Maypoles: Lightning Striking Twice

The Lightning Network (LN) is a second layer solution built on top of Bitcoin, aimed to solve Bitcoin\u27s long transaction waiting times and high transaction fees. Empirical and theoretical studies show that the LN is tending towards the hub and spoke network topology. In this topology most of the nodes, the spokes, open a single channel to one of the few well-connected nodes, the hubs. This topology is known to be prone to failures, attacks, and privacy issues. In this work we introduce the Maypoles protocol in which most nodes open two channels instead of one. We show that this protocol benefits the network significantly by enhancing its stability, privacy, and resilience to attacks. We also examine the economic incentives of nodes to take part in Maypoles

Investigating transactions in cryptocurrencies

This thesis presents techniques to investigate transactions in uncharted cryptocur- rencies and services. Cryptocurrencies are used to securely send payments on- line. Payments via the first cryptocurrency, Bitcoin, use pseudonymous addresses that have limited privacy and anonymity guarantees. Research has shown that this pseudonymity can be broken, allowing users to be tracked using clustering and tag- ging heuristics. Such tracking allows crimes to be investigated. If a user has coins stolen, investigators can track addresses to identify the destination of the coins. This, combined with an explosion in the popularity of blockchain, has led to a vast increase in new coins and services. These offer new features ranging from coins focused on increased anonymity to scams shrouded as smart contracts. In this study, we investigated the extent to which transaction privacy has improved and whether users can still be tracked in these new ecosystems. We began by analysing the privacy-focused coin Zcash, a Bitcoin-forked cryptocurrency, that is consid- ered to have strong anonymity properties due to its background in cryptographic research. We revealed that the user anonymity set can be considerably reduced using heuristics based on usage patterns. Next, we analysed cross-chain transac- tions collected from the exchange ShapeShift, revealing that users can be tracked as they move across different ledgers. Finally, we present a measurement study on the smart-contract pyramid scheme Forsage, a scam that cycled $267 million USD (of Ethereum) within its first year, showing that at least 88% of the participants in the scheme suffered a loss. The significance of this study is the revelation that users can be tracked in newer cryptocurrencies and services by using our new heuristics, which informs those conducting investigations and developing these technologies

Remote Side-Channel Attacks on Anonymous Transactions

Privacy-focused crypto-currencies, such as Zcash or Monero, aim to provide strong cryptographic guarantees for transaction confidentiality and unlinkability. In this paper, we describe side-channel attacks that let remote adversaries bypass these protections. We present a general class of timing side-channel and traffic-analysis attacks on receiver privacy. These attacks enable an active remote adversary to identify the (secret) payee of any transaction in Zcash or Monero. The attacks violate the privacy goals of these crypto-currencies by exploiting side-channel information leaked by the implementation of different system components. Specifically, we show that a remote party can link all transactions that send funds to a user, by measuring the response time of that user’s P2P node to certain requests. The timing differences are large enough that the attacks can be mounted remotely over a WAN. We responsibly disclosed the issues to the affected projects, and they have patched the vulnerabilities. We further study the impact of timing side-channels on the zero-knowledge proof systems used in these crypto-currencies. We observe that in Zcash’s implementation, the time to generate a zero-knowledge proof depends on secret transaction data, and in particular on the amount of transacted funds. Hence, an adversary capable of measuring proof generation time could break transaction confidentiality, despite the proof system’s zero-knowledge property. Our attacks highlight the dangers of side-channel leakage in anonymous crypto-currencies, and the need to systematically protect them against such attacks