Financial Cryptography and Data Security: 22nd International Conference, FC 2018, Nieuwpoort, Curaçao, February 26 – March 2, 2018, Revised Selected Papers

In its more than ten years of existence, the Tor network has seen hundreds of thousands of relays come and go. Each relay maintains several RSA keys, amounting to millions of keys, all archived by The Tor Project. In this paper, we analyze 3.7 million RSA public keys of Tor relays. We (i) check if any relays share prime factors or moduli, (ii) identify relays that use non-standard exponents, (iii) characterize malicious relays that we discovered in the first two steps, and (iv) develop a tool that can determine what onion services fell prey to said malicious relays. Our experiments revealed that ten relays shared moduli and 3,557 relays—almost all part of a research project—shared prime factors, allowing adversaries to reconstruct private keys. We further discovered 122 relays that used non-standard RSA exponents, presumably in an attempt to attack onion services. By simulating how onion services are positioned in Tor’s distributed hash table, we identified four onion services that were targeted by these malicious relays. Our work provides both The Tor Project and onion service operators with tools to identify misconfigured and malicious Tor relays to stop attacks before they pose a threat to Tor users.

[1]  Jean-Pierre Seifert,et al.  Laser Fault Attack on Physically Unclonable Functions , 2015, 2015 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC).

[2]  Ersin Uzun,et al.  A reputation-based trust management system for P2P networks , 2004, IEEE International Symposium on Cluster Computing and the Grid, 2004. CCGrid 2004..

[3]  Emin Gün Sirer,et al.  Experience with an Object Reputation System for Peer-to-Peer Filesharing , 2006, NSDI.

[4]  M. Hestenes,et al.  Extension of the range of a differentiable function , 1941 .

[5]  Stratis Ioannidis,et al.  Privacy-Preserving Ridge Regression on Hundreds of Millions of Records , 2013, 2013 IEEE Symposium on Security and Privacy.

[6]  Frederik Armknecht,et al.  Accelerating Homomorphic Computations on Rational Numbers , 2016, ACNS.

[7]  Shiho Moriai,et al.  Privacy-Preserving Deep Learning: Revisited and Enhanced , 2017, ATIS.

[8]  Roman Yampolskiy,et al.  Bitcoin Message: Data Insertion on a Proof-of-Work Cryptocurrency System , 2015, 2015 International Conference on Cyberworlds (CW).

[9]  Yoshinori Aono,et al.  Privacy-Preserving Logistic Regression with Distributed Data Sources via Homomorphic Encryption , 2016, IEICE Trans. Inf. Syst..

[10]  Ian Goodfellow,et al.  Deep Learning with Differential Privacy , 2016, CCS.

[11]  Moni Naor,et al.  Efficient oblivious transfer protocols , 2001, SODA '01.

[12]  Ivan Damgård,et al.  Secure Multiparty Computation and Secret Sharing , 2015 .

[13]  H. Whitney Analytic Extensions of Differentiable Functions Defined in Closed Sets , 1934 .

[14]  Klaus Wehrle,et al.  CoinParty: Secure Multi-Party Mixing of Bitcoins , 2015, CODASPY.

[15]  Mark Mohammad Tehranipoor,et al.  Novel Physical Unclonable Function with process and environmental variations , 2010, 2010 Design, Automation & Test in Europe Conference & Exhibition (DATE 2010).

[16]  Adi Shamir,et al.  Quantitative Analysis of the Full Bitcoin Transaction Graph , 2013, Financial Cryptography.

[17]  Lorrie Faith Cranor,et al.  Publius: A Robust, Tamper-Evident, Censorship-Resistant, and Source-Anonymous Web Publishing System , 2000, USENIX Security Symposium.

[18]  David Blaauw,et al.  Statistical Analysis and Optimization for VLSI: Timing and Power , 2005, Series on Integrated Circuits and Systems.

[19]  Payman Mohassel,et al.  SecureML: A System for Scalable Privacy-Preserving Machine Learning , 2017, 2017 IEEE Symposium on Security and Privacy (SP).

[20]  Jean-Pierre Seifert,et al.  Physical Characterization of Arbiter PUFs , 2014, IACR Cryptol. ePrint Arch..

[21]  Donald Beaver,et al.  Efficient Multiparty Protocols Using Circuit Randomization , 1991, CRYPTO.

[22]  Jean-Pierre Seifert,et al.  Photonic Side-Channel Analysis of Arbiter PUFs , 2016, Journal of Cryptology.

[23]  Dan Boneh,et al.  Location Privacy via Private Proximity Testing , 2011, NDSS.

[24]  Kamalika Chaudhuri,et al.  Privacy-preserving logistic regression , 2008, NIPS.

[25]  Benny Pinkas,et al.  Faster Private Set Intersection Based on OT Extension , 2014, USENIX Security Symposium.

