anonymity in bitcoin
play

Anonymity in Bitcoin Tumbler/Mixer Oct 9, 2019 Anonymity and - PowerPoint PPT Presentation

Oct 05, 2023 •95 likes •438 views

Anonymity in Bitcoin Tumbler/Mixer Oct 9, 2019 Anonymity and Pseudonymity anonymous = Nameless, unidentifiable pseudonymous = Fake name, still traceable Tracing Bitcoin transactions Normal redeem script: Provide public key pk and proof

  1. Anonymity in Bitcoin Tumbler/Mixer Oct 9, 2019

  2. Anonymity and Pseudonymity • anonymous = Nameless, unidentifiable • pseudonymous = Fake name, still traceable

  3. Tracing Bitcoin transactions Normal redeem script: Provide public key pk and proof of ownership (through a signature) Out 1 Out 2 ∑ Out 3

  5. Privacy problems • Your family can detect where you spend your money • Your employer might detect unfavorable donations • Every business partner knows all other Address reuse is discouraged, but not always possible

  6. Mixers • Mixing many di ff erent inputs and outputs reduces traceability

  7. Mixers in Bitcoin • Mixers are not a first class citizen in Bitcoin • Bitcoin is flexible • Many di ff erent varieties exist to disassociate inputs and outputs • Most popular one is CoinJoin

  8. Bitcoin transaction f5d8ee39a43… Out 1 ∑ Out 2 0b82c0e88ff… c6b64e3e6b3…

  9. Transaction Details Input1 : scriptSig : Transaction: f5d8ee39a43… 304502206e21… Transaction Output: 1 43b0b82c0e88… Input2 : scriptSig : Transaction: 0b82c0e88ff… 304502206e21… Transaction Output: 4 43b0b82c0e88… Input3 : scriptSig : Transaction: c6b64e3e6b3… 304502206e21… Transaction Output: 0 43b0b82c0e88… Output1 : value: 5000000000 OP_DUP OP_HASH160 304371705fa… OP_EQUALVERIFY OP_CHECKSIG Output2 : value: 2300530000 OP_DUP OP_HASH160 3b24a405fa… OP_EQUALVERIFY OP_CHECKSIG

  10. Transaction Details Input1 : scriptSig : Transaction: f5d8ee39a43… 304502206e21… Transaction Output: 1 43b0b82c0e88… Same Input2 : scriptSig : public key Transaction: 0b82c0e88ff… 304502206e21… = Transaction Output: 4 43b0b82c0e88… same ID Input3 : scriptSig : Transaction: c6b64e3e6b3… 304502206e21… Transaction Output: 0 43b0b82c0e88… Output1 : value: 5000000000 OP_DUP OP_HASH160 304371705fa… OP_EQUALVERIFY OP_CHECKSIG Output2 : value: 2300530000 OP_DUP OP_HASH160 3b24a405fa… OP_EQUALVERIFY OP_CHECKSIG

  11. Transaction Details Input1 : scriptSig : Transaction: f5d8ee39a43… b022100e2acb… Transaction Output: 1 ae2ac980643b… Di ff erent Input2 : scriptSig : people or Transaction: 0b82c0e88ff… 80643b0b82ca… Transaction Output: 4 467f11e8c0e8… not? Input3 : scriptSig : Transaction: c6b64e3e6b3… 8d9e14466dad… Transaction Output: 0 222eed3ee373… Output1 : value: 5000000000 OP_DUP OP_HASH160 304371705fa… OP_EQUALVERIFY OP_CHECKSIG Output2 : value: 2300530000 OP_DUP OP_HASH160 3b24a405fa… OP_EQUALVERIFY OP_CHECKSIG

  12. CoinJoin Details • Many di ff erent parties create one single transaction • How can that work?

  13. Bad approach • Naïve way: Give your money to a bank and hope that the money will be returned

  14. CoinJoin Details • Trusting other parties with your money is not neccessary • ScriptSig signatures are su ffi ciently well designed

