foteini baldimtsi
play

Foteini Baldimtsi Public Key Address 133GT5661q8RuSKrrv8q2Pb4RwS - PowerPoint PPT Presentation

Jul 05, 2023 •120 likes •525 views

Foteini Baldimtsi Public Key Address 133GT5661q8RuSKrrv8q2Pb4RwS 146KL5461d8KuSPxvv8q2Nd6K2q Posted on the ... Blockchain Alice 122NB5426d8Lau3Kbbf8q2L7g89h Bitcoin De-anonymization in Practice eCash Adversarial Bank cannot link a

  1. Foteini Baldimtsi

  3. Public Key Address 133GT5661q8RuSKrrv8q2Pb4RwS 146KL5461d8KuSPxvv8q2Nd6K2q Posted on the ... Blockchain Alice 122NB5426d8Lau3Kbbf8q2L7g89h

  4. Bitcoin De-anonymization in Practice

  5. eCash Adversarial Bank cannot link a withdrawal to a deposit unlinkability Bitcoin It should be hard to link the sender of a payment to its recipient Ledger

  6. Payer Payee Break the link between payer and payee

  7. Payers Payees ● Set Anonymity: the set of transactions which the adversary cannot distinguish from your transaction (depends on anonymity model). ● Taint resistance analysis: calculating how “related” two addresses are or how well an adversary can discern the ownership of a bitcoin based on its previous spending history.

  8. 1) Mixing/Tumbler Services (for Bitcoin) Blindcoin Bitcoin Compatible XIM 2) Anonymous Cryptocurrencies Non- Compatible to Bitcoin

  9. ● achieve the level of privacy that we are already used to from traditional banking, and mitigate the deanonymization risk that the public block chain brings. ● go above and beyond the privacy level of traditional banking and develop currencies that make it technologically infeasible for anyone to track the participants.

  10. Mixing/Tumbler Services Based in joint work with Ethan Heilman and Sharon Goldberg from Boston University

  11. MIX ? ● Centralized (intermediary) ● Decentralized

  14. Issuance SK σ σ σ σ σ Redemption

  15. σ Issuance SK σ σ σ σ σ Redemption

  16. σ σ ▪

  17. Fair exchange 1: σ A: Gives 1 bitcoin A: Gets 1 voucher σ Fair exchange 2: B: Gives 1 voucher B: Gets 1 bitcoin

  18. Fair exchange 1: σ A: Gives 1 bitcoin A: Gets 1 voucher σ Fair exchange 2: B: Gives 1 voucher B: Gets 1 bitcoin

  19. Intermediary can check if Voucher already spent. Fair exchange 1: Fair exchange 2: σ A: Gives 1 bitcoin B: Gives 1 voucher A: Gets 1 voucher B: Gets 1 bitcoin σ

  21. Not Anonymous! Not Anonymous! An ephemeral address is a newly created address that is used once and then discarded. The receiving address is always an ephemeral address.

  22. ● ○ ● ○ ○

  23. Intermediary has to front bitcoins for exchange. DoS risk! * Inspired by the fees used by XIM [1] to resist DoS and Sybil attacks. [1]: ‘Sybil-resistant mixing for bitcoin.’ Bissias, Ozisik, Levine, Liberatore.

  24. Start protocol. Pay Fee Thanks! … Also protects against Sybil attacks since sybils must now pay a fee. * Inspired by the fees used by XIM [1] to resist DoS and Sybil attacks. [1]: ‘Sybil-resistant mixing for bitcoin.’ Bissias, Ozisik, Levine, Liberatore.

