Giulia Fanti
Skip Abstract Section
Abstract
Recent work has demonstrated significant anonymity vulnerabilities in Bitcoin's networking stack. In particular, the current mechanism for broadcasting Bitcoin transactions allows third-party observers to link transactions to the IP addresses that originated them. This lays the groundwork for low-cost, large-scale deanonymization attacks. In this work, we present \Algopp, a first-principles defense against large-scale deanonymization attacks with near-optimal information-theoretic guarantees. Dandelion++ builds upon a recent proposal called Dandelion that exhibited similar goals. However, in this paper, we highlight some simplifying assumptions made in Dandelion, and show how they can lead to serious deanonymization attacks when violated. In contrast, Dandelion++ defends against stronger adversaries that are allowed to disobey protocol. Dandelion++ is lightweight, scalable, and completely interoperable with the existing Bitcoin network. We evaluate it through experiments on Bitcoin's mainnet (i.e., the live Bitcoin network) to demonstrate its interoperability and low broadcast latency overhead.
- {n. d.}. AWS Regions and Endpoints. ({n. d.}). http://docs.aws.amazon.com/general/latest/gr/rande.html.Google Scholar
- {n. d.}. Bitcoin Core integration/staging tree. ({n. d.}). https://github.com/bitcoin/bitcoin.Google Scholar
- {n. d.}. Chainalysis. ({n. d.}). https://www.chainalysis.com/.Google Scholar
- {n. d.}. The Kovri I2P Router Project. ({n. d.}). https://github.com/monero-project/kovri.Google Scholar
- {n. d.}. Monero. ({n. d.}). https://getmonero.org/home.Google Scholar
- 2015. Bitcoin Core Commit 5400ef6. (2015). https://github.com/bitcoin/bitcoin/commit/ 5400ef6bcb9d243b2b21697775aa6491115420f3.Google Scholar
- 2016. reddit/r/monero. (2016). https://www.reddit.com/r/Monero/comments/4aki0k/what_is_the_status_of_monero_ and_i2p/.Google Scholar
- Elli Androulaki, Ghassan O Karame, Marc Roeschlin, Tobias Scherer, and Srdjan Capkun. 2013. Evaluating user privacy in bitcoin. In International Conference on Financial Cryptography and Data Security. Springer, 34--51.Google ScholarCross Ref
- Maria Apostolaki, Aviv Zohar, and Laurent Vanbever. 2016. Hijacking Bitcoin: Large-scale Network Attacks on Cryptocurrencies. arXiv preprint arXiv:1605.07524 (2016).Google Scholar
- Krishna B Athreya and Peter E Ney. 2004. Branching processes. Courier Corporation.Google Scholar
- Alex Biryukov, Dmitry Khovratovich, and Ivan Pustogarov. 2014. Deanonymisation of clients in Bitcoin P2P network. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security. ACM, 15--29. Google ScholarDigital Library
- Alex Biryukov and Ivan Pustogarov. 2015. Bitcoin over Tor isn't a good idea. In Symposium on Security and Privacy. IEEE, 122--134. Google ScholarDigital Library
- John Bohannon. 2016. Why criminals can't hide behind Bitcoin. Science (2016).Google Scholar
- Shaileshh Bojja Venkatakrishnan, Giulia Fanti, and Pramod Viswanath. 2017. Dandelion: Redesigning the Bitcoin Network for Anonymity. POMACS 1, 1 (2017), 22. Google ScholarDigital Library
- D. Chaum. 1988. The dining cryptographers problem: Unconditional sender and recipient untraceability. Journal of cryptology 1, 1 (1988). Google ScholarCross Ref
- Ramnath K Chellappa and Raymond G Sin. 2005. Personalization versus privacy: An empirical examination of the online consumer's dilemma. Information technology and management 6, 2 (2005), 181--202. Google ScholarDigital Library
- H. Corrigan-Gibbs and B. Ford. 2010. Dissent: accountable anonymous group messaging. In CCS. ACM. Google ScholarDigital Library
