Security, Privacy and Interoperability in Payment- Channel Networks
|
|
- Janice Annabel Foster
- 5 years ago
- Views:
Transcription
1 FAKULTÄT FÜR!NFORMATIK Faculty of Informatics & PRIVACY SECURITY GROUP Security, Privacy and Interoperability in Payment- Channel Networks Pedro Moreno-Sanchez Joint work with Giulio Malavolta, Clara Schneidewind, Aniket Kate,
2 Permissionless Blockchains Scalability Issue Low transaction rate (~10 transactions per second) Fast growth of the Bitcoin transactions Scalability approaches: On-chain (layer 1) sharding Off-chain (layer 2) payment channels [The focus of our work] 2
3 Payment Channels 3
4 Payment Channels: Open Blockchain : 5 ALICE (, ): 5 : 5 4
5 Payment Channels: Pay (, ): 5 ALICE?? BOB : 4 : 1 Blockchain : 5 ALICE (, ): 5 : 5 5
6 Payment Channels: Pay (, ): 5 ALICE?? BOB : 3 : 2 Blockchain : 5 ALICE (, ): 5 : 5 6
7 Payment Channels: Close Blockchain : 5 ALICE (, ): 5 : 5 (, ): 5 ALICE : 3 : 2 BOB 7
8 Payment-Channel Networks (PCN) Each payment channel requires to lock coins in the deposit Impractical to open a channel with each other Open a few channels Rely on other channels to reach the intended receiver 8
9 Payment-Channel Networks (PCN) Each payment channel requires to lock coins in the deposit Impractical to open a channel with each other Open a few channels Rely on other channels to reach the intended receiver 1 BTC to 1 BTC to Cat 9
10 Current PCN (Proposals) Bitcoin and Altcoins: Lightning network, c-lighntning, Eclair Ethereum: Raiden Network Eventually, every blockchain might need a scalability solution 10
11 What is our group s research about in PCN?
12 Our Research Formally describe notions of interest for PCNs in the Universal Composability framework: Security, privacy, concurrency Analyze whether current PCNs achieve them e.g., we showed an inherent tradeoff privacy vs concurrency Provide cryptographic constructions with formal security and privacy guarantees 12
13 Security in PCNs
14 Security Notion Balance security: Honest users do not lose coins in a multi-hop payment = 10 Cat Pr < negl < 10 Cat 14
15 Security and HTLC Balance security: Honest users do not lose coins in a payment Security tool: Hash-Time Lock Contract (HTLC): Payment conditioned on revealing the pre-image of a hash function 15
16 Security and HTLC Balance security: Honest users do not lose coins in a payment Security tool: Hash-Time Lock Contract (HTLC): Payment conditioned on revealing the pre-image of a hash function HTLC(,, 1, y, t) : 4 (, ): 5 ALICE : 1 y = H(??)?? BOB 16
17 The Lightning Network: Setup Multiple chained HTLC allow multi-hop payments in the presence of malicious intermediaries x : H(x) = y Cat y 17
18 The Lightning Network: Lock Multiple chained HTLC allow multi-hop payments in the presence of malicious intermediaries HTLC(,, 1.1, y, t) HTLC(, Cat, 1, y, t ) Cat 18
19 The Lightning Network: Lock Multiple chained HTLC allow multi-hop payments in the presence of malicious intermediaries HTLC(,, 1.1, y, t) HTLC(, Cat, 1, y, t ) Cat Transaction fee 19
20 The Lightning Network: Release Multiple chained HTLC allow multi-hop payments in the presence of malicious intermediaries X X Cat 20
21 A Novel Wormhole Attack Idea: Exclude intermediate honest users from successful completion. Consequence: Adversary steals fees from honest users. HTLC(Adv,, 1.2, y, t2) HTLC(Adv, Cat, 1, y, t4) HTLC(, Adv, 1.3, y, t1) Adversary HTLC(, Adv, 1.1, y, t3) Adversary Cat 21
22 A Novel Wormhole Attack Idea: Exclude intermediate honest users from successful completion. Consequence: Adversary steals fees from honest users. HTLC(Adv,, 1.2, y, t2) HTLC(Adv, Cat, 1, y, t4) HTLC(, Adv, 1.3, y, t1) Adversary HTLC(, Adv, 1.1, y, t3) Adversary Cat X 22
23 A Novel Wormhole Attack Idea: Exclude intermediate honest users from successful completion. Consequence: Adversary steals fees from honest users. HTLC(Adv,, 1.2, y, t2) HTLC(Adv, Cat, 1, y, t4) HTLC(, Adv, 1.3, y, t1) Adversary HTLC(, Adv, 1.1, y, t3) Adversary Payment Failed X Cat X 23
24 A Novel Wormhole Attack Idea: Exclude intermediate honest users from successful completion. Consequence: Adversary steals fees from honest users. HTLC(Adv,, 1.2, y, t2) HTLC(Adv, Cat, 1, y, t4) HTLC(, Adv, 1.3, y, t1) Adversary HTLC(, Adv, 1.1, y, t3) Adversary Payment Failed X Cat X Adversary gains 0.3 coins (0.2 fees + s fee) 24
25 The Wormhole Attack: Discussion Same condition along the path enables this attack More intermediaries, more benefit Fees are the base of PCNs. Thus, attack on fees is important Intermediary () believes payment is unsuccessful HTLC(Adv,, 1.2, y, t2) HTLC(Adv, Cat, 1, y, t4) HTLC(, Adv, 1.3, y, t1) HTLC(, Adv, 1.1, y, t3) Adversary X Adversary Payment Failed Cat X 25
