Shaileshh Bojja Venkatakrishnan
Skip Abstract Section
Abstract
Bitcoin and other cryptocurrencies have surged in popularity over the last decade. Although Bitcoin does not claim to provide anonymity for its users, it enjoys a public perception of being a privacy preserving financial system. In reality, cryptocurrencies publish users' entire transaction histories in plaintext, albeit under a pseudonym; this is required for transaction validation. Therefore, if a user's pseudonym can be linked to their human identity, the privacy fallout can be significant. Recently, researchers have demonstrated deanonymization attacks that exploit weaknesses in the Bitcoin network's peer-to-peer (P2P) networking protocols. In particular, the P2P network currently forwards content in a structured way that allows observers to deanonymize users. In this work, we redesign the P2P network from first principles with the goal of providing strong, provable anonymity guarantees. We propose a simple networking policy called Dandelion which provides quasi-optimal, network-wide anonymity, with minimal cost to the network's utility. We also discuss practical implementation challenges and propose heuristic solutions.
- 2016. Bitcoin Core integration/staging tree. (2016). https://github.com/bitcoin/bitcoin.Google Scholar
- 2016. ZCash. (2016). https://z.cash/.Google Scholar
- Elli Androulaki, Ghassan O Karame, Marc Roeschlin, Tobias Scherer, and Srdjan Capkun. 2013. Evaluating user privacy in bitcoin. In International Conference on Financial Cryptography and Data Security. Springer, 34--51.Google ScholarCross Ref
- Maria Apostolaki, Aviv Zohar, and Laurent Vanbever. 2016. Hijacking Bitcoin: Large-scale Network Attacks on Cryptocurrencies. arXiv preprint arXiv:1605.07524 (2016).Google Scholar
- Yossi Azar, Andrei Broder, Anna Karlin, and Eli Upfal. 1999. Balanced Allocations. SIAM Journal of Computing 29, 1 (1999), 180--200. Google ScholarDigital Library
- MS Bartlett. 1956. Deterministic and stochastic models for recurrent epidemics. In Proceedings of the third Berkeley symposium on mathematical statistics and probability, Vol. 4. 109.Google Scholar
- Mohsen Bayati, Devavrat Shah, and Mayank Sharma. 2008. Max-product for maximum weight matching: Convergence, correctness, and LP duality. IEEE Transactions on Information Theory 54, 3 (2008), 1241--1251. Google ScholarDigital Library
- Alex Biryukov, Dmitry Khovratovich, and Ivan Pustogarov. 2014. Deanonymisation of clients in Bitcoin P2P network. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security. ACM, 15--29 Google ScholarDigital Library
- Alex Biryukov and Ivan Pustogarov. 2015. Bitcoin over Tor isn't a good idea. In 2015 IEEE Symposium on Security and Privacy. IEEE, 122--134. Google ScholarDigital Library
- Bitnodes. 2016. Global Bitcoin Nodes Distribution. (2016).Google Scholar
- Blockchain.info. 2016. Confirmed Transactions Per Day. (2016).Google Scholar
- Joseph Bonneau, Arvind Narayanan, Andrew Miller, Jeremy Clark, Joshua A Kroll, and Edward W Felten. 2014. Mixcoin: Anonymity for Bitcoin with accountable mixes. In International Conference on Financial Cryptography and Data Security. Springer, 486--504.Google ScholarCross Ref
- D. Chaum. 1988. The dining cryptographers problem: Unconditional sender and recipient untraceability. Journal of cryptology 1, 1 (1988). Google ScholarCross Ref
- CoinMarketCap. 2016. Cryptocurrency Market Capitalizations. (2016).Google Scholar
- H. Corrigan-Gibbs and B. Ford. 2010. Dissent: accountable anonymous group messaging. In CCS. ACM. Google ScholarDigital Library
- Dancho Danchev. 2013. New underground service offers access to thousands of malware-infected hosts. (2013).Google Scholar
- Christian Decker and Roger Wattenhofer. 2013. Information propagation in the bitcoin network. In IEEE P2P 2013 Proceedings. IEEE, 1--10.Google Scholar
- R. Dingledine, N. Mathewson, and P. Syverson. 2004. Tor: The second-generation onion router. Technical Report. DTIC Document.Google ScholarDigital Library