- George Danezis, Claudia Diaz, Emilia Käsper, and Carmela Troncoso. 2009. The wisdom of Crowds: attacks and optimal constructions. In European Symposium on Research in Computer Security. Springer, 406--423. Google ScholarDigital Library
- George Danezis, Claudia Diaz, Carmela Troncoso, and Ben Laurie. 2010. Drac: An Architecture for Anonymous Low-Volume Communications.. In Privacy Enhancing Technologies, Vol. 6205. Springer, 202--219. Google ScholarDigital Library
- R. Dingledine, N. Mathewson, and P. Syverson. 2004. Tor: The second-generation onion router. Technical Report. DTIC Document. Google ScholarDigital Library
- G. Fanti, P. Kairouz, S. Oh, and P. Viswanath. 2015. Spy vs. Spy: Rumor Source Obfuscation. In SIGMETRICS Perform. Eval. Rev., Vol. 43. 271--284. Issue 1. Google ScholarDigital Library
- Giulia Fanti and Pramod Viswanath. 2017. Anonymity Properties of the Bitcoin P2P Network. arXiv preprint arXiv:1703.08761 (2017).Google Scholar
- M.J. Freedman and R. Morris. 2002. Tarzan: A peer-to-peer anonymizing network layer. In Proc. CCS. ACM. Google ScholarDigital Library
- Sam Frizell. 2015. Bitcoins Are Easier To Track Than You Think. Time (January 2015).Google Scholar
- Adam Efe Gencer and Emin Gün Sirer. 2017. State of the Bitcoin Network. Hacking Distributed, http:// hackingdistributed.com/2017/02/15/state-of-the-bitcoin-network/. (February 2017).Google Scholar
- S. Goel, M. Robson, M. Polte, and E. Sirer. 2003. Herbivore: A scalable and efficient protocol for anonymous communication. Technical Report.Google Scholar
- P. Golle and A. Juels. 2004. Dining cryptographers revisited. In Advances in Cryptology-Eurocrypt 2004.Google Scholar
- Ethan Heilman, Leen Alshenibr, Foteini Baldimtsi, Alessandra Scafuro, and Sharon Goldberg. 2016. TumbleBit: An untrusted Bitcoin-compatible anonymous payment hub. Technical Report. Cryptology ePrint Archive, Report 2016/575.Google Scholar
- TE Jedusor. 2016. Mimblewimble. (2016).Google Scholar
- Philip Koshy. 2013. CoinSeer: A Telescope Into Bitcoin. Ph.D. Dissertation. The Pennsylvania State University.Google Scholar
- Philip Koshy, Diana Koshy, and Patrick McDaniel. 2014. An analysis of anonymity in bitcoin using p2p network traffic. In International Conference on Financial Cryptography and Data Security. Springer, 469--485.Google ScholarCross Ref
- Greg Maxwell. 2013. CoinJoin: Bitcoin privacy for the real world. In Post on Bitcoin Forum.Google Scholar
- Dave McMillen. 2017. Mirai IoT Botnet: Mining for Bitcoins? SecurityIntelligence (April 2017).Google Scholar
- Sarah Meiklejohn, Marjori Pomarole, Grant Jordan, Kirill Levchenko, Damon McCoy, Geoffrey M Voelker, and Stefan Savage. 2013. A fistful of bitcoins: characterizing payments among men with no names. In Proceedings of the 2013 conference on Internet measurement conference. ACM, 127--140. Google ScholarDigital Library
- Marc Mezard and Andrea Montanari. 2009. Information, physics, and computation. Oxford University Press. Google ScholarDigital Library
- Andrew Miller, James Litton, Andrew Pachulski, Neal Gupta, Dave Levin, Neil Spring, and Bobby Bhattacharjee. 2015. Discovering Bitcoin's public topology and influential nodes. (2015).Google Scholar
- Prateek Mittal, Matthew Wright, and Nikita Borisov. 2013. Pisces: Anonymous communication using social networks. In NDSS. ACM.Google Scholar
- Satoshi Nakamoto. 2008. Bitcoin: A peer-to-peer electronic cash system. (2008).Google Scholar
- Micha Ober, Stefan Katzenbeisser, and Kay Hamacher. 2013. Structure and anonymity of the bitcoin transaction graph. Future internet 5, 2 (2013), 237--250.Google Scholar
- Larry L Peterson and Bruce S Davie. 2007. Computer networks: a systems approach. Elsevier. Google ScholarDigital Library
- P. C. Pinto, P. Thiran, and M. Vetterli. 2012. Locating the source of diffusion in large-scale networks. Physical review letters 109, 6 (2012), 068702.Google Scholar
