s p
play

S & P SECURITY & PRIVACY GROUP Challenges and - PowerPoint PPT Presentation

Feb 19, 2024 •415 likes •1.27k views

FAKULTT FR !NFORMATIK Faculty of Informatics S & P SECURITY & PRIVACY GROUP Challenges and Cryptographic Solutions with Payment-Channel Networks Pedro Moreno-Sanchez RWC20 New York, Jan 10 th 2020 @pedrorechez Scalability

  1. FAKULTÄT FÜR !NFORMATIK Faculty of Informatics S & P SECURITY & PRIVACY GROUP Challenges and Cryptographic Solutions with Payment-Channel Networks Pedro Moreno-Sanchez RWC’20 New York, Jan 10 th 2020 @pedrorechez

  2. Scalability Issues ‣ Decentralized data structure recording each transaction in order to provide public verifiability ‣ Global consensus: everyone checks the whole blockchain Bitcoin’s transaction rate: ~10 tx/sec Visa’s transaction rate: ~10K tx/sec 2

  3. Scalability Solutions? ‣ On-chain (tweak consensus) e.g., DAG Blockchain, sharding, ... ‣ Off-chain (use blockchain only for disputes) e.g., Payment Channel Networks Lightning Network Raiden Network (Bitcoin) (Ethereum) Many other research projects (Bolt, Z-Channels, Perun, Liquidity Network, Plasma, COMIT ...) 3

  4. Scalability Solutions? ‣ On-chain (tweak consensus) e.g., DAG Blockchain, sharding, ... ‣ Off-chain (use blockchain only for disputes) e.g., Payment Channel Networks Lightning Network Raiden Network (Bitcoin) (Ethereum) Many other research projects (Bolt, Z-Channels, Perun, Liquidity Network, Plasma, COMIT ...) 3

  5. Background on Payment Channel Networks 4

  6. Payment Channels: Open 5 1 Alice Bob Blockchain 5

  7. Payment Channels: Open Multisig Contract 5 1 Can be spent only with the signatures of both Alice and Bob 5 (Alice,Bob) 5 (Alice) Alice Bob Alice Blockchain ‣ Alice creates multisig contract to deposit money on the channel 5

  8. Payment Channels: Open Multisig Contract 5 1 Can be spent only with the signatures of both Alice and Bob 5 (Alice,Bob) 5 (Alice) Alice Bob Alice 5 (Alice) 5 (Alice,Bob) Alice,Bob Blockchain ‣ Alice creates multisig contract to deposit money on the channel ‣ Alice lets Bob sign a refund transaction to unlock the money 5

  9. Payment Channels: Open 5 1 Alice Bob 5 (Alice) 5 (Alice,Bob) Alice,Bob Blockchain ‣ Alice creates multisig contract to deposit money on the channel 5 (Alice,Bob) ‣ Alice lets Bob sign a refund 5 (Alice) transaction to unlock the money ‣ Alice places the multisig contract Alice onchain 6

  10. Payment Channels: Transactions 4 1 4 (Alice) 5 (Alice, Bob) Alice 1 (Bob) Bob Alice ?? Bob Blockchain 5 (Alice,Bob) 5 (Alice) Alice 7

  11. Payment Channels: Transactions 3 2 3 (Alice) 3 (Alice) 5 (Alice, Bob) 5 (Alice, Bob) Alice 2 (Bob) Bob 2 (Bob) Alice ?? Bob Alice ?? Bob Under the hood Mechanisms for bidirectional payments and for revocation of old states Blockchain 5 (Alice,Bob) 5 (Alice) Alice 8

  12. Payment Channels: Close Alice Bob Blockchain 5 (Alice,Bob) 3 (Alice) 5 (Alice, Bob) 5 (Alice) 2 (Bob) Alice Alice,Bob

  13. Payment Channel Networks (PCNs) 3 4 1 2 Alice Bob Carol Send 1 BTC to Carol One cannot open channels with everyone... exploit channel paths! ⇒ 10

