Advertisement

ValueShuffle: Mixing Confidential Transactions for Comprehensive Transaction Privacy in Bitcoin

  • Tim RuffingEmail author
  • Pedro Moreno-Sanchez
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10323)

Abstract

The public nature of the blockchain has been shown to be a severe threat for the privacy of Bitcoin users. Even worse, since funds can be tracked and tainted, no two coins are equal, and fungibility, a fundamental property required in every currency, is at risk. With these threats in mind, several privacy-enhancing technologies have been proposed to improve transaction privacy in Bitcoin. However, they either require a deep redesign of the currency, breaking many currently deployed features, or they address only specific privacy issues and consequently provide only very limited guarantees when deployed separately.

The goal of this work is to overcome this trade-off. Building on CoinJoin, we design ValueShuffle, the first coin mixing protocol compatible with Confidential Transactions, a proposed enhancement to the Bitcoin protocol to hide payment values in the blockchain. ValueShuffle ensures the anonymity of mixing participants as well as the confidentiality of their payment values even against other possibly malicious mixing participants. By combining CoinJoin with Confidential Transactions and additionally Stealth Addresses, ValueShuffle provides comprehensive privacy (payer anonymity, payee anonymity, and payment value privacy) without breaking with fundamental design principles or features of the current Bitcoin system. Assuming that Confidential Transactions will be integrated in the Bitcoin protocol, ValueShuffle makes it possible to mix funds of different value as well as to mix and spend funds in the same transaction, which overcomes the two main limitations of previous coin mixing protocols.

Notes

Acknowledgements

We thank Pieter Wuille for pointing out a mistake in a preprint, and we thank the anonymous reviewers for their very helpful comments. This work was supported by the German Ministry for Education and Research (BMBF) through funding for the German Universities Excellence Initiative.

