dandelion privacy preserving transaction propagation in
play

Dandelion: Privacy-Preserving Transaction Propagation in Bitcoins - PowerPoint PPT Presentation

Jun 29, 2023 •180 likes •683 views

Dandelion: Privacy-Preserving Transaction Propagation in Bitcoins P2P Network Presenter: Giulia Fanti Joint work with: Shaileshh Bojja Venkatakrishnan, Surya Bakshi, Brad Denby, Shruti Bhargava, Andrew Miller, Pramod Viswanath 1 Blockchain

  1. Dandelion: Privacy-Preserving Transaction Propagation in Bitcoin’s P2P Network Presenter: Giulia Fanti Joint work with: Shaileshh Bojja Venkatakrishnan, Surya Bakshi, Brad Denby, Shruti Bhargava, Andrew Miller, Pramod Viswanath 1

  2. Blockchain Bitcoin P2P Primer sd93fjj2 pckrn29 … tx tx Bob Alice k B k A 2

  3. Privacy requirement: Address and real identity must be unlinkable Bitcoin Address IP Address 3

  4. Today, messages spread with diffusion. t=0.25 t=2.9 ! ! ! ! ! ! ! ! Alice ! t=1.1 4

  5. Diffusion is vulnerable to source detection! Biryukov et al. CCS 2014 Koshy et al., Financial Crypto 2014 F. and Viswanath, NIPS 2017 5

  6. Dandelion Lightweight transaction propagation algorithm with provable privacy guarantees. Venkatakrishan et al. , ACM Sigmetrics 2017; F. et al. , ACM Sigmetrics 2018 6

  7. FAQ: Why not alternative solutions? Connect through Tor I2P Integration (e.g. Monero) Tor 7

  8. Model Assumptions and Notation 8

  9. Adversarial model observe all identities metadata unknown spies collude fraction p of spies honest- but-curious 9

  10. Metric for Anonymity Users Transactions Re Recall ll Precisi sion 1 1 % & ' s tx = & 1 1 % & ' s tx = & " # " # # tx mapped to v $ $ Mapping User Number honest users Mapping % 10

  11. Goal: Design a distributed flooding protocol that minimizes the maximum precision and recall achievable by a computationally-unbounded adversary. 11

  12. Fundamental Limits 1 Thm : Maximum Thm recall ≥ " . Precision Thm : Maximum Thm precision ≥ " # . Fraction of spies p 2 1 0 p Recall 12

  13. What are we looking for? As Asymmetry Mi Mixing spy 2 3 1 4 13

  14. What can we control? Spreading Topology Dynamicity Protocol Approximately Dynamic Diffusion regular Static What is the underlying How often does the Given a graph, how graph topology? graph change? do we spread content? 14

  15. Spreading Protocol: Dandelion 2) Spreading Phase 1) Anonymity Phase 15

  16. Why Dandelion spreading? Theor Theorem em : Dandelion spreading has an $ optimally low maximum recall of ! + # % . lower bound = p fraction number of of spies nodes 16

  17. Graph Topology: Line tx1 Anonymity graph tx2 “Regular” graph 17

  18. Dynamicity: High Change the anonymity graph frequently. 18

  19. D ANDELION Network Policy Spreading Topology Dynamicity Protocol Dandelion Line Dynamic Spreading graph Static What is the anonymity How often does the Given a graph, how graph topology? graph change? do we spread content? 19

  20. lower bound = p 2 Theor Theorem em : D ANDELION has a nearly-optimal !" # ! $ $%" log " + * maximum precision of + .* fraction number of of spies nodes *For , < $ . 20

  21. Performance: Achievable Region 1 Flood Fl ooding ng Precision Di Diffusion D AN ANDELION p 2 0 p 1 Recall 21

  22. Why does D ANDELION work? Strong mixing properties. Complete graph Tree (Crowds, Tor) Too many paths Too many leaves % &'% (1 − * %'& ) Precision: Precision: !(#) 22

  23. Graph construction in practice tx1 Choose d=1 outbound edges 23

  24. Gives approximate d-regular anonymity graph d=1 24

  25. What are drawbacks of Dandelion? Dandelion++: Lightweight Cryptocurrency Networking with Formal Anonymity Guarantees, ACM Sigmetrics 2018 25