  25. HBG’16

  26. Anonymous Decentralized Cryptocurrencies

  27. Almost a decentralized mixing service performance issues and limited functionality Standalone cryptocurrency

  28. Requires a trusted, append only bulletin board (it could be the Bitcoin blockchain) Minting Bulletin Board pick SN, compute C1 = Commit(SN,r) C1 pin C1 on BB with a bitcoin C2 All Users accept C1 and agree it carries 1 C3 unlinkable by C4 Redeem Commitment ... compute a NIZK π: and NIZK - I know Ci in (C1,C2,..,CN) CN - I know r to open Ci to SN Post (SN,π) (SN,π) Spend All Users verify π and check SN is new if OK, I can collect a from any location of BB

  29. Implementing BB with Bitcoin Recall how Bitcoin transactions work Image by Rainer Bohme

  30. Implementing BB with Bitcoin Minting a zerocoin of value d: Alice creates a transaction and includes commitment C to output. The bitcoin value is put into escrow Spending a zerocoin: Alice creates a transaction that spends any unclaim bitcoin on escrow to Bob and also includes (SN, π). Successful if π verifies.

  31. π Redeem Bulletin Board compute a NIZK π: C1 - I know Ci in (C1,C2,..,CN) - I know r to open Ci to SN C2 Post (SN,π) C3 C4 ... Naive Solution CN Identify all valid zerocoins in the bulletin board Prove that SN is the serial number of a coin C (SN,π) Spend C = C1 ∨ C = C2 ∨ ...C=CN This “OR” proof is O(N)

  32. π Cryptographic Accumulators Bulletin Board C1 Rsa modulus n = p · q, u ∈ QR N C2 C3 Accumulator: A = u C1 C2 ...CN mod n C4 witness for C2: w = u C1 C3 ...CN mod n ... To prove that C2 is in A give (w,C2) CN check: w C2 = A mod n (SN,π) Spend This is not anonymous!

  33. π Cryptographic Accumulators Bulletin Board C1 RSA modulus n = p · q, u ∈ QR N C2 C3 Accumulator: A = u C1 C2 ...CN mod n C4 witness for C2: w = u C1 C3 ...CN mod n ... To prove that C2 is in A give (w,C2) CN check: w C2 = A mod n (SN,π) Spend There exists an efficient proof (NIZK) that I have a valid witness to a commitment of SN and know the corresponding randomness r cost log (N) [CL’02]

  34. - Accumulators require a trusted setup (somebody to compute N and throw away p,q) - Proofs not very efficient log(N) Each proof is approximately 50 KB) - note the scaling problems of Bitcoin - Not compatible with bitcoin - these new types of transactions should be included - you would need to be able to verify sophisticated ZK proofs - Payments of single denomination and payment values appear in the clear (1 BTC) Solves the problems above*

  35. Zerocash enables users to pay one another directly via payment transactions of variable denomination that reveal neither the origin, destination, or amount. ● reduces the size of transactions spending a coin to under 1 kB (an improvement of over 97:7%) ● reduces the spend-transaction verication time to under 6 ms (an improvement of over 98:6%) ● allows for anonymous transactions of variable amounts ● hides transaction amounts and the values of coins held by users ● allows for payments to be made directly to a user's xed address (without user interaction).

  36. zk-SNARKS Zero Knowledge Succinct Non Interactive Arguments of Knowledge Allows to: - hide transaction value inside the commitment - split and merge transactions Use of zk-SNARKS for Bitcoin also suggested by DFKP13

  37. Create efficient proofs for NP statements - construct an arithmetic circuit for the statement to be proved How are they different from NIZKs? - Both need trusted setup & provide same guarantees (completeness, proof of knowledge, ZK) - Proof length depends only on the security parameter and verification time on instance size (not on circuit) - Security relies in very strong assumptions (knowledge- of-exponent)

  38. HBG’16

  39. - Rigorous definitions for mixing a services and cryptocurrencies (UC model) - Anonymous cryptocurrencies without trusted setup - Anonymous cryptocurrencies based in standard assumptions - Anonymity solutions that “scale” - Policy questions about anonymous payments

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Anonymity in Cryptocurrencies Foteini Baldimtsi Bitcoin Anonymity? Satoshi Nakamoto, 2008

Anonymity in Cryptocurrencies Foteini Baldimtsi Bitcoin Anonymity? Satoshi Nakamoto, 2008