26 What about privacy?
27 Privacy Notion Relationship Anonymity: The adversary cannot tell who is paying to whom Cat Cat pays to pays to pays to pays to 27
28 Privacy in PCNs Relationship Anonymity: The adversary cannot tell who is paying to whom HTLC(, Adv, 1.3, y) HTLC(Adv, Cat, 1, y) HTLC(Adv,, 1.2, y) HTLC(, Adv, 1.1, y) Cat Cat HTLC(Adv,, 1.2, y ) HTLC(, Adv, 1.3, y ) HTLC(, Adv, 1.1, y ) HTLC(Adv, Cat, 1, y ) Problem: The same condition is used in the complete path! 28
29 Other Practical Considerations Scalability issues: Two keys to define the deposit Payment condition + signatures required Privacy issues: Users sharing a channel revealed Interoperability Support for specific hash function required : 4 (, ): 5 ALICE : 1 y = H(??)?? BOB 29
30 Summary Current PCN Current PCN Security Wormhole Attack Privacy Who pays to whom Interoperability / Compatibility Specific hash function Reduced Tx Size Two keys; HTLC script 30
31 What can we do with the signatures?
32 2-party ECDSA Signing [Lindell17] (pk A, sk A ) (pk B, sk B ) Jointly compute a signature σ on a transaction It requires the knowledge of both ska and skb It can be publicly verified using PKAB := (ska * skb) * G 32
33 ECDSA: 2-party channel Current Open Channel pk A : 5 ALICE (pk A, pk B ): 5 pk A : 5 pk A : 5 ALICE SS-ECDSA pk AB : 5 pk A : 5 Off-chain Payment (pk A, pk B ): 5 ALICE pk A : 3 pk B : 2 pk AB : 5 ALICE pk A : 3 pk B : 2 33
34 What if we encode the conditions in the signatures themselves?
35 Scriptless Scripts (Schnorr) Original idea proposed by Andrew Poelstra Encode payment condition within the Schnorr signatures In our work: formal description and analysis Unfortunately, Schnorr is not used in many cryptocurrencies today 35
36 Scriptless Scripts (SS-ECDSA) Was an open problem before our work Main challenge is the signature structure: No longer a linear combination Schnorr signature: (r1 + r2) + (k1 + k2) m ECDSA signature: (r -1 * r -2 ) Rx (k1 * k2) + (r -1 * r -2 ) m Requires inverse, x coordinate of an elliptic curve point and multiplicative shares of the key k = k1 * k2 In our work: formal description and analysis 36
37 2-party ECDSA Conditional Signing Goals: (pk A, sk A ) Condition: (pkc) (pk B, sk B ) can create a half-signature that can finish only with skc If creates a signature, learns skc 37
38 2-party ECDSA Conditional Signing (pk A, sk A ) Condition: (pkc) (pk B, sk B ) Create pkab and combine randomness R := (pkc, ra, rb) Send 1/3-signature σb Send 1/3-signature σa Send whole signature: σ := σa * σb * σc Learn skc Compute σc := σ * (σb) -1 * (σc) -1 Retrieve skc from σc 38
39 2-party ECDSA Conditional Signing (pka, ska) Condition: (pkc) (pkb, skb) LOCK Create pkab and combine randomness R := (pkc, ra, rb) Send 1/3-signature σb Send 1/3-signature σa Send whole signature: σ := σa * σb * σc Compute σc := σ * (σb)-1 * (σc)-1 Retrieve skc from σc Learn skc RELEASE 39
40 ECDSA-based PCN: Setup Multiple chained ECDSA conditional payments allow multi-hop payments in the presence of malicious intermediaries (skd, pkd := skd * G) (ske, pke := ske * G) pkde := pkd + pke pkd, pkde,ske Cat 40
41 ECDSA-based PCN: Setup Multiple chained ECDSA conditional payments allow multi-hop payments in the presence of malicious intermediaries (skd, pkd := skd * G) (ske, pke := ske * G) pkde := pkd + pke pkde, skde pkd, pkde,ske Cat 41
42 ECDSA-based PCN: Lock Multiple chained ECDSA conditional payments allow multi-hop payments in the presence of malicious intermediaries LOCK(,, 1.1, pkd, t) LOCK(, Cat, 1, pkde, t ) Cat ske skde 42
43 ECDSA-based PCN: Lock Multiple chained ECDSA conditional payments allow multi-hop payments in the presence of malicious intermediaries LOCK(,, 1.1, pkd, t) LOCK(, Cat, 1, pkde, t ) Cat ske skde Randomized conditions in the path: Security and Privacy 43
44 ECDSA-based PCN: Release Multiple chained ECDSA conditional payments allow multi-hop payments in the presence of malicious intermediaries skd skde Cat ske skde 44
45 ECDSA-based PCN: Discussion It can be extended to arbitrary number of hops It reduces transaction size for conditional payments pk AB : 5 ALICE pk A : 4 pk ABC : 1 Evaluation: <500 bytes communication. Few ms computation Improve interoperability. Useful for other applications (e.g., atomic swaps and cross-chain payments) Compatible with Bitcoin 45
