Deanonymisation in Ethereum Using Existing Methods for Bitcoin - - PowerPoint PPT Presentation

deanonymisation in ethereum using existing methods for
SMART_READER_LITE
LIVE PREVIEW

Deanonymisation in Ethereum Using Existing Methods for Bitcoin - - PowerPoint PPT Presentation

Apr 24, 2023 314 likes •547 views

Deanonymisation in Ethereum Using Existing Methods for Bitcoin Robin Klusman Tim Dijkhuizen Supervisor: Arno Bakker RP1 #61 06-02-2018 Introduction Blockchain Decentralised Peer-to-peer Miners Anonymous reputation

slide-1
SLIDE 1

Deanonymisation in Ethereum Using Existing Methods for Bitcoin

Robin Klusman Tim Dijkhuizen

RP1 #61 06-02-2018

Supervisor: Arno Bakker

slide-2
SLIDE 2

Deanonymisation in Ethereum

Introduction

2

  • Blockchain

○ Decentralised ○ Peer-to-peer ○ Miners ○ Anonymous reputation

  • Forensics

○ Track malicious actors

Image source - thenounproject.com

slide-3
SLIDE 3

Deanonymisation in Ethereum

Introduction

3

The integrity of the blockchain

Figure 1: Overview of how blocks in a blockchain are linked to each other

slide-4
SLIDE 4

Deanonymisation in Ethereum

Introduction

4

  • Bitcoin

○ 2009

○ ‘Satoshi Nakamoto’

  • Ethereum

○ 2015

○ Vitalik Buterin

Blockchain popularity

Image source - thenounproject.com

slide-5
SLIDE 5

Deanonymisation in Ethereum

Research Question

5 Image source - thenounproject.com

"Is deanonymisation of clients feasible for the Ethereum network?"

slide-6
SLIDE 6

Deanonymisation in Ethereum

Related Work

  • Survey on Bitcoin security and privacy issues

Essential background knowledge ○ Attacks on Bitcoin

■ BitIodine

  • Survey on Ethereum smart contracts

Aimed at illegitimately obtaining funds ○ DAO attack

6

slide-7
SLIDE 7

Bitcoin

Image source - thenounproject.com 7

slide-8
SLIDE 8

Deanonymisation in Ethereum

Bitcoin P2P Network

Discovering clients:

  • Hardcoded seed servers
  • Clients maintain 8 entry-nodes
  • getaddr message

Transaction propagation:

  • Trickling

○ Queueing inv messages ○ 100ms

8 Image source - thenounproject.com

slide-9
SLIDE 9

Deanonymisation in Ethereum

Bitcoin Blockchain

Transactions

  • Based on UTXO
  • Use up all inputs
  • Change

Blocks:

  • Merkle tree
  • Header hash
  • Forks

9 Image source - thenounproject.com

slide-10
SLIDE 10

Deanonymisation in Ethereum

Bitcoin (& Ethereum) Consensus Model

PoW (Proof of Work):

  • Based on computational power
  • Against Sybil attack

10 Image source - thenounproject.com

slide-11
SLIDE 11

Ethereum

11 Image source - thenounproject.com

slide-12
SLIDE 12

Deanonymisation in Ethereum

Ethereum Smart Contracts

  • Code written for EVM

○ Turing complete ○ Solidity

  • Immutable once deployed
  • Miners paid in gas - prevent DoS
  • Crowd funding

12 Image source - thenounproject.com

slide-13
SLIDE 13

Deanonymisation in Ethereum

Ethereum P2P Network

  • Kademlia based
  • Bootnodes
  • Find nodes

○ nodeID from public key ○ Closeness ○ XOR of SHA-3 hash

13 Image source - thenounproject.com

slide-14
SLIDE 14

Deanonymisation in Ethereum

Ethereum Blockchain

Transactions:

  • No UTXO
  • Account balance

Blocks:

  • Global state
  • Transaction trie
  • Ommers

14 Image source - thenounproject.com

slide-15
SLIDE 15

Attacks

15 Image source - thenounproject.com

slide-16
SLIDE 16

Deanonymisation in Ethereum

Existing Attacks - Finding IP Addresses

  • Identifying entry-nodes

○ Monitor ‘server’ nodes ○ Listen for addr messages

  • Monitor network
  • Transaction broadcasts
  • Very resource intensive

16

Figure 2: Entry-nodes in Bitcoin

slide-17
SLIDE 17

Deanonymisation in Ethereum

Effectiveness - Finding IP Addresses

  • Peers of a node more volatile
  • No set number of peers

17 Image source - thenounproject.com

slide-18
SLIDE 18

Deanonymisation in Ethereum

Existing Attacks - Clustering

  • Crawler
  • Multi-input transactions
  • Transaction ‘change’

18 Image source - thenounproject.com

slide-19
SLIDE 19

Deanonymisation in Ethereum

Effectiveness - Clustering

  • No multi input
  • No change
  • No shadow addresses

19

slide-20
SLIDE 20

Deanonymisation in Ethereum

Discussion & Conclusion

"Is deanonymisation of clients feasible for the Ethereum network?" Deanonymisation attacks difficult to apply:

  • Finding IP

○ Nodes not static

  • Clustering

○ No multiple addresses

But, possibilities for similar attacks

20

slide-21
SLIDE 21

Deanonymisation in Ethereum

Future Work

  • Bootnodes

○ Shadow network ○ Government

  • Peer selection protocol

○ Create nodes ○ Identify nodes

  • Attack wallet software

○ Less resource intensive

21

slide-22
SLIDE 22

Deanonymisation in Ethereum

References

  • Nakamoto, S. (2008). Bitcoin: A peer-to-peer electronic cash system.
  • Wood, G. (2014). Ethereum: A secure decentralised generalised transaction ledger.

Ethereum Project Yellow Paper, 151, 1-32.

  • Conti, M., Lal, C., & Ruj, S. (2017). A survey on security and privacy issues of bitcoin.

arXiv preprint arXiv:1706.00916.

  • Atzei, N., Bartoletti, M., & Cimoli, T. (2017, April). A survey of attacks on Ethereum smart

contracts (SoK). In International Conference on Principles of Security and Trust (pp. 164-186). Springer, Berlin, Heidelberg.

  • Biryukov, A., Khovratovich, D., & Pustogarov, I. (2014, November). Deanonymisation of

clients in Bitcoin P2P network. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security (pp. 15-29). ACM.

  • Spagnuolo, M., Maggi, F., & Zanero, S. (2014, March). Bitiodine: Extracting intelligence

from the bitcoin network. In International Conference on Financial Cryptography and Data Security (pp. 457-468). Springer, Berlin, Heidelberg.

22

slide-23
SLIDE 23

Deanonymisation in Ethereum

Questions

Image source - thenounproject.com