A Tale of Two Trees: One Writes, and Other Reads

Abstract The Bitcoin network has offered a new way of securely performing financial transactions over the insecure network. Nevertheless, this ability comes with the cost of storing a large (distributed) ledger, which has become unsuitable for personal devices of any kind. Although the simplified payment verification (SPV) clients can address this storage issue, a Bitcoin SPV client has to rely on other Bitcoin nodes to obtain its transaction history and the current approaches offer no privacy guarantees to the SPV clients. This work presents T 3, a trusted hardware-secured Bitcoin full client that supports efficient oblivious search/update for Bitcoin SPV clients without sacrificing the privacy of the clients. In this design, we leverage the trusted execution and attestation capabilities of a trusted execution environment (TEE) and the ability to hide access patterns of oblivious random access machine (ORAM) to protect SPV clients’ requests from potentially malicious nodes. The key novelty of T3 lies in the optimizations introduced to conventional ORAM, tailored for expected SPV client usages. In particular, by making a natural assumption about the access patterns of SPV clients, we are able to propose a two-tree ORAM construction that overcomes the concurrency limitation associated with traditional ORAMs. We have implemented and tested our system using the current Bitcoin Unspent Transaction Output (UTXO) Set. Our experiment shows that T3 is feasible to be deployed in practice while providing strong privacy and security guarantees to Bitcoin SPV clients.

[1]  Pedro Moreno-Sanchez,et al.  R3C3: Cryptographically secure Censorship Resistant Rendezvous using Cryptocurrencies , 2018, IACR Cryptol. ePrint Arch..

[2]  Sebastian Nowozin,et al.  Oblivious Multi-Party Machine Learning on Trusted Processors , 2016, USENIX Security Symposium.

[3]  Kyungtae Kim,et al.  OBLIVIATE: A Data Oblivious Filesystem for Intel SGX , 2018, NDSS.

[4]  Matei Zaharia,et al.  An Oblivious General-Purpose SQL Database for the Cloud , 2017, ArXiv.

[5]  Eli Ben-Sasson,et al.  Zerocash: Decentralized Anonymous Payments from Bitcoin , 2014, 2014 IEEE Symposium on Security and Privacy.

[6]  Carl A. Gunter,et al.  Leaky Cauldron on the Dark Land: Understanding Memory Side-Channel Hazards in SGX , 2017, CCS.

[7]  Ling Ren,et al.  Path ORAM , 2012, J. ACM.

[8]  Donald E. Porter,et al.  Cooperation and security isolation of library OSes for multi-process applications , 2014, EuroSys '14.

[9]  Brent Byunghoon Kang,et al.  Hacking in Darkness: Return-oriented Programming against Secure Enclaves , 2017, USENIX Security Symposium.

[10]  Marcus Peinado,et al.  Controlled-Channel Attacks: Deterministic Side Channels for Untrusted Operating Systems , 2015, 2015 IEEE Symposium on Security and Privacy.

[11]  Bin Fan,et al.  Cuckoo Filter: Practically Better Than Bloom , 2014, CoNEXT.

[12]  Joel Reardon,et al.  Applying Private Information Retrieval to Lightweight Bitcoin Clients , 2019, 2019 Crypto Valley Conference on Blockchain Technology (CVCBT).

[13]  Ashay Rane,et al.  Raccoon: Closing Digital Side-Channels through Obfuscated Execution , 2015, USENIX Security Symposium.

[14]  Andreas Schaad,et al.  Short Paper: Industrial Feasibility of Private Information Retrieval , 2017, SECRYPT.

[15]  Amir Herzberg,et al.  Blockchain Access Privacy: Challenges and Directions , 2018, IEEE Security & Privacy.

[16]  Hovav Shacham,et al.  Iago attacks: why the system call API is a bad untrusted RPC interface , 2013, ASPLOS '13.

[17]  Srdjan Capkun,et al.  Software Grand Exposure: SGX Cache Attacks Are Practical , 2017, WOOT.

[18]  Satoshi Nakamoto Bitcoin : A Peer-to-Peer Electronic Cash System , 2009 .

[19]  Oded Goldreich,et al.  Towards a theory of software protection and simulation by oblivious RAMs , 1987, STOC.

[20]  David M. Eyers,et al.  SCONE: Secure Linux Containers with Intel SGX , 2016, OSDI.

[21]  Attila A. Yavuz,et al.  Hardware-Supported ORAM in Effect: Practical Oblivious Search and Update on Very Large Dataset , 2018, IACR Cryptol. ePrint Arch..

