anonymity in the bitcoin peer to peer network
play

Anonymity in the Bitcoin Peer-to-Peer Network Shaileshh Bojja - PowerPoint PPT Presentation

Oct 01, 2023 •111 likes •692 views

Anonymity in the Bitcoin Peer-to-Peer Network Shaileshh Bojja Venkatakrishnan, Giulia Fanti, Andrew Miller, Pramod Viswanath Why do People Use Cryptocurrencies? Technical Properties/ Currency Stability Investment Ideology Untraceable

  1. Anonymity in the Bitcoin Peer-to-Peer Network Shaileshh Bojja Venkatakrishnan, Giulia Fanti, Andrew Miller, Pramod Viswanath

  2. Why do People Use Cryptocurrencies? Technical Properties/ Currency Stability Investment Ideology

  3. “Untraceable Bitcoin”

  4. This is false.

  5. Blockchain sd93fjj2 Bitcoin Reminder pckrn29 … our transaction Transaction k A sends k tx to k B Bob Alice k B k A k tx

  6. How can users be deanonymized? Entire transaction histories can be compromised. Blockchain Meiklejohn et al., 2013

  7. What about the peer-to-peer network? Public Key IP Address

  8. Our Work Analysis Redesign 2) Spreading Phase 1) Anonymity Phase Pr(detection) Dandelion Under submission, 2017 ACM Sigmetrics 2017

  9. Model Assumptions and Notation

  10. Attacks on the Network Layer Eavesdropper Biryukov et al., 2014 Koshy et al., 2014 Alice

  11. What can go wrong? Eavesdropper Alice

  12. What the eavesdropper can do about it 2 3 1 Alice

  13. Summary of adversarial model Eavesdropper number 𝜾 fraction p connections compromised 𝜄 = 2 nodes

  14. ∞ Part II Redesign Botnet Part I Analysis Connections 𝜄 Eavesdropper to adversary 1 p 1 0 Fraction of Spies

  15. Analysis How bad is the problem?

  16. Flooding Protocols Trickle (pre-2015) Diffusion (post-2015) (4) (1) exp ¡ (𝜇) exp ¡ (𝜇) exp ¡ (𝜇) exp ¡ (𝜇) (2) (3)

  17. Does diffusion provide stronger anonymity than trickle spreading?

  18. d-regular trees Eavesdropper Fraction of spies 𝑞 = 1 Arbitrary number of connections 𝜄

  19. timestamps 𝑄(detection|𝝊, 𝐻) Anonymity Metric graph 𝜐 8 = 2.0 𝜐 @ = 0.3 𝜐 8 𝜐 = 𝜐 ; = 0.7 𝝊 = … 𝜐 H 𝜐 = = 1.1 𝜐 > = 1.5

  20. timestamps 𝑄(detection|𝝊, 𝐻) Estimators graph 𝜐 8 = 2.0 𝜐 @ = 0.3 𝜐 ; = 0.7 Maximum- First-Spy Likelihood 𝜐 = = 1.1 𝜐 > = 1.5

  21. Results: d-Regular Trees Trickle Diffusion 𝑃 log 𝑒 𝑃 log 𝑒 First-Timestamp 𝑒 𝑒 Ω(1) Ω(1) Maximum-Likelihood Intuition: Symmetry outweighs local randomness! Probability of Detection Maximum-Likelihood First-timestamp Degree, d

  22. Proof sketch (diffusion, max likelihood) Not yet received Received - Generalized Polya Urns Source Received and reported - Concentration of measure

  23. Results: Trees Trickle Probability of Detection Diffusion Number of Eavesdropper Connections

  24. Results: Bitcoin Graph 1 Trickle Probability of Detection 0.9 0.8 Diffusion 0.7 0.6 0.5 Trickle, Theoretical lower bound 0.4 Trickle, Simulated Trickle, Theoretical lower bound (d=2) Diffusion, Theoretical 0.3 Diffusion, Simulation 0 5 10 15 20 Number of Eavesdropper Connections

  25. Diffusion does not have (significantly) better anonymity properties than trickle.

  26. Redesign Can we design a better network?

  27. Botnet adversarial model observe all identities metadata unknown spies collude fraction p of spies honest- but-curious

  28. � � Metric for Anonymity Users Transactions Recall Precision 1 𝑜 O 1 𝑁 𝑤 R s ¡tx = 𝑤 1 𝑜 O 1 𝑁 𝑤 R s ¡tx = 𝑤 # ¡tx ¡mapped ¡to ¡v U U Mapping User Number honest users 𝔽[Recall] ¡= ¡ Mapping 𝑁 Probability ¡of ¡Detection

  29. Goal: Design a distributed flooding protocol that minimizes the maximum precision and recall achievable by a computationally-unbounded adversary.