Anonymity in Cryptocurrencies Foteini Baldimtsi Bitcoin Anonymity? Satoshi Nakamoto, 2008 Bitcoin is only pseudonymous Public Key Address 133GT5661q8RuSKrrv8q2Pb4RwS 146KL5461d8KuSPxvv8q2Nd6K2q Posted on the ... Blockchain Alice

821 views • 40 slides
Efficient Constructions of Bilinear Accumulators Ioanna Karantaidou, Foteini Baldimtsi Set Me

Efficient Constructions of Bilinear Accumulators Ioanna Karantaidou, Foteini Baldimtsi Set Me

Efficient Constructions of Bilinear Accumulators Ioanna Karantaidou, Foteini Baldimtsi Set Me Membership ip Bank, GMU, subscription- based service, etc Alice List of members I am Alice ce ... List of members as a Data structure

897 views • 48 slides
Work or Knowledge Foteini Baldimtsi, Aggelos Kiayias, Thomas Zacharias, Bingsheng Zhang

Work or Knowledge Foteini Baldimtsi, Aggelos Kiayias, Thomas Zacharias, Bingsheng Zhang

Indistinguishable Proofs of Work or Knowledge Foteini Baldimtsi, Aggelos Kiayias, Thomas Zacharias, Bingsheng Zhang ASIACRYPT 2016 8th December, Hanoi, Vietnam Motivation (ZK) Proofs of Knowledge - PoK Statement: Prover

984 views • 79 slides
On The Security of Unique- Witness Blind Signature Schemes December 2013 ASIACRYPT, Bangalore,

On The Security of Unique- Witness Blind Signature Schemes December 2013 ASIACRYPT, Bangalore,

On The Security of Unique- Witness Blind Signature Schemes December 2013 ASIACRYPT, Bangalore, India Foteini Baldimtsi, Anna Lysyanskaya 2 Blind Signatures [Chaum'82] Blind signatures are a special type of digital signatures. Signer is

439 views • 33 slides
ITI-CERTH in TRECVID 2016 Ad-hoc Video Search (AVS) Foteini Markatopoulou, Damianos Galanopoulos,

ITI-CERTH in TRECVID 2016 Ad-hoc Video Search (AVS) Foteini Markatopoulou, Damianos Galanopoulos,

ITI-CERTH in TRECVID 2016 Ad-hoc Video Search (AVS) Foteini Markatopoulou, Damianos Galanopoulos, Ioannis Patras, Vasileios Mezaris Information Technologies Institute / Centre for Research and Technology Hellas TRECVID 2016 Workshop,

365 views • 23 slides
AnatoliaGreece Anatolia College, Thessaloniki, Greece Construct a product that recognizes UV

AnatoliaGreece Anatolia College, Thessaloniki, Greece Construct a product that recognizes UV

AnatoliaGreece Anatolia College, Thessaloniki, Greece Construct a product that recognizes UV radiation and emits Red Fluorescent Protein (RFP) in response Foteini Kalampalika, Representing The Team 01 Team Roster 1. Christos

393 views • 18 slides
Time dependence of AGN pair echo, and halo emission as a probe of extragalactic magnetic fields FO,

Time dependence of AGN pair echo, and halo emission as a probe of extragalactic magnetic fields FO,

Time dependence of AGN pair echo, and halo emission as a probe of extragalactic magnetic fields FO, Murase & Kotera, 2017, in prep FO, Murase & Kotera, PoS(ICRC2017)869 FO, Murase & Kotera, A&A 568, A110 (2014) ICRC2017 Foteini

503 views • 33 slides
Apprent entices iceship hip Levy vy what employers need to know 9:30am Start Welco lcome

Apprent entices iceship hip Levy vy what employers need to know 9:30am Start Welco lcome

Colin Bentwood Tony Allen Louise Doyle Apprent entices iceship hip Levy vy what employers need to know 9:30am Start Welco lcome me Send all questions/comments using the question tion box Socia ial media ia: @sdn_hq #sdnwebinars