46 Summary Current ECDSA Current PCN ECDSA-based PCN Security One secret per user Privacy Randomized conditions Interoperabili ty / Compatibility Only ECDSA required Reduced Tx Size Condition in one key 46
47 Summary More in the paper: One-way homomorphic functions suffice for multihop locks in full script setting Possible to combine OWH-Schnorr-ECDSA locks in the same path Security and privacy modelled and proven in the Universal Composability Framework > Composability guarantees Multi-hop locks implemented in the Lightning Network It enables a plethora of applications (e.g., atomic swaps and cross-chain payments) 47
Concurrency and Privacy with Payment Channel Networks
Concurrency and Privacy with Payment Channel Networks Giulio Malavolta, Pedro Moreno-Sanchez, Aniket Kate, Matteo Maffei*, and Srivatsan Ravi Friedrich-Alexander-University Purdue University *TU Vienna
More informationENEE 457: E-Cash and Bitcoin
ENEE 457: E-Cash and Bitcoin Charalampos (Babis) Papamanthou cpap@umd.edu Money today Any problems? Cash is cumbersome and can be forged Credit card transactions require centralized online bank are not
More informationBlind Signatures in Scriptless Scripts
Blind Signatures in Scriptless Scripts Jonas Nick jonasd.nick@gmail.com @n1ckler February 17, 2019 Blind Signatures in Scriptless Scripts Jonas Nick jonasd.nick@gmail.com @n1ckler 1/24 Schnorr Signatures
More informationUsing Chains for what They re Good For
Using Chains for what They re Good For Andrew Poelstra usingchainsfor@wpsoftware.net Scaling Bitcoin, November 5, 2017 1 / 14 On-Chain Smart Contracting Bitcoin (and Ethereum, etc.) uses a scripting language
More informationErgo platform. Dmitry Meshkov
Ergo platform Dmitry Meshkov Prehistory Motivation Theory Practice Provably secure 1000 currencies New features Ad-hoc solutions Impractical Security issues Motivation Theory Provably secure New features
More informationScriptless Scripts. Scriptless Scripts. Andrew Poelstra. March 4, 2017
Scriptless Scripts Andrew Poelstra grindelwald@wpsoftware.net March 4, 2017 Introduction Scriptless Scripts? Scriptless scripts: magicking digital signatures so that they can only be created by faithful
More informationSilentWhispers: Enforcing Security and Privacy in Decentralized Credit Networks
SilentWhispers: Enforcing Security and Privacy in Decentralized Credit Networks $ Giulio Malavolta Saarland University Pedro Moreno-Sanchez Purdue University Aniket Kate Purdue University Matteo Maffei
More informationPedro MMCI, Saarland University
CoinShuffle: Practical Decentralized Coin Mixing for Bitcoin [project page] [paper] @real_or_random Pedro Moreno-Sanchez @pedrorechez MMCI, Saarland University Aniket Kate @aniketpkate Introduction Alice
More informationThe power of Blockchain: Smart Contracts. Foteini Baldimtsi
The power of Blockchain: Smart Contracts Foteini Baldimtsi The Blockchain at the heart of a cryptocurrency Alice sends 2 John sends 1 Dave sends 5 to Bob to Eve to Alice Bob sends 1 Eve sends 4 to Dave
More informationThe Blockchain. Josh Vorick
The Blockchain Josh Vorick Bitcoin is a currency. Blockchain is a technology. What is a blockchain? A decentralized database that anyone can add to and no one can delete from The Bitcoin blockchain Agenda
More informationComputer Security. 14. Blockchain & Bitcoin. Paul Krzyzanowski. Rutgers University. Spring 2019
Computer Security 14. Blockchain & Bitcoin Paul Krzyzanowski Rutgers University Spring 2019 April 15, 2019 CS 419 2019 Paul Krzyzanowski 1 Bitcoin & Blockchain Bitcoin cryptocurrency system Introduced
More informationBlockchains & Cryptocurrencies
1 Blockchains & Cryptocurrencies A Technical Introduction Lorenz Breidenbach ETH Zürich Cornell Tech The Initiative for CryptoCurrencies & Contracts (IC3) 2 Cryptocurrency Mania Market cap as of yesterday:
More informationLecture 3. Introduction to Cryptocurrencies
Lecture 3 Introduction to Cryptocurrencies Public Keys as Identities public key := an identity if you see sig such that verify(pk, msg, sig)=true, think of it as: pk says, [msg] to speak for pk, you must
