Exploring the Monero Peer-to-Peer Network

As of September 2019, Monero is the most capitalized privacy- preserving cryptocurrency, and is ranked tenth among all cryptocurren- cies. Monero’s on-chain data privacy guarantees, i.e., how mixins are selected in each transaction, have been extensively studied. However, de- spite Monero’s prominence, the network of peers running Monero clients has not been analyzed. Such analysis is of prime importance, since po- tential vulnerabilities in the peer-to-peer network may lead to attacks on the blockchain’s safety (e.g., by isolating a set of nodes) and on users’ privacy (e.g., tracing transactions flow in the network). This paper provides the first step study on understanding Monero’s peer- to-peer (P2P) network. In particular, we deconstruct Monero’s P2P pro- tocol based on its source code, and develop a toolset to explore Monero’s network, which allows us to infer its topology, size, node distribution, and node connectivity. During our experiments, we collected 510 GB of raw data, from which we extracted 21,678 IP addresses of Monero nodes distributed in 970 autonomous systems. We show that Monero’s network is highly centralized — 13.2% of the nodes collectively maintain 82.86% of the network connections. We have identified approximately 2,758 ac- tive nodes per day, which is 68.7% higher than the number reported by the MoneroHash mining pool. We also identified all concurrent outgoing connections maintained by Monero nodes with very high probability (on average 97.98% for nodes with less than 250 outgoing connections, and 93.79% for nodes with more connections)

SoK:A Systematic Study of Anonymity in Cryptocurrencies

Blockchain and cryptocurrencies have been widely deployed and used in our daily life. Although there are numerous works in the literature surveying technical challenges and security issues in blockchains, very few works focused on the anonymity guarantees provided in cryptocurrencies. In this work, we conduct a systematic survey on anonymity in cryptocurrencies with a clear categorization for the different tiers of anonymity offered in the various cryptocurrencies as well as their known weaknesses and vulnerabilities. We also study the techniques that have been used to achieve each tier of anonymity. Finally, we asses the current techniques, and present a forecast for the technological trends in this fiel

Arquitectura de software en wallet de código abierto para privacy coin en dispositivos móviles : El caso de estudio de Zcash

Desde su surgimiento en 2009, el uso de criptomonedas ha estado en constante crecimiento en términos de cuota de mercado y adopción. Este "boom" está a la vista de todos, y al igual que la gran mayoría de las transacciones del mundo de las finanzas descentralizadas, es de completo estado público. Pese al uso de criptografía de avanzada, la privacidad en el "mundo cripto" es relativamente baja, con excepciones: Las Privacy Coins o Monedas con Mejoramiento del Anonimato (Anonymity Enhancement Coins o AEC). Este trabajo toma la idea de la privacidad como Derecho Humano y se centra en dilucidar los requerimientos para el desarrollo de billeteras electrónicas móviles para AECs, analizando las criptomonedas Monero y Zcash, tomando como caso de estudio esta última.Since their appearance in 2009, the use of cryptocurrencies has been growing constantly in terms of market cap and adoption. This boom is publicly visible as well as the grand majority of the decentralized finance transactions. Despite the use of advanced cryptography, privacy in the “crypto world” is relitvely low, with certain exceptions: Privacy Coins (or Anonymity Enhanced Coins AEC). This work takes the idea of Privacy as a Human Right and focuses on elicitating the requirements for developing mobile wallets for AECs, analyzing the cryptocurrencies Monero and primarily Zcash, taking the latter as study case. Its contributions are: a list of functional and non-functional requirements to develop a privacy coin light client, a reference Architecture that addresses these requirements in an abstract manner and finally a list of future work related to the fields of Systematic Literature Review, Privacy and Security.Facultad de Informátic

Kleptography and steganography in blockchains

Despite its vast proliferation, the blockchain technology is still evolving, and witnesses continuous technical innovations to address its numerous unresolved issues. An example of these issues is the excessive electrical power consumed by some consensus protocols. Besides, although various media reports have highlighted the existence of objectionable content in blockchains, this topic has not received sufficient research. Hence, this work investigates the threat and deterrence of arbitrary-content insertion in public blockchains, which poses a legal, moral, and technical challenge. In particular, the overall aim of this work is to thoroughly study the risk of manipulating the implementation of randomized cryptographic primitives in public blockchains to mount kleptographic attacks, establish steganographic communication, and store arbitrary content. As part of our study, we present three new kleptographic attacks on two of the most commonly used digital signatures: ring signature and ECDSA. We also demonstrate our kleptographic attacks on two real cryptocurrencies: Bytecoin and Monero. Moreover, we illustrate the plausibility of hijacking public blockchains to establish steganographic channels. Particularly, we design, implement, and evaluate the first blockchain-based broadcast communication tool on top of a real-world cryptocurrency. Furthermore, we explain the detrimental consequences of kleptography and steganography on the users and the future of the blockchain technology. Namely, we show that kleptography can be used to surreptitiously steal the users' secret signing keys, which are the most valuable and guarded secret in public blockchains. After losing their keys, users of cryptocurrencies will inevitably lose their funds. In addition, we clarify that steganography can be used to establish subliminal communication and secretly store arbitrary content in public blockchains, which turns them into cheap cyberlockers. Consequently, the participation in such blockchains, which are known to store unethical content, can be criminalized, hindering the future adoption of blockchains. After discussing the adverse effects of kleptographic and steganographic attacks on blockchains, we survey all of the existing techniques that can defend against these attacks. Finally, due to the shortcomings of the available techniques, we propose four countermeasures that ensure kleptography and steganography-resistant public blockchains. Our countermeasures include two new cryptographic primitives and a generic steganographyresistant blockchain framework (SRBF). This framework presents a universal solution that deters steganography and practically achieves the right to be forgotten (RtbF) in blockchains, which represents a regulatory challenge for current immutable blockchains

Deconstructing Blockchains: A Comprehensive Survey on Consensus, Membership and Structure

It is no exaggeration to say that since the introduction of Bitcoin, blockchains have become a disruptive technology that has shaken the world. However, the rising popularity of the paradigm has led to a flurry of proposals addressing variations and/or trying to solve problems stemming from the initial specification. This added considerable complexity to the current blockchain ecosystems, amplified by the absence of detail in many accompanying blockchain whitepapers. Through this paper, we set out to explain blockchains in a simple way, taming that complexity through the deconstruction of the blockchain into three simple, critical components common to all known systems: membership selection, consensus mechanism and structure. We propose an evaluation framework with insight into system models, desired properties and analysis criteria, using the decoupled components as criteria. We use this framework to provide clear and intuitive overviews of the design principles behind the analyzed systems and the properties achieved. We hope our effort will help clarifying the current state of blockchain proposals and provide directions to the analysis of future proposals