Disclaimer: These notes are taken for the CS577 Data Privacy course offered by Dr. Erman Ayday in the 2021/2022 Fall Semester at Bilkent University.
Digital money or electronic money is any money-like assets that are managed, stored, or exchanged on digital computer systems. Virtual currencies and cryptocurrencies are the most known types of digital currencies with different properties, as described in Table 1. As more cryptocurrencies, such as Bitcoin, Ethereum, Litecoin, Ripple, and Dogecoin, emerge in recent years, there is a number of privacy concerns regarding each of them. Bitcoin (BTC) is the world’s most widely used cryptocurrency as a decentralized Peer-to-Peer (P2P) payment system that relies on Proof-of-Work (PoW). PoW is a form of cryptographic proof in which one party, the prover, proves to others, the verifiers, that a certain amount of a specific computational effort has been expended.
Figure 1: Bitcoin vs USD from 2016 to 2021
Generally, each bitcoin user has hundreds of different Bitcoin addresses stored in the digital wallet. These addresses are pseudonyms that enable users to participate in transactions. Each address is mapped through a transformation function to a unique public/private key pair which is used to authorize the transfer of the ownership of BTCs among addresses. The flowchart for Bitcoin transactions is given in Figure 2. Let Amy and Jerry be Bitcoin users who wish to make a transaction. As the source, Amy generates a signature using her private key. The ciphertext of the signature contains the address of the recipient, i.e.Jerry, the amount of BTCs transferred, and a reference to the most recent transaction that her address acquired the BTCs from. Then, she releases this information to
the Bitcoin network.
To confirm a transaction, a special type of user, miners, must find a nonce value that when hashed with additional fields (i.e., the Merkle hash of all valid and received transactions, the hash of the previous block, and a timestamp), results in a value below a given threshold.If such a once is found, the miner includes the transaction in a block. Upon successful block generation, a miner is granted a number of new BTCs.
Figure 2: Bitcoin transaction
Privacy Concerns on Bitcoin
Heuristic I — Multi-input Transactions
When clients want to make a transaction, if the payment amount exceeds the value of each of the available BTCs in the sender's wallet, Bitcoin clients choose a set of BTCs from the senders' wallet such that their aggregate value matches the payment and perform the payment through multi-input transactions. If these BTCs are owned by different addresses, then it is straightforward that these addresses belong to the same user.
The combination of multiple inputs ensures that coins with large values can be recreated from existing smaller BTCs [1]. This prevents the value of coins from being continuously deprecated following every issued transaction until the value of these coins reaches the minimum amount. At that point in time, the only way for Bitcoin users to issue transactions without combining their previous coins is to perform multiple transactions with single-input, one coin at a time.
Heuristic II — ”Shadow” Addresses
hen a Bitcoin transaction has two output addresses, aRn, aRo, such that aRn is a new address (i.e., an address that has never appeared in pubLog before), andaRocorresponds to an old address (an address that has appeared previously in pubLog), we can safely assume that aRn constitutes a shadow address for ai. If shadow addresses were not utilized, and the change of coins is simply put back in the sender’s address then users’ activities can be traced in an easier way [1].
Zerocash
Zerocash is a decentralized anonymous payment (DAP) scheme founded in 2014[2]. It is proposed to fix an inherent weakness of Bitcoin: every user’s payment history is recorded in public view on the blockchain and is readily available to anyone. Zerocash introduces new types of transactions that provide a separate privacy-preserving currency, in which transactions reveal neither the payment’s origin, destination, or amount: mint transactions and pour transactions. Also, there are two types of coins in Zerocash: basecoins and zerocoins. Each user can convert non-anonymous basecoins into anonymous zerocoins. the zerocoins can be sent to other users, merged or splitted. Users can also convert zerocoins back into basecoins.
A mint transaction allows a user to convert a specified number of non-anonymous Bitcoins into the same number of zerocoins belonging to a specified Zerocash address. On the other hand, a pour transaction allows a user to make a private payment, by consuming some number of coins (owned by this user) in order to produce new coins.
[1] E. Androulaki, G. O. Karame, M. Roeschlin, T. Scherer, and S. Capkun, “Evaluating user privacy in bitcoin,” in International conference on financial cryptography and data security, Springer, 2013, pp. 34–51.
[2] E. B. Sasson, A. Chiesa, C. Garman, M. Green, I. Miers, E. Tromer, and M. Virza, “Zerocash: Decentralized anonymous payments from bitcoin,” in2014 IEEE Symposium on Security and Privacy, IEEE, 2014, pp. 459–474.
Comments