Pedro MMCI, Saarland University
|
|
- Juniper Powell
- 5 years ago
- Views:
Transcription
1 CoinShuffle: Practical Decentralized Coin Mixing for Bitcoin [project page] Pedro MMCI, Saarland University Aniket
2 Introduction Alice Dealer Hash Hash(vk) = Bitcoin address Money 3J98t1WpEZ73CNmQv iecrnyiwrnqrhwnly Bitcoin Transaction 2
3 Bitcoin 101 itcoin Address A = Hash(vk) sk: signing key vk: verification key Bitcoin Transaction A': BB public list of transactions 3
4 Linkability of Pseudonyms A': BB B' A A' 4
5 Linkability of Pseudonyms A': BB B' A A' 5
6 Linkability of Pseudonyms B' C' A D' A' A'' A''' 6
7 Deanonymization Attacks in Practice [Meiklejohn et al., IMC'13] Push-the-button tool for clustering: Check out bitiodine.net [Spagnuolo et. al., FC'14] 7
8 Avoiding the Linkability Zerocoin [Miers et al., S&P'13] and Zerocash [Ben-Sasson et al., S&P'14] Unlinkability by design Inefficient or requires trusted setup Not compatible with Bitcoin 8
9 Naïve Coin Mixing tainted addresses fresh addresses!? 9
10 Naïve Coin Mixing tainted addresses fresh addresses Problems Mix can still link the addresses accountability possible Mix can steal the money using Mixcoin [Bonneau et al., FC'14] Mix may require a fee 10
11 Mixing using CoinJoin [Maxwell] σb σc B: B C: B C': B A': B σb σc Coins cannot be stolen. (Verifiability) How to create shuffled list of outputs obliviously? (Unlinkability) How to prevent DoS attacks? (Robustness) 11
12 Goals System Security Unlinkability After a successful run of the protocol, participants' input and output addresses are unlinkable. Compatibility with Bitcoin Decentralization Efficiency Verifiability Coins cannot be stolen. Robustness If the protocol does not complete, we can expose at least one misbehaving user (and restart without this user). 12
13 Scenario and Threat Model Alice Bob (ska, vka) (skb, vkb) Carol Dave (skc, vkc) (skd, vkd) Bitcoin cryptographic keys Bulletin board does not exclude participants Two honest participants required for unlinkability 13
14 CoinShuffle: Announcement (eka, dka) EncGen(); A' AddrGen(); (ekb, dkb) EncGen(); B' AddrGen(); ek: encryption key dk: decryption key sk: signing key (ekc, dkc) EncGen(); C' AddrGen(); (ekd, dkd) EncGen(); D' AddrGen(); Sign(skA; A) Sign(skB; ekb, B) Sign(skC; ekc, C) Sign(skD; ekd, D) B: B C: B D: B 14
15 CoinShuffle: Shuffling inspired from Dissent [Corrigan-Gibbs and Ford, CCS'10], with 4x speedup ekb ekc ekd s A' A' B' B' D': B B' A' C' B': B C' A' A': B D' C': B 15
16 CoinShuffle: Transaction Verification σb σc σd B: B C: B D': B A': B C': B B: B C: B D: B D': B C': B D: B σb σc σd σb σc σd E': B (no signature for A) σb σc σd Blame phase 16
17 CoinShuffle: Blame s A' A' B' B' B' E' A' C' C' E' B A': E': D' C': B D': B B B': dka dkb dkc dkd All (other) cases are discussed in the paper in detail. 17
18 Evaluation Prototype implementation in Python OpenSSL cryptographic library Emulab testbed Measured time for: Running the whole protocol (local and global network scenarios) Only computation 18
19 Communication with the Bitcoin Community BitcoinAuthenticator (Chris Pacia) Demo (Bryan Vu) youtube.com/watch?v=t-cx-s8fq5a NXT meetup.com/sf-bitcoin-devs/events/ / twitter.com/comefrombeyond/status/
20 Conclusions Linkability of transactions is a privacy concern for users We present CoinShuffle: A decentralized, efficient and totally compatible protocol Based on mixing and CoinJoin Security guarantees: unlinkability, verifiability and robustness Next step: Specification and real implementation Project page with paper and prototype implementation: / Contact: 20
Lecture 9. Anonymity in Cryptocurrencies
Lecture 9 Anonymity in Cryptocurrencies Some say Bitcoin provides anonymity Bitcoin is a secure and anonymous digital currency WikiLeaks donations page Others say it doesn t Bitcoin won't hide you from
