Distributed Ledger Privacy: Ring Signatures, Möbius and CryptoNote

Distributed ledger and blockchain systems are expected to make financial systems easier to audit, reduce counter-party risk and transfer assets seamlessly. The key concept is a token controlled by a cryptographic private key for spending, and represented by a public key for receiving and audit purposes. Ownership transfers are authorized with digital signatures and recorded on a ledger visible to numerous participants. Several ways to enhance the privacy of such ledgers have been proposed. In this paper we study two major techniques to enhance privacy of token transfers with the help of improved cryptography: M\"obius and CryptoNote. The comparison is illuminating: both techniques use "ring signatures" and some form of "stealth addressing" or key derivation techniques, yet each does it in a completely different way. M\"obius is more recent and operates in a more co-operative way (with permission) and is not yet specified at a sufficiently detailed level. Our primary goal is to explore the suitability of these two techniques for improving the privacy of payments on cryptographic ledgers. We explain various conflicting requirements and strategic choices which arise when trying to conceal the identity of participants and the exact details of transactions in our context while simultaneously enabling fast final settlement of tokens with a reasonable level of liquidity. We show that in these systems, third-party observers see obfuscated settlement. We finish with a summary of explicit warnings and advice for implementors of such systems.

[1]  Paul Müller,et al.  The Bitcoin Universe: An Architectural Overview of the Bitcoin Blockchain , 2018, DFN-Forum Kommunikationstechnologien.

[2]  H. Rice Classes of recursively enumerable sets and their decision problems , 1953 .

[3]  A. Yao How to generate and exchange secrets , 1986, 27th Annual Symposium on Foundations of Computer Science (sfcs 1986).

[4]  Gus Gutoski,et al.  Hierarchical Deterministic Bitcoin Wallets that Tolerate Key Leakage , 2015, Financial Cryptography.

[5]  Harald Vranken,et al.  Sustainability of bitcoin and blockchains , 2017 .

[6]  Sarah Meiklejohn,et al.  Möbius: Trustless Tumbling for Transaction Privacy , 2018, IACR Cryptol. ePrint Arch..

[7]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[8]  Kenneth G. Paterson,et al.  On the Joint Security of Encryption and Signature in EMV , 2012, CT-RSA.

[9]  Nicolas Courtois,et al.  On Feasibility and Performance of Rowhammmer Attack , 2017, ASHES@CCS.

[10]  J. McAndrews,et al.  A Study of Competing Designs for a Liquidity-Saving Mechanism , 2008 .

[11]  Koutarou Suzuki,et al.  Traceable Ring Signature , 2007, Public Key Cryptography.

[12]  Leslie Lamport,et al.  The Weak Byzantine Generals Problem , 1983, JACM.

[13]  Morten L. Bech,et al.  Central Bank Cryptocurrencies , 2017 .

[14]  Eli Ben-Sasson,et al.  Zerocash: Decentralized Anonymous Payments from Bitcoin , 2014, 2014 IEEE Symposium on Security and Privacy.

[15]  Nicolas Courtois,et al.  Speed Optimizations in Bitcoin Key Recovery Attacks , 2016, IACR Cryptol. ePrint Arch..

[16]  Nicolas Courtois,et al.  The Unreasonable Fundamental Incertitudes Behind Bitcoin Mining , 2013, ArXiv.

[17]  Alfred Menezes,et al.  The Brave New World of Bodacious Assumptions in Cryptography , 2010 .

[18]  George Coulouris,et al.  Distributed systems - concepts and design , 1988 .

[19]  S A R A H M E I K L E J O H N,et al.  A Fistful of Bitcoins Characterizing Payments Among Men with No Names , 2013 .

[20]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[21]  Nicolas Courtois,et al.  Stealth Address and Key Management Techniques in Blockchain Systems , 2017, ICISSP.

[22]  Nt Courtois,et al.  Fault-Algebraic Attacks on Inner Rounds of DES , 2010 .

[23]  V. Z. Nuri Fractional Reserve Banking as Economic Parasitism , 2002 .

[24]  Jeremy Clark,et al.  A first look at the usability of bitcoin key management , 2018, ArXiv.

[25]  Nicolas Courtois,et al.  Could Bitcoin transactions be 100x faster? , 2014, 2014 11th International Conference on Security and Cryptography (SECRYPT).