Arthur Gervais
Ghassan O. Karame
ABSTRACT
Lightweight Bitcoin clients are gaining increasing adoption among Bitcoin users, owing to their reduced resource and bandwidth consumption. These clients support a simplified payment verification (SPV) mode as they are only required to download and verify a part of the block chain---thus supporting the usage of Bitcoin on constrained devices, such as smartphones. SPV clients rely on Bloom filters to receive transactions that are relevant to their local wallet. These filters embed all the Bitcoin addresses used by the SPV clients, and are outsourced to more powerful Bitcoin nodes which then only forward to those clients transactions relevant to their outsourced Bloom filters.
In this paper, we explore the privacy of existing SPV clients. We show analytically and empirically that the reliance on Bloom filters within existing SPV clients leaks considerable information about the addresses of Bitcoin users. Our results show that an SPV client who uses a modest number of Bitcoin addresses (e.g., < 20) risks revealing almost all of his addresses. We also show that this information leakage is further exacerbated when users restart their SPV clients and/or when the adversary has access to more than one Bloom filter pertaining to the same SPV client. Motivated by these findings, we propose an efficient countermeasure to enhance the privacy of users which rely on SPV clients; our proposal can be directly integrated within existing SPV client implementations.
- Core Development Status Report # 1 - Bitcoin, Available from https://bitcoinfoundation.org/2012/11/01/core-development-status-report-1/.Google Scholar
- BitcoinJ, Available from http://bitcoinj.github.io/.Google Scholar
- Bitcoin Gateway, A Peer-to-peer Bitcoin Vault and Payment Network, 2011. Available from http://arimaa.com/bitcoin/.Google Scholar
- Bitcoin: Tempering the Digital Ring of Gyges or Implausible Pecuniary Privacy, 2011. Available from http://ssrn.com/abstract=1937769ordoi:10.2139/ssrn.1937769.Google Scholar
- Bitcoin Blockchain parser, 2013. Available from: https://github.com/znort987/blockparser.Google Scholar
- Bitcoin Wallet, Android, 2014. Available from: https://play.google.com/store/apps/details?id=de.schildbach.wallet.Google Scholar
- BitcoinJ, privacy assumptions, 2014. Available from: https://github.com/bitcoinj/bitcoinj/blob/ee2a91010e5cf66299684160d6a48a108ff2299b/core/src/main/java/com/google/bitcoin/core/PeerGroup.java#L250.Google Scholar
- Elli Androulaki and Ghassan Karame. Hiding transaction amounts and balances in bitcoin. In Proceedings of TRUST, 2014.Google ScholarDigital Library
- Elli Androulaki, Ghassan Karame, and Srdjan Capkun. Evaluating user privacy in bitcoin. 2013. http://eprint.iacr.org/2012/596.pdf.Google ScholarCross Ref
- S. Barber, X. Boyen, E. Shi, and E. Uzun. Bitter to Better - How to Make Bitcoin a Better Currency. In Proceedings of Financial Cryptography and Data Security, 2012.Google ScholarCross Ref
- Giuseppe Bianchi, Lorenzo Bracciale, and Pierpaolo Loreti. Better than nothing privacy with bloom filters: To what extent? In Privacy in Statistical Databases, pages 348--363. Springer, 2012. Google ScholarDigital Library
- Burton H Bloom. Space/time trade-offs in hash coding with allowable errors. Communications of the ACM, 13(7):422--426, 1970. Google ScholarDigital Library
- Ken Christensen, Allen Roginsky, and Miguel Jimeno. A new analysis of the false positive rate of a bloom filter. Information Processing Letters, 110(21):944--949, 2010. Google ScholarDigital Library
- C. Decker and R. Wattenhofer. Information Propagation in the Bitcoin Network. In 13-th IEEE International Conference on Peer-to-Peer Computing, 2013.Google Scholar
- Meiklejohn et al. A fistful of bitcoins: Characterizing payments among men with no names. In Proceedings of the 2013 Conference on Internet Measurement Conference, IMC '13, pages 127--140, New York, NY, USA, 2013. ACM. Google ScholarDigital Library
- Arthur Gervais, Ghassan Karame, Srdjan Capkun, and Vedran Capkun. Is bitcoin a decentralized currency? IEEE Security and Privacy Magazine, 2014.Google ScholarCross Ref
- Mike Hearn. Connection bloom filtering, 2012. Available from: https://github.com/bitcoin/bips/blob/master/bip-0037.mediawiki.Google Scholar
- Ghassan O. Karame, Elli Androulaki, and Srdjan Capkun. Double-spending fast payments in bitcoin. In Proceedings of the 2012 ACM conference on Computer and communications security, CCS '12, pages 906--917, New York, NY, USA, 2012. ACM. Google ScholarDigital Library
- Philip Koshy, Diana Koshy, and Patrick McDaniel. An analysis of anonymity in bitcoin using p2p network traffic. 2014. http://fc14.ifca.ai/papers/fc14_submission_71.pdf.Google Scholar
- Ian Miers, Christina Garman, Matthew Green, and Aviel D. Rubin. Zerocoin: Anonymous Distributed E-Cash from Bitcoin. 2013.Google Scholar
- James K Mullin. A second look at bloom filters. Communications of the ACM, 26(8):570--571, 1983. Google ScholarDigital Library
- Ryo Nojima and Youki Kadobayashi. Cryptographically secure bloom-filters. Transactions on Data Privacy, 2(2):131--139, 2009. Google ScholarDigital Library
- F. Reid and M. Harrigan. An Analysis of Anonymity in the Bitcoin System. CoRR, 2011.Google ScholarCross Ref
- Dorit Ron and Adi Shamir. Quantitative analysis of the full bitcoin transaction graph. 2013. http://eprint.iacr.org/2012/584.pdf.Google ScholarCross Ref
- S. Nakamoto. Bitcoin: A Peer-to-Peer Electronic Cash System, 2009.Google Scholar
- S Joshua Swamidass and Pierre Baldi. Mathematical correction for fingerprint similarity measures to improve chemical retrieval. Journal of chemical information and modeling, 47(3):952--964, 2007.Google Scholar
Recommendations
-
Design of privacy-preserving mobile Bitcoin client based on γ-deniability enabled bloom filter
2017 IEEE 28th Annual International Symposium on Personal, Indoor, and Mobile Radio Communications (PIMRC)Bitcoin is a decentralized currency system that does not need any central authorities. All transactions issued by users have been recorded in the common ledger, called blockchain, which is shared by all users. In Bitcoin, an SPV (Simplified Payment ...
Comments