  14. Payment Channel Networks (PCNs) 3 4 1 2 Alice Bob Carol Send 1 BTC to Carol 3 2 3 2 Alice Bob Carol 1. Send 1 BTC 10

  15. Payment Channel Networks (PCNs) 3 4 1 2 Alice Bob Carol Send 1 BTC to Carol 3 2 3 2 Alice Bob Carol 1. Send 1 BTC 2 1 4 3 Alice Bob Carol 2. Forward 1 BTC to Carol 10

  16. Payment Channel Networks (PCNs) 3 4 1 2 Alice Bob Carol Send 1 BTC to Carol Should happen atomically 3 2 3 2 Alice Bob Carol 1. Send 1 BTC 2 1 4 3 Alice Bob Carol 2. Forward 1 BTC to Carol 10

  17. The Lightning Network (LN) 11

  18. Hashtime Lock Contract (HTLC) 4 1 5 4 (Alice) 4 (Alice) 5 (Alice, Bob) 5 (Alice, Bob) Alice 1 (Bob) Bob 1 (Bob) y Alice ?? Bob Alice ?? Bob 12

  19. Hashtime Lock Contract (HTLC) 1 4 4 1 5 4 (Alice) 4 (Alice) 5 (Alice, Bob) 5 (Alice, Bob) Alice 1 (Bob) Bob y 1 (Bob) y Alice ?? Bob Alice ?? Bob x With knowledge of x , Bob can “open” + publish the transaction on the blockchain for enforcing the payment 12

  20. Hashtime Lock Contract (HTLC) 1 4 4 1 5 4 (Alice) 4 (Alice) 5 (Alice, Bob) 5 (Alice, Bob) Alice 1 (Bob) Bob y 1 (Bob) y Alice ?? Bob Alice ?? Bob x After time the transaction cannot be published anymore on the blockchain With knowledge of x , Bob can “open” + publish the transaction on the blockchain for enforcing the payment 12

  21. Hashtime Lock Contract (HTLC) 1 4 4 1 5 4 (Alice) 4 (Alice) 5 (Alice, Bob) 5 (Alice, Bob) Alice 1 (Bob) Bob y 1 (Bob) y Alice ?? Bob Alice ?? Bob x After time the transaction cannot be published anymore on the blockchain With knowledge of x , Bob can HTLC (Alice, Bob, 1, y, ): “open” + publish the Alice pays Bob 1 BTC iff Bob shows some transaction on the blockchain x such that H(x) = y before for enforcing the payment 12

  22. HTLC for Multi-hop Payments 2 2 3 3 Alice Bob Carol x y:= H(x) 13

  23. HTLC for Multi-hop Payments y 2 2 3 3 Alice Bob Carol x y:= H(x) 13

  24. HTLC for Multi-hop Payments y HTLC(Alice, Bob, 1.1, y, t) 2 2 3 3 3 0.9 1.1 Alice Bob Carol x 1 y:= H(x) 13

  25. HTLC for Multi-hop Payments y HTLC(Alice, Bob, 1.1, y, t) HTLC(Bob, Carol, 1, y, t’) 2 2 2 2 3 3 3 1 0.9 1.1 Alice Bob Carol x 1 y:= H(x) 13

  26. HTLC for Multi-hop Payments y HTLC(Alice, Bob, 1.1, y, t) HTLC(Bob, Carol, 1, y, t’) 2 2 2 2 3 3 2 3 1 3 0.9 1.1 Alice Bob Carol x x 1 y:= H(x) 13

  27. HTLC for Multi-hop Payments y HTLC(Alice, Bob, 1.1, y, t) HTLC(Bob, Carol, 1, y, t’) 2 2 2 2 4.1 3 3 2 3 1 3 0.9 0.9 1.1 Alice Bob Carol x x x 1 y:= H(x) 13

  28. HTLC for Multi-hop Payments Requirement: t > t’ (after Carol revealed x to Bob, there y must still be time for Bob to reveal x to Alice) HTLC(Alice, Bob, 1.1, y, t) HTLC(Bob, Carol, 1, y, t’) 2 2 2 2 4.1 3 3 2 3 1 3 0.9 0.9 1.1 Alice Bob Carol x x x 1 y:= H(x) 13