More informationSecure Multiparty Computation
Secure Multiparty Computation Li Xiong CS573 Data Privacy and Security Outline Secure multiparty computation Problem and security definitions Basic cryptographic tools and general constructions Yao s Millionnare
More informationSecurity Analysis of the Lightning Network
Security Analysis of the Lightning Network Laolu Osuntokun @roasbeef Lightning Labs BPASE 2017 State of the Hash-Lock In-progress Lightning Network specifications (lighting-rfc) Basis of Lightning Technology
More informationThe security and insecurity of blockchains and smart contracts
The security and insecurity of blockchains and smart contracts Jean-Pierre Flori, expert in cryptography, Agence Nationale de la Sécurité des Systèmes d Information (ANSSI) In J.P. Dardayrol, editor of
More informationCS 4770: Cryptography. CS 6750: Cryptography and Communication Security. Alina Oprea Associate Professor, CCIS Northeastern University
CS 4770: Cryptography CS 6750: Cryptography and Communication Security Alina Oprea Associate Professor, CCIS Northeastern University April 9 2018 Schedule HW 4 Due on Thu 04/12 Programming project 3 Due
More informationAn Analysis of Atomic Swaps on and between Ethereum Blockchains Research Project I
An Analysis of Atomic Swaps on and between Ethereum Blockchains Research Project I Master of System and Network Engineering Informatics Institute, University of Amsterdam Peter Bennink Lennart van Gijtenbeek
More informationUniversity of Duisburg-Essen Bismarckstr Duisburg Germany HOW BITCOIN WORKS. Matthäus Wander. June 29, 2011
University of Duisburg-Essen Bismarckstr. 90 47057 Duisburg Germany HOW BITCOIN WORKS June 29, 2011 Overview Electronic currency system Decentralized No trusted third party involved Unstructured peer-to-peer
More informationCS 251: Bitcoin and Crypto Currencies Fall 2015
CS 251: Bitcoin and Crypto Currencies Fall 2015 Final Exam The exam is open book and open notes. You have 2 hours. Please answer all five questions. All questions are weighted equally. You may use course
More informationSet: Hub-and-Spoke Cryptographic Payment Channels
Set: Hub-and-Spoke Cryptographic Payment Channels v0.0.1 Nathan Ginnever: nathan@finalitylabs.io Abstract Here we outline the Set-Payment channel protocol (In a later paper we incrementally extend Set
More informationSmalltalk 3/30/15. The Mathematics of Bitcoin Brian Heinold
Smalltalk 3/30/15 The Mathematics of Bitcoin Brian Heinold What is Bitcoin? Created by Satoshi Nakamoto in 2008 What is Bitcoin? Created by Satoshi Nakamoto in 2008 Digital currency (though not the first)
More informationBitcoin (Part I) Ken Calvert Keeping Current Seminar 22 January Keeping Current 1
Bitcoin (Part I) Ken Calvert Keeping Current Seminar 22 January 2014 2014.01.22 Keeping Current 1 Questions What problem is Bitcoin solving? Where did it come from? How does the system work? What makes
More informationMöbius: Trustless Tumbling for Transaction Privacy
Full version of an extended abstract published in PETS 2018. Möbius: Trustless Tumbling for Transaction Privacy Sarah Meiklejohn University College London s.meiklejohn@ucl.ac.uk Rebekah Mercer Aarhus University
More information1 Introduction. Sarah Meiklejohn and Rebekah Mercer Möbius: Trustless Tumbling for Transaction Privacy
Proceedings on Privacy Enhancing Technologies ; 2018 (2):105 121 Sarah Meiklejohn and Rebekah Mercer Möbius: Trustless Tumbling for Transaction Privacy Abstract: Cryptocurrencies allow users to securely
More informationGENESIS VISION NETWORK
GENESIS VISION NETWORK Contents 1. Description of the problem 7 11. Trust management 15 2. The problem with smart contracts 8 12. GVN Token 16 3. Centralised exchanges against decentralised 8 13. Deposit
More informationKeychat: Secure Messaging via Bitcoin. Robert Chen, John Kuszmaul, Yiming Zheng Mentored By Alin Tomescu
Keychat: Secure Messaging via Bitcoin Robert Chen, John Kuszmaul, Yiming Zheng Mentored By Alin Tomescu 1 Motivation We want to secure communications. Alice Bob Sensitive Financial Information Yay, Money!