  15. Transaction Details Input1 : scriptSig : Transaction: f5d8ee39a43… b022100e2acb… Transaction Output: 1 ae2ac980643b… Input2 : scriptSig : What are Transaction: 0b82c0e88ff… 80643b0b82ca… Transaction Output: 4 467f11e8c0e8… these signatures? Input3 : scriptSig : Transaction: c6b64e3e6b3… 8d9e14466dad… Transaction Output: 0 222eed3ee373… Output1 : value: 5000000000 OP_DUP OP_HASH160 304371705fa… OP_EQUALVERIFY OP_CHECKSIG Output2 : value: 2300530000 OP_DUP OP_HASH160 3b24a405fa… OP_EQUALVERIFY OP_CHECKSIG

  16. Signatures • s = sign ( sk , document ) • verify ( pk , s , document ) ∈ { True , False }

  17. Signatures • s = sign ( sk , document ) • verify ( pk , s , document ) ∈ { True , False } Input2 : scriptSig : Transaction: 0b82c0e88ff… 80643b0b82ca… Transaction Output: 4 467f11e8c0e8… pk s

  18. Signatures • s = sign ( sk , document ) • verify ( pk , s , document ) ∈ { True , False } Input2 : scriptSig : Transaction: 0b82c0e88ff… 80643b0b82ca… Transaction Output: 4 467f11e8c0e8… pk s Where is the document ?

  19. The document to sign: Input1 : scriptSig : Transaction: f5d8ee39a43… b022100e2acb… Transaction Output: 1 ae2ac980643b… Input2 : scriptSig : Transaction: 0b82c0e88ff… 80643b0b82ca… Transaction Output: 4 467f11e8c0e8… Input3 : scriptSig : Transaction: c6b64e3e6b3… 8d9e14466dad… Transaction Output: 0 222eed3ee373… Output1 : value: 5000000000 OP_DUP OP_HASH160 304371705fa… OP_EQUALVERIFY OP_CHECKSIG Output2 : value: 2300530000 OP_DUP OP_HASH160 3b24a405fa… OP_EQUALVERIFY OP_CHECKSIG

  20. Nearly… • The signature cannot be part of the document itself

  21. The actual document: Input1 : scriptSig : Transaction: f5d8ee39a43… Transaction Output: 1 Input2 : scriptSig : Transaction: 0b82c0e88ff… Transaction Output: 4 Input3 : scriptSig : Transaction: c6b64e3e6b3… Transaction Output: 0 Output1 : value: 5000000000 OP_DUP OP_HASH160 304371705fa… OP_EQUALVERIFY OP_CHECKSIG Output2 : value: 2300530000 OP_DUP OP_HASH160 3b24a405fa… OP_EQUALVERIFY OP_CHECKSIG

  22. Signing a bitcoin transaction 1. Create the transaction, with all inputs and all outputs 2. Remove the scriptSig field 3. Compute s=sign(sk,tx without scriptSig) 4. Insert signatures

  23. CoinJoin input tx, output script input tx, output script CoinJoin coordinator input tx, output script 1. Participants send their inputs and outputs to a central coordinator

  24. CoinJoin joined tx joined tx CoinJoin coordinator joined tx 2. The coordinator joins all inputs and outputs into one transaction and sends this to the participants

  25. CoinJoin CoinJoin coordinator 3. Each participant creates a signature Transaction valid only if all participants sign it

  26. CoinJoin signature, pubKey signature, pubKey CoinJoin coordinator signature, pubKey 4. Participants send their scriptSig (i.e. signature & public keys)

  27. CoinJoin CoinJoin coordinator 5. CoinJoin coordinator publishes transaction

  28. Anonymity through mixing • Mixing does not guarantee anonymity • Size of the anonymity set important • If small, use multiple rounds of mixing

  29. CoinJoin limitation • In the given implementation, the server learns the mapping input -> output • One person can refuse to sign (DoS attack vector) • CoinJoin transaction themselves are tainted

  30. TumbleBit • More complicated implementations exist • In RSA, signing a document = same mathematical operation as decryption • Possible to devise a scheme where the coordinators does not learn anything about the input-output mapping • Round 1: Clients send Bitcoins to a server in exchange for an anonymous voucher • Round 2: Clients use the voucher to redeem Bitcoins • Related: Atomic Swaps

  31. DoS Attack on CoinJoin • Transactions can easily be blocked • If a client does not sign, a new transaction can be signed without security risks • CoinJoin servers might be attacked