  29. HTLC for Multi-hop Payments Requirement: t > t’ Requirement: 1.1 = 1 + fee (after Carol revealed x to Bob, there y (Alice forwards payment amount plus must still be time for Bob to reveal x fee for the intermediaries) to Alice) HTLC(Alice, Bob, 1.1, y, t) HTLC(Bob, Carol, 1, y, t’) 2 2 2 2 4.1 3 3 2 3 1 3 0.9 0.9 1.1 Alice Bob Carol x x x 1 y:= H(x) 13

  30. LN: Take Home y HTLC(Alice, Bob, 1.1, y, t) HTLC(Bob, Carol, 1, y, t’) HTLC (Alice, Bob, 1.1, y, t): Alice pays Bob 1.1 BTC iff Bob shows some 0. 0.9 1 4.1 3 3 2 1 3 2 2 2 2 3 x such that H(x) = y before t days Alice Bob Carol x x x 1 y:= H(x) ‣ Lightning Network work allow us to perform payments offchain • fast, no confirmation delay • little fees • secure and privacy-preserving (at a first glance...) 14

  31. Security + Privacy in PCNs Are off-chain payments in PCNs secure? (No honest participant looses money) Are off-chain payments in PCNs privacy-preserving by default? (individual payments are not recorded on the blockchain) 15

  32. Security + Privacy in PCNs Are off-chain payments in PCNs secure? (No honest participant looses money) NO! Are off-chain payments in PCNs privacy-preserving by default? (individual payments are not recorded on the blockchain) NO! 15

  33. Security and Privacy Challenges in Existing PCNs ACM CCS 2017 NDSS 2019 16

  34. Security Issue: The Wormhole Attack HTLC(A, E 1 ,1.3,y, t 1 ) HTLC(E 1 , B,1.2,y, t 2 ) HTLC(B, E 2 ,1.1,y, t 3 ) HTLC(E 2 , C,1,y, t 4 ) A E 1 B E 2 C x y:= H(x) 17

  35. Security Issue: The Wormhole Attack HTLC(A, E 1 ,1.3,y, t 1 ) HTLC(E 1 , B,1.2,y, t 2 ) HTLC(B, E 2 ,1.1,y, t 3 ) HTLC(E 2 , C,1,y, t 4 ) A E 1 B E 2 C x x y:= H(x) 17

  36. Security Issue: The Wormhole Attack HTLC(A, E 1 ,1.3,y, t 1 ) HTLC(E 1 , B,1.2,y, t 2 ) HTLC(B, E 2 ,1.1,y, t 3 ) HTLC(E 2 , C,1,y, t 4 ) A E 1 B E 2 C x x x y:= H(x) 17

  37. Security Issue: The Wormhole Attack HTLC(A, E 1 ,1.3,y, t 1 ) HTLC(E 1 , B,1.2,y, t 2 ) HTLC(B, E 2 ,1.1,y, t 3 ) HTLC(E 2 , C,1,y, t 4 ) A E 1 B E 2 C x x x x y:= H(x) 17

  38. Security Issue: The Wormhole Attack B considers the payment to be failed and unlocks his funds after the timeout HTLC(A, E 1 ,1.3,y, t 1 ) HTLC(E 1 , B,1.2,y, t 2 ) HTLC(B, E 2 ,1.1,y, t 3 ) HTLC(E 2 , C,1,y, t 4 ) A E 1 B E 2 C x x x x y:= H(x) 17

  39. Security Issue: The Wormhole Attack B considers the payment to be failed and unlocks his funds after the timeout HTLC(A, E 1 ,1.3,y, t 1 ) HTLC(E 1 , B,1.2,y, t 2 ) HTLC(B, E 2 ,1.1,y, t 3 ) HTLC(E 2 , C,1,y, t 4 ) A E 1 B E 2 C x x x x y:= H(x) gets 1.3 (no pays 1 (no payment to B) payment from B) Attacker earns 0.3 BTC (own fees + B’s fee) 17