More informationICS 421 & ICS 690. Bitcoin & Blockchain. Assoc. Prof. Lipyeow Lim Information & Computer Sciences Department University of Hawai`i at Mānoa
ICS 421 & ICS 690 Bitcoin & Blockchain Assoc. Prof. Lipyeow Lim Information & Computer Sciences Department University of Hawai`i at Mānoa Accepted by: Overstock.com Expedia.com Newegg.com Tigerdirect.com
More informationCS 4770: Cryptography. CS 6750: Cryptography and Communication Security. Alina Oprea Associate Professor, CCIS Northeastern University
CS 4770: Cryptography CS 6750: Cryptography and Communication Security Alina Oprea Associate Professor, CCIS Northeastern University March 30 2017 Outline Digital currencies Advantages over paper cash
More informationSecurity Analysis of Bitcoin. Dibyojyoti Mukherjee Jaswant Katragadda Yashwant Gazula
Security Analysis of Bitcoin Dibyojyoti Mukherjee Jaswant Katragadda Yashwant Gazula Security Analysis of Bitcoin Introduction How Bitcoin works? Similar peer-to-peer systems Vulnerabilities and solutions
More informationCryptography and Cryptocurrencies. Intro to Cryptography and Cryptocurrencies
Intro to Cryptographic Hash Functions Hash Pointers and Data Structures Block Chains Merkle Trees Digital Signatures Public Keys and Identities Let s design us some Digital Cash! Intro to Cryptographic
More informationHow Bitcoin achieves Decentralization. How Bitcoin achieves Decentralization
Centralization vs. Decentralization Distributed Consensus Consensus without Identity, using a Block Chain Incentives and Proof of Work Putting it all together Centralization vs. Decentralization Distributed
More informationLecture 6.2: Protocols - Authentication and Key Exchange II. CS 436/636/736 Spring Nitesh Saxena. Course Admin
Lecture 6.2: Protocols - Authentication and Key II CS 436/636/736 Spring 2012 Nitesh Saxena Mid-Term Grading Course Admin Will be done over the break Scores will be posted online and graded exams distribute
More informationSecuring Distributed Computation via Trusted Quorums. Yan Michalevsky, Valeria Nikolaenko, Dan Boneh
Securing Distributed Computation via Trusted Quorums Yan Michalevsky, Valeria Nikolaenko, Dan Boneh Setting Distributed computation over data contributed by users Communication through a central party
More informationIntroduction to Bitcoin I
Introduction to Bitcoin I P Peterlongo 1 A Tomasi 1 1 University of Trento Department of Mathematics June 10, 2013 Outline 1 Fiat and online payments Functions of Online payments and cost of clearing 2
More informationcchannel Generalized State Channel Specification
cchannel Generalized State Channel Specification Celer Network Core Team May 27, 2018 cchannel of the Celer Network is a generalized state channel and sidechain suite that provides a framework to support
More informationBlockchain, Cryptocurrency, Smart Contracts and Initial Coin Offerings: A Technical Perspective
SESSION ID: LAB3-R09 Blockchain, Cryptocurrency, Smart Contracts and Initial Coin Offerings: A Technical Perspective Tom Plunkett Consulting Solutions Director Oracle Captain Brittany Snelgrove United
More information1 A Tale of Two Lovers
CS 120/ E-177: Introduction to Cryptography Salil Vadhan and Alon Rosen Dec. 12, 2006 Lecture Notes 19 (expanded): Secure Two-Party Computation Recommended Reading. Goldreich Volume II 7.2.2, 7.3.2, 7.3.3.
More informationLecture 9. Anonymity in Cryptocurrencies
Lecture 9 Anonymity in Cryptocurrencies Some say Bitcoin provides anonymity Bitcoin is a secure and anonymous digital currency WikiLeaks donations page Others say it doesn t Bitcoin won't hide you from
More informationBLOCKCHAIN The foundation behind Bitcoin
BLOCKCHAIN The foundation behind Bitcoin Sourav Sen Gupta Indian Statistical Institute, Kolkata CRYPTOGRAPHY Backbone of Blockchain Technology Component 1 : Cryptographic Hash Functions HASH FUNCTIONS
More informationCS 251: Bitcoin and Cryptocurrencies Fall 2016
CS 251: Bitcoin and Cryptocurrencies Fall 2016 Homework 3 due : 2016-11-28, 23:59 via Gradescope (entry code M4YJ69 ) 1. Idioms of use: Consider the transaction graph in the figure below: rectangles represent
More informationSharding. Making blockchains scalable, decentralized and secure.
Sharding Making blockchains scalable, decentralized and secure. The Scalability Triangle Scalability Decentralization Semi-formally defining these properties Assume the total computational/bandwidth capacity
More informationPrivacy- Preserving Smart Contracts
Privacy- Preserving Smart Contracts Ranjit Kumaresan Microso8 Research Joint work with Iddo Bentov, Tal Moran, Vinod Vaikuntanathan, Prashant Vasudevan, Melissa Chase Smart Contracts [Szabo 94] Automate
More informationR3C3: Cryptographically secure Censorship Resistant Rendezvous using Cryptocurrencies
R3C3: Cryptographically secure Censorship Resistant Rendezvous using Cryptocurrencies Mohsen Minaei Pedro Moreno-Sanchez Aniket Kate Purdue University {mohsen, pmorenos, aniket}@purdue.edu Revision: May
More informationBlockchain for Enterprise: A Security & Privacy Perspective through Hyperledger/fabric
Blockchain for Enterprise: A Security & Privacy Perspective through Hyperledger/fabric Elli Androulaki Staff member, IBM Research, Zurich Workshop on cryptocurrencies Athens, 06.03.2016 Blockchain systems