More informationSecurity, Privacy and Interoperability in Payment- Channel Networks
FAKULTÄT FÜR!NFORMATIK Faculty of Informatics & PRIVACY SECURITY GROUP Security, Privacy and Interoperability in Payment- Channel Networks Pedro Moreno-Sanchez (@pedrorechez) Joint work with Giulio Malavolta,
More informationSilentWhispers: Enforcing Security and Privacy in Decentralized Credit Networks
SilentWhispers: Enforcing Security and Privacy in Decentralized Credit Networks $ Giulio Malavolta Saarland University Pedro Moreno-Sanchez Purdue University Aniket Kate Purdue University Matteo Maffei
More informationConcurrency and Privacy with Payment Channel Networks
Concurrency and Privacy with Payment Channel Networks Giulio Malavolta, Pedro Moreno-Sanchez, Aniket Kate, Matteo Maffei*, and Srivatsan Ravi Friedrich-Alexander-University Purdue University *TU Vienna
More informationCOIN. Secure and Anonymous Decentralized Bitcoin Mixing PARTY
COIN PARTY Secure and Anonymous Decentralized Bitcoin Mixing Jan Henrik Ziegeldorf, Roman Matzu7, Fred Grossmann, Mar;n Henze, Klaus Wehrle Communica;on and Distributed Systems (COMSYS), RWTH Aachen, Germany
More informationA Blind-Mixing Scheme for Bitcoin based on an Elliptic Curve Cryptography Blind Digital Signature Algorithm
A Blind-Mixing Scheme for Bitcoin based on an Elliptic Curve Cryptography Blind Digital Signature Algorithm QingChun ShenTu 1*, JianPing Yu 1 1 ATR Defense Science & Technology Lab., Shenzhen University,
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Instructor: Michael Fischer Lecture by Ewa Syta Lecture 25 April 18, 2012 CPSC 467b, Lecture 25 1/44 Anonymous Communication DISSENT- Accountable Anonymous
More informationCS 251: Bitcoin and Cryptocurrencies Fall 2016
CS 251: Bitcoin and Cryptocurrencies Fall 2016 Homework 3 due : 2016-11-28, 23:59 via Gradescope (entry code M4YJ69 ) 1. Idioms of use: Consider the transaction graph in the figure below: rectangles represent
More informationENEE 457: E-Cash and Bitcoin
ENEE 457: E-Cash and Bitcoin Charalampos (Babis) Papamanthou cpap@umd.edu Money today Any problems? Cash is cumbersome and can be forged Credit card transactions require centralized online bank are not
More informationBlindcoin. Blinded, Accountable Mixes for Bitcoin
Blindcoin Blinded, Accountable Mixes for Bitcoin Luke Valenta 1 and Brendan Rowan 2 1 University of Pennsylvania lukev@seas.upenn.edu 2 University of Maryland browan@cs.umd.edu Abstract. Mixcoin is a Bitcoin
More informationThe Blockchain. Josh Vorick
The Blockchain Josh Vorick Bitcoin is a currency. Blockchain is a technology. What is a blockchain? A decentralized database that anyone can add to and no one can delete from The Bitcoin blockchain Agenda
More informationP2P BitCoin: Technical details
ELT-53206 Peer-to-Peer Networks P2P BitCoin: Technical details Mathieu Devos Tampere University of Technology Department of Electronics & Communications Engineering mathieu.devos@tut.fi TG406 2 Outline
More informationBlindly Signed Contracts: Anonymous On-Blockchain and Off-Blockchain Bitcoin Transactions
Blindly Signed Contracts: Anonymous On-Blockchain and Off-Blockchain Bitcoin Transactions Ethan Heilman, Foteini Baldimtsi, and Sharon Goldberg Boston University {heilman, foteini}@bu.edu, goldbe@cs.bu.edu
More informationResearch on Anonymization and De-anonymization in the Bitcoin System
Research on Anonymization and De-anonymization in the Bitcoin System QingChun ShenTu 12*, JianPing Yu 1 1 ATR Defense Science & Technology Lab., Shenzhen University, Shenzhen, China 2 Bitbank Research
More informationBitcoin, Security for Cloud & Big Data
Bitcoin, Security for Cloud & Big Data CS 161: Computer Security Prof. David Wagner April 18, 2013 Bitcoin Public, distributed, peer-to-peer, hash-chained audit log of all transactions ( block chain ).
