166 research outputs found
Bitcoin over Tor isn't a good idea
Bitcoin is a decentralized P2P digital currency in which coins are generated
by a distributed set of miners and transaction are broadcasted via a
peer-to-peer network. While Bitcoin provides some level of anonymity (or rather
pseudonymity) by encouraging the users to have any number of random-looking
Bitcoin addresses, recent research shows that this level of anonymity is rather
low. This encourages users to connect to the Bitcoin network through
anonymizers like Tor and motivates development of default Tor functionality for
popular mobile SPV clients. In this paper we show that combining Tor and
Bitcoin creates an attack vector for the deterministic and stealthy
man-in-the-middle attacks. A low-resource attacker can gain full control of
information flows between all users who chose to use Bitcoin over Tor. In
particular the attacker can link together user's transactions regardless of
pseudonyms used, control which Bitcoin blocks and transactions are relayed to
the user and can \ delay or discard user's transactions and blocks. In
collusion with a powerful miner double-spending attacks become possible and a
totally virtual Bitcoin reality can be created for such set of users. Moreover,
we show how an attacker can fingerprint users and then recognize them and learn
their IP address when they decide to connect to the Bitcoin network directly.Comment: 11 pages, 4 figures, 4 table
Block and Stream Ciphers and the Creatures in Between
In this paper we define a notion of leak extraction from a block cipher. We demonstrate this new concept on an example of AES. A result is LEX: a simple AES-based stream cipher which is at least 2.5 times faster than AES both in software and in hardware
Content and popularity analysis of Tor hidden services
Tor hidden services allow running Internet services while protecting the
location of the servers. Their main purpose is to enable freedom of speech even
in situations in which powerful adversaries try to suppress it. However,
providing location privacy and client anonymity also makes Tor hidden services
an attractive platform for every kind of imaginable shady service. The ease
with which Tor hidden services can be set up has spurred a huge growth of
anonymously provided Internet services of both types. In this paper we analyse
the landscape of Tor hidden services. We have studied Tor hidden services after
collecting 39824 hidden service descriptors on 4th of Feb 2013 by exploiting
protocol and implementation flaws in Tor: we scanned them for open ports; in
the case of HTTP services, we analysed and classified their content. We also
estimated the popularity of hidden services by looking at the request rate for
hidden service descriptors by clients. We found that while the content of Tor
hidden services is rather varied, the most popular hidden services are related
to botnets.Comment: 6 pages, 3 figures, 2 table
White-Box and Asymmetrically Hard Crypto Design
In this talk we surveyed some our recent works related to the area of white-box cryptogaphy. Specifically the resource hardness framework from Asiacrypt'2017 and its relation to the incompressibility and weak-WBC
Attacks and Countermeasures for White-box Designs
In traditional symmetric cryptography, the adversary has
access only to the inputs and outputs of a cryptographic primitive. In the
white-box model the adversary is given full access to the implementation.
He can use both static and dynamic analysis as well as fault analysis in
order to break the cryptosystem, e.g. to extract the embedded secret
key. Implementations secure in such model have many applications in
industry. However, creating such implementations turns out to be a very
challenging if not an impossible task.
Recently, Bos et al. proposed a generic attack on white-box primitives
called differential computation analysis (DCA). This attack was applied
to many white-box implementations both from academia and industry.
The attack comes from the area of side-channel analysis and the most
common method protecting against such attacks is masking, which in
turn is a form of secret sharing. In this paper we present multiple generic
attacks against masked white-box implementations. We use the term
“masking” in a very broad sense. As a result, we deduce new constraints
that any secure white-box implementation must satisfy.
Based on the new constraints, we develop a general method for protecting
white-box implementations. We split the protection into two independent
components: value hiding and structure hiding. Value hiding must pro-
vide protection against passive DCA-style attacks that rely on analysis
of computation traces. Structure hiding must provide protection against
circuit analysis attacks. In this paper we focus on developing the value
hiding component. It includes protection against the DCA attack by Bos
et al. and protection against a new attack called algebraic attack.
We present a provably secure first-order protection against the new al-
gebraic attack. The protection is based on small gadgets implementing
secure masked XOR and AND operations. Furthermore, we give a proof
of compositional security allowing to freely combine secure gadgets. We
derive concrete security bounds for circuits built using our construction
Examining the practical side channel resilience of arx-boxes
Implementations of ARX ciphers are hoped to have some intrinsic side channel resilience owing to the specific choice of cipher components: modular addition (A), rotation (R) and exclusive-or (X). Previous work has contributed to this understanding by developing theory regarding the side channel resilience of components (pioneered by the early works of Prouff) as well as some more recent practical investigations by Biryukov et al. that focused on lightweight cipher constructions. We add to this work by specifically studying ARX-boxes both mathematically as well as practically. Our results show that previous works\u27 reliance on the simplistic assumption that intermediates independently leak (their Hamming weight) has led to the incorrect conclusion that the modular addition is necessarily the best target and that ARX constructions are therefore harder to attack in practice: we show that on an ARM M0, the best practical target is the exclusive or and attacks succeed with only tens of traces
Decomposition attack on SASASASAS
We demonstrate the first attacks on the SPN ciphers with 6, 7, 8, and 9 secret layers. In particular, we show a decomposition attack on the SASASASAS scheme when the S-box size M and the block length N satisfy the condition M^2 < N (for example, 8-bit S-box and 128-bit block)
Portrait of a Miner in a Landscape
Mining is one of the core elements of the proof-of-work based cryptocurrency economy. In this paper we investigate the generic landscape and hierarchy of miners on the example of Ethereum and Zcash, two blockchains that are among the top 5 in terms of USD value of created coins. Both chains used ASIC resistant proofs-of-work which favors GPU mining in order to keep mining decentralized. This however has changed with recent introduction of ASIC miners for these chains. This transition allows us to develop methods that might detect hidden ASIC mining in a chain (if it exists), and to study how the introduction of ASICs effects the decentralization of mining power. Finally, we describe how an attacker might use public blockchain information to invalidate the privacy of miners, deducing the mining hardware of individual miners and their mining rewards
- …