- G. Fanti, P. Kairouz, S. Oh, and P. Viswanath. 2015. Spy vs. Spy: Rumor Source Obfuscation. In SIGMETRICS Perform. Eval. Rev., Vol. 43. 271--284. Issue 1. Google ScholarDigital Library
- V. Fioriti and M. Chinnici. 2012. Predicting the sources of an outbreak with a spectral technique. arXiv:1211.2333 (2012).Google Scholar
- M.J. Freedman and R. Morris. 2002. Tarzan: A peer-to-peer anonymizing network layer. In Proc. CCS. ACM. Google ScholarDigital Library
- Zvi Galil. 1986. Efficient algorithms for finding maximum matching in graphs. ACM Computing Surveys (CSUR) 18, 1 (1986), 23--38. Google ScholarDigital Library
- Michael R Garey, David S. Johnson, and R Endre Tarjan. 1976. The planar Hamiltonian circuit problem is NP-complete. SIAM J. Comput. 5, 4 (1976), 704--714.Google ScholarDigital Library
- P. Golle and A. Juels. 2004. Dining cryptographers revisited. In Advances in Cryptology-Eurocrypt 2004.Google Scholar
- Ethan Heilman, Leen Alshenibr, Foteini Baldimtsi, Alessandra Scafuro, and Sharon Goldberg. 2016. TumbleBit: An untrusted Bitcoin- compatible anonymous payment hub. Technical Report. Cryptology ePrint Archive, Report 2016/575.Google Scholar
- TE Jedusor. 2016. Mimblewimble. (2016).Google Scholar
- Norman Lloyd Johnson and Samuel Kotz. 1977. Urn models and their application; an approach to modern discrete probability theory. (1977).Google Scholar
- David Karger, Rajeev Motwani, and GDS Ramkumar. 1997. On approximating the longest path in a graph. Algorithmica 18, 1 (1997), 82--98.Google ScholarDigital Library
- Joohwan Kim and R Srikant. 2012. Peer-to-peer streaming over dynamic random Hamilton cycles. In Information Theory and Applications Workshop (ITA), 2012. IEEE, 415--419.Google ScholarCross Ref
- Philip Koshy. 2013. CoinSeer: A Telescope Into Bitcoin. Ph.D. Dissertation. The Pennsylvania State University.Google Scholar
- Philip Koshy, Diana Koshy, and Patrick McDaniel. 2014. An analysis of anonymity in bitcoin using p2p network traffic. In International Conference on Financial Cryptography and Data Security. Springer, 469--485.Google ScholarCross Ref
- Eythan Levy, Guy Louchard, and Jordi Petit. 2004. A Distributed Algorithm to Find Hamiltonian Cycles in G(n, p) Random Graphs. In Workshop on Combinatorial and Algorithmic aspects of networking. Springer, 63--74. Google ScholarDigital Library
- A. Y. Lokhov, M. Mézard, H. Ohta, and L. Zdeborová. 2013. Inferring the origin of an epidemic with dynamic message passing algorithm. arXiv preprint arXiv:1303.5315 (2013).Google Scholar
- Eran Makover and Jeffrey McGowan. 2006. Regular trees in random regular graphs. arXiv preprint math/0610858 (2006).Google Scholar
- Greg Maxwell. 2013. CoinJoin: Bitcoin privacy for the real world. In Post on Bitcoin Forum.Google Scholar
- Sarah Meiklejohn, Marjori Pomarole, Grant Jordan, Kirill Levchenko, Damon McCoy, Geoffrey M Voelker, and Stefan Savage. 2013. A fistful of bitcoins: characterizing payments among men with no names. In Proceedings of the 2013 conference on Internet measurement conference. ACM, 127--140. Google ScholarDigital Library
- Ian Miers, Christina Garman, Matthew Green, and Aviel D Rubin. 2013. Zerocoin: Anonymous distributed e-cash from bitcoin. In Security and Privacy (SP), 2013 IEEE Symposium on. IEEE, 397--411. Google ScholarDigital Library
- Andrew Miller, James Litton, Andrew Pachulski, Neal Gupta, Dave Levin, Neil Spring, and Bobby Bhattacharjee. 2015. Discovering Bitcoin's public topology and influential nodes. (2015).Google Scholar
- Michael Mitzenmacher. 2001. The power of two choices in randomized load balancing. IEEE Transactions on Parallel and Distributed Systems 12, 10 (2001), 1094--1104. Google ScholarDigital Library
- Satoshi Nakamoto. 2008. Bitcoin: A peer-to-peer electronic cash system. (2008).Google Scholar
- Micha Ober, Stefan Katzenbeisser, and Kay Hamacher. 2013. Structure and anonymity of the bitcoin transaction graph. Future internet 5, 2 (2013), 237--250.Google Scholar
- P. C. Pinto, P. Thiran, and M. Vetterli. 2012. Locating the source of diffusion in large-scale networks. Physical review letters 109, 6 (2012), 068702.Google Scholar
