ZLiTE: Lightweight Clients for Shielded Zcash Transactions Using Trusted Execution

  • Karl WüstEmail author
  • Sinisa Matetic
  • Moritz Schneider
  • Ian Miers
  • Kari Kostiainen
  • Srdjan Čapkun
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11598)


Cryptocurrencies record transactions between parties in a blockchain maintained by a peer-to-peer network. In most cryptocurrencies, transactions explicitly identify the previous transaction providing the funds they are spending, revealing the amount and sender/recipient pseudonyms. This is a considerable privacy issue. Zerocash resolves this by using zero-knowledge proofs to hide both the source, destination and amount of the transacted funds. To receive payments in Zerocash, however, the recipient must scan the blockchain, testing if each transaction is destined for them. This is not practical for mobile and other bandwidth constrained devices. In this paper, we build ZLiTE, a system that can support the so called “light clients”, which can receive transactions aided by a server equipped with a Trusted Execution Environment. Even with the use of a TEE, this is not a trivial problem. First, we must ensure that server processing the blockchain does not leak sensitive information via side channels. Second, we need to design a bandwidth efficient mechanism for the client to keep an up-to-date version of the witness needed in order to spend the funds they previously received.

Supplementary material


  1. 1.
  2. 2.
    Abraham, I., Malkhi, D., Nayak, K., Ren, L., Spiegelman, A.: Solidus: an incentive-compatible cryptocurrency based on permissionless byzantine consensus. CoRR, abs/1612.02916 (2016)Google Scholar
  3. 3.
    Ahmad, A., Kim, K., Sarfaraz, M.I., Lee, B.: OBLIVIATE: A Data Oblivious File System for Intel SGX (2018)Google Scholar
  4. 4.
    Androulaki, E., Karame, G.O., Roeschlin, M., Scherer, T., Capkun, S.: Evaluating user privacy in bitcoin. In: Sadeghi, A.-R. (ed.) FC 2013. LNCS, vol. 7859, pp. 34–51. Springer, Heidelberg (2013). Scholar
  5. 5.
    Ben-Sasson, E., et al.: Zerocash: decentralized anonymous payments from bitcoin. In: IEEE Symposium on Security and Privacy, pp. 459–474. IEEE Computer Society (2014)Google Scholar
  6. 6.
    Bloom, B.H.: Space/time trade-offs in hash coding with allowable errors. Commun. ACM 13(7), 422–426 (1970)CrossRefGoogle Scholar
  7. 7.
    Brasser, F., et al.: DR.SGX: hardening SGX enclaves against cache attacks with data location randomization (2017).
  8. 8.
    Brasser, F., Müller, U., Dmitrienko, A., Kostiainen, K., Capkun, S., Sadeghi, A.R.: Software grand exposure: SGX cache attacks are practical. In: 11th USENIX Workshop on Offensive Technologies, WOOT 2017. USENIX (2017)Google Scholar
  9. 9.
    Cecchetti, E., Zhang, F., Ji, Y., Kosba, A.E., Juels, A., Shi, E.: Solidus: confidential distributed ledger transactions via PVORM. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, CCS 2017, Dallas, TX, USA, 30 October–03 November 2017, pp. 701–717 (2017).
  10. 10.
    Chen, G., Chen, S., Xiao, Y., Zhang, Y., Lin, Z., Lai, T.H.: Sgxpectre attacks: leaking enclave secrets via speculative execution. arXiv preprint arXiv:1802.09085 (2018)
  11. 11.
    Chiesa, A., Green, M., Liu, J., Miao, P., Miers, I., Mishra, P.: Decentralized anonymous micropayments. In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017, Part II. LNCS, vol. 10211, pp. 609–642. Springer, Cham (2017). Scholar
  12. 12.
    Costan, V., Devadas, S.: Intel SGX explained. In: Cryptology ePrint Archive (2016)Google Scholar
  13. 13.
    Gervais, A., Capkun, S., Karame, G.O., Gruber, D.: On the privacy provisions of bloom filters in lightweight bitcoin clients. In: Proceedings of the 30th Annual Computer Security Applications Conference, pp. 326–335. ACM (2014)Google Scholar
  14. 14.
    Goldreich, O., Ostrovsky, R.: Software protection and simulation on oblivious rams. J. ACM (JACM) 43(3), 431–473 (1996)MathSciNetCrossRefGoogle Scholar
  15. 15.
    Götzfried, J., Eckert, M., Schinzel, S., Müller, T.: Cache attacks on Intel SGX. In: Proceedings of the 10th European Workshop on Systems Security, p. 2. ACM (2017)Google Scholar
  16. 16.
    Green, M., Miers, I.: Bolt: anonymous payment channels for decentralized currencies. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, CCS 2017, Dallas, TX, USA, 30 October–03 November 2017, pp. 473–489 (2017).