  40. Security Issue: The Wormhole Attack B considers the payment to be failed and unlocks his funds after the timeout HTLC(A, E 1 ,1.3,y, t 1 ) HTLC(E 1 , B,1.2,y, t 2 ) HTLC(B, E 2 ,1.1,y, t 3 ) HTLC(E 2 , C,1,y, t 4 ) A E 1 B E 2 C x x x x y:= H(x) gets 1.3 (no pays 1 (no payment to B) payment from B) Attacker earns 0.3 BTC (own fees + B’s fee) Bob funds are locked (preventing the use in other payments) Bob cannot blame the adversary 17

  41. Privacy Issues in HTLC Payments HTLC(A,E 1 ,v 1 , y ,t 1 ) HTLC(E 2 ,C,v 4 , y ,t 4 ) HTLC(E 1 ,B,v 2 , y ,t 2 ) HTLC(B,E 2 ,v 3 , y ,t 3 ) A C E 1 B E 2 HTLC(E 1 ,B,v 2 , y’ ,t 2 ) HTLC(B,E 2, v 3 , y’ ,t 3 ) HTLC(E 2 ,C,v 4 , y’ ,t 4 ) HTLC(A,E 1 ,v 1 , y’ ,t 1 ) A’ C’ Relationship Anonymity : On-path adversaries do not learn who pays to whom 18

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

MISSION: We work for economic, social, and racial justice by advancing community based,

MISSION: We work for economic, social, and racial justice by advancing community based,

MISSION: We work for economic, social, and racial justice by advancing community based, cooperative, and democratically owned or managed enterprises with a preference to assisting cooperatives in low-income communities by: Providing

482 views • 10 slides
PAYCHECK PROTECTION PROGRAM DUKE LAW COMMUNITY ENTERPRISE CLINIC APRIL 21, 2020 Background,

PAYCHECK PROTECTION PROGRAM DUKE LAW COMMUNITY ENTERPRISE CLINIC APRIL 21, 2020 Background,

PAYCHECK PROTECTION PROGRAM DUKE LAW COMMUNITY ENTERPRISE CLINIC APRIL 21, 2020 Background, tips on applying, and an introduction to the forms required What is the Paycheck Protection Program (PPP)? - The PPP is a part of the Coronavirus

238 views • 11 slides
The Capitalization of Consumer Financing into Durable Goods Prices Bronson Argyle Taylor Nadauld

The Capitalization of Consumer Financing into Durable Goods Prices Bronson Argyle Taylor Nadauld

The Capitalization of Consumer Financing into Durable Goods Prices Bronson Argyle Taylor Nadauld BYU BYU Ryan Pratt Christopher Palmer BYU MIT and NBER May 2019 1 / 34 Capitalization of Consumer Financing Introduction Credit

770 views • 52 slides
ASHHRA20 Virtual Conference Demo Webinar June 24, 2020 AGENDA Introductions & Objectives

ASHHRA20 Virtual Conference Demo Webinar June 24, 2020 AGENDA Introductions & Objectives

ASHHRA20 Virtual Conference Demo Webinar June 24, 2020 AGENDA Introductions & Objectives Benefits of the Virtual Event Experience Intrado Platform Overview Exhibit Options Live Demo ASHHRA Authorized Partners Next

309 views • 17 slides
Partially Encrypted Machine Learning using Functional Encryption eo Ryffel 1,2 Edouard Dufour-Sans

Partially Encrypted Machine Learning using Functional Encryption eo Ryffel 1,2 Edouard Dufour-Sans

Partially Encrypted Machine Learning using Functional Encryption eo Ryffel 1,2 Edouard Dufour-Sans 1 Romain Gay 1,3 Th Francis Bach 2,1 David Pointcheval 1,2 1 Ecole Normale Sup erieure 2 INRIA 3 UC Berkeley August 18, 2019 Table of

418 views • 38 slides
Violent Crime Inequality in the United States 1 download slides at: www.inequality.com/slides

Violent Crime Inequality in the United States 1 download slides at: www.inequality.com/slides

download slides at: www.inequality.com/slides Violent Crime Inequality in the United States 1 download slides at: www.inequality.com/slides Violent Crime Homicide Rates and Income Inequality in the United States This image depicts the

399 views • 8 slides
Enterprise Applications and Challenges Maj Gen Sarah Zabel Defense Information Systems Agency

Enterprise Applications and Challenges Maj Gen Sarah Zabel Defense Information Systems Agency