  26. Experiments on mainnet 16 %est )Lt 14 0LnLPuP (est) TLPe to 10% (seFonds) 12 10 8 6 4 2 0 0 2 4 6 8 10 12 Path Length 26

  27. Take-Home Messages 1) Bitcoin’s P2P network has weak anonymity protections 2) DANDELION may be a lightweight solution against large-scale deanonymization attacks (but doesn’t replace Tor!) 3) More information at: https://github.com/dandelion-org/bips https://github.com/dandelion-org/bitcoin 27

  28. Simulation on Bitcoin P2P Topology 1 Probability of Detection 0.9 0.8 Diffusion 0.7 0.6 0.5 Trickle, Theoretical lower bound 0.4 Trickle, Simulated Trickle, Theoretical lower bound (d=2) Diffusion, Theoretical 0.3 Diffusion, Simulation 0 5 10 15 20 # Supernode Connections per Node 28 F. and Viswanath, NIPS 2017

  29. 4-Regular Graphs • More robust against adversaries that learn the graph • Per-transaction routing vulnerable to intersection attacks One-to-one Routing • Pro : Increases cost of graph-learning attacks • Con : Can make transactions from the same source easier to link 29

  30. FAQ: Why not Tor? • Tor, VPNs, etc. address this problem • Only work for savvy or privacy-aware users • If Bitcoin is to become a mainstream payment system, it should protect everyone’s transactions • Dandelion: lightweight, easy to integrate into existing network 30

  31. Strength of Guarantees Dandelion Date of Invention 31 Narayanan and Möser, 2017

  32. Moving from theory to practice 32

  33. Adversarial Implementation Model Byzantine Intersection AS-Level Graph Deployment nodes attacks Adversaries construction 33

  34. Implementation: Dandelion spreading 2) Spreading Phase 1) Anonymity Phase 34

  35. Anonymity graph construction Degree 35

  36. Adversarial Model: Byzantine nodes Learn Lear n the he Mi Misbehave during Misbehave during Mi gr graph ph gr graph ph construction pr propa paga gation 4-re regular gr graph phs 36

  37. Anonymity graph construction 37

  38. Dealing with stronger adversaries Learn Lear n the he Mi Misbehave during Mi Misbehave during gr graph ph graph gr ph construction pr propa paga gation On Only send send 4-re regular Multiple nodes Mu me messages on graph gr phs di diffuse out outgoi oing ng ed edges es 38

  39. Partial deployment Not running Dandelion Running Dandelion tx1 39

  40. Latency Overhead: Estimate PDF Time to first transaction sighting (s) 40 twork, Decker and Wattenhofer, 2013 In Info formati tion P Propagati tion i in th the B Bitc tcoin N Netw

  41. < 5 sec 41

  42. D ANDELION vs. Tor, Crowds, etc. 1) Messages propagate over the sa same cycle graph 2) Anonymity graph changes dynamically. 3) No encryption required. 42

  43. Upper bound (Known graph) Lower bound Line (unknown) (Known graph) Line (known) 4-reg (unknown) 4-reg (known) Precision Upper bound d-regular graphs give robustness! (Unknown graph) 10 -1 10 -1 10 -1 Lower bound (Unknown graph) 0.1 0.15 0.2 0.25 0.3 0.35 0.4 0.45 0.5 0.1 0.1 0.15 0.15 0.2 0.2 0.25 0.25 0.3 0.3 0.35 0.35 0.4 0.4 0.45 0.45 0.5 0.5 Fraction of Spies 43

  44. 44

  45. Anonymity graph construction Base Case k=1 Rounds k=1 rounds of Base Case Degree Degree-Checking 45

  46. Dealing with stronger adversaries Lear Learn n the he Misbehave during Mi Mi Misbehave during graph gr ph gr graph ph construction pr propa paga gation 4-re regular Ge Get rid of degree- Mu Multiple nodes gr graph phs checki checking ng di diffuse 46