More informationDissent: Accountable Anonymous Group Communication
Dissent: Accountable Anonymous Group Communication Bryan Ford Joan Feigenbaum, David Wolinsky, Henry Corrigan-Gibbs, Shu-Chun Weng, Ewa Syta Yale University Vitaly Shmatikov, Aaron Johnson University of
More informationUniversity of Duisburg-Essen Bismarckstr Duisburg Germany HOW BITCOIN WORKS. Matthäus Wander. June 29, 2011
University of Duisburg-Essen Bismarckstr. 90 47057 Duisburg Germany HOW BITCOIN WORKS June 29, 2011 Overview Electronic currency system Decentralized No trusted third party involved Unstructured peer-to-peer
More informationPrivacy-Preserving & User-Auditable Pseudonym Systems. Jan Camenisch, Anja Lehmann IBM Research Zurich
Privacy-Preserving & User-Auditable Pseudonym Systems Jan Camenisch, Anja Lehmann IBM Research Zurich Motivation: How to maintain related yet distributed data? examples: social security system, ehealth
More informationCS 4770: Cryptography. CS 6750: Cryptography and Communication Security. Alina Oprea Associate Professor, CCIS Northeastern University
CS 4770: Cryptography CS 6750: Cryptography and Communication Security Alina Oprea Associate Professor, CCIS Northeastern University April 9 2018 Schedule HW 4 Due on Thu 04/12 Programming project 3 Due
More informationBlockchain for Enterprise: A Security & Privacy Perspective through Hyperledger/fabric
Blockchain for Enterprise: A Security & Privacy Perspective through Hyperledger/fabric Elli Androulaki Staff member, IBM Research, Zurich Workshop on cryptocurrencies Athens, 06.03.2016 Blockchain systems
More informationJoinMarket -or- Finding a Risk-Free Rate for Bitcoin
JoinMarket -or- Finding a Risk-Free Rate for Bitcoin Adlai Chandrasekhar JoinMarket Contributor Scaling Bitcoin 2016 - Milan Once, however, money has been digitized, one of the services available for purchase
More informationThe power of Blockchain: Smart Contracts. Foteini Baldimtsi
The power of Blockchain: Smart Contracts Foteini Baldimtsi The Blockchain at the heart of a cryptocurrency Alice sends 2 John sends 1 Dave sends 5 to Bob to Eve to Alice Bob sends 1 Eve sends 4 to Dave
More informationProac&vely Accountable Anonymous Messaging in Verdict
Proac&vely Accountable Anonymous Messaging in Verdict Henry Corrigan- Gibbs, David Isaac Wolinsky, and Bryan Ford Department of Computer Science Yale University 22 nd USENIX Security Symposium 14 August
More informationScalable privacy-enhanced traffic monitoring in vehicular ad hoc networks
Scalable privacy-enhanced traffic monitoring in vehicular ad hoc networks Yi Liu1,2,3 Jie Ling 1 Qianhong Wu4,6 Bo Qin5 Presented By Khaled Rabieh Introduction & Problem Statement In traffic monitoring
More informationChapter 13. Digital Cash. Information Security/System Security p. 570/626
Chapter 13 Digital Cash Information Security/System Security p. 570/626 Introduction While cash is used in illegal activities such as bribing money laundering tax evasion it also protects privacy: not
More informationDISSENT: Accountable, Anonymous Communication
DISSENT: Accountable, Anonymous Communication Joan Feigenbaum http://www.cs.yale.edu/homes/jf/ Joint work with Bryan Ford (PI), Henry Corrigan Gibbs, Ramakrishna Gummadi, Aaron Johnson (NRL), Vitaly Shmatikov
More informationAnalyzing Bitcoin Security. Philippe Camacho
Analyzing Bitcoin Security Philippe Camacho philippe.camacho@dreamlab.net Universidad Católica, Santiago de Chile 15 of June 2016 Bitcoin matters Map Blockchain Design Known Attacks Security Models Double
More informationProblem: Equivocation!
