ZLiTE: Lightweight Clients for Shielded Zcash Transactions using Trusted Execution

Cryptocurrencies record transactions between parties in a blockchain maintained by a peer-to-peer network. In most cryptocurrencies, transactions explicitly identify the previous transaction providing the funds they are spending, revealing the amount and sender/recipient pseudonyms. This is a considerable privacy issue. Zerocash resolves this by using zero-knowledge proofs to hide both the source, destination and amount of the transacted funds. To receive payments in Zerocash, however, the recipient must scan the blockchain, testing if each transaction is destined for them. This is not practical for mobile and other bandwidth constrained devices. In this paper, we build ZLiTE, a system that can support the so called “light clients”, which can receive transactions aided by a server equipped with a Trusted Execution Environment. Even with the use of a TEE, this is not a trivial problem. First, we must ensure that server processing the blockchain does not leak sensitive information via side channels. Second, we need to design a bandwidth efficient mechanism for the client to keep an up-to-date version of the witness needed in order to spend the funds they previously received.

[1]  Satoshi Nakamoto Bitcoin : A Peer-to-Peer Electronic Cash System , 2009 .

[2]  Srdjan Capkun,et al.  DR.SGX: Hardening SGX Enclaves against Cache Attacks with Data Location Randomization , 2017, ArXiv.

[3]  Sarah Meiklejohn,et al.  An Empirical Analysis of Anonymity in Zcash , 2018, USENIX Security Symposium.

[4]  Stefan Mangard,et al.  Malware Guard Extension: Using SGX to Conceal Cache Attacks , 2017, DIMVA.

[5]  Burton H. Bloom,et al.  Space/time trade-offs in hash coding with allowable errors , 1970, CACM.

[6]  Christopher W. Fletcher,et al.  ZeroTrace : Oblivious Memory Primitives from Intel SGX , 2018, NDSS.

[7]  Ghassan O. Karame,et al.  On the privacy provisions of Bloom filters in lightweight bitcoin clients , 2014, IACR Cryptol. ePrint Arch..

[8]  Fan Zhang,et al.  Town Crier: An Authenticated Data Feed for Smart Contracts , 2016, CCS.

[9]  Johannes Götzfried,et al.  Cache Attacks on Intel SGX , 2017, EUROSEC.

[10]  Srinivas Devadas,et al.  Intel SGX Explained , 2016, IACR Cryptol. ePrint Arch..

[11]  S A R A H M E I K L E J O H N,et al.  A Fistful of Bitcoins Characterizing Payments Among Men with No Names , 2013 .

[12]  Matthew Green,et al.  Zerocoin: Anonymous Distributed E-Cash from Bitcoin , 2013, 2013 IEEE Symposium on Security and Privacy.

[13]  Marcus Peinado,et al.  Controlled-Channel Attacks: Deterministic Side Channels for Untrusted Operating Systems , 2015, 2015 IEEE Symposium on Security and Privacy.

[14]  Ashay Rane,et al.  Raccoon: Closing Digital Side-Channels through Obfuscated Execution , 2015, USENIX Security Symposium.

[15]  Kartik Nayak,et al.  Solidus: An Incentive-compatible Cryptocurrency Based on Permissionless Byzantine Consensus , 2016, ArXiv.

[16]  Srdjan Capkun,et al.  Software Grand Exposure: SGX Cache Attacks Are Practical , 2017, WOOT.

[17]  Eli Ben-Sasson,et al.  Zerocash: Decentralized Anonymous Payments from Bitcoin , 2014, 2014 IEEE Symposium on Security and Privacy.

[18]  Ghassan O. Karame,et al.  BITE: Bitcoin Lightweight Client Privacy using Trusted Execution , 2018, IACR Cryptol. ePrint Arch..

[19]  Bruce M. Kapron,et al.  On Generic Constructions of Circularly-Secure, Leakage-Resilient Public-Key Encryption Schemes , 2016, IACR Cryptol. ePrint Arch..

[20]  Gorka Irazoqui Apecechea,et al.  CacheZoom: How SGX Amplifies The Power of Cache Attacks , 2017, CHES.

[21]  Yuan Xiao,et al.  SgxPectre Attacks: Leaking Enclave Secrets via Speculative Execution , 2018, ArXiv.

[22]  Arthur Gervais,et al.  Ethereum Eclipse Attacks , 2016 .

[23]  Thomas F. Wenisch,et al.  Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution , 2018, USENIX Security Symposium.

[24]  Ethan Heilman,et al.  Eclipse Attacks on Bitcoin's Peer-to-Peer Network , 2015, USENIX Security Symposium.

[25]  Rafail Ostrovsky,et al.  Software protection and simulation on oblivious RAMs , 1996, JACM.

[26]  Fan Zhang,et al.  Solidus: Confidential Distributed Ledger Transactions via PVORM , 2017, CCS.

[27]  Matthew Green,et al.  Bolt: Anonymous Payment Channels for Decentralized Currencies , 2017, CCS.

[28]  Ghassan O. Karame,et al.  Evaluating User Privacy in Bitcoin , 2013, Financial Cryptography.

[29]  Matthew Green,et al.  Decentralized Anonymous Micropayments , 2017, EUROCRYPT.

[30]  Ling Ren,et al.  Path ORAM , 2012, J. ACM.

[31]  Kyungtae Kim,et al.  OBLIVIATE: A Data Oblivious Filesystem for Intel SGX , 2018, NDSS.

[32]  Srdjan Capkun,et al.  DelegaTEE: Brokered Delegation Using Trusted Execution Environments , 2018, IACR Cryptol. ePrint Arch..

[33]  Prateek Saxena,et al.  A Traceability Analysis of Monero's Blockchain , 2017, ESORICS.

[34]  Ethan Heilman,et al.  An Empirical Analysis of Traceability in the Monero Blockchain , 2017, Proc. Priv. Enhancing Technol..