  32. CoinJoin is tainted • CoinJoin transactions are significantly more involved in criminal activities • Pure participation in CoinJoin can be seen negatively

  33. CoinJoin can be detected • CoinJoin might seems like a normal transaction, but network analysis can detect CoinJoins • Number of input/outputs • Origins • etc. Fee to coordinator

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Bitcoin and Anonymity Anonymity Basics How to de-anonymize Bitcoin Mixing

Bitcoin and Anonymity Anonymity Basics How to de-anonymize Bitcoin Mixing

Cryptocurrency Technologies Bitcoin and Anonymity Bitcoin and Anonymity Anonymity Basics How to de-anonymize Bitcoin Mixing Decentralized Mixing Zerocoin and Zerocash Tor and the Silk Road Bitcoin and Anonymity

524 views • 39 slides
Privacy-Enhancing Overlays in Bitcoin Sarah Meiklejohn (University College London) Claudio

Privacy-Enhancing Overlays in Bitcoin Sarah Meiklejohn (University College London) Claudio

Privacy-Enhancing Overlays in Bitcoin Sarah Meiklejohn (University College London) Claudio Orlandi (Aarhus University) 1 Anonymity in Bitcoin 2 Anonymity in Bitcoin 2 Anonymity in Bitcoin 2 Anonymity in Bitcoin 2 Anonymity in Bitcoin

1.23k views • 90 slides
Anonymity in Cryptocurrencies Foteini Baldimtsi Bitcoin Anonymity? Satoshi Nakamoto, 2008

Anonymity in Cryptocurrencies Foteini Baldimtsi Bitcoin Anonymity? Satoshi Nakamoto, 2008

Anonymity in Cryptocurrencies Foteini Baldimtsi Bitcoin Anonymity? Satoshi Nakamoto, 2008 Bitcoin is only pseudonymous Public Key Address 133GT5661q8RuSKrrv8q2Pb4RwS 146KL5461d8KuSPxvv8q2Nd6K2q Posted on the ... Blockchain Alice

821 views • 40 slides
Anonymity in the Bitcoin Peer-to-Peer Network Shaileshh Bojja Venkatakrishnan, Giulia Fanti,

Anonymity in the Bitcoin Peer-to-Peer Network Shaileshh Bojja Venkatakrishnan, Giulia Fanti,

Anonymity in the Bitcoin Peer-to-Peer Network Shaileshh Bojja Venkatakrishnan, Giulia Fanti, Pramod Viswanath Untraceable Bitcoin https://www.youtube.com/watch?v=k8LqlMzEe-I This is false. Blockchain sd93fjj2 Bitcoin Primer

284 views • 26 slides
Anonymity in the Bitcoin Peer-to-Peer Network Shaileshh Bojja Venkatakrishnan, Giulia Fanti,

Anonymity in the Bitcoin Peer-to-Peer Network Shaileshh Bojja Venkatakrishnan, Giulia Fanti,

Anonymity in the Bitcoin Peer-to-Peer Network Shaileshh Bojja Venkatakrishnan, Giulia Fanti, Andrew Miller, Pramod Viswanath Why do People Use Cryptocurrencies? Technical Properties/ Currency Stability Investment Ideology Untraceable

692 views • 58 slides
Blockchain Intelligence and Anonymity Dr. Adam Joyce Agenda Who we are Bitcoin + Financial

Blockchain Intelligence and Anonymity Dr. Adam Joyce Agenda Who we are Bitcoin + Financial

Blockchain Intelligence and Anonymity Dr. Adam Joyce Agenda Who we are Bitcoin + Financial compliance What and who are the entities? How are entities interacting? 2 Who we are Elliptic is (now) a blockchain intelligence company. We work

699 views • 36 slides
Introduc)on to Bitcoin CONTENTS What is Bitcoin Who created it? Who prints it? How does Bitcoin

Introduc)on to Bitcoin CONTENTS What is Bitcoin Who created it? Who prints it? How does Bitcoin

Introduc)on to Bitcoin CONTENTS What is Bitcoin Who created it? Who prints it? How does Bitcoin work? The characteris5cs of Bitcoin WHAT IS BITCOIN Bitcoin is a form of digital currency, created and held electronically. No one controls it.