More informationDiscreet Log Contracts
Discreet Log Contracts Thaddeus Dryja MIT Digital Currency Initiative Abstract Smart contracts [1] are an often touted feature of cryptographic currency systems such as Bitcoin, but they have yet to see
More informationHawk: The Blockchain Model of Cryptography and Privacy-Preserving Smart Contracts. Yashar Dehkan Asl
Hawk: The Blockchain Model of Cryptography and Privacy-Preserving Smart Contracts Yashar Dehkan Asl Chapter I Introduction Decentralized Cryptocurrencies: Such as Bitcoin and altcoins are getting more
More informationApplied cryptography
Applied cryptography Electronic Cash Andreas Hülsing 29 November 2016 1 / 61 Classical Cash - Life Cycle Mint produces money (coins / bank notes) Sent to bank User withdraws money (reduces account balance)
More informationSpaceMint Overcoming Bitcoin s waste of energy
Bitcoin Overcoming Bitcoin s waste of energy Georg Fuchsbauer joint work with S Park, A Kwon, K Pietrzak, J Alwen and P Gaži Digital currency Decentralized (no bank issuing coins) Pseudonymous Controled
More informationBitcoin and Blockchain
Bitcoin and Blockchain COS 418: Distributed Systems Lecture 18 Zhenyu Song [Credit: Selected content adapted from Michael Freedman. Slides refined by Chris Hodsdon and Theano Stavrinos] Why Bitcoin? All
More informationCS573 Data Privacy and Security. Cryptographic Primitives and Secure Multiparty Computation. Li Xiong
CS573 Data Privacy and Security Cryptographic Primitives and Secure Multiparty Computation Li Xiong Outline Cryptographic primitives Symmetric Encryption Public Key Encryption Secure Multiparty Computation
More informationBitcoin, a decentralized and trustless protocol
Bitcoin, a decentralized and trustless protocol Thomas Sibut-Pinote Inria Saclay February 12, 2015 Thomas Sibut-Pinote Bitcoin, a decentralized and trustless protocol 1 / 42 Introduction Questions 1 Introduction
More informationASYMMETRIC (PUBLIC-KEY) ENCRYPTION. Mihir Bellare UCSD 1
ASYMMETRIC (PUBLIC-KEY) ENCRYPTION Mihir Bellare UCSD 1 Recommended Book Steven Levy. Crypto. Penguin books. 2001. A non-technical account of the history of public-key cryptography and the colorful characters
More informationProblem: Equivocation!
Bitcoin: 10,000 foot view Bitcoin and the Blockchain New bitcoins are created every ~10 min, owned by miner (more on this later) Thereafter, just keep record of transfers e.g., Alice pays Bob 1 BTC COS
More informationCatena: Preventing Lies with
November 28th, 2016 Catena: Preventing Lies with Alin Tomescu alinush@mit.edu MIT CSAIL Srinivas Devadas devadas@mit.edu MIT CSAIL New England Security Day (NESD), Fall '16 The problem: Equivocation The
More informationCHAPTER 4 VERIFIABLE ENCRYPTION OF AN ELLIPTIC CURVE DIGITAL SIGNATURE
68 CHAPTER 4 VERIFIABLE ENCRYPTION OF AN ELLIPTIC CURVE DIGITAL SIGNATURE 4.1 INTRODUCTION This chapter addresses the Verifiable Encryption of Elliptic Curve Digital Signature. The protocol presented is
More informationBLOCKCHAIN The foundation behind Bitcoin
BLOCKCHAIN The foundation behind Bitcoin Sourav Sen Gupta Indian Statistical Institute, Kolkata CRYPTOGRAPHY Backbone of Blockchain Technology Component 1 : Cryptographic Hash Functions HASH FUNCTIONS
More informationPublic Chain for Digital Asset Escrow
Public Chain for Digital Asset Escrow Decentralized PayPal Whitepaper 2018/03 v3 https://themis.network 1. OVERVIEW... 1 2. FAIR EXCHANGE IN DIGITAL COMMERCE... 4 2.1 TRANSACTIONS BETWEEN DIFFERENT DIGITAL
More informationSecurity (and finale) Dan Ports, CSEP 552
Security (and finale) Dan Ports, CSEP 552 Today Security: what if parts of your distributed system are malicious? BFT: state machine replication Bitcoin: peer-to-peer currency Course wrap-up Security Too
More informationErgo platform: from prototypes to a survivable cryptocurrency
January 2019 Dmitry Meshkov Ergo platform: from prototypes to a survivable cryptocurrency Outline Ergo Consensus Light Storage vision protocol clients fee Voting Smart Monetary Roadmap system contracts
More informationAnonymity and Privacy
Computer Security Spring 2008 Anonymity and Privacy Aggelos Kiayias University of Connecticut Anonymity in networks Anonymous Credentials Anonymous Payments Anonymous E-mail and Routing E-voting Group,
More informationCryptographic Primitives and Protocols for MANETs. Jonathan Katz University of Maryland
Cryptographic Primitives and Protocols for MANETs Jonathan Katz University of Maryland Fundamental problem(s) How to achieve secure message authentication / transmission in MANETs, when: Severe resource
More informationNotes for Lecture 24
U.C. Berkeley CS276: Cryptography Handout N24 Luca Trevisan April 21, 2009 Notes for Lecture 24 Scribed by Milosh Drezgich, posted May 11, 2009 Summary Today we introduce the notion of zero knowledge proof
More informationHarmony Open Consensus for 10B People
Harmony Open Consensus for 10B People @ 10M tx/sec, 100ms latency, 0.1% fee Let s build an open marketplace at Google-scale. To 1,000x the decentralized economy. By speed & incentives. 2 State of Research:
More informationIntroduction to Cryptoeconomics
