Risk of Asynchronous Protocol Update: Attacks to Monero Protocols

In a cryptocurrency system, the protocol incorporated in the node application runs without human intervention. Cryptographic techniques are implemented to determine the ownership of the coins; they enable the owners to transfer the ownership of the coins to other users. Consensus protocols are employed to determine the source of the truth of the information contained in the public ledger called blockchain. When the protocol needs to be updated, all nodes need to replace the application with the newest release. We explore an event where an asynchronous protocol update opens a vulnerability in Monero nodes which have not yet updated to the newest software version. We show that a Denial of Service attack can be launched against the nodes running the outdated protocol, where the attack significantly reduces the system’ performance. We also show that an attacker, given a sufficient access to cryptocurrency services, is able to utilise the Denial of Service attack to launch a traceability attack.

[1]  Dongxi Liu,et al.  Monero Ring Attack: Recreating Zero Mixin Transaction Effect , 2018, 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE).

[2]  Prateek Saxena,et al.  A Traceability Analysis of Monero's Blockchain , 2017, ESORICS.

[3]  Ethan Heilman,et al.  An Empirical Analysis of Traceability in the Monero Blockchain , 2017, Proc. Priv. Enhancing Technol..

[4]  Man Ho Au,et al.  New Empirical Traceability Analysis of CryptoNote-Style Blockchains , 2019, Financial Cryptography.

[5]  Joseph K. Liu,et al.  Linkable Spontaneous Anonymous Group Signature for Ad Hoc Groups (Extended Abstract) , 2004, ACISP.

[6]  Jeremy Clark,et al.  SoK: Research Perspectives and Challenges for Bitcoin and Cryptocurrencies , 2015, 2015 IEEE Symposium on Security and Privacy.

[7]  Tsz Hon Yuen,et al.  RingCT 2.0: A Compact Accumulator-Based (Linkable Ring Signature) Protocol for Blockchain Cryptocurrency Monero , 2017, ESORICS.

[8]  Dongxi Liu,et al.  Anonymity Reduction Attacks to Monero , 2018, Inscrypt.

[9]  Damon McCoy,et al.  Stressing Out: Bitcoin "Stress Testing" , 2016, Financial Cryptography Workshops.

[10]  Tyler Moore,et al.  Empirical Analysis of Denial-of-Service Attacks in the Bitcoin Ecosystem , 2014, Financial Cryptography Workshops.

[11]  Edgar R. Weippl,et al.  A Wild Velvet Fork Appears! Inclusive Blockchain Protocol Changes in Practice - (Short Paper) , 2018, Financial Cryptography Workshops.

[12]  Joseph K. Liu,et al.  Linkable Ring Signature with Unconditional Anonymity , 2014, IEEE Transactions on Knowledge and Data Engineering.

[13]  Danny Bradbury,et al.  The problem with Bitcoin , 2013 .