328 views • 15 slides
This document was produced by Alison Featherbe EYFS Specialist for Inspiring Nurseries

This document was produced by Alison Featherbe EYFS Specialist for Inspiring Nurseries

This document was produced by Alison Featherbe EYFS Specialist for Inspiring Nurseries www.orangecaterpillar.co.uk alison@orangecaterpillar.co.uk @allyfeatherbe - Twitter Key working parents The guidance that came out on the 19 th March

336 views • 18 slides
Agents and charity payrolls Ian Whyteside, FMAAT, MCIPP, ATT Director and consultant trainer

Agents and charity payrolls Ian Whyteside, FMAAT, MCIPP, ATT Director and consultant trainer

Agents and charity payrolls Ian Whyteside, FMAAT, MCIPP, ATT Director and consultant trainer CIPP Director Management, Payroll & Training Co. Ltd. Partner The Lime Partnership Agents and charity payrolls Introduction

697 views • 33 slides
CNL 2014 20-22 August, 2014 Galway, Ireland RuleCNL: a Controlled Natural Language for Business

CNL 2014 20-22 August, 2014 Galway, Ireland RuleCNL: a Controlled Natural Language for Business

Fourth Workshop on Controlled Natural Language CNL 2014 20-22 August, 2014 Galway, Ireland RuleCNL: a Controlled Natural Language for Business Rule Specifications Paul Brillant Feuto Njonko, Sylviane Cardey, Peter Greendfield and Walid El Abed

983 views • 29 slides
The ASPE/CMS Multi Payer Claims Database (MPCD) for Comparative Effectiveness Research

The ASPE/CMS Multi Payer Claims Database (MPCD) for Comparative Effectiveness Research

The ASPE/CMS Multi Payer Claims Database (MPCD) for Comparative Effectiveness Research Initiative Amol Navathe, MD, PhD Brookings Active Surveillance Implementation Council Meeting #2 November 18, 2010 ASPE/CMS CER Multi payer Claims

395 views • 12 slides
Part D Event (PDE) Cost Information Barbara Frank, M.S., M.P.H. Director of Workshops, Outreach,

Part D Event (PDE) Cost Information Barbara Frank, M.S., M.P.H. Director of Workshops, Outreach,

Part D Event (PDE) Cost Information Barbara Frank, M.S., M.P.H. Director of Workshops, Outreach, & Research University of Minnesota Part D Event (PDE) Cost Information Researchers cannot determine true costs to Medicare or Plan

610 views • 30 slides
Complex categories in ontologies Alexandra Arapinis & Laure Vieu LOA-ISTC-CNR, Trento &

Complex categories in ontologies Alexandra Arapinis & Laure Vieu LOA-ISTC-CNR, Trento &

Complex categories in ontologies Alexandra Arapinis & Laure Vieu LOA-ISTC-CNR, Trento & IRIT-CNRS, Toulouse aarapinis@gmail.com & vieu@irit.fr LogOnto Workshop at FOIS 2014 1 Inherent polysemy, a linguistic phenomenon inherent

444 views • 15 slides
02161: Software Engineering 1 Working with other media besides book Up to now, the library

02161: Software Engineering 1 Working with other media besides book Up to now, the library

Technical University of Denmark Spring 2016 DTU Informatics Prog. Assignment Nr. 4 Assoc. Prof. H. Baumeister January 31, 2016 02161: Software Engineering 1 Working with other media besides book Up to now, the library application is only

298 views • 4 slides
7th Grade Percents 2015-11-30 www.njctl.org Slide 3 / 157 Table of Contents Click on the

7th Grade Percents 2015-11-30 www.njctl.org Slide 3 / 157 Table of Contents Click on the

Slide 1 / 157 Slide 2 / 157 7th Grade Percents 2015-11-30 www.njctl.org Slide 3 / 157 Table of Contents Click on the topic to go to that section Relating Fractions, Decimals and Percents Three Types of Percent Problems Percent of Change