Bitcoin: 10,000 foot view Bitcoin and the Blockchain New bitcoins are created every ~10 min, owned by miner (more on this later) Thereafter, just keep record of transfers e.g., Alice pays Bob 1 BTC COS
More informationCoinParty: Secure Multi-Party Mixing of Bitcoins
CoinParty: Secure Multi-Party Mixing of Bitcoins Jan Henrik Ziegeldorf, Fred Grossmann, Martin Henze, Nicolas Inden, Klaus Wehrle Communication and Distributed Systems (COMSYS), RWTH Aachen University,
More informationDirections in Security Research
Directions in Security Research Jan Camenisch IBM Research Zurich jca@zurich.ibm.com @JanCamenisch ibm.biz/jancamenisch Facts 33% of cyber crimes, including identity theft, take less time than to make
More informationZerocoin: Anonymous Distributed E-Cash from Bitcoin
2013 IEEE Symposium on Security and Privacy Zerocoin: Anonymous Distributed E-Cash from Bitcoin Ian Miers, Christina Garman, Matthew Green, Aviel D. Rubin The Johns Hopkins University Department of Computer
More informationAnupam Datta CMU. Fall 2015
Anupam Datta CMU Fall 2015 A rational reconstruction of Bitcoin 1. Start with straw man design 2. Identify weaknesses 3. Augment design and iterate Alice: I, Alice, am giving Bob one coin Alice digitally
More informationINTRODUCTION WHY DAPS?
DAPS WHITEPAPER INTRODUCTION DAPS is a planned experimental hybrid fork-swap of Peepcoin, to be conducted in 2018. The goal of DAPS protocol is to create a fully anonymous coin and eventually payment system
More informationEnigma v1.0. A private, secure and untraceable transaction system for CloakCoin. 18th February 2017
Enigma v1.0 A private, secure and untraceable transaction system for CloakCoin. 18th February 2017 1. Abstract CloakCoin is a cryptocurrency designed to facilitate private, secure and untraceable decentralized
More informationDarkcoin: Peer to Peer Crypto Currency with Anonymous Blockchain Transactions and an Improved Proof of Work System
Darkcoin: Peer to Peer Crypto Currency with Anonymous Blockchain Transactions and an Improved Proof of Work System Introduction Evan Duffield, Kyle Hagan (evan@darkcoin.io, kyle@darkcoin.io) 18 March 2014
More informationAnupam Datta CMU. Spring 2017
Anupam Datta CMU Spring 2017 A rational reconstruction of Bitcoin 1. Start with straw man design 2. Identify weaknesses 3. Augment design and iterate Alice: I, Alice, am giving Bob one coin Alice digitally
More informationCS 4770: Cryptography. CS 6750: Cryptography and Communication Security. Alina Oprea Associate Professor, CCIS Northeastern University
CS 4770: Cryptography CS 6750: Cryptography and Communication Security Alina Oprea Associate Professor, CCIS Northeastern University March 30 2017 Outline Digital currencies Advantages over paper cash
More informationBitcoin. Arni Par ov. December 17, 2013
Bitcoin Arni Par ov December 17, 2013 Abstract Bitcoin is a distributed, peer-to-peer cryptocurrency that functions without any central authority and in recent years has gained large popularity. This paper
More informationBlind Signatures in Scriptless Scripts
Blind Signatures in Scriptless Scripts Jonas Nick jonasd.nick@gmail.com @n1ckler February 17, 2019 Blind Signatures in Scriptless Scripts Jonas Nick jonasd.nick@gmail.com @n1ckler 1/24 Schnorr Signatures
More informationApplied cryptography
Applied cryptography Electronic Cash Andreas Hülsing 29 November 2016 1 / 61 Classical Cash - Life Cycle Mint produces money (coins / bank notes) Sent to bank User withdraws money (reduces account balance)
More informationProtocols for Anonymous Communication
18734: Foundations of Privacy Protocols for Anonymous Communication Anupam Datta CMU Fall 2016 Privacy on Public Networks } Internet is designed as a public network } Machines on your LAN may see your
More informationZero-Knowledge proof of knowledge transfer. Perm summer school on blockchain 2018
Zero-Knowledge proof of knowledge transfer Teleport Teleport was born in 2016 from the idea to bring the power of peer-to-peer traffic distribution technology like BitTorrent to the solution of traffic
More informationSmalltalk 3/30/15. The Mathematics of Bitcoin Brian Heinold
Smalltalk 3/30/15 The Mathematics of Bitcoin Brian Heinold What is Bitcoin? Created by Satoshi Nakamoto in 2008 What is Bitcoin? Created by Satoshi Nakamoto in 2008 Digital currency (though not the first)
More informationSpaceMint Overcoming Bitcoin s waste of energy
Bitcoin Overcoming Bitcoin s waste of energy Georg Fuchsbauer joint work with S Park, A Kwon, K Pietrzak, J Alwen and P Gaži Digital currency Decentralized (no bank issuing coins) Pseudonymous Controled
More informationCSE 5852, Modern Cryptography: Foundations Fall Lecture 26. pk = (p,g,g x ) y. (p,g,g x ) xr + y Check g xr +y =(g x ) r.
