Formal Analysis of E-Cash Protocols

International audienceElectronic cash (e-cash) aims at achieving client privacy at payment, similar to real cash. Several security protocols have been proposed to ensure privacy in e-cash, as well as the necessary unforgery properties. In this paper, we propose a formal framework to define, analyze, and verify security properties of e-cash systems. To this end, we model e-cash systems in the applied π-calculus, and we define two client privacy properties and three properties to prevent forgery. Finally, we apply our definitions to an e-cash protocol from the literature proposed by Chaum et al., which has two variants and a real implementation based on it. Using ProVerif, we demonstrate that our framework is suitable for an automated analysis of this protocol

A Digital Cash Paradigm with Valued and No-Valued e-Coins

Digital cash is a form of money that is stored digitally. Its main advantage when compared to traditional credit or debit cards is the possibility of carrying out anonymous transactions. Diverse digital cash paradigms have been proposed during the last decades, providing different approaches to avoid the double-spending fraud, or features like divisibility or transferability. This paper presents a new digital cash paradigm that includes the so-called no-valued e-coins, which are e-coins that can be generated free of charge by customers. A vendor receiving a payment cannot distinguish whether the received e-coin is valued or not, but the customer will receive the requested digital item only in the former case. A straightforward application of bogus transactions involving no-valued e-coins is the masking of consumption patterns. This new paradigm has also proven its validity in the scope of privacy-preserving pay-by-phone parking systems, and we believe it can become a very versatile building block in the design of privacy-preserving protocols in other areas of research. This paper provides a formal description of the new paradigm, including the features required for each of its components together with a formal analysis of its security.This research was funded by the Spanish Ministry of Science, Innovation and Universities grant number MTM2017-83271-R

Instantaneous Decentralized Poker

We present efficient protocols for amortized secure multiparty computation with penalties and secure cash distribution, of which poker is a prime example. Our protocols have an initial phase where the parties interact with a cryptocurrency network, that then enables them to interact only among themselves over the course of playing many poker games in which money changes hands. The high efficiency of our protocols is achieved by harnessing the power of stateful contracts. Compared to the limited expressive power of Bitcoin scripts, stateful contracts enable richer forms of interaction between standard secure computation and a cryptocurrency. We formalize the stateful contract model and the security notions that our protocols accomplish, and provide proofs using the simulation paradigm. Moreover, we provide a reference implementation in Ethereum/Solidity for the stateful contracts that our protocols are based on. We also adopt our off-chain cash distribution protocols to the special case of stateful duplex micropayment channels, which are of independent interest. In comparison to Bitcoin based payment channels, our duplex channel implementation is more efficient and has additional features

The utility of home-practice in mindfulness-based group interventions: a systematic review

A growing body of research supports the efficacy of mindfulness-based interventions (MBIs). MBIs consider home-practice as essential to increasing the therapeutic effects of the treatment. To date however, the synthesis of the research conducted on the role of home-practice in controlled MBI studies has been a neglected area. This review aimed to conduct a narrative synthesis of published controlled studies, evaluating mindfulness-based group interventions, which have specifically measured home-practice. Empirical research literature published until June 2016 was searched using five databases. The search strategy focused on mindfulness-based stress reduction (MBSR), mindfulness-based cognitive therapy (MBCT), and home-practice. Included studies met the following criteria: controlled trials, participants 18 years and above, evaluations of MBSR or MBCT, utilised standardised quantitative outcome measures and monitored home-practice using a self-reported measure. Fourteen studies met the criteria and were included in the review. Across all studies, there was heterogeneity in the guidance and resources provided to participants and the approaches used for monitoring home-practice. In addition, the guidance on the length of home-practice was variable across studies, which indicates that research studies and teachers are not adhering to the published protocols. Finally, only seven studies examined the relationship between home-practice and clinical outcomes, of which four found that home-practice predicted improvements on clinical outcome measures. Future research should adopt a standardised approach for monitoring home-practice across MBIs. Additionally, studies should assess whether the amount of home-practice recommended to participants is in line with MBSR/MBCT manualised protocols. Finally, research should utilise experimental methodologies to explicitly explore the relationship between home-practice and clinical outcomes

TumbleBit: an untrusted Bitcoin-compatible anonymous payment hub

This paper presents TumbleBit, a new unidirectional unlinkable payment hub that is fully compatible with today s Bitcoin protocol. TumbleBit allows parties to make fast, anonymous, off-blockchain payments through an untrusted intermediary called the Tumbler. TumbleBits anonymity properties are similar to classic Chaumian eCash: no one, not even the Tumbler, can link a payment from its payer to its payee. Every payment made via TumbleBit is backed by bitcoins, and comes with a guarantee that Tumbler can neither violate anonymity, nor steal bitcoins, nor print money by issuing payments to itself. We prove the security of TumbleBit using the real/ideal world paradigm and the random oracle model. Security follows from the standard RSA assumption and ECDSA unforgeability. We implement TumbleBit, mix payments from 800 users and show that TumbleBits offblockchain payments can complete in seconds.https://eprint.iacr.org/2016/575.pdfPublished versio

SHAREDWEALTH: A CRYPTOCURRENCY TO REWARD MINERS EVENLY

Bitcoin [19] is a decentralized cryptocurrency that has recently gained popularity and has emerged as a popular medium of exchange. The total market capitalization is around 1.5 billion US dollars as of October 2013 [28]. All the operations of Bitcoin are maintained in a distributed public global ledger known as a block chain which consists of all the successful transactions that have ever taken place. The security of a block chain is maintained by a chain of cryptographic puzzles solved by participants called miners, who in return are rewarded with bitcoins. To be successful, the miner has to put in his resources to solve the cryptographic puzzle (also known as a proof of work). The reward structure is an incentive for miners to contribute their computational resources and is also essential to the currency\u27s decentralized nature. One disadvantage of the reward structure is that the payment system is uneven. The reward is always given to one person. Hence people form mining pools where every member of the pool solves the same cryptographic puzzle and irrespective of the person who solved it, the reward is shared evenly among all the members of the pool. The Bitcoin protocol assumes that the miners are honest and they follow the Bitcoin protocol as prescribed. If group of selfish miners comes to lead by forming pools, the currency stops being decentralized and comes under the control of the selfish miners. Such miners can control the whole Bitcoin network [29]. Our goal is to address this problem by creating a distinct peer-to-peer protocol that reduces the incentives for the miners to join large mining pools. The central idea is to pay the “runners-up” who come close to finding a proof, thereby creating a less volatile payout situation. The work done by the “runners-up” can be used by other miners to find the solution of proof of work by building upon their work. Once they find the actual solution they have to include the solution of the other miner in order to get rewarded. The benefit of this protocol is that not only the miners save their computational resources but also the reward is distributed among the miners