[26]  Lee Swepston,et al.  3. Optional Protocol to the Convention on the Rights of the Child on the Sale of Children, Child Prostitution and Child Pornography , 2012 .

[27]  Stefan Katzenbeisser,et al.  Reverse Fuzzy Extractors: Enabling Lightweight Mutual Authentication for PUF-Enabled RFIDs , 2012, Financial Cryptography.

[28]  Andrew Chi-Chih Yao,et al.  Protocols for Secure Computations (Extended Abstract) , 1982, FOCS.

[29]  J. Boyd A Comparison of Numerical Algorithms for Fourier Extension of the First, Second, and Third Kinds , 2002 .

[30]  Stefano Zanero,et al.  BitIodine: Extracting Intelligence from the Bitcoin Network , 2014, Financial Cryptography.

[31]  Diego F. Aranha,et al.  Faster Unbalanced Private Set Intersection , 2018, Financial Cryptography.

[32]  Srinivas Devadas,et al.  Catena: Efficient Non-equivocation via Bitcoin , 2017, 2017 IEEE Symposium on Security and Privacy (SP).

[33]  Mariana Raykova,et al.  Privacy-Preserving Distributed Linear Regression on High-Dimensional Data , 2017, Proc. Priv. Enhancing Technol..

[34]  Nicolas Gama,et al.  High-Precision Privacy-Preserving Real-Valued Function Evaluation , 2017, IACR Cryptol. ePrint Arch..

[35]  Michael Naehrig,et al.  CryptoNets: applying neural networks to encrypted data with high throughput and accuracy , 2016, ICML 2016.

[36]  Geoffrey E. Hinton,et al.  Deep Learning , 2015, Nature.

[37]  Rasmus Pagh,et al.  Cuckoo Hashing , 2001, Encyclopedia of Algorithms.

[38]  Ivan Damgård,et al.  Multiparty Computation from Somewhat Homomorphic Encryption , 2012, IACR Cryptol. ePrint Arch..

[39]  Srinivas Devadas,et al.  A Lockdown Technique to Prevent Machine Learning on PUFs for Lightweight Authentication , 2016, IEEE Transactions on Multi-Scale Computing Systems.

[40]  Charles Fefferman,et al.  Interpolation and extrapolation of smooth functions by linear operators , 2005 .

[41]  Benny Pinkas,et al.  Scalable Private Set Intersection Based on OT Extension , 2018, IACR Cryptol. ePrint Arch..

[42]  Roi Livni,et al.  On the Computational Efficiency of Training Neural Networks , 2014, NIPS.

[43]  Lejla Batina,et al.  RFID-Tags for Anti-counterfeiting , 2006, CT-RSA.

[44]  Yehuda Lindell,et al.  High-Throughput Semi-Honest Secure Three-Party Computation with an Honest Majority , 2016, IACR Cryptol. ePrint Arch..

[45]  M. Zeilinger Digital Art as ‘Monetised Graphics’: Enforcing Intellectual Property on the Blockchain , 2018 .

[46]  Francisco Rodríguez-Henríquez,et al.  Two is the fastest prime: lambda coordinates for binary elliptic curves , 2014, Journal of Cryptographic Engineering.

[47]  J. Navarro-Pedreño Numerical Methods for Least Squares Problems , 1996 .

[48]  Daan Huybrechs,et al.  On the Fourier Extension of Nonperiodic Functions , 2010, SIAM J. Numer. Anal..

[49]  Samantha H. Scheller A Picture Is Worth a Thousand Words: The Legal Implications of Revenge Porn , 2015 .

[50]  Klaus Wehrle,et al.  Secure and anonymous decentralized Bitcoin mixing , 2018, Future Gener. Comput. Syst..

[51]  John P. Boyd Fourier embedded domain methods: extending a function defined on an irregular region to a rectangle so that the extension is spatially periodic and C∞ , 2005, Appl. Math. Comput..

[52]  Greg Taylor,et al.  Concepts of Intention in German Criminal Law , 2004 .

[53]  John P. Boyd,et al.  Asymptotic Fourier Coefficients for a C∞ Bell (Smoothed-“Top-Hat”) & the Fourier Extension Problem , 2006, J. Sci. Comput..

[54]  Yehuda Lindell,et al.  Privacy Preserving Data Mining , 2000, Journal of Cryptology.

[55]  Dan Bogdanov,et al.  Sharemind: A Framework for Fast Privacy-Preserving Computations , 2008, ESORICS.

[56]  Benny Pinkas,et al.  Secure Two-Party Computation is Practical , 2009, IACR Cryptol. ePrint Arch..

[57]  Benny Pinkas,et al.  Phasing: Private Set Intersection Using Permutation-based Hashing , 2015, USENIX Security Symposium.

[58]  Daniel Davis Wood,et al.  ETHEREUM: A SECURE DECENTRALISED GENERALISED TRANSACTION LEDGER , 2014 .