CSE 5852, Modern Cryptography: Foundations Fall 2016 Lecture 26 Prof. enjamin Fuller Scribe: Tham Hoang 1 Last Class Last class we introduce the Schnorr identification scheme [Sch91]. The scheme is to
More informationUsing Chains for what They re Good For
Using Chains for what They re Good For Andrew Poelstra usingchainsfor@wpsoftware.net Scaling Bitcoin, November 5, 2017 1 / 14 On-Chain Smart Contracting Bitcoin (and Ethereum, etc.) uses a scripting language
More informationOn the linkability of Zcash transactions
On the linkability of Zcash transactions Jeffrey Quesnelle University of Michigan-Dearborn arxiv:1712.01210v1 [cs.cr] 4 Dec 2017 Abstract Zcash is a fork of Bitcoin with optional anonymity features. While
More informationAuthentication in the Smart Grids
Authentication in the Smart Grids Mario H. F. Latuf Universidade Federal de Itajubá UNIFEI July 17, 2013 1 Reference Soohyun, Kwak Jin, Mutual authentication and key establishment mechanism using DCU certificate
More informationDissent: Accountable Anonymous Group Messaging
Dissent: Accountable Anonymous Group Messaging Henry Corrigan- Gibbs and Bryan Ford Department of Computer Science Yale University 17 th ACM Conference on Computer and CommunicaEons Security October 6,
More informationSecuring Distributed Computation via Trusted Quorums. Yan Michalevsky, Valeria Nikolaenko, Dan Boneh
Securing Distributed Computation via Trusted Quorums Yan Michalevsky, Valeria Nikolaenko, Dan Boneh Setting Distributed computation over data contributed by users Communication through a central party
More informationLecture 7 - Applied Cryptography
CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Lecture 7 - Applied Cryptography CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger
More informationSecuring Bitcoin wallets: A new DSA threshold signature scheme that is usable in the real world
Securing Bitcoin wallets: A new DSA threshold signature scheme that is usable in the real world https://eprint.iacr.org/2016/013 Rosario Gennaro, Steven Goldfeder, Arvind Narayanan Spending bitcoins is
More informationAtom. Horizontally Scaling Strong Anonymity. Albert Kwon Henry Corrigan-Gibbs 10/30/17, SOSP 17
Atom Horizontally Scaling Strong Anonymity Albert Kwon Henry Corrigan-Gibbs MIT Stanford Srinivas Devadas Bryan Ford MIT EPFL 10/30/17, SOSP 17 Motivation Anonymous bulletin board (broadcast) in the face
More informationEECS 498 Introduction to Distributed Systems
EECS 498 Introduction to Distributed Systems Fall 2017 Harsha V. Madhyastha Today Bitcoin: A peer-to-peer digital currency Spark: In-memory big data processing December 4, 2017 EECS 498 Lecture 21 2 December
More informationBitcoin. CS6450: Distributed Systems Lecture 20 Ryan Stutsman
Bitcoin CS6450: Distributed Systems Lecture 20 Ryan Stutsman Material taken/derived from Princeton COS-418 materials created by Michael Freedman and Kyle Jamieson at Princeton University. Licensed for
More informationPhoenix: Rebirth of a Cryptographic Password-Hardening Service
Phoenix: Rebirth of a Cryptographic Password-Hardening Service Russell W.F. Lai 1,2 Christoph Egger 1 Dominique Schro der 1 Sherman S.M. Chow 2 1 Friedrich-Alexander-Universita t Erlangen-Nu rnberg University
More informationTechnical white paper. Encrypted messaging
Technical white paper Encrypted messaging March 2018 Contents Introduction 3 Scope 3 Trusted Device Setup 4 Encrypted Chat Sessions 4 Session Setup 5 Message Receipt 6 Participant Consistency and User
More informationTrusted Disk Loading in the Emulab Network Testbed. Cody Cutler, Eric Eide, Mike Hibler, Rob Ricci
Trusted Disk Loading in the Emulab Network Testbed Cody Cutler, Eric Eide, Mike Hibler, Rob Ricci 1 Emulab Public network testbed Create complex experiments quickly 500+ nodes at Utah Emulab 2 Emulab Nodes
More informationPrivacy Preserving Payments in Credit Networks
Privacy Preserving Payments in Credit Networks Enabling trust with privacy in online marketplaces Pedro Moreno-Sanchez CISPA, Saarland University pedro@mmci.uni-saarland.de Aniket Kate CISPA, Saarland
More informationCS 161 Computer Security
Paxson Spring 2017 CS 161 Computer Security Discussion 6 Week of March 6, 2017 Question 1 Password Hashing (10 min) When storing a password p for user u, a website randomly generates a string s (called
More informationCS 470 Spring Security. Mike Lam, Professor. a.k.a. Why on earth do Alice and Bob need to talk so much?!? Content taken from the following:
50fb6be35f4c3105 9d4ed08fb86d8887 b746c452a9c9443b 15b22f450c76218e CS 470 Spring 2017 9df7031cdbff9d10 b700a92855f16328 5b757e66d2131841 62fedd7d9131e42e Mike Lam, Professor Security a.k.a. Why on earth
More informationPlease ensure answers are neat and legible. Illegible answers may be given no points.