UNCLASSIFIED Enterprise Applications and Challenges Maj Gen Sarah Zabel Defense Information Systems Agency Vice Director UNITED IN SERVICE TO OUR NATION UNCLASSIFIED 1 UNCLASSIFIED VIS ISION INFORM ORMATIO ION SUPERIO RIORIT ITY IN

128 views • 9 slides
South King County Mobility Coalition Mar March 202 ch 2020 Welcome! Welcome &

South King County Mobility Coalition Mar March 202 ch 2020 Welcome! Welcome &

South King County Mobility Coalition Mar March 202 ch 2020 Welcome! Welcome & Introductions Review Agenda Announcements Announcements Staffing Updates COVID-19 SKCMC 2020 Projects 2020 Projects

646 views • 41 slides
SBAs Disaster Declaration Makes Loans Available Due to the Coronavirus (COVID-19) The U.S.

SBAs Disaster Declaration Makes Loans Available Due to the Coronavirus (COVID-19) The U.S.

SBAs Disaster Declaration Makes Loans Available Due to the Coronavirus (COVID-19) The U.S. Small Business Administration (SBA) is offering designated states and territories low-interest federal disaster loans for working capital to small

355 views • 23 slides
Isomorphisms for the Coccinelle Program Matching and Transformation Engine Julia Lawall

Isomorphisms for the Coccinelle Program Matching and Transformation Engine Julia Lawall

Isomorphisms for the Coccinelle Program Matching and Transformation Engine Julia Lawall (University of Copenhagen) Joint work with Jesper Andersen, Julien Brunel, Damien Doligez, Ren Rydhof Hansen, Bjrn Haagensen, Gilles Muller, Yoann

326 views • 30 slides
Main question Improved access to foreign markets increases demand and encourages firms to invest.

Main question Improved access to foreign markets increases demand and encourages firms to invest.

Learning-by-Exporting under Credit Constraints 1 Robert Petrunia (Lakehead University) joint with Kim Huynh (Bank of Canada), Joel Rodrigue (Vanderbilt U), Walter Steingress (Bank of Canada) 2019 Canadian Stata Conference May 30, 2019 - Banff 1

473 views • 26 slides
Federal Loan Programs and Tax-Exempt Bond Options for Indian Country Elaine Buckberg Deputy

Federal Loan Programs and Tax-Exempt Bond Options for Indian Country Elaine Buckberg Deputy

Federal Loan Programs and Tax-Exempt Bond Options for Indian Country Elaine Buckberg Deputy Assistant Secretary, Policy Coordination Point of Contact for Tribal Consultation U.S. Treasury Department Tribal.Consult@treasury.gov O F T H E T R E

283 views • 11 slides
Joints Structural and Functional Classification of Articulations Agenda Joint Basics

Joints Structural and Functional Classification of Articulations Agenda Joint Basics

Joints Structural and Functional Classification of Articulations Agenda Joint Basics Classification Structural Joint Details Joint Stability Movements of Synovial Joints Shape Classification of Synovial Joints Joint

1.19k views • 64 slides
Dermatomyositis as Initial Presentation of dMMR Colorectal Cancer and its Treatment Dilemma

Dermatomyositis as Initial Presentation of dMMR Colorectal Cancer and its Treatment Dilemma

Dermatomyositis as Initial Presentation of dMMR Colorectal Cancer and its Treatment Dilemma Minh Thu T. Nguyen MD, Julia R. Gomez BA, Christine M. Osborne MD Poster Day October 13, 2020 Introduction o Dermatomyositis is a rare

435 views • 6 slides
Lynch Syndrome (HNPCC) Who to test? Disclosures: None How to test? Jonathan P. Terdiman, M.D.

Lynch Syndrome (HNPCC) Who to test? Disclosures: None How to test? Jonathan P. Terdiman, M.D.