Introduction to Cryptoeconomics What is cryptoeconomics? Cryptoeconomics is about... Building systems that have certain desired properties Use cryptography to prove properties about messages that happened
More informationBlockchain. CS 240: Computing Systems and Concurrency Lecture 20. Marco Canini
Blockchain CS 240: Computing Systems and Concurrency Lecture 20 Marco Canini Credits: Michael Freedman and Kyle Jamieson developed much of the original material. Bitcoin: 10,000 foot view New bitcoins
More informationRealization and Addressing Analysis In Blockchain Bitcoin
IOP Conference Series: Materials Science and Engineering PAPER OPEN ACCESS Realization and Addressing Analysis In Blockchain Bitcoin To cite this article: Raja Sakti Arief Daulay et al 2017 IOP Conf. Ser.:
More informationDistributed Algorithms Bitcoin
Distributed Algorithms Bitcoin Alberto Montresor Università di Trento 2018/12/18 Acknowledgment: Joseph Bonneau, Ed Felten, Arvind Narayanan This work is licensed under a Creative Commons Attribution-ShareAlike
More informationMultiparty Computation (MPC) protocols
Multiparty Computation (MPC) protocols Protocols where the users of the protocol don t trust each other, but nevertheless they want to achieve a common goal I don t trust Bob I don t trust Alice Alice
More informationhard to perform, easy to verify
Proof of Stake The Role of PoW Bitcoin, Ethereum and similar systems are open, permissionless networks Anyone can participate The system must agree on some canonical order of transactions Think of this
More informationKey concepts of blockchain
Advisory A brief history of blockchains 2008 The mysterious Satoshi Nakamoto publishes his Bitcoin white paper 2014 2017 Nov. 23 rd Ethereum crowd sale Number of crypto tokens: 1.172 BTC $8.216 The first
More informationAlternatives to Blockchains. Sarah Meiklejohn (University College London)
Alternatives to Blockchains Sarah Meiklejohn (University College London) fully decentralized cryptocurrencies 2 fully decentralized cryptocurrencies tx tx(addra addrb) 2 fully decentralized cryptocurrencies
More informationCrypto-systems all around us ATM machines Remote logins using SSH Web browsers (https invokes Secure Socket Layer (SSL))
Introduction (Mihir Bellare Text/Notes: http://cseweb.ucsd.edu/users/mihir/cse207/) Cryptography provides: Data Privacy Data Integrity and Authenticity Crypto-systems all around us ATM machines Remote
More informationThe Technology behind Smart Contracts
The Technology behind Smart Contracts Florian Glaser, Chair of E-Finance, Information Systems Department Goethe University 01.09.2016 > Agenda Transactions in detail
More informationDistributed Ledger Technology & Fintech Applications. Hart Montgomery, NFIC 2017
Distributed Ledger Technology & Fintech Applications Hart Montgomery, NFIC 2017 Let s consider a common scenario: Banks want to trade some asset class Participants in the market want to be able to efficiently
More informationVisualizing and Tracing Bitcoin Transactions
Visualizing and Tracing Bitcoin Transactions Matthew Consterdine & Dennis Parchkov & Altay Adademir Abstract This project demonstrates the ability to visualize, and trace transactions through the Bitcoin
More informationASYMMETRIC (PUBLIC-KEY) ENCRYPTION. Mihir Bellare UCSD 1
ASYMMETRIC (PUBLIC-KEY) ENCRYPTION Mihir Bellare UCSD 1 Recommended Book Steven Levy. Crypto. Penguin books. 2001. A non-technical account of the history of public-key cryptography and the colorful characters
More informationLecture 15 PKI & Authenticated Key Exchange. COSC-260 Codes and Ciphers Adam O Neill Adapted from
Lecture 15 PKI & Authenticated Key Exchange COSC-260 Codes and Ciphers Adam O Neill Adapted from http://cseweb.ucsd.edu/~mihir/cse107/ Today We will see how signatures are used to create public-key infrastructures
More informationHow Formal Analysis and Verification Add Security to Blockchain-based Systems
Verification Add Security to Blockchain-based Systems January 26, 2017 (MIT Media Lab) Pindar Wong (VeriFi Ltd.) 2 Outline of this talk Security Definition of Blockchain-based system Technology and Security
More informationSecure digital certificates with a blockchain protocol
Secure digital certificates with a blockchain protocol Federico Pintore 1 Trento, 10 th February 2017 1 University of Trento Federico Pintore Blockchain and innovative applications Trento, 10 th February
More informationBlockFin A Fork-Tolerant, Leaderless Consensus Protocol April
BlockFin A Fork-Tolerant, Leaderless Consensus Protocol April 2018 @storecoin What are the most desirable features in a blockchain? Scalability (throughput) and decentralization (censorship resistance),
More informationCSE 5852, Modern Cryptography: Foundations Fall Lecture 26. pk = (p,g,g x ) y. (p,g,g x ) xr + y Check g xr +y =(g x ) r.
CSE 5852, Modern Cryptography: Foundations Fall 2016 Lecture 26 Prof. enjamin Fuller Scribe: Tham Hoang 1 Last Class Last class we introduce the Schnorr identification scheme [Sch91]. The scheme is to
More informationCertificateless Public Key Cryptography
Certificateless Public Key Cryptography Mohsen Toorani Department of Informatics University of Bergen Norsk Kryptoseminar November 9, 2011 1 Public Key Cryptography (PKC) Also known as asymmetric cryptography.