Final Exam CS642: Computer Security May 8, 2016 NAME: UW ID: It is a dark time for the Silicon Valley startup Hoolibits. Although it s previous security vulnerabilities have been patched, hackers and competition
More informationScalable Bias-Resistant Distributed Randomness
Scalable Bias-Resistant Distributed Randomness Ewa Syta*, Philipp Jovanovic, Eleftherios Kokoris Kogias, Nicolas Gailly, Linus Gasser, Ismail Khoffi, Michael J. Fischer, Bryan Ford *Trinity College, USA
More informationShared Send Untangling in Bitcoin
Shared Send Untangling in Bitcoin White Paper Yuriy Yanovich * Pavel Mischenko * Aleksei Ostrovskiy * Aug 21, 2016 (Version 10) Abstract Bitcoin is a widely used pseudo-anonymous cryptocurrency Information
More informationPublic Chain for Digital Asset Escrow
Public Chain for Digital Asset Escrow Decentralized PayPal Whitepaper 2018/03 v3 https://themis.network 1. OVERVIEW... 1 2. FAIR EXCHANGE IN DIGITAL COMMERCE... 4 2.1 TRANSACTIONS BETWEEN DIFFERENT DIGITAL
More informationKey Security Issues for implementation of Digital Currency, including ITU-T SG17 activities
ITU Workshop on FG DFC Workshop on Standards for Digital Fiat Currency (DFC) () Key Issues for implementation of Digital Currency, including ITU-T SG17 activities Heung Youl Youm, PhD. Chairman of ITU-T
More informationCISC859: Topics in Advanced Networks & Distributed Computing: Network & Distributed System Security. A Brief Overview of Security & Privacy Issues
CISC859: Topics in Advanced Networks & Distributed Computing: Network & Distributed System Security A Brief Overview of Security & Privacy Issues 1 Topics to Be Covered Cloud computing RFID systems Bitcoin
More informationCryptography Functions
Cryptography Functions Lecture 3 1/29/2013 References: Chapter 2-3 Network Security: Private Communication in a Public World, Kaufman, Perlman, Speciner Types of Cryptographic Functions Secret (Symmetric)
More informationPrivacy-Enhancing Technologies & Applications to ehealth. Dr. Anja Lehmann IBM Research Zurich
Privacy-Enhancing Technologies & Applications to ehealth Dr. Anja Lehmann IBM Research Zurich IBM Research Zurich IBM Research founded in 1945 employees: 3,000 12 research labs on six continents IBM Research
More informationComputational Soundness of Symbolic Zero Knowledge Proofs
Computational Soundness of Symbolic Zero Knowledge Proofs Esfandiar Mohammadi Master Seminar Information Security and Cryptography Group Max-Planck Institute for Software Systems Saarland University Advisors:
More informationMaking Decryption Accountable
Making Decryption Accountable Mark D. Ryan University of Birmingham Abstract. Decryption is accountable if the users that create ciphertexts can gain information about the circumstances of the decryptions
More informationarxiv: v3 [cs.cr] 2 Oct 2017
Atom: Horizontally Scaling Strong Anonymity Albert Kwon MIT Henry Corrigan-Gibbs Stanford Srinivas Devadas MIT Bryan Ford EPFL arxiv:1612.07841v3 [cs.cr] 2 Oct 2017 Abstract Atom is an anonymous messaging
More informationPrivacy-Enhancing Technologies: Anonymous Credentials and Pseudonym Systems. Anja Lehmann IBM Research Zurich
Privacy-Enhancing Technologies: Anonymous Credentials and Pseudonym Systems Anja Lehmann IBM Research Zurich ROADMAP Anonymous Credentials privacy-preserving (user) authentication Pseudonym Systems privacy-preserving
More informationCrypto-systems all around us ATM machines Remote logins using SSH Web browsers (https invokes Secure Socket Layer (SSL))
Introduction (Mihir Bellare Text/Notes: http://cseweb.ucsd.edu/users/mihir/cse207/) Cryptography provides: Data Privacy Data Integrity and Authenticity Crypto-systems all around us ATM machines Remote
More informationBiomedical Security. Cipher Block Chaining and Applications
1 Biomedical Security Erwin M. Bakker 2 Cipher Block Chaining and Applications Slides and figures are adapted from: W. Stallings, Cryptography and Network Security 4 th Edition and 7 th Edition 1 3 Block
More informationCS 470 Spring Security. Mike Lam, Professor. a.k.a. Why on earth do Alice and Bob need to share so many secrets?!?