Lynch Syndrome (HNPCC) Who to test? Disclosures: None How to test? Jonathan P. Terdiman, M.D. Professor of Clinical Medicine and Surgery University of California, San Francisco Clinical Features of Lynch Causes of Hereditary Susceptibility

318 views • 7 slides
Examination of the Impact of Cancer Telegenetics among a Rural Patient Population: Comparison

Examination of the Impact of Cancer Telegenetics among a Rural Patient Population: Comparison

Examination of the Impact of Cancer Telegenetics among a Rural Patient Population: Comparison with Traditional InPerson Services NNECOS Annual Meeting 2016 Susan Miesfeldt, MD Maine Medical Center This work was partially funded by the

271 views • 16 slides
Synchronous Colorectal Liver Colorectal Cancer with Hepatic Metastases: The Primary Should be

Synchronous Colorectal Liver Colorectal Cancer with Hepatic Metastases: The Primary Should be

Synchronous Colorectal Liver Colorectal Cancer with Hepatic Metastases: The Primary Should be Metastases Resected First Approximately 20% to 30% will have liver-only metastases on initial evaluation. Synchronous Metastasis: Definition

438 views • 4 slides
Overview Introduction and Historical Perspective Current Surgical Management Patient

Overview Introduction and Historical Perspective Current Surgical Management Patient

5/17/2013 Overview Introduction and Historical Perspective Current Surgical Management Patient Selection Define Resectability Methods of Extending Resectability SURGICAL MANAGEMENT OF PVE METASTATIC COLORECTAL CANCER

569 views • 10 slides
Extending Unsupervised Neural Image Compression With Supervised Multitask Learning David Tellez,

Extending Unsupervised Neural Image Compression With Supervised Multitask Learning David Tellez,

Extending Unsupervised Neural Image Compression With Supervised Multitask Learning David Tellez, Diederik Hoppener, Cornelis Verhoef, Dirk Grunhagen, Pieter Nierop, Michal Drozdzal, Jeroen van der Laak, Francesco Ciompi david.tellezm@gmail.com

302 views • 17 slides
Oligometastatic Disease: Definitions and Concepts Robert E. Reiter MD MBA Chief, Division of

Oligometastatic Disease: Definitions and Concepts Robert E. Reiter MD MBA Chief, Division of

Oligometastatic Disease: Definitions and Concepts Robert E. Reiter MD MBA Chief, Division of Urologic Oncology Bing Chair in Urologic Research Assistant Dean Bio-entrepreneurship Geffen School of Medicine at UCLA What is Oligometastatic

172 views • 16 slides
Chemotherapy in Advanced Colorectal Ch th i Ad d C l t l Cancer an historical overview

Chemotherapy in Advanced Colorectal Ch th i Ad d C l t l Cancer an historical overview

Chemotherapy in Advanced Colorectal Ch th i Ad d C l t l Cancer an historical overview of the past 25 years y Professor John R Zalcberg OAM Peter MacCallum Cancer Centre Melbourne Australia Melbourne, Australia Charles G Moertel

892 views • 87 slides
Phase II trial on SBRT for unresectable Liver Metastases: Long-term outcomes and prognostic

Phase II trial on SBRT for unresectable Liver Metastases: Long-term outcomes and prognostic

Phase II trial on SBRT for unresectable Liver Metastases: Long-term outcomes and prognostic factors of survival Comito T, Franzese C, Clerici E, Tozzi A, Iftode C, Navarria P, DAgostino G, De Rose F, Franceschini D, Ascolese AM, Di Brina L,

421 views • 17 slides
Ways to Make Citizen Science Projects more Collaborative, and Ultimately the Data more Reliable

Ways to Make Citizen Science Projects more Collaborative, and Ultimately the Data more Reliable

Ways to Make Citizen Science Projects more Collaborative, and Ultimately the Data more Reliable Margaret (Midge) Cozzens DIMACS. Rutgers, the State University December 14, 2015 Citizen Science Citizen science has the power to engage

386 views • 13 slides
Surface flattening - from local to global Emil Saucan EE Department, Technion Joint work with

Surface flattening - from local to global Emil Saucan EE Department, Technion Joint work with

Surface flattening - from local to global Emil Saucan EE Department, Technion Joint work with Eli Appleboim and Yehoshua Y. Zeevi . Stony Brook September 11, 2008. Flattening of folded surfaces S 2 R 3 , (i.e. 2 D represen- tation by

815 views • 49 slides

More recommend