BITE: Bitcoin Lightweight Client Privacy using Trusted Execution

Blockchains offer attractive advantages over traditional payments such as the ability to operate without a trusted authority and increased user privacy. However, the verification of blockchain payments requires the user to download and process the entire chain which can be infeasible for resourceconstrained devices like mobile phones. To address this problem, most major blockchain systems support so called lightweight clients that outsource most of the computational and storage burden to full blockchain nodes. However, such verification leaks critical information about clients’ transactions, thus defeating user privacy that is often considered one of the main goals of decentralized cryptocurrencies. In this paper, we propose a new approach to protect the privacy of light clients in Bitcoin. Our main idea is to leverage the trusted execution capabilities of commonly available SGX enclaves. We design and implement a system called BITE where enclaves on full nodes serve privacypreserving requests from light clients. However, as we will show, naive processing of client requests from within SGX enclaves still leaks client’s addresses and transactions. BITE therefore integrates several private information retrieval and side-channel protection techniques at critical parts of the system. We show that BITE provides significantly improved privacy protection for light clients without compromising the performance of the assisting full nodes.

[1]  Srdjan Capkun,et al.  Software Grand Exposure: SGX Cache Attacks Are Practical , 2017, WOOT.

[2]  Bernhard Kauer OSLO: Improving the Security of Trusted Computing , 2007, USENIX Security Symposium.

[3]  Satoshi Nakamoto Bitcoin : A Peer-to-Peer Electronic Cash System , 2009 .

[4]  David M. Eyers,et al.  SCONE: Secure Linux Containers with Intel SGX , 2016, OSDI.

[5]  Kapil Vaswani,et al.  EnclaveDB: A Secure Database Using SGX , 2018, 2018 IEEE Symposium on Security and Privacy (SP).

[6]  Srdjan Capkun,et al.  ROTE: Rollback Protection for Trusted Execution , 2017, USENIX Security Symposium.

[7]  Burton H. Bloom,et al.  Space/time trade-offs in hash coding with allowable errors , 1970, CACM.

[8]  Fan Zhang,et al.  Town Crier: An Authenticated Data Feed for Smart Contracts , 2016, CCS.

[9]  Ghassan O. Karame,et al.  On the privacy provisions of Bloom filters in lightweight bitcoin clients , 2014, IACR Cryptol. ePrint Arch..

[10]  Ghassan O. Karame,et al.  Evaluating User Privacy in Bitcoin , 2013, Financial Cryptography.

[11]  Srdjan Capkun,et al.  DR.SGX: Hardening SGX Enclaves against Cache Attacks with Data Location Randomization , 2017, ArXiv.

[12]  Johannes Götzfried,et al.  Cache Attacks on Intel SGX , 2017, EUROSEC.

[13]  Kyungtae Kim,et al.  OBLIVIATE: A Data Oblivious Filesystem for Intel SGX , 2018, NDSS.

[14]  Michael K. Reiter,et al.  Detecting Privileged Side-Channel Attacks in Shielded Execution with Déjà Vu , 2017, AsiaCCS.

[15]  Rishabh Poddar,et al.  Oblix: An Efficient Oblivious Search Index , 2018, 2018 IEEE Symposium on Security and Privacy (SP).

[16]  Christopher W. Fletcher,et al.  ZeroTrace : Oblivious Memory Primitives from Intel SGX , 2018, NDSS.

[17]  Michel Rauchs,et al.  Global Cryptocurrency Benchmarking Study , 2017 .

[18]  Marko Vukolic,et al.  Hyperledger fabric: a distributed operating system for permissioned blockchains , 2018, EuroSys.

[19]  Srdjan Capkun,et al.  DelegaTEE: Brokered Delegation Using Trusted Execution Environments , 2018, IACR Cryptol. ePrint Arch..

[20]  Ariel J. Feldman,et al.  Lest we remember: cold-boot attacks on encryption keys , 2008, CACM.

[21]  Marcus Peinado,et al.  T-SGX: Eradicating Controlled-Channel Attacks Against Enclave Programs , 2017, NDSS.

[22]  Daniel Gruss,et al.  Strong and Efficient Cache Side-Channel Protection using Hardware Transactional Memory , 2017, USENIX Security Symposium.

[23]  Gorka Irazoqui Apecechea,et al.  CacheZoom: How SGX Amplifies The Power of Cache Attacks , 2017, CHES.

[24]  M. Frans Kaashoek,et al.  VerSum: Verifiable Computations over Large Public Logs , 2014, CCS.

[25]  Michael Hamburg,et al.  Meltdown: Reading Kernel Memory from User Space , 2018, USENIX Security Symposium.

[26]  Stefan Mangard,et al.  Malware Guard Extension: Using SGX to Conceal Cache Attacks , 2017, DIMVA.

[27]  Srinivas Devadas,et al.  Intel SGX Explained , 2016, IACR Cryptol. ePrint Arch..

[28]  S A R A H M E I K L E J O H N,et al.  A Fistful of Bitcoins Characterizing Payments Among Men with No Names , 2013 .

[29]  Thomas F. Wenisch,et al.  Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution , 2018, USENIX Security Symposium.

[30]  Rafail Ostrovsky,et al.  Software protection and simulation on oblivious RAMs , 1996, JACM.

[31]  Hubert Ritzdorf,et al.  TLS-N: Non-repudiation over TLS Enablign Ubiquitous Content Signing , 2018, NDSS.

[32]  Michael Hamburg,et al.  Spectre Attacks: Exploiting Speculative Execution , 2018, 2019 IEEE Symposium on Security and Privacy (SP).

[33]  Yuan Xiao,et al.  SgxPectre Attacks: Leaking Enclave Secrets via Speculative Execution , 2018, ArXiv.

[34]  Marcus Peinado,et al.  Controlled-Channel Attacks: Deterministic Side Channels for Untrusted Operating Systems , 2015, 2015 IEEE Symposium on Security and Privacy.

[35]  Ashay Rane,et al.  Raccoon: Closing Digital Side-Channels through Obfuscated Execution , 2015, USENIX Security Symposium.

[36]  Ling Ren,et al.  Path ORAM , 2012, J. ACM.

[37]  Marcus Peinado,et al.  Inferring Fine-grained Control Flow Inside SGX Enclaves with Branch Shadowing , 2016, USENIX Security Symposium.