- Fergal Reid and Martin Harrigan. 2013. An analysis of anonymity in the bitcoin system. In Security and privacy in social networks. Springer, 197--223.Google Scholar
- Michael K Reiter and Aviel D Rubin. 1998. Crowds: Anonymity for web transactions. ACM Transactions on Information and System Security (TISSEC) 1, 1 (1998), 66--92. Google ScholarDigital Library
- Dorit Ron and Adi Shamir. 2013. Quantitative analysis of the full bitcoin transaction graph. In International Conference on Financial Cryptography and Data Security. Springer, 6--24.Google ScholarCross Ref
- Tim Ruffing, Pedro Moreno-Sanchez, and Aniket Kate. 2014. CoinShuffle: Practical decentralized coin mixing for Bitcoin. In European Symposium on Research in Computer Security. Springer, 345--364. Google ScholarDigital Library
- Eli Ben Sasson, Alessandro Chiesa, Christina Garman, Matthew Green, Ian Miers, Eran Tromer, and Madars Virza. 2014. Zerocash: Decentralized anonymous payments from bitcoin. In Symposium on Security and Privacy. IEEE, 459--474. Google ScholarDigital Library
- Alexander Schrijver. 2002. Combinatorial optimization: polyhedra and efficiency. Vol. 24. Springer Science & Business Media.Google Scholar
- Rob Sherwood, Bobby Bhattacharjee, and Aravind Srinivasan. 2005. P5: A protocol for scalable anonymous communication. Journal of Computer Security 13, 6 (2005), 839--876. Google ScholarDigital Library
- Jelle van den Hooff, David Lazar, Matei Zaharia, and Nickolai Zeldovich. {n. d.}. Scalable Private Messaging Resistant to Traffic Analysis. ({n. d.}).Google Scholar
- Zhaoxu Wang, Wenxiang Dong, Wenyi Zhang, and Chee Wei Tan. 2014. Rumor source detection with multiple observations: Fundamental limits and algorithms. In ACM SIGMETRICS Performance Evaluation Review, Vol. 42. ACM, 1--13. Google ScholarDigital Library
- David Isaac Wolinsky, Henry Corrigan-Gibbs, Bryan Ford, and Aaron Johnson. 2012. Dissent in Numbers: Making Strong Anonymity Scale.. In OSDI. 179--182. Google ScholarDigital Library
- M. Zamani, J. Saia, M. Movahedi, and J. Khoury. 2013. Towards provably-secure scalable anonymous broadcast. In USENIX FOCI.Google Scholar
- Bassam Zantout and Ramzi Haraty. 2011. I2P data communication system. In Proceedings of ICN. Citeseer, 401--409.Google Scholar
- Kai Zhu and Lei Ying. 2014. A robust information source estimator with sparse observations. Computational Social Networks 1, 1 (2014), 3.Google ScholarCross Ref
Index Terms
- Dandelion++: Lightweight Cryptocurrency Networking with Formal Anonymity Guarantees
Recommendations
Dandelion++: Lightweight Cryptocurrency Networking with Formal Anonymity Guarantees
SIGMETRICS '18Recent work has demonstrated significant anonymity vulnerabilities in Bitcoin's networking stack. In particular, the current mechanism for broadcasting Bitcoin transactions allows third-party observers to link transactions to the IP addresses that ...
Dandelion: Redesigning the Bitcoin Network for Anonymity
Bitcoin and other cryptocurrencies have surged in popularity over the last decade. Although Bitcoin does not claim to provide anonymity for its users, it enjoys a public perception of being a privacy preserving financial system. In reality, ...
Dandelion++: Lightweight Cryptocurrency Networking with Formal Anonymity Guarantees
SIGMETRICS '18: Abstracts of the 2018 ACM International Conference on Measurement and Modeling of Computer SystemsRecent work has demonstrated significant anonymity vulnerabilities in Bitcoin's networking stack. In particular, the current mechanism for broadcasting Bitcoin transactions allows third-party observers to link transactions to the IP addresses that ...
Comments