References

  1. 1.
    Andresen, G.: Pay to script hash, BIP 16. https://github.com/bitcoin/bips/blob/master/bip-0016.mediawiki
  2. 2.
    Androulaki, E., Karame, G.O., Roeschlin, M., Scherer, T., Capkun, S.: Evaluating user privacy in Bitcoin. In: Sadeghi, A.-R. (ed.) FC 2013. LNCS, vol. 7859, pp. 34–51. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-39884-1_4 CrossRefGoogle Scholar
  3. 3.
    Barber, S., Boyen, X., Shi, E., Uzun, E.: Bitter to better—how to make Bitcoin a better currency. In: Keromytis, A.D. (ed.) FC 2012. LNCS, vol. 7397, pp. 399–414. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-32946-3_29 CrossRefGoogle Scholar
  4. 4.
    Ben-Sasson, E., Chiesa, A., Garman, C., Green, M., Miers, I., Tromer, E., Virza, M.: Zerocash: decentralized anonymous payments from Bitcoin. In: S&P 2014 (2014)Google Scholar
  5. 5.
    Bissias, G., Ozisik, A.P., Levine, B.N., Liberatore, M.: Sybil-resistant mixing for Bitcoin. In: WPES 2014 (2014)Google Scholar
  6. 6.
    Bitcoin Core: Segregated witness: the next steps. https://bitcoincore.org/en/2016/06/24/segwit-next-steps/#schnorr-signatures
  7. 7.
    Bonneau, J., Narayanan, A., Miller, A., Clark, J., Kroll, J.A., Felten, E.W.: Mixcoin: anonymity for Bitcoin with accountable mixes. In: Christin, N., Safavi-Naini, R. (eds.) FC 2014. LNCS, vol. 8437, pp. 486–504. Springer, Heidelberg (2014).  https://doi.org/10.1007/978-3-662-45472-5_31 Google Scholar
  8. 8.
    Cash, D., Kiltz, E., Shoup, V.: The twin Diffie-Hellman problem and applications. J. Cryptol. 22(4), 470–504 (2009)MathSciNetCrossRefzbMATHGoogle Scholar
  9. 9.
    Chaum, D.: The dining cryptographers problem: unconditional sender and recipient untraceability. J. Cryptol. 1(1), 65–75 (1988)MathSciNetCrossRefzbMATHGoogle Scholar
  10. 10.
    Corrigan-Gibbs, H., Ford, B.: Dissent: accountable anonymous group messaging. In: CCS 2010 (2010)Google Scholar
  11. 11.
    Dingledine, R., Mathewson, N., Syverson, P.: Tor: the second-generation onion router. In: USENIX Security 2004 (2004)Google Scholar
  12. 12.
    Elements Project: Alpha sidechain. https://www.elementsproject.org/sidechains/alpha/
  13. 13.
    Freire, E.S.V., Hofheinz, D., Kiltz, E., Paterson, K.G.: Non-interactive key exchange. In: Kurosawa, K., Hanaoka, G. (eds.) PKC 2013. LNCS, vol. 7778, pp. 254–271. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-36362-7_17 CrossRefGoogle Scholar
  14. 14.
    Gentry, C., Wichs, D.: Separating succinct non-interactive arguments from all falsifiable assumptions. In: STOC 2011 (2011)Google Scholar
  15. 15.
  16. 16.
    Heilman, E., Alshenibr, L., Baldimtsi, F., Scafuro, A., Goldberg, S.: TumbleBit: an untrusted Bitcoin-compatible anonymous payment hub. In: NDSS 2017 (2017)Google Scholar
  17. 17.
    Heilman, E., Baldimtsi, F., Goldberg, S.: Blindly signed contracts: anonymous on-blockchain and off-blockchain Bitcoin transactions. In: Clark, J., Meiklejohn, S., Ryan, P.Y.A., Wallach, D., Brenner, M., Rohloff, K. (eds.) FC 2016. LNCS, vol. 9604, pp. 43–60. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-53357-4_4 CrossRefGoogle Scholar
  18. 18.
  19. 19.
    Koshy, P., Koshy, D., McDaniel, P.: An analysis of anonymity in Bitcoin using P2P network traffic. In: Christin, N., Safavi-Naini, R. (eds.) FC 2014. LNCS, vol. 8437, pp. 469–485. Springer, Heidelberg (2014).  https://doi.org/10.1007/978-3-662-45472-5_30 Google Scholar
  20. 20.
    Lombrozo, E., Lau, J., Wuille, P.: Segregated witness (consensus layer), BIP 141. https://github.com/bitcoin/bips/blob/master/bip-0141.mediawiki#p2wpkh-nested-in-bip16-p2sh
  21. 21.
    Maxwell, G.: CoinJoin: Bitcoin privacy for the real world. Post on Bitcoin Forum (2013). https://bitcointalk.org/index.php?topic=279249
  22. 22.
    Maxwell, G.: Confidential transactions (2015). https://people.xiph.org/~greg/confidential_values.txt
  23. 23.
    Maxwell, G., Poelstra, A.: Borromean ring signatures (2015). https://github.com/Blockstream/borromean_paper/raw/master/borromean_draft_0.01_9ade1e49.pdf
  24. 24.
    Meiklejohn, S., Orlandi, C.: Privacy-enhancing overlays in Bitcoin. In: Brenner, M., Christin, N., Johnson, B., Rohloff, K. (eds.) FC 2015. LNCS, vol. 8976, pp. 127–141. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-48051-9_10 CrossRefGoogle Scholar
  25. 25.
    Meiklejohn, S., Pomarole, M., Jordan, G., Levchenko, K., McCoy, D., Voelker, G.M., Savage, S.: A fistful of bitcoins: characterizing payments among men with no names. In: IMC 2013 (2013)Google Scholar
  26. 26.
    Miers, I., Garman, C., Green, M., Rubin, A.D.: Zerocoin: anonymous distributed e-cash from Bitcoin. In: S&P 2013 (2013)Google Scholar
  27. 27.
    Noether, S., Mackenzie, A.: Ring confidential transactions. Ledger (2016). http://www.ledgerjournal.org/ojs/index.php/ledger/article/view/34
  28. 28.
    Noether, S.: Review of CryptoNote white paper. https://downloads.getmonero.org/whitepaper_review.pdf
  29. 29.
    OmegaStarScream: Bitcoin Core & pruning mode. Bitcoin Forum. https://bitcointalk.org/index.php?topic=1599458.0
  30. 30.
    Pedersen, T.P.: Non-interactive and information-theoretic secure verifiable secret sharing. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 129–140. Springer, Heidelberg (1992).  https://doi.org/10.1007/3-540-46766-1_9 Google Scholar
  31. 31.
  32. 32.
    Reid, F., Harrigan, M.: An analysis of anonymity in the bitcoin system. In: Altshuler, Y., Elovici, Y., Cremers, A., Aharony, N., Pentland, A. (eds.) Security and Privacy in Social Networks. Springer, New York (2013).  https://doi.org/10.1007/978-1-4614-4139-7_10 Google Scholar
  33. 33.
    Ruffing, T., Moreno-Sanchez, P., Kate, A.: CoinShuffle: practical decentralized coin mixing for bitcoin. In: Kutyłowski, M., Vaidya, J. (eds.) ESORICS 2014. LNCS, vol. 8713, pp. 345–364. Springer, Cham (2014).  https://doi.org/10.1007/978-3-319-11212-1_20 Google Scholar
  34. 34.
    Ruffing, T., Moreno-Sanchez, P., Kate, A.: P2P mixing and unlinkable Bitcoin transactions. In: NDSS 2017 (2017)Google Scholar
  35. 35.
    van Saberhagen, N.: CryptoNote (2013). https://cryptonote.org/whitepaper.pdf
  36. 36.
    Schnorr, C.P.: Efficient signature generation by smart cards. J. Cryptol. 4(3), 161–174 (1991)MathSciNetCrossRefzbMATHGoogle Scholar
  37. 37.
    Spagnuolo, M., Maggi, F., Zanero, S.: BitIodine: extracting intelligence from the Bitcoin network. In: Christin, N., Safavi-Naini, R. (eds.) FC 2014. LNCS, vol. 8437, pp. 457–468. Springer, Heidelberg (2014).  https://doi.org/10.1007/978-3-662-45472-5_29 Google Scholar
  38. 38.
    Todd, P.: Stealth addresses. Post on Bitcoin development mailing list. https://www.mail-archive.com/bitcoin-development@lists.sourceforge.net/msg03613.html
  39. 39.
    Valenta, L., Rowan, B.: Blindcoin: blinded, accountable mixes for Bitcoin. In: Brenner, M., Christin, N., Johnson, B., Rohloff, K. (eds.) FC 2015. LNCS, vol. 8976, pp. 112–126. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-48051-9_9 CrossRefGoogle Scholar
  40. 40.
    Wuille, P.: Hierarchical deterministic wallets, BIP 32. https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki
  41. 41.
  42. 42.
    Ziegeldorf, J.H., Grossmann, F., Henze, M., Inden, N., Wehrle, K.: CoinParty: Secure multi-party mixing of bitcoins. In: CODASPY 2015 (2015)Google Scholar

Copyright information

© International Financial Cryptography Association 2017

Authors and Affiliations

  1. 1.Saarland UniversitySaarbrückenGermany
  2. 2.Purdue UniversityWest LafayetteUSA

Personalised recommendations