1.13k views • 53 slides
Limitations of VCG Game Theory Course: Jackson, Leyton-Brown & Shoham Game Theory Course:

Limitations of VCG Game Theory Course: Jackson, Leyton-Brown & Shoham Game Theory Course:

Limitations of VCG Game Theory Course: Jackson, Leyton-Brown & Shoham Game Theory Course: Jackson, Leyton-Brown & Shoham Limitations of VCG . . 1. Privacy VCG requires agents to fully reveal their private information This

349 views • 13 slides
Computational Social Choice: Spring 2009 Ulle Endriss Institute for Logic, Language and

Computational Social Choice: Spring 2009 Ulle Endriss Institute for Logic, Language and

Mechanism Design COMSOC 2009 Computational Social Choice: Spring 2009 Ulle Endriss Institute for Logic, Language and Computation University of Amsterdam Ulle Endriss 1 Mechanism Design COMSOC 2009 Mechanism Design Mechanism design is

530 views • 25 slides
CSC304 Lecture 9 Mechanism Design w/ Money: More examples of VCG, winner determination and

CSC304 Lecture 9 Mechanism Design w/ Money: More examples of VCG, winner determination and

CSC304 Lecture 9 Mechanism Design w/ Money: More examples of VCG, winner determination and truthful approximation CSC304 - Nisarg Shah 1 VCG Recap = = argmax ()

793 views • 24 slides
Fair Division with Subsidy Daniel Halpern University of Toronto Nisarg Shah University of

Fair Division with Subsidy Daniel Halpern University of Toronto Nisarg Shah University of

Fair Division with Subsidy Daniel Halpern University of Toronto Nisarg Shah University of Toronto 1 / 15 Example $ 110 $ 200 $ 50 $ 110 2 / 15 Example $ 110 $ 200 $ 50 $ 110 Giving the car to Alice and the house to Bob seems fair. It

518 views • 32 slides
Existence of Optimal Mechanisms in Principal-Agent Problems Ohad Kadan, Phil Reny, Jeroen

Existence of Optimal Mechanisms in Principal-Agent Problems Ohad Kadan, Phil Reny, Jeroen

Existence of Optimal Mechanisms in Principal-Agent Problems Ohad Kadan, Phil Reny, Jeroen Swinkels June 2012 Ohad Kadan, Phil Reny, Jeroen Swinkels () Existence of Optimal Mechanisms June 2012 1 / 32 A General Principal-Agent Setup A

572 views • 32 slides
Interacting particle systems as stochastic social dynamics David Aldous April 5, 2013 Analogy:

Interacting particle systems as stochastic social dynamics David Aldous April 5, 2013 Analogy:

Interacting particle systems as stochastic social dynamics David Aldous April 5, 2013 Analogy: game theory not about games (baseball, chess, . . . ) but about a particular setup (players choose actions separately, get payoffs) which is

650 views • 40 slides
CSCI 446: Artificial Intelligence Uncertainty and Utilities Instructor: Michele Van Dyne [These

CSCI 446: Artificial Intelligence Uncertainty and Utilities Instructor: Michele Van Dyne [These

CSCI 446: Artificial Intelligence Uncertainty and Utilities Instructor: Michele Van Dyne [These slides were created by Dan Klein and Pieter Abbeel for CS188 Intro to AI at UC Berkeley. All CS188 materials are available at

578 views • 19 slides
Collective resource bounded reasoning in concurrent multi-agent systems Valentin Goranko

Collective resource bounded reasoning in concurrent multi-agent systems Valentin Goranko

Collective resource bounded reasoning in concurrent multi-agent systems Valentin Goranko Stockholm University (based on joint work with Nils Bulling ) Workshop on Logics for Resource-Bounded Agents ESSLLI2015, Barcelona, August 14, 2015 V

491 views • 20 slides

More recommend