  30. Fundamental Limits 1 Thm : Maximum recall ≥ 𝑞 . Precision Thm : Maximum precision ≥ 𝑞 = . Fraction of spies p 2 1 0 p Recall

  31. What are we looking for? Asymmetry Mixing spy 2 3 1 4

  32. What can we control? Spreading Topology Dynamicity Protocol Approximately Dynamic Diffusion regular Static What is the underlying How often does the Given a graph, how graph topology? graph change? do we spread content?

  33. Spreading Protocol: Dandelion 2) Spreading Phase 1) Anonymity Phase

  34. Why Dandelion spreading? Theorem : Dandelion spreading has an 8 optimally low maximum recall of 𝑞 + 𝑃 H . lower bound = p fraction number of of spies nodes

  35. Graph Topology: Line tx1 Anonymity graph tx2 “Regular” graph

  36. Dynamicity: High Change the anonymity graph frequently.

  37. D ANDELION Network Policy Spreading Topology Dynamicity Protocol Dandelion Line Dynamic Spreading graph Static What is the anonymity How often does the Given a graph, how graph topology? graph change? do we spread content?

  38. lower bound = p 2 Theorem : D ANDELION has a nearly-optimal maximum precision of =d e = 8 8fd log d + 𝑃 H .* fraction number of of spies nodes 8 *For 𝑞 < >

  39. Performance: Achievable Region 1 Flooding Precision Diffusion D ANDELION p 2 0 p 1 Recall

  40. Why does D ANDELION work? Strong mixing properties. Tree Complete graph Too many paths Too many leaves d 8fd (1 − 𝑓 df8 ) Precision: Precision: 𝑃(𝑞)

  41. How practical is this?

  42. Dandelion spreading 2) Spreading Phase 1) Anonymity Phase

  43. Anonymity graph construction Degree

  44. Dealing with stronger adversaries Misbehave during Misbehave during Learn the graph construction propagation graph Only send 4-regular Multiple nodes messages on graphs diffuse outgoing edges

  45. Anonymity graph construction

  46. Latency Overhead: Estimate Avg. Dandelion delay = 1-4 seconds (3-5% overhead) PDF Time to first transaction sighting (s) Information Propagation in the Bitcoin Network, Decker and Wattenhofer, 2013

  47. Deployment considerations Not running Dandelion Running Dandelion tx1

  48. Why not alternative solutions? Connect through Tor I2P Integration (e.g. Monero) Tor

  49. Strength of Guarantees Dandelion Date of Invention Narayanan and Möser, 2017

  50. Take-Home Messages 1) Bitcoin’s P2P network has poor anonymity. 2) Moving from trickle to diffusion did not help. 3) D ANDELION may be a lightweight solution for certain classes of adversaries. https://github.com/gfanti/bitcoin

  51. D ANDELION vs. Tor, Crowds, etc. 1) Messages propagate over the same cycle graph 2) Anonymity graph changes dynamically. 3) No encryption required.

  52. Upper bound (Known graph) Lower bound Line (unknown) (Known graph) Line (known) 4-reg (unknown) 4-reg (known) Precision Upper bound d-regular graphs give robustness! (Unknown graph) 10 -1 10 -1 10 -1 Lower bound (Unknown graph) 0.1 0.15 0.2 0.25 0.3 0.35 0.4 0.45 0.5 0.1 0.1 0.15 0.15 0.2 0.2 0.25 0.25 0.3 0.3 0.35 0.35 0.4 0.4 0.45 0.45 0.5 0.5 Fraction of Spies

  54. Anonymity graph construction Base Case k=1 Rounds k=1 rounds of Degree Base Case Degree-Checking

  55. Dealing with stronger adversaries Misbehave during Misbehave during Learn the graph construction propagation graph 4-regular Get rid of Multiple nodes graphs degree-checking diffuse

  56. Learning the anonymity graph Precision Line Random regular 𝑃 p = log ¡ 1 Graph unknown 𝑞 ? Ω(𝑞) Graph known

  57. Manipulating the anonymity graph

  58. D ANDELION++ Network Policy Spreading Topology Dynamicity Protocol Dandelion 4-regular Dynamic Spreading graph Static What is the anonymity How often does the Given a graph, how graph topology? graph change? do we spread content?