  47. Learning the anonymity graph Precisi sion Line Random regular ! p # log 1 Graph unknown ( ? Ω(() Graph known 47

  48. Manipulating the anonymity graph 48

  49. D ANDELION++ Network Policy Spreading Topology Dynamicity Protocol Dandelion 4-regular Dynamic Spreading graph Static What is the anonymity How often does the Given a graph, how graph topology? graph change? do we spread content? 49

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Privacy Preserving Protocols Workshop on Cryptography for the Internet of Things Jens Hermans KU

Privacy Preserving Protocols Workshop on Cryptography for the Internet of Things Jens Hermans KU

Privacy Preserving Protocols Privacy Preserving Protocols Workshop on Cryptography for the Internet of Things Jens Hermans KU Leuven - COSIC 20 November 2012 Privacy Preserving Protocols Introduction Cryptography in Daily Life RFID Privacy

1.04k views • 60 slides
Privacy-preserving Information Sharing: Crypto Tools and Applications Emiliano De Cristofaro

Privacy-preserving Information Sharing: Crypto Tools and Applications Emiliano De Cristofaro

Privacy-preserving Information Sharing: Crypto Tools and Applications Emiliano De Cristofaro University College London (UCL) https://emilianodc.com Privacy-preserving what ? Parties with limited mutual trust willing or required to share

1.1k views • 66 slides
New Directions in Privacy- preserving Machine Learning Kamalika Chaudhuri University of

New Directions in Privacy- preserving Machine Learning Kamalika Chaudhuri University of

New Directions in Privacy- preserving Machine Learning Kamalika Chaudhuri University of California, San Diego Sensitive Data Medical Records Genetic Data Search Logs AOL Violates Privacy AOL Violates Privacy Netflix Violates Privacy [NS08]

957 views • 92 slides
Privacy-Preserving Computation with Trusted Computing via Scramble-then-Compute Hung Dang, Anh

Privacy-Preserving Computation with Trusted Computing via Scramble-then-Compute Hung Dang, Anh

Privacy-Preserving Computation with Trusted Computing via Scramble-then-Compute Hung Dang, Anh Dinh, Ee-Chien Chang, Beng Chin Ooi School of Computing National University of Singapore PETS 2017 Privacy-Preserving Computation with Trusted

477 views • 34 slides
Preserving the Privacy of Sensitive Relationships in Graph Data Motivation Valuable Data! No

Preserving the Privacy of Sensitive Relationships in Graph Data Motivation Valuable Data! No

Preserving the Privacy of Sensitive Relationships in Graph Data Motivation Valuable Data! No privacy breaches! Public Data Anonymization Data representation? Privacy breach? Value of data? Data publisher Privacy Analyst Work by: Elena

80 views • 3 slides
Collaborative Privacy Preserving Data Mining in Vertically Partitioned Databases Ehud Gudes

Collaborative Privacy Preserving Data Mining in Vertically Partitioned Databases Ehud Gudes

Collaborative Privacy Preserving Data Mining in Vertically Partitioned Databases Ehud Gudes Ben-Gurion University, Israel This talk presents joint work with Boris Rozenberg Talk Outline Motivation for Privacy-Preserving Distributed Data

1.48k views • 68 slides
Privacy preserving data mining randomized response and association rule hiding Li Xiong

Privacy preserving data mining randomized response and association rule hiding Li Xiong

Privacy preserving data mining randomized response and association rule hiding Li Xiong CS573 Data Privacy and Anonymity Partial slides credit: W. Du, Syracuse University, Y. Gao, Peking University Privacy Preserving Data Mining

659 views • 39 slides
Privacy-preserving Biometrics in practice: diffjcult to sell Carmela Troncoso (Gradiant) My

Privacy-preserving Biometrics in practice: diffjcult to sell Carmela Troncoso (Gradiant) My

Privacy-preserving Biometrics in practice: diffjcult to sell Carmela Troncoso (Gradiant) My experience with biometrics and privacy Academic background on privacy Gradiants goal: transfer of knowledge to industry We bring state of

193 views • 6 slides
Network Privacy Mostly issues of preserving privacy of data flowing through network Start

Network Privacy Mostly issues of preserving privacy of data flowing through network Start