50fb6be35f4c3105 9d4ed08fb86d8887 b746c452a9c9443b 15b22f450c76218e CS 470 Spring 2018 9df7031cdbff9d10 b700a92855f16328 5b757e66d2131841 62fedd7d9131e42e Mike Lam, Professor Security a.k.a. Why on earth
More informationCryptography and Cryptocurrencies. Intro to Cryptography and Cryptocurrencies
Intro to Cryptographic Hash Functions Hash Pointers and Data Structures Block Chains Merkle Trees Digital Signatures Public Keys and Identities Let s design us some Digital Cash! Intro to Cryptographic
More informationAnonymous Communications
Anonymous Communications Andrew Lewman andrew@torproject.org December 05, 2012 Andrew Lewman andrew@torproject.org () Anonymous Communications December 05, 2012 1 / 45 Who is this guy? 501(c)(3) non-profit
More informationTechnology for Bitcoin
Transaction Remote Release (TRR): Technology for Bitcoin A New Anonymization QingChun ShenTu 1*, JianPing Yu 1 1 ATR Defense Science & Technology Lab., Shenzhen University, Shenzhen, China * unshadowster@gmail.com
More informationDefinition. Quantifying Anonymity. Anonymous Communication. How can we calculate how anonymous we are? Who you are from the communicating party
Definition Anonymous Communication Hiding identities of parties involved in communications from each other, or from third-parties Who you are from the communicating party Who you are talking to from everyone
More informationPrivacy on the Blockchain: Unique Ring Signatures. Rebekah Mercer
arxiv:1612.01188v2 [cs.cr] 25 Dec 2016 Privacy on the Blockchain: Unique Ring Signatures. Rebekah Mercer This report is submitted as part requirement for the MSc in Information Security at University College
More informationScavenging for Anonymity with BlogDrop
Scavenging for Anonymity with BlogDrop Henry Corrigan- Gibbs Yale University Bryan Ford Provable Privacy Workshop 9-10 July 2012 Vigo, Spain MoNvaNon Alice is a cinzen of country X Alice uses Tor to make
More informationData Integrity. Modified by: Dr. Ramzi Saifan
Data Integrity Modified by: Dr. Ramzi Saifan Encryption/Decryption Provides message confidentiality. Does it provide message authentication? 2 Message Authentication Bob receives a message m from Alice,
More informationBiomedical Security. Some Security News 10/5/2018. Erwin M. Bakker
Biomedical Security Erwin M. Bakker Some Security News October 03, 2018 - Hackers attacking healthcare through remote access systems and disrupting operations is the number one patient safety risk, according
More informationCryptographic hash functions and MACs
Cryptographic hash functions and MACs Myrto Arapinis School of Informatics University of Edinburgh October 05, 2017 1 / 21 Introduction Encryption confidentiality against eavesdropping 2 / 21 Introduction
More informationDandelion: Privacy-Preserving Transaction Propagation in Bitcoin s P2P Network
Dandelion: Privacy-Preserving Transaction Propagation in Bitcoin s P2P Network Presenter: Giulia Fanti Joint work with: Shaileshh Bojja Venkatakrishnan, Surya Bakshi, Brad Denby, Shruti Bhargava, Andrew
More informationMASHaBLE: Mobile Applications of Secret Handshakes over Bluetooth Low-Energy. Yan Michalevsky, Suman Nath, Jie Liu
MASHaBLE: Mobile Applications of Secret Handshakes over Bluetooth Low-Energy Yan Michalevsky, Suman Nath, Jie Liu Motivation Private communication Anonymous messaging Secret communities Location-based
More informationSimple Password-Hardened Encryption Services