839 views • 17 slides
Mechanics of Bitcoin Bitcoin Transactions Bitcoin Scripts Applications of Bitcoin

Mechanics of Bitcoin Bitcoin Transactions Bitcoin Scripts Applications of Bitcoin

Cryptocurrency Technologies Mechanics of Bitcoin Mechanics of Bitcoin Bitcoin Transactions Bitcoin Scripts Applications of Bitcoin Scripts Bitcoin Blocks The Bitcoin Network Limitations and Improvements Mechanics of

695 views • 33 slides
Bitcoin Anonymity Mike Fleder Mike Kester Sudeep Pillai "Voodah"

Bitcoin Anonymity Mike Fleder Mike Kester Sudeep Pillai "Voodah"

Bitcoin Anonymity Mike Fleder Mike Kester Sudeep Pillai "Voodah" "darkskypoet" 1G6EQwiAfTVyTpK4j3XZ65CvonjDGrPsQ 1QEZohXPbh4ywbzPJATjMBDnSjJsZrZtQ1 Goal & Results Attacker Goal Tie real name to

331 views • 13 slides
Bitcoin vs. Bitcoin Cash: Coexistence or Downfall of Bitcoin Cash? Yujin Kwon* , Hyoungshick Kim

Bitcoin vs. Bitcoin Cash: Coexistence or Downfall of Bitcoin Cash? Yujin Kwon* , Hyoungshick Kim

Bitcoin vs. Bitcoin Cash: Coexistence or Downfall of Bitcoin Cash? Yujin Kwon* , Hyoungshick Kim , Jinwoo Shin*, Yongdae Kim* *KAIST, Sungkyunkwan University 1 Governance conflict The number of Bitcoin transaction per month Bad scala bility

731 views • 46 slides
Measures of Anonymity/Privacy: k-Anonymity, L-Diversity,

Measures of Anonymity/Privacy: k-Anonymity, L-Diversity,

Measures of Anonymity/Privacy: k-Anonymity, L-Diversity, t-Closeness CompSci 590.03 Instructor: Ashwin Machanavajjhala Lecture 4 : 590.03 Fall 12 1

647 views • 61 slides
but quite a lot is. Coordination among users can help with anonymity. Debajyoti Das 1 Sebastian

but quite a lot is. Coordination among users can help with anonymity. Debajyoti Das 1 Sebastian

Not all is lost for anonymity but quite a lot is. Coordination among users can help with anonymity. Debajyoti Das 1 Sebastian Meiser 2 Esfandiar Mohammadi 3 Aniket Kate 1 1 Purdue University 2 Visa Research 3 ETH Zurich 1 Sender Anonymity

551 views • 44 slides
Bitcoin as a Platform We have built Bitcoin. What can we build on top of it? Commitments

Bitcoin as a Platform We have built Bitcoin. What can we build on top of it? Commitments

Cryptocurrency Technologies Bitcoin as a Platform Bitcoin as a Platform We have built Bitcoin. What can we build on top of it? Commitments Token tracking Multiparty lotteries Public randomness Prediction markets A fine stew

714 views • 38 slides
CoinShuffle anonymity in the Block chain Jan-Willem Selij July 2, 2015 Jan-Willem Selij

CoinShuffle anonymity in the Block chain Jan-Willem Selij July 2, 2015 Jan-Willem Selij

CoinShuffle anonymity in the Block chain Jan-Willem Selij July 2, 2015 Jan-Willem Selij CoinShuffle anonymity in the Block chain July 2, 2015 1 / 28 Outline Bitcoin fundamentals 1 Anonymity 2 Mixing 3 CoinShuffle 4 CoinShuffle

649 views • 28 slides
Online Anonymity Andrew Lewman andrew@torproject.org June 8, 2010 What is anonymity? Anonymity

Online Anonymity Andrew Lewman andrew@torproject.org June 8, 2010 What is anonymity? Anonymity

Online Anonymity Andrew Lewman andrew@torproject.org June 8, 2010 What is anonymity? Anonymity isnt cryptography Cryptography protects the contents in transit You still know who is talking to whom, how often, and how much data is

764 views • 54 slides
Information Propagation in the Bitcoin Network Christian Decker ETH Zurich Distributed

Information Propagation in the Bitcoin Network Christian Decker ETH Zurich Distributed