Network Privacy Mostly issues of preserving privacy of data flowing through network Start with encryption With good encryption, data values not readable So whats the problem? Lecture 17 Page 1 CS 236 Online Traffic Analysis

532 views • 21 slides
On the Theory and Practice of Privacy-Preserving Bayesian Data Analysis James Foulds,* Joseph

On the Theory and Practice of Privacy-Preserving Bayesian Data Analysis James Foulds,* Joseph

On the Theory and Practice of Privacy-Preserving Bayesian Data Analysis James Foulds,* Joseph Geumlek,* Max Welling, + Kamalika Chaudhuri* + University of Amsterdam *University of California, San Diego Overview Bayesian Privacy-preserving

878 views • 75 slides
Transaction Tax Challenges in Mergers and Acquisitions Identifying Reserves, Preserving Credits

Transaction Tax Challenges in Mergers and Acquisitions Identifying Reserves, Preserving Credits

Transaction Tax Challenges in Mergers and Acquisitions Identifying Reserves, Preserving Credits and Incentives, Maintaining Post-Integration Documents TUESDAY , SEPTEMBER 29, 2015 1:00-2:50 pm Eastern IMPORTANT INFORMATION This program is

525 views • 33 slides
Privacy-Preserving Query Processing over Encrypted Data in Cloud CS573 Data Privacy and Security

Privacy-Preserving Query Processing over Encrypted Data in Cloud CS573 Data Privacy and Security

Motivation Two-Cloud Setting PP k NN Classification Conclusion and Future Research Privacy-Preserving Query Processing over Encrypted Data in Cloud CS573 Data Privacy and Security Yousef M. Elmehdwi Department of Mathematics and Computer

919 views • 19 slides
DIMACS/PORTIA Workshop on Privacy Preserving Data Mining Data Mining &amp; Information Privacy:

DIMACS/PORTIA Workshop on Privacy Preserving Data Mining Data Mining &amp; Information Privacy:

DIMACS/PORTIA Workshop on Privacy Preserving Data Mining Data Mining &amp; Information Privacy: New Problems and the Search for Solutions March 15 th , 2004 Tal Zarsky The Information Society Project, Yale Law School Introduction: Various

273 views • 25 slides
Privacy-Preserving DNS Analysis of Broadcast, Range Queries and Mixes Hannes Federrath,

Privacy-Preserving DNS Analysis of Broadcast, Range Queries and Mixes Hannes Federrath,

Privacy-Preserving DNS Analysis of Broadcast, Range Queries and Mixes Hannes Federrath, Karl-Peter Fuchs, Dominik Herrmann , Christopher Piosecny University of Hamburg (Germany) 1 Agenda Missing Privacy in DNS Characteristics of DNS Traffic

559 views • 24 slides
Privacy-preserving KYC on Ethereum Introduction A decentralized KYC-compliant identity Alex

Privacy-preserving KYC on Ethereum Introduction A decentralized KYC-compliant identity Alex

Privacy-preserving KYC on Ethereum Biryukov, Khovratovich, Tikhomirov Privacy-preserving KYC on Ethereum Introduction A decentralized KYC-compliant identity Alex Biryukov, Dmitry Khovratovich, Sergei Tikhomirov Conclusion and future work

828 views • 20 slides
P 4 PCN: Privacy-Preserving Path Probing for Payment Channel Networks Ruozhou Yu, Assistant

P 4 PCN: Privacy-Preserving Path Probing for Payment Channel Networks Ruozhou Yu, Assistant

P 4 PCN: Privacy-Preserving Path Probing for Ruozhou Yu , Yinxin Wan, Vishnu Teja Kilari, Guoliang Xue, Jian Tang, Dejun Yang Payment Channel Networks P 4 PCN: Privacy-Preserving Path Probing for Payment Channel Networks Ruozhou Yu, Assistant

197 views • 5 slides
Introduction A. Christian Conviction Truth (e.g. Eph 6; 1 Tim 2). Certainty, Proof, Confidence,

Introduction A. Christian Conviction Truth (e.g. Eph 6; 1 Tim 2). Certainty, Proof, Confidence,