More informationChapter 13. Digital Cash. Information Security/System Security p. 570/626
Chapter 13 Digital Cash Information Security/System Security p. 570/626 Introduction While cash is used in illegal activities such as bribing money laundering tax evasion it also protects privacy: not
More informationTowards Usable Off-Chain Payments
Towards Usable Off-Chain Payments Guillaume Felley Supervised by: Dr. Arthur Gervais Prof. Dr. Roger Wattenhofer September 2018 1 . 2 Acknowledgement I would first like to thank my thesis supervisor Dr.
More informationCatena: Efficient Non-equivocation via Bitcoin
Catena: Efficient Non-equivocation via Bitcoin Alin Tomescu MIT CSAIL Srinivas Devadas MIT CSAIL Abstract We present Catena, an efficiently-verifiable Bitcoin witnessing scheme. Catena enables any number
More informationZero-Knowledge proof of knowledge transfer. Perm summer school on blockchain 2018
Zero-Knowledge proof of knowledge transfer Teleport Teleport was born in 2016 from the idea to bring the power of peer-to-peer traffic distribution technology like BitTorrent to the solution of traffic
More informationKey Agreement Schemes
Key Agreement Schemes CSG 252 Lecture 9 November 25, 2008 Riccardo Pucella Key Establishment Problem PK cryptosystems have advantages over SK cryptosystems PKCs do not need a secure channel to establish
More informationSecure Multiparty Computation
CS573 Data Privacy and Security Secure Multiparty Computation Problem and security definitions Li Xiong Outline Cryptographic primitives Symmetric Encryption Public Key Encryption Secure Multiparty Computation
More informationWhat is Proof of Work?
What is Proof of Work? Educational Series September 18, 2018 Overview There are many protocols that regulate how nodes on a blockchain achieve consensus, and currently the most popular is proof-of-work.
More informationDoS on a Bitcoin Lightning Network channel.
DoS on a Bitcoin Lightning Network channel. Willem Rens (UvA MSc SNE student) Supervisors: Maarten Everts (TNO) & Oskar van Deventer (TNO) August 2, 2018 Abstract The purpose of this research is to identify
More informationPrivacy based Public Key Infrastructure (PKI) using Smart Contract in Blockchain Technology
2 nd Advanced Workshop on Blockchain, IIT Bombay Privacy based Public Key Infrastructure (PKI) using Smart Contract in Blockchain Technology Sivakumar.P M.Tech (CSE), Sem-III, NIT Trichy Guide:- Dr Kunwar
More informationBLOCKCHAIN Blockchains and Transactions Part II A Deeper Dive
BLOCKCHAIN Blockchains and Transactions Part II A Deeper Dive www.blockchaintrainingalliance.com Blockchain Page 3 Blockchain is NOT Bitcoin Page 4 Transactions Page 5 Multi-Signature Addresses An Address
More informationAn efficient implementation of Monero subaddresses. 1 Introduction. Sarang Noether and Brandon Goodell Monero Research Lab October 3, 2017
RESEARCH BULLETIN MRL-0006 An efficient implementation of Monero subaddresses Sarang Noether and Brandon Goodell Monero Research Lab October 3, 2017 Abstract Users of the Monero cryptocurrency who wish
More informationPERUN: Virtual Payment Hubs over Cryptographic Currencies
PERUN: Virtual Payment Hubs over Cryptographic Currencies Stefan Dziembowski University of Warsaw Lisa Eckey TU Darmstadt Sebastian Faust TU Darmstadt Daniel Malinowski University of Warsaw Abstract Payment
More informationBiomedical and Healthcare Applications for Blockchain. Tiffany J. Callahan Computational Bioscience Program Hunter/Kahn Labs
Biomedical and Healthcare Applications for Blockchain Tiffany J. Callahan Computational Bioscience Program Hunter/Kahn Labs Network Analysis Working Group 01.25.2018 Outline Introduction to bitcoin + blockchain
More informationIntroduction to Secure Multi-Party Computation
Introduction to Secure Multi-Party Computation Many thanks to Vitaly Shmatikov of the University of Texas, Austin for providing these slides. slide 1 Motivation General framework for describing computation
More informationBlockchain Certification Protocol (BCP)
Blockchain Certification Protocol (BCP) Fu Yong Quah fuyong@fyquah.me www.fyquah.me Abstract. A semi-decentralized certification system built above the existing 1 Bitcoin network, an innovative peer-to-peer
More informationCOIN. Secure and Anonymous Decentralized Bitcoin Mixing PARTY
COIN PARTY Secure and Anonymous Decentralized Bitcoin Mixing Jan Henrik Ziegeldorf, Roman Matzu7, Fred Grossmann, Mar;n Henze, Klaus Wehrle Communica;on and Distributed Systems (COMSYS), RWTH Aachen, Germany
More informationBlockchain (a.k.a. the slowest, most fascinating database you ll ever see)
Blockchain (a.k.a. the slowest, most fascinating database you ll ever see) GOTO Amsterdam 13 June, 2017 Stefan Tilkov, @stilkov I don t know Blockchain and so can you 1. Bitcoin > Practical application
More information