Information Propagation in the Bitcoin Network Christian Decker ETH Zurich Distributed Computing Group www.disco.ethz.ch What is Bitcoin? What is Bitcoin? + What is Bitcoin? = + Whats it worth? USD / Bitcoin exchange price 300

752 views • 48 slides
Mixed symmetry tensors in the worldline formalism James Edwards NBMPS 44 - York September 2015

Mixed symmetry tensors in the worldline formalism James Edwards NBMPS 44 - York September 2015

Introduction Non-Abelian interactions Conclusion Mixed symmetry tensors in the worldline formalism James Edwards NBMPS 44 - York September 2015 Based on arXiv:1411.6540 [hep-th] and arXiv:1510.xxxx [hep-th] Mixed symmetry tensors in the

195 views • 16 slides
Unsteady mixed flows in closed water pipes. A well-balanced finite volume scheme Christian

Unsteady mixed flows in closed water pipes. A well-balanced finite volume scheme Christian

Unsteady mixed flows in closed water pipes. A well-balanced finite volume scheme Christian Bourdarias, Mehmet Ersoy and Stphane Gerbi LAMA, Universit de Savoie, Chambry, France 2 nd Workshop Mathematics and Oceanography Montpellier, 1-2-3

757 views • 75 slides
MODULI STABILISATION AND THE HOLOGRAPHIC SWAMPLAND Joseph Conlon DIAS, Oct 2020 (based on JC,

MODULI STABILISATION AND THE HOLOGRAPHIC SWAMPLAND Joseph Conlon DIAS, Oct 2020 (based on JC,

MODULI STABILISATION AND THE HOLOGRAPHIC SWAMPLAND Joseph Conlon DIAS, Oct 2020 (based on JC, Quevedo 1811.06276, JC, Revello 2006.01021) MODULI: WHAT? L = L GR + L SM + L BSM What is in ? L BSM Simple concept: massive

467 views • 29 slides
High-intensity probes of dark sector particles Stefania Gori UC Santa Cruz DESY Virtual Theory

High-intensity probes of dark sector particles Stefania Gori UC Santa Cruz DESY Virtual Theory

High-intensity probes of dark sector particles Stefania Gori UC Santa Cruz DESY Virtual Theory Forum, 2020 September 23, 2020 What is a dark sector particle? Any particle that does not interact through the Standard Model (SM) forces. Our

532 views • 34 slides
All about Eve: Execute-Verify Replication for Multi-Core Servers [1] OSDI12 Presenters: Yubo

All about Eve: Execute-Verify Replication for Multi-Core Servers [1] OSDI12 Presenters: Yubo

All about Eve: Execute-Verify Replication for Multi-Core Servers [1] OSDI12 Presenters: Yubo Wang, Chongzhou Fang Outline 1. Introduction 2. Protocol overview 3. Execution stage 4. Verification stage 5. Experiments 6. Conclusion

478 views • 29 slides
Torque and rotational motion Meaning of angular vectors r F F

Torque and rotational motion Meaning of angular vectors r F F

Torque and rotational motion Meaning of angular vectors r F F r O Rotating the object Class 4: Charges and Coulomb's Law The four fundamental interactions of nature (From Wikipedia: Fundamental interaction)

91 views • 8 slides
Advanced Thermodynamics: Lecture 14 Shivasubramanian Gopalakrishnan sgopalak@iitb.ac.in

Advanced Thermodynamics: Lecture 14 Shivasubramanian Gopalakrishnan sgopalak@iitb.ac.in

Advanced Thermodynamics: Lecture 14 Shivasubramanian Gopalakrishnan sgopalak@iitb.ac.in Shivasubramanian Gopalakrishnan sgopalak@iitb.ac.in ME 661 Kinetic Theory Shivasubramanian Gopalakrishnan sgopalak@iitb.ac.in ME 661 The Properties of

1.35k views • 21 slides
1/ 44 This time: monads (etc.) = > > 2/ 44 What do monads give us? A general

1/ 44 This time: monads (etc.) = > > 2/ 44 What do monads give us? A general

Last time: rows 1/ 44 This time: monads (etc.) = > > 2/ 44 What do monads give us? A general approach to implementing custom effects A reusable interface to computation A way to structure effectful programs in a functional

882 views • 62 slides

More recommend