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Anonymity in the Bitcoin Peer-to-Peer Network Shaileshh Bojja Venkatakrishnan, Giulia Fanti,

Anonymity in the Bitcoin Peer-to-Peer Network Shaileshh Bojja Venkatakrishnan, Giulia Fanti,

Anonymity in the Bitcoin Peer-to-Peer Network Shaileshh Bojja Venkatakrishnan, Giulia Fanti, Pramod Viswanath Untraceable Bitcoin https://www.youtube.com/watch?v=k8LqlMzEe-I This is false. Blockchain sd93fjj2 Bitcoin Primer

284 views • 26 slides
THE PEER-TO-PEER NETWORK JOHN NEWBERY @jfnewbery github.com/jnewbery THE PEER-TO-PEER NETWORK

THE PEER-TO-PEER NETWORK JOHN NEWBERY @jfnewbery github.com/jnewbery THE PEER-TO-PEER NETWORK

THE PEER-TO-PEER NETWORK JOHN NEWBERY @jfnewbery github.com/jnewbery THE PEER-TO-PEER NETWORK Introduction Types of nodes Message format Control messages Transaction propagation Block propagation THE PEER TO PEER

767 views • 38 slides
Bitcoin: A Peer-to-Peer Electronic Cash System Paper review Bea Botyanszki The original bitcoin

Bitcoin: A Peer-to-Peer Electronic Cash System Paper review Bea Botyanszki The original bitcoin

Bitcoin: A Peer-to-Peer Electronic Cash System Paper review Bea Botyanszki The original bitcoin paper Published on The Cryptography Mailing list, in 2008 By Satoshi Nakamoto Identity unknown, but probably not a single person, but a

312 views • 9 slides
A Stealthier Partitioning Attack against Bitcoin Peer-to-Peer Network Muoi Tran , Inho Choi, Gi

A Stealthier Partitioning Attack against Bitcoin Peer-to-Peer Network Muoi Tran , Inho Choi, Gi

IEEE Symposium on Security and Privacy ( IEEE S&amp;P ) 2020 https://erebus-attack.comp.nus.edu.sg/ A Stealthier Partitioning Attack against Bitcoin Peer-to-Peer Network Muoi Tran , Inho Choi, Gi Jun Moon, Anh V. Vu, Min Suk Kang May 2020

814 views • 18 slides
A Technical Introduction to Bitcoin Niklas Fors, 2018-02-20 Bitcoin Decentralized digital

A Technical Introduction to Bitcoin Niklas Fors, 2018-02-20 Bitcoin Decentralized digital

A Technical Introduction to Bitcoin Niklas Fors, 2018-02-20 Bitcoin Decentralized digital currency Anyone can be part of the network Global distributed ledger called blockchain First Appearance Bitcoin: A Peer-to-Peer Electronic

4.02k views • 48 slides
Bitcoin: A Peer-to-Peer Electronic Cash System By Dhruv Krishnan and Priya Holani Bitcoin: A

Bitcoin: A Peer-to-Peer Electronic Cash System By Dhruv Krishnan and Priya Holani Bitcoin: A

Bitcoin: A Peer-to-Peer Electronic Cash System By Dhruv Krishnan and Priya Holani Bitcoin: A Peer-to-Peer Electronic Cash System By Dhruv Krishnan and Priya Holani Introduction Traditional Transaction Model Bob Bank Alice Problems with

910 views • 34 slides
NSYNC Network Synchronization for Low-latency Peer-to-Peer Streaming Overlay Construction

NSYNC Network Synchronization for Low-latency Peer-to-Peer Streaming Overlay Construction

NSYNC Network Synchronization for Low-latency Peer-to-Peer Streaming Overlay Construction Shudong Jin Case Western Reserve University NEONet Workshop, March 1, 2006 Peer-to-Peer Streaming Peer-to-peer systems versus client/server systems

292 views • 15 slides
Bitcoin and Anonymity Anonymity Basics How to de-anonymize Bitcoin Mixing