- Daniel Plohmann and Elmar Gerhards-Padilla. 2012. Case study of the miner botnet. In 2012 4th International Conference on Cyber Conflict (CYCON 2012). IEEE, 1--16.Google Scholar
- David Martin Powers. 2011. Evaluation: from precision, recall and F-measure to ROC, informedness, markedness and correlation. (2011).Google Scholar
- B. A. Prakash, J. Vreeken, and C. Faloutsos. 2012. Spotting culprits in epidemics: How many and which ones?. In ICDM, Vol. 12. 11--20. Google ScholarDigital Library
- Fergal Reid and Martin Harrigan. 2013. An analysis of anonymity in the bitcoin system. In Security and privacy in social networks. Springer, 197--223.Google Scholar
- Michael K Reiter and Aviel D Rubin. 1998. Crowds: Anonymity for web transactions. ACM Transactions on Information and System Security (TISSEC) 1, 1 (1998), 66--92. Google ScholarDigital Library
- Dorit Ron and Adi Shamir. 2013. Quantitative analysis of the full bitcoin transaction graph. In International Conference on Financial Cryptography and Data Security. Springer, 6--24.Google ScholarCross Ref
- Tim Ruffing, Pedro Moreno-Sanchez, and Aniket Kate. 2014. CoinShuffle: Practical decentralized coin mixing for Bitcoin. In European Symposium on Research in Computer Security. Springer, 345--364. Google ScholarDigital Library
- Eli Ben Sasson, Alessandro Chiesa, Christina Garman, Matthew Green, Ian Miers, Eran Tromer, and Madars Virza. 2014. Zerocash: Decentralized anonymous payments from bitcoin. In 2014 IEEE Symposium on Security and Privacy. IEEE, 459--474. Google ScholarDigital Library
- Fabrizio Sebastiani. 2002. Machine learning in automated text categorization. ACM computing surveys (CSUR) 34, 1 (2002), 1--47. Google ScholarDigital Library
- D. Shah and T. Zaman. 2011. Rumors in a Network: Who's the Culprit? Information Theory, IEEE Transactions on 57 (Aug 2011), 5163--5181. Issue 8. Google ScholarDigital Library
- D. Shah and T. Zaman. 2012. Rumor centrality: a universal source detector. In ACM SIGMETRICS Performance Evaluation Review, Vol. 40. ACM, 199--210. Issue 1. Google ScholarDigital Library
- SéRgio SC Silva, Rodrigo MP Silva, Raquel CG Pinto, and Ronaldo M Salles. 2013. Botnets: A survey. Computer Networks 57, 2 (2013), 378--403. Google ScholarDigital Library
- Z. Wang, W. Dong, W. Zhang, and C.W. Tan. 2014. Rumor Source Detection with Multiple Observations: Fundamental Limits and Algorithms. In ACM SIGMETRICS. Google ScholarDigital Library
- David Isaac Wolinsky, Henry Corrigan-Gibbs, Bryan Ford, and Aaron Johnson. 2012. Dissent in Numbers: Making Strong Anonymity Scale.. In OSDI. 179--182. Google ScholarDigital Library
- K. Zhu, Z. Chen, and L. Ying. 2014. Locating Contagion Sources in Networks with Partial Timestamps. arXiv preprint arXiv:1412.4141 (2014).Google Scholar
- K. Zhu and L. Ying. 2013. A Robust Information Source Estimator with Sparse Observations. arXiv preprint arXiv:1309.4846 (2013).Google Scholar
Index Terms
- Dandelion: Redesigning the Bitcoin Network for Anonymity
Recommendations
Dandelion++: Lightweight Cryptocurrency Networking with Formal Anonymity Guarantees
Recent work has demonstrated significant anonymity vulnerabilities in Bitcoin's networking stack. In particular, the current mechanism for broadcasting Bitcoin transactions allows third-party observers to link transactions to the IP addresses that ...
Dandelion: Redesigning the Bitcoin Network for Anonymity
SIGMETRICS '17 Abstracts: Proceedings of the 2017 ACM SIGMETRICS / International Conference on Measurement and Modeling of Computer SystemsCryptocurrencies are digital currencies that provide cryptographic verification of transactions. In recent years, they have transitioned from an academic research topic to a multi-billion dollar industry. Bitcoin is the best-known example of a ...
Dandelion: Redesigning the Bitcoin Network for Anonymity
Performance evaluation reviewCryptocurrencies are digital currencies that provide cryptographic verification of transactions. In recent years, they have transitioned from an academic research topic to a multi-billion dollar industry. Bitcoin is the best-known example of a ...
Comments