinct pairing-based proof system. In PETShop, 2013. Google ScholarDigital Library
- C. Decker and R. Wattenhofer. Information propagation in the Bitcoin network. In IEEE International Conference on Peer-to-Peer Computing, 2013.Google ScholarCross Ref
- C. Decker and R. Wattenhofer. A fast and scalable payment network with Bitcoin duplex micropayment channels. In Stabilization, Safety, and Security of Distributed Systems, 2015. Google ScholarDigital Library
- J. A. D. Donet, C. Perez-Sola, and J. Herrera-Joancomart. The Bitcoin P2P network. In Financial Cryptography and Data Security, 2014.Google Scholar
- R. Dragomirescu. OtherCoin. 2013. http://www.othercoin.com/OtherCoin.pdf.Google Scholar
- I. Eyal and E. G. Sirer. Majority is not enough: Bitcoin mining is vulnerable. In Financial Cryptography and Data Security, 2014.Google Scholar
- J. Garay, A. Kiayias, and N. Leonardos. The Bitcoin backbone protocol: Analysis and applications. In Advances in Cryptology - EUROCRYPT, 2015.Google ScholarCross Ref
- C. Garman, M. Green, and I. Miers. Decentralized anonymous credentials. In Network and Distributed System Security Symposium, 2014.Google ScholarCross Ref
- A. Gervais, G. Karame, S. Capkun, and V. Capkun. Is bitcoin a decentralized currency? In IEEE Security and Privacy, 2014.Google ScholarCross Ref
- Giesecke & Devrient Secure Flash Solutions. The Mobile Security Card SE 1.0 offers increased security. http://www.gd-sfs.com/the-mobile-security-card/mobile-security-card-se-1-0/.Google Scholar
- N. Gura, A. Patel, and A. Wander. Comparing elliptic curve cryptography and RSA on 8-bit CPUs. In Workshop on Cryptographic Hardware and Embedded Systems (CHESS), 2004.Google ScholarCross Ref
- E. Heilman, A. Kendler, A. Zohar, and S. Goldberg. Eclipse attacks on Bitcoin's peer-to-peer network. In USENIX Security Symposium, 2015. Google ScholarDigital Library
- G. O. Karame, E. Androulaki, and S. Capkun. Double-spending attacks on fast payments in Bitcoin. ACM Conference on Computer and Communications Security, 2012. Google ScholarDigital Library
- S. King. Primecoin: Cryptocurrency with prime number proof-of-work, 2013. http://academictorrents.com/details/d0f9accaec8ac9d538fdf9d675105ae1392ea32b.Google Scholar
- J. A. Kroll, I. C. Davey, and E. W. Felten. The economics of Bitcoin mining or, Bitcoin in the presence of adversaries. Workshop on the Economics of Information Security, 2013.Google Scholar
- F. McKeen, I. Alexandrovich, A. Berenzon, C. V. Rozas, H. Shafi, V. Shanbhogue, and U. R. Savagaonkar. Innovative instructions and software model for isolated execution. In International Workshop on Hardware and Architectural Support for Security and Privacy, 2013. Google ScholarDigital Library
- S. Meiklejohn, M. Pomarole, G. Jordan, K. Levchenko, D. McCoy, G. M. Voelker, and S. Savage. A fistful of Bitcoins: characterizing payments among men with no names. In Conference on Internet Measurement Conference, 2013. Google ScholarDigital Library
- I. Miers, C. Garman, M. Green, and A. D. Rubin. Zerocoin: Anonymous distributed e-cash from Bitcoin. In IEEE Symposium on Security and Privacy, 2013. Google ScholarDigital Library
- A. Miller and J. LaViola. Anonymous Byzantine consensus from moderately-hard puzzles: A model for Bitcoin. Technical Report CS-TR-14-01, University of Central Florida, April 2014.Google Scholar
- S. Nakamoto. Bitcoin: A peer-to-peer electronic cash system. Technical Report, 2008. http://www.vsewiki.cz/images/archive/8/89/20110124151146!Bitcoin.pdf .Google Scholar
- M. Palatinus and P. Rusnak. Trezor, 2013. www.bitcointrezor.com.Google Scholar
- D. Ron and A. Shamir. Quantitative analysis of the full Bitcoin transaction graph. Financial Cryptography and Data Security, 2012.Google Scholar
- M. Rosenfel. Analysis of hashrate-based double-spending. In ArXiv Preprint: 1402.2009v1, 2012. http://arxiv.org/abs/1402.2009.Google Scholar
- S. Skorobogatov. Chapter 7: Physical attacks and tamper resistance. In Introduction to Hardware Security and Trust. Springer New York, 2012.Google Scholar
- F. Tschorsch and B. Scheuermann. Bitcoin and beyond: A technical survey on decentralized digital currencies. In Cryptology ePrintArchive,Report2015/464, 2015.Google Scholar
- N. van Saberhagen. Cryptonote v 2.0, 2013. https:// cryptonote.org/whitepaper.pdf.Google Scholar
Index Terms
- Secure Wallet-Assisted Offline Bitcoin Payments with Double-Spender Revocation
Recommendations
Security Threats from Bitcoin Wallet Smartphone Applications: Vulnerabilities, Attacks, and Countermeasures
CODASPY '21: Proceedings of the Eleventh ACM Conference on Data and Application Security and PrivacyNowadays, Bitcoin is the most popular cryptocurrency. With the proliferation of smartphones and the high-speed mobile Internet, more and more users have started accessing their Bitcoin wallets on their smartphones. Users can download and install a ...
TrustZone-backed bitcoin wallet
CS2 '17: Proceedings of the Fourth Workshop on Cryptography and Security in Computing SystemsWith the increasing popularity of virtual currencies, it has become more important to have highly secure devices in which to store private-key information. Furthermore, ARM has made available an extension of processors architectures, designated ...
Double-spending fast payments in bitcoin
CCS '12: Proceedings of the 2012 ACM conference on Computer and communications securityBitcoin is a decentralized payment system that relies on Proof-of-Work (PoW) to verify payments. Nowadays, Bitcoin is increasingly used in a number of fast payment scenarios, where the time between the exchange of currency and goods is short (in the ...
Comments