  17. 17.
    Hearn, M., Corallo, M.: Connection bloom filtering. Bitcoin Improvement Proposal 37 (2012).
  18. 18.
    Heilman, E., Kendler, A., Zohar, A., Goldberg, S.: Eclipse attacks on bitcoin’s peer-to-peer network. In: USENIX Security Symposium, pp. 129–144 (2015)Google Scholar
  19. 19.
    Intel: Intel Software Guard Extensions.
  20. 20.
  21. 21.
    Kappos, G., Yousaf, H., Maller, M., Meiklejohn, S.: An empirical analysis of anonymity in zcash. In: 27th USENIX Security Symposium, USENIX Security 2018, Baltimore, MD, USA, 15–17 August 2018, pp. 463–477 (2018).
  22. 22.
    Kumar, A., Fischer, C., Tople, S., Saxena, P.: A traceability analysis of monero’s blockchain. In: Foley, S.N., Gollmann, D., Snekkenes, E. (eds.) ESORICS 2017. LNCS, vol. 10493, pp. 153–173. Springer, Cham (2017). Scholar
  23. 23.
    Limited, A.: mbedTLS (formerly known as PolarSSL) (2015).
  24. 24.
    Matetic, S., Schneider, M., Miller, A., Juels, A., Capkun, S.: Delegatee: brokered delegation using trusted execution environments. In: 27th USENIX Security Symposium (USENIX Security 2018). USENIX Association (2018)Google Scholar
  25. 25.
    Matetic, S., Wúst, K., Schneider, M., Kostiainen, K., Karame, G., Capkun, S.: BITE: bitcoin lightweight client privacy using trusted execution. IACR Cryptology ePrint Archive 2018, XXXX (2018)Google Scholar
  26. 26.
    Meiklejohn, S., et al.: A fistful of bitcoins: characterizing payments among men with no names. In: Proceedings of the 2013 Conference on Internet Measurement Conference, pp. 127–140. ACM (2013)Google Scholar
  27. 27.
    Miers, I., Garman, C., Green, M., Rubin, A.D.: Zerocoin: anonymous distributed e-cash from bitcoin. In: 2013 IEEE Symposium on Security and Privacy (SP), pp. 397–411. IEEE (2013)Google Scholar
  28. 28.
    Moghimi, A., Irazoqui, G., Eisenbarth, T.: CacheZoom: how SGX amplifies the power of cache attacks. In: Fischer, W., Homma, N. (eds.) CHES 2017. LNCS, vol. 10529, pp. 69–90. Springer, Cham (2017). Scholar
  29. 29.
    Möser, M., Soska, K., Heilman, E., Lee, K., Heffan, H., Srivastava, S., Hogan, K., Hennessey, J., Miller, A., Narayanan, A., Christin, N.: An empirical analysis of traceability in the monero blockchain. PoPETs 2018(3), 143–163 (2018)Google Scholar
  30. 30.
    Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system (2008)Google Scholar
  31. 31.
    Osuntokun, O., Akselrod, A., Posen, J.: Client side block filtering. Bitcoin Improvement Proposal 157 (2017).
  32. 32.
    Rane, A., Lin, C., Tiwari, M.: Raccoon: closing digital side-channels through obfuscated execution. In: USENIX Security Symposium (2015)Google Scholar
  33. 33.
    Sasy, S., Gorbunov, S., Fletcher, C.: Zerotrace: Oblivious memory primitives from Intel SGX. In: Symposium on Network and Distributed System Security (NDSS) (2017)Google Scholar
  34. 34.
    Schwarz, M., Weiser, S., Gruss, D., Maurice, C., Mangard, S.: Malware Guard Extension: Using SGX to Conceal Cache Attacks (2017). Scholar
  35. 35.
    Stefanov, E., et al.: Path ORAM: an extremely simple oblivious ram protocol. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, pp. 299–310. ACM (2013)Google Scholar
  36. 36.
    Van Bulck, J., et al.: Foreshadow: extracting the keys to the Intel SGX kingdom with transient out-of-order execution. In: Proceedings of the 27th USENIX Security Symposium. USENIX Association (2018)Google Scholar
  37. 37.
    Van Saberhagen, N.: Cryptonote v 2.0 (2013).
  38. 38.
    Wüst, K., Gervais, A.: Ethereum eclipse attacks. Technical report, ETH Zurich (2016)Google Scholar
  39. 39.
    Xu, Y., Cui, W., Peinado, M.: Controlled-channel attacks: deterministic side channels for untrusted operating systems. In: 2015 IEEE Symposium on Security and Privacy (SP), pp. 640–656. IEEE (2015)Google Scholar
  40. 40.
    Zhang, F., Cecchetti, E., Croman, K., Juels, A., Shi, E.: Town crier: an authenticated data feed for smart contracts. In: CCS (2016)Google Scholar

Copyright information

© International Financial Cryptography Association 2019

Authors and Affiliations

  • Karl Wüst
    • 1
    Email author
  • Sinisa Matetic
    • 1
  • Moritz Schneider
    • 1
  • Ian Miers
    • 2
  • Kari Kostiainen
    • 1
  • Srdjan Čapkun
    • 1
  1. 1.Department of Computer ScienceETH ZurichZürichSwitzerland
  2. 2.Cornell TechNew YorkUSA

Personalised recommendations