Bitcoin and Anonymity Anonymity Basics How to de-anonymize Bitcoin Mixing

Cryptocurrency Technologies Bitcoin and Anonymity Bitcoin and Anonymity Anonymity Basics How to de-anonymize Bitcoin Mixing Decentralized Mixing Zerocoin and Zerocash Tor and the Silk Road Bitcoin and Anonymity

524 views • 39 slides
Eclipse Attacks on Bitcoins Peer-to-Peer Network Presentation by Brett Holden Why I chose

Eclipse Attacks on Bitcoins Peer-to-Peer Network Presentation by Brett Holden Why I chose

Eclipse Attacks on Bitcoins Peer-to-Peer Network Presentation by Brett Holden Why I chose this paper We learned a lot about blockchain integrity and consensus What about integrity of the P2P network Bitcoin uses to communicate?

323 views • 31 slides
Hakim Khalafi Fall 2013 Project Class: Peer -to-peer networking&quot; Instructor: Dario Rossi

Hakim Khalafi Fall 2013 Project Class: Peer -to-peer networking&quot; Instructor: Dario Rossi

Hakim Khalafi Fall 2013 Project Class: Peer -to-peer networking&quot; Instructor: Dario Rossi Bitcoin becoming very popular! Most studies focus on either Bitcoin transaction graph (Harrigan et. al) Bitcoin mining weaknesses (Barber

404 views • 13 slides
Peer-to-Peer Networking and Discovery Technologies Week 6 Whats Peer-to-Peer? A different

Peer-to-Peer Networking and Discovery Technologies Week 6 Whats Peer-to-Peer? A different

Peer-to-Peer Networking and Discovery Technologies Week 6 Whats Peer-to-Peer? A different network architecture than client/server Each peer is both a client and a server Appropriate for applications that dont require a

353 views • 11 slides
Ethereum and Solidity Prof. Tom Austin San Jos State University Bitcoin (BTC) Protocol

Ethereum and Solidity Prof. Tom Austin San Jos State University Bitcoin (BTC) Protocol

Ethereum and Solidity Prof. Tom Austin San Jos State University Bitcoin (BTC) Protocol designed by Satoshi Nakamoto in 2008 https://bitcoin.org/bitcoin.pdf First Bitcoin client launched in 2009 Peer-to-peer no centralized

501 views • 31 slides
Peer-to-Peer Networks 09 Random Graphs for Peer-to-Peer-Networks Christian Ortolf Technical

Peer-to-Peer Networks 09 Random Graphs for Peer-to-Peer-Networks Christian Ortolf Technical

Peer-to-Peer Networks 09 Random Graphs for Peer-to-Peer-Networks Christian Ortolf Technical Faculty Computer-Networks and Telematics University of Freiburg Peer-to-Peer Networking Facts Hostile environment - Legal situation - Egoistic

882 views • 57 slides
BITCOIN: THE INTERNET OF MONEY CAMERON WINKLEVOSS @WINKLEVOSS TYLER WINKLEVOSS @TYLERWINKLEVOSS

BITCOIN: THE INTERNET OF MONEY CAMERON WINKLEVOSS @WINKLEVOSS TYLER WINKLEVOSS @TYLERWINKLEVOSS

BITCOIN: THE INTERNET OF MONEY CAMERON WINKLEVOSS @WINKLEVOSS TYLER WINKLEVOSS @TYLERWINKLEVOSS WHAT IS BITCOIN? Math- based asset Decentralized cryptocurrency Peer- to-peer network Internet of money WHO CREATED BITCOIN? PHILOSOPHY

523 views • 25 slides
Bitcoin Tom Anderson Bitcoin Network of bitcoin peers (servers) run by volunteers Peers

Bitcoin Tom Anderson Bitcoin Network of bitcoin peers (servers) run by volunteers Peers

Bitcoin Tom Anderson Bitcoin Network of bitcoin peers (servers) run by volunteers Peers are not trusted: may be greedy or corrupt Each peer knows about all bitcoins and transactions Transaction (sender -&gt; receiver): sender

958 views • 23 slides
Comparing Hybrid Peer-to-Peer Hybrid peer-to-peer systems Systems Beverly Yang and Hector

Comparing Hybrid Peer-to-Peer Hybrid peer-to-peer systems Systems Beverly Yang and Hector

Comparing Hybrid Peer-to-Peer Hybrid peer-to-peer systems Systems Beverly Yang and Hector Garcia-Molina Pure peer-to-peer systems are hard to scale Gnutella Look at hybrids between p2p and server-client Presented by Marco Barreno Servers