1 Growing Faith by Giving Room For Doubt Dr. Rich Knopp Program Director, Room For Doubt Professor of Philosophy &amp; Christian Apologetics Lincoln Christian University www.roomfordoubt.com Session Webpage:

444 views • 12 slides
Shea Nut Processing Silver B Mock-Up Review October 18, 2007 Customer Contract Product

Shea Nut Processing Silver B Mock-Up Review October 18, 2007 Customer Contract Product

Shea Nut Processing Silver B Mock-Up Review October 18, 2007 Customer Contract Product Description: A bicycle-powered shea nut mill Customer : Small-scale shea nut producing villages in sub-Saharan Africa Market: Fair-trade agricultural

470 views • 17 slides
Communications draft-kuhn-nwcrg-network-coding-satellites-00 IETF99 July 2017 N. Kuhn (CNES)

Communications draft-kuhn-nwcrg-network-coding-satellites-00 IETF99 July 2017 N. Kuhn (CNES)

Network Coding and Satellite Communications draft-kuhn-nwcrg-network-coding-satellites-00 IETF99 July 2017 N. Kuhn (CNES) E. Lochin (ISAE) Objectives SoA on the current deployment of network coding schemes within satellite systems

369 views • 14 slides
RDMA-based Networking Technologies and Middleware for Next-Generation Clusters and Data Centers

RDMA-based Networking Technologies and Middleware for Next-Generation Clusters and Data Centers

RDMA-based Networking Technologies and Middleware for Next-Generation Clusters and Data Centers Keynote Talk at KBNet 18 by Dhabaleswar K. (DK) Panda The Ohio State University E-mail: panda@cse.ohio-state.edu

833 views • 62 slides
Anonymity in the Bitcoin Peer-to-Peer Network Shaileshh Bojja Venkatakrishnan, Giulia Fanti,

Anonymity in the Bitcoin Peer-to-Peer Network Shaileshh Bojja Venkatakrishnan, Giulia Fanti,

Anonymity in the Bitcoin Peer-to-Peer Network Shaileshh Bojja Venkatakrishnan, Giulia Fanti, Andrew Miller, Pramod Viswanath Why do People Use Cryptocurrencies? Technical Properties/ Currency Stability Investment Ideology Untraceable

692 views • 58 slides
Anonymity in the Bitcoin Peer-to-Peer Network Shaileshh Bojja Venkatakrishnan, Giulia Fanti,

Anonymity in the Bitcoin Peer-to-Peer Network Shaileshh Bojja Venkatakrishnan, Giulia Fanti,

Anonymity in the Bitcoin Peer-to-Peer Network Shaileshh Bojja Venkatakrishnan, Giulia Fanti, Pramod Viswanath Untraceable Bitcoin https://www.youtube.com/watch?v=k8LqlMzEe-I This is false. Blockchain sd93fjj2 Bitcoin Primer

284 views • 26 slides
CS5412 / LECTURE 25 Ken Birman PROGRAMMING HARDWARE Spring, 2020 ACCELERATORS

CS5412 / LECTURE 25 Ken Birman PROGRAMMING HARDWARE Spring, 2020 ACCELERATORS

CS5412 / LECTURE 25 Ken Birman PROGRAMMING HARDWARE Spring, 2020 ACCELERATORS HTTP://WWW.CS.CORNELL.EDU/COURSES/CS5412/2020SP 1 SUPPOSE THAT YOU PURCHASE A GPU. HOW WOULD YOU PROGRAM IT? GPUs come with a collection of existing software

272 views • 11 slides
Say Hello! Dustin Werran, Xiaopei Wu, Mohamad Katanbaf, Qihan Zhao, Harita Kannan Outline

Say Hello! Dustin Werran, Xiaopei Wu, Mohamad Katanbaf, Qihan Zhao, Harita Kannan Outline

Say Hello! Dustin Werran, Xiaopei Wu, Mohamad Katanbaf, Qihan Zhao, Harita Kannan Outline Introduction System Architecture Database Interaction Model Conversation State Machine Verification Model Challenges and Future

288 views • 11 slides

More recommend