[22]  Chen Dong-hu Analysis of Bitcoin , 2014 .

[23]  Radu Sion,et al.  ConcurORAM: High-Throughput Stateless Parallel Multi-Client ORAM , 2018, NDSS.

[24]  Elaine Shi,et al.  Circuit ORAM: On Tightness of the Goldreich-Ostrovsky Lower Bound , 2015, IACR Cryptol. ePrint Arch..

[25]  Matei Zaharia,et al.  ObliDB: Oblivious Query Processing using Hardware Enclaves , 2017 .

[26]  Dan Boneh,et al.  Slalom: Fast, Verifiable and Private Execution of Neural Networks in Trusted Hardware , 2018, ICLR.

[27]  Ghassan O. Karame,et al.  On the privacy provisions of Bloom filters in lightweight bitcoin clients , 2014, IACR Cryptol. ePrint Arch..

[28]  Fan Zhang,et al.  Tesseract: Real-Time Cryptocurrency Exchange using Trusted Hardware , 2017, IACR Cryptol. ePrint Arch..

[29]  Michael Hamburg,et al.  Spectre Attacks: Exploiting Speculative Execution , 2018, 2019 IEEE Symposium on Security and Privacy (SP).

[30]  Donald E. Porter,et al.  Graphene-SGX: A Practical Library OS for Unmodified Applications on SGX , 2017, USENIX Annual Technical Conference.

[31]  Fan Zhang,et al.  Ekiden: A Platform for Confidentiality-Preserving, Trustworthy, and Performant Smart Contracts , 2018, 2019 IEEE European Symposium on Security and Privacy (EuroS&P).

[32]  Emin Gün Sirer,et al.  Teechan: Payment Channels Using Trusted Execution Environments , 2016, ArXiv.

[33]  Amr El Abbadi,et al.  TaoStore: Overcoming Asynchronicity in Oblivious Data Storage , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[34]  Danny Harnik,et al.  Securing the Storage Data Path with SGX Enclaves , 2018, ArXiv.

[35]  Srdjan Capkun,et al.  ZLiTE: Lightweight Clients for Shielded Zcash Transactions using Trusted Execution , 2019, IACR Cryptol. ePrint Arch..

[36]  Guillermo Navarro-Arribas,et al.  Analysis of the Bitcoin UTXO set , 2018, IACR Cryptol. ePrint Arch..

[37]  Emmett Witchel,et al.  Ryoan: A Distributed Sandbox for Untrusted Computation on Secret Data , 2016, OSDI.

[38]  Srinivas Devadas,et al.  Intel SGX Explained , 2016, IACR Cryptol. ePrint Arch..

[39]  Michael Hamburg,et al.  Meltdown: Reading Kernel Memory from User Space , 2018, USENIX Security Symposium.

[40]  Christopher W. Fletcher,et al.  ZeroTrace : Oblivious Memory Primitives from Intel SGX , 2018, NDSS.

[41]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[42]  Elaine Shi,et al.  Oblivious RAM with O((logN)3) Worst-Case Cost , 2011, ASIACRYPT.

[43]  Ian Goldberg,et al.  ConsenSGX: Scaling Anonymous Communications Networks with Trusted Execution Environments , 2019, Proc. Priv. Enhancing Technol..

[44]  Emin Gün Sirer,et al.  Teechain: a secure payment network with asynchronous blockchain access , 2017, SOSP.

[45]  Mark Silberstein,et al.  Eleos: ExitLess OS Services for SGX Enclaves , 2017, EuroSys.

[46]  Ghassan O. Karame,et al.  BITE: Bitcoin Lightweight Client Privacy using Trusted Execution , 2018, IACR Cryptol. ePrint Arch..

[47]  Marcus Peinado,et al.  Inferring Fine-grained Control Flow Inside SGX Enclaves with Branch Shadowing , 2016, USENIX Security Symposium.

[48]  Srinivas Devadas,et al.  Sanctum: Minimal Hardware Extensions for Strong Software Isolation , 2016, USENIX Security Symposium.

[49]  Fan Zhang,et al.  Town Crier: An Authenticated Data Feed for Smart Contracts , 2016, CCS.

[50]  Prateek Saxena,et al.  Obscuro: A Bitcoin Mixer using Trusted Execution Environments , 2018, IACR Cryptol. ePrint Arch..

[51]  Galen C. Hunt,et al.  Shielding Applications from an Untrusted Cloud with Haven , 2014, OSDI.