282 views • 6 slides
Dandelion: Privacy-Preserving Transaction Propagation in Bitcoins P2P Network Presenter:

Dandelion: Privacy-Preserving Transaction Propagation in Bitcoins P2P Network Presenter:

Dandelion: Privacy-Preserving Transaction Propagation in Bitcoins P2P Network Presenter: Giulia Fanti Joint work with: Shaileshh Bojja Venkatakrishnan, Surya Bakshi, Brad Denby, Shruti Bhargava, Andrew Miller, Pramod Viswanath 1 Blockchain

683 views • 49 slides
Introduction A. Christian Conviction Truth (e.g. Eph 6; 1 Tim 2). Certainty, Proof, Confidence,

Introduction A. Christian Conviction Truth (e.g. Eph 6; 1 Tim 2). Certainty, Proof, Confidence,

1 Growing Faith by Giving Room For Doubt Dr. Rich Knopp Program Director, Room For Doubt Professor of Philosophy &amp; Christian Apologetics Lincoln Christian University www.roomfordoubt.com Session Webpage:

444 views • 12 slides
Shea Nut Processing Silver B Mock-Up Review October 18, 2007 Customer Contract Product

Shea Nut Processing Silver B Mock-Up Review October 18, 2007 Customer Contract Product

Shea Nut Processing Silver B Mock-Up Review October 18, 2007 Customer Contract Product Description: A bicycle-powered shea nut mill Customer : Small-scale shea nut producing villages in sub-Saharan Africa Market: Fair-trade agricultural

470 views • 17 slides
Communications draft-kuhn-nwcrg-network-coding-satellites-00 IETF99 July 2017 N. Kuhn (CNES)

Communications draft-kuhn-nwcrg-network-coding-satellites-00 IETF99 July 2017 N. Kuhn (CNES)

Network Coding and Satellite Communications draft-kuhn-nwcrg-network-coding-satellites-00 IETF99 July 2017 N. Kuhn (CNES) E. Lochin (ISAE) Objectives SoA on the current deployment of network coding schemes within satellite systems

369 views • 14 slides
CS5412 / LECTURE 25 Ken Birman PROGRAMMING HARDWARE Spring, 2020 ACCELERATORS

CS5412 / LECTURE 25 Ken Birman PROGRAMMING HARDWARE Spring, 2020 ACCELERATORS

CS5412 / LECTURE 25 Ken Birman PROGRAMMING HARDWARE Spring, 2020 ACCELERATORS HTTP://WWW.CS.CORNELL.EDU/COURSES/CS5412/2020SP 1 SUPPOSE THAT YOU PURCHASE A GPU. HOW WOULD YOU PROGRAM IT? GPUs come with a collection of existing software

272 views • 11 slides
Say Hello! Dustin Werran, Xiaopei Wu, Mohamad Katanbaf, Qihan Zhao, Harita Kannan Outline

Say Hello! Dustin Werran, Xiaopei Wu, Mohamad Katanbaf, Qihan Zhao, Harita Kannan Outline

Say Hello! Dustin Werran, Xiaopei Wu, Mohamad Katanbaf, Qihan Zhao, Harita Kannan Outline Introduction System Architecture Database Interaction Model Conversation State Machine Verification Model Challenges and Future

288 views • 11 slides
AutoML: Automated Machine Learning Barret Zoph, Quoc Le Thanks: Google Brain team CIFAR-10

AutoML: Automated Machine Learning Barret Zoph, Quoc Le Thanks: Google Brain team CIFAR-10

AutoML: Automated Machine Learning Barret Zoph, Quoc Le Thanks: Google Brain team CIFAR-10 AutoML Accuracy ML Experts ImageNet Top-1 Accuracy AutoML ML Experts Current: Current: But can we turn this into: Importance of architectures

1.19k views • 48 slides
Kasiska Division of Health Sciences 2019 Spring Opening Assembly A WARM WELCOME TO OUR NEW

Kasiska Division of Health Sciences 2019 Spring Opening Assembly A WARM WELCOME TO OUR NEW

Kasiska Division of Health Sciences 2019 Spring Opening Assembly A WARM WELCOME TO OUR NEW COLLEAGUES Kasiska Division of Health Sciences Ryan Gerulf Director of Development Kasiska Division of Health Sciences Tony Seikel Interim

557 views • 38 slides

More recommend