Simple Password-Hardened Encryption Services Russell W. F. Lai 1, Christoph Egger 1, Manuel Reinert 2, Sherman S. M. Chow 3, Matteo Maffei 4, and Dominique Schröder 1 1 Friedrich-Alexander University Erlangen-Nuremberg
More information1 Introduction. Sarah Meiklejohn and Rebekah Mercer Möbius: Trustless Tumbling for Transaction Privacy
Proceedings on Privacy Enhancing Technologies ; 2018 (2):105 121 Sarah Meiklejohn and Rebekah Mercer Möbius: Trustless Tumbling for Transaction Privacy Abstract: Cryptocurrencies allow users to securely
More informationA SIMPLE INTRODUCTION TO TOR
A SIMPLE INTRODUCTION TO TOR The Onion Router Fabrizio d'amore May 2015 Tor 2 Privacy on Public Networks Internet is designed as a public network Wi-Fi access points, network routers see all traffic that
More informationSecurity and Anonymity
Security and Anonymity Distributed Systems need a network to send messages. Any message you send in a network can be looked at by any router or machine it goes through. Further if your machine is on the
More informationLecture 3. Introduction to Cryptocurrencies
Lecture 3 Introduction to Cryptocurrencies Public Keys as Identities public key := an identity if you see sig such that verify(pk, msg, sig)=true, think of it as: pk says, [msg] to speak for pk, you must
More informationCryptography 4 People
ZISC Lunch Seminar, ETH Zurich, March 15, 2017 Cryptography 4 People bases Jan Camenisch Principle RSM; Member, IBM Academy of Technology IBM Research Zurich @JanCamenisch ibm.biz/jancamenisch Facts We
More informationCONTENT. 1 Cryptography Overview Elliptic Curve Cryptography Introduction Digital Signature Algorithm 5
1 CONTENT 1 Cryptography Overview 4 1.1 Elliptic Curve Cryptography 4 1.1.1 Introduction 4 1.1.2 Digital Signature Algorithm 5 1.2 Threshold Key Sharing 6 1.2.1 Shamir s Secret Sharing Scheme 6 1.2.2 Linear
More information0x1A Great Papers in Computer Security
CS 380S 0x1A Great Papers in Computer Security Vitaly Shmatikov http://www.cs.utexas.edu/~shmat/courses/cs380s/ Privacy on Public Networks Internet is designed as a public network Wi-Fi access points,
More informationCryptography III. Public-Key Cryptography Digital Signatures. 2/1/18 Cryptography III
Cryptography III Public-Key Cryptography Digital Signatures 2/1/18 Cryptography III 1 Public Key Cryptography 2/1/18 Cryptography III 2 Key pair Public key: shared with everyone Secret key: kept secret,
More informationComputer Security. 14. Blockchain & Bitcoin. Paul Krzyzanowski. Rutgers University. Spring 2019
Computer Security 14. Blockchain & Bitcoin Paul Krzyzanowski Rutgers University Spring 2019 April 15, 2019 CS 419 2019 Paul Krzyzanowski 1 Bitcoin & Blockchain Bitcoin cryptocurrency system Introduced
More informationIntroduction to Bitcoin I
Introduction to Bitcoin I P Peterlongo 1 A Tomasi 1 1 University of Trento Department of Mathematics June 10, 2013 Outline 1 Fiat and online payments Functions of Online payments and cost of clearing 2
More informationSecuring the Frisbee Multicast Disk Loader
Securing the Frisbee Multicast Disk Loader Robert Ricci, Jonathon Duerig University of Utah 1 What is Frisbee? 2 Frisbee is Emulab s tool to install whole disk images from a server to many clients using
More informationMöbius: Trustless Tumbling for Transaction Privacy
Full version of an extended abstract published in PETS 2018. Möbius: Trustless Tumbling for Transaction Privacy Sarah Meiklejohn University College London s.meiklejohn@ucl.ac.uk Rebekah Mercer Aarhus University
More information