P 4 PCN: Privacy-Preserving Path Probing for Ruozhou Yu , Yinxin Wan, Vishnu Teja Kilari, Guoliang Xue, Jian Tang, Dejun Yang Payment Channel Networks P 4 PCN: Privacy-Preserving Path Probing for Payment Channel Networks Ruozhou Yu, Assistant Professor, Department of Computer Science North Carolina State University with Yinxin Wan, Vishnu Teja Kilari, Guoliang Xue (Arizona State University), Jian Tang (Syracuse University), Dejun Yang (Colorado School of Mines) This research was supported in part by NSF grants IEEE GLOBECOM 2019 1704092, 1717197, 1717315, and 1525920. CISS6: Security & Privacy 1
P 4 PCN: Privacy-Preserving Path Probing for Ruozhou Yu , Yinxin Wan, Vishnu Teja Kilari, Guoliang Xue, Jian Tang, Dejun Yang Payment Channel Networks Blockchain Blockchain Basics hash Global Consensus (Chained) Hash Pointers Incentive Blockchain is a distributed sequential Every user validates all Efficient data storage, dis- Incentivized participation / transactional data store (a ledger) transactions to accept. semination and validation. and honest validation. whose security (non-manipulability) is guaranteed via distributed consensus. Blockchain Scalability Off-chain Payment Channel | Instant Transactions via Local Consensus The biggest challenge of blockchain Example: Bitcoin right now is its scalability issue due to ① On-chain (global) transaction ② On-chain deposit for off-channel opening global consensus. 1. Tx Throughput < 7 transactions per Payment channels were invented to second (tps) enable instant payment settlement , Off-chain Channel high transaction throughput. 2. Tx Confirmation Time Bound by crypto protocols , a payment ~1 hour (6-block conf.) channel is able to ensure blockchain- level security with an assumption on blockchain availability (connectivity). Smart Contract-based On-chain Arbitration Do we really need Local Channels are more importantly used Disagree global consensus? Consensus to construct multi-hop networks (PCN). ④ On-chain arbitration when someone cheats ③ Instant transactions via local consensus This research was supported in part by NSF grants IEEE GLOBECOM 2019 1704092, 1717197, 1717315, and 1525920. CISS6: Security & Privacy 1
P 4 PCN: Privacy-Preserving Path Probing for Ruozhou Yu , Yinxin Wan, Vishnu Teja Kilari, Guoliang Xue, Jian Tang, Dejun Yang Payment Channel Networks Multi-hop Payment in PCN Payment through Channel PCN Basics Quest : Find a set of paths Balances BEFORE payment that satisfy a payment → ₿ 30 ₿ 80 ← ₿ 25 A well-connected PCN enables instant Given : Only local balance payment to arbitrary parties in the → ₿ 5 ₿ 105 ← information for each node network with blockchain-level security. Balances AFTER payment Nevertheless, routing is a big problem, because the network is: A Typical Dynamic PCN Routing Algorithm [1] Privacy Concerns 1. Fully distributed 2. Highly dynamic #1 Sender / Recipient Privacy 1. Sender sends 3. Recipient selects path, Adversary may infer sender & recipient out probes. and confirms back. 2. Each intermediary updates balance. location &/ identity from probes. Many algorithms employ path probing to find payment paths with enough #2 Cross-link Inference capacity (balance). Adversary may infer sender/recipient Probing is used to gather current path location by seeing a probe on two links. information for dynamic routing. #3 Path Confidentiality However, probing commonly reveals Adversary may extract the probed sender &/ recipient information for a 5. Sender repeats until paths either to locate sender/recipient 4. Each intermediary payment, leading to privacy concerns ! enough paths. reserves and forwards. or “steal” the paths (denial-of-service). [1] R. Yu, G. Xue, V. T. Kilari, D. Yang, and J. Tang, “CoinExpress: A Fast Payment Routing Mechanism in Blockchain-based Payment Channel Networks,” in Proc. IEEE ICCCN , 2018. This research was supported in part by NSF grants IEEE GLOBECOM 2019 1704092, 1717197, 1717315, and 1525920. CISS6: Security & Privacy 1
P 4 PCN: Privacy-Preserving Path Probing for Ruozhou Yu , Yinxin Wan, Vishnu Teja Kilari, Guoliang Xue, Jian Tang, Dejun Yang Payment Channel Networks How to encrypt Existing Anonymous Communication Protocols Problems something if you don’t know who will 1. Before a probe is sent, sender does Example: Onion Routing not know which paths it will take, 1. Obtain all intermediate pub keys. receive it? hence public keys are not available. 2. Wrap message & forwarding info with each key. 2. There is no way to modify payload to Privacy-preserving path probing has a 3. Each intermediary peels off one append/update probed information. main challenge: layer and forwards. The paths to be probed are not known in advance! Our Idea (based on Sphinx [2] and Universal Re-Encryption (URE) [3] ) This prevents us from using existing anonymous communication protocols, In-Path ElGamal Key Exchange [2] Reversed Onion Universal Re-Encryption [3] all requiring knowing the intermediate public keys. Each intermediary establishes Established symmetric key is Each intermediary further re- a symmetric key using a used to attach probed path in encrypts the entire probe Thus, we define a new secure protocol sender-supplied ElGamal a reversed onion manner: (header + payload) to avoid for probing and information collection. component. inter-link inference. Adds path info and onion-encrypts 𝑡 = $% Re-encrypts with obfuscation key 𝑡 = $% $ % The established key 𝒕 is used. Anonymous Probing Share 𝑏 [2] G. Danezis and I. Goldberg, “Sphinx: A Compact and Provably Secure Mix Format,” in Proc. IEEE S&P , 2009, pp. 269–282. [3] P. Golle, M. Jakobsson, A. Juels, and P. Syverson, “Universal Re-encryption for Mixnets,” in Proc. CT-RSA , 2004, pp. 163–178. This research was supported in part by NSF grants IEEE GLOBECOM 2019 1704092, 1717197, 1717315, and 1525920. CISS6: Security & Privacy 1
P 4 PCN: Privacy-Preserving Path Probing for Ruozhou Yu , Yinxin Wan, Vishnu Teja Kilari, Guoliang Xue, Jian Tang, Dejun Yang Payment Channel Networks Our Construction (based on Sphinx [2] and Universal Re-Encryption (URE) [3] ) Our construction novelly combines Sphinx [2] and URE [3], enabling in- path information appending with full anonymity guarantee. We address additional challenges: • Reversed onion for appending • URE-aware ElGamal key exchange • ElGamal component hiding Our protocol enables efficient creation and processing of probes, as well as having a smaller probe size, compared to another construction (also our new contribution based on URE). Probe Processing Time Probe Size We believe the protocol can also find Discussions applications in many other scenarios, • Flooding : opportunistic probing and such as sensor or trust networks. other methods will be explored. • Other applications : ▹ Wireless sensor networks ▹ Vehicular networks Our Results ▹ Anonymous trust network Evaluation Results (with HUM [3] ) [2] G. Danezis and I. Goldberg, “Sphinx: A Compact and Provably Secure Mix Format,” in Proc. IEEE S&P , 2009, pp. 269–282. [3] P. Golle, M. Jakobsson, A. Juels, and P. Syverson, “Universal Re-encryption for Mixnets,” in Proc. CT-RSA , 2004, pp. 163–178. This research was supported in part by NSF grants IEEE GLOBECOM 2019 1704092, 1717197, 1717315, and 1525920. CISS6: Security & Privacy 1
Recommend
More recommend
