Bitcoins y el problema de los generales bizantinos

En este artículo pretendemos mostrar porqué, a nuestro entender, la comunidad científica y en especial los que trabajamos en el ámbito de la criptografía y la seguridad de la información, debemos comprender el funcionamiento de la moneda digital Bitcoin. Como se verá, los motivos que presentamos trascienden a la propia moneda Bitcoin y se centran en la red peer-to-peer (P2P) subyacente a dicha moneda, que proporciona un sistema distribuido que permite mantener un registro público también distribuido. Dicho registro permite distintos usos y, como se verá, deja la puerta abierta a múltiples innovaciones.Este trabajo está parcialmente financiado por el Ministerio de Educación, a través de los proyectos TIN2011-27076-C03-02 CO-PRIVACY, TIN2010-15764 N-KHRONOUS, CONSOLIDER INGENIO 2010 CSD2007-0004 ARES, y de la beca FPU-AP2010-0078

BArt: Trading digital contents through digital assets

Since digital artworks are indeed digital content, they face the inherent problem digital content has: the link between content and its original author is very difficult to keep. Additionally, retaining control over digital copies of the content is also a challenging task. Digital coins have solved this very same problem through cryptocurrencies (for instance, Bitcoin) and have opened the door to apply the same techniques to other similar scenarios where ownership of digital assets needs to be preserved. In this paper, we propose BArt, a transparent and distributed mechanism for artists to commercialize their digital artwork, keeping control of the copies, monetizing its usage, and maintaining ownership. BArt allows artists to publicly register their work in the Bitcoin blockchain and sell usage rights in exchange for bitcoins. Buyers are allowed to exert the acquired rights. Proper behaviour from all parties is enforced by the system with cryptography and economic incentives.Government of Catalonia, Grant/Award Number: 2017SGR00705Martí i Franquès research grants programme, Grant/Award Number:2017PMF-POST2-06Spanish Government, Grant/Award Number: RTI2018-095094-B-C22 CONSENT and TIN2014-57364-C2-2-RSMARTGLACI

Towards inferring communication patterns in online social networks

Grup de recerca: Security of Networks and Distributed Applications (SENDA)The separation between the public and private spheres on online social networks is known to be, at best, blurred. On the one hand, previous studies have shown how it is possible to infer private attributes from publicly available data. On the other hand, no distinction exists between public and private data when we consider the ability of the online social network (OSN) provider to access them. Even when OSN users go to great lengths to protect their privacy, such as by using encryption or communication obfuscation, correlations between data may render these solutions useless. In this article, we study the relationship between private communication patterns and publicly available OSN data. Such a relationship informs both privacy-invasive inferences as well as OSN communication modelling, the latter being key toward developing effective obfuscation tools. We propose an inference model based on Bayesian analysis and evaluate, using a real social network dataset, how archetypal social graph features can lead to inferences about private communication. Our results indicate that both friendship graph and public traffic data may not be informative enough to enable these inferences, with time analysis having a non-negligible impact on their precision

La privacitat de les connexions dels usuaris d'una xarxa social

Aquest projecte mostra com les connexions dels usuaris d'una xarxa social suposen un risc afegit per a la privacitat dels usuaris que hi formen part. Aquestes connexions ofereixen informació suficient per a poder dur a terme processos d'agregació d'informació entre diferents xarxes socials, permetent a un atacant millorar el seu coneixement inicial sobre les xarxes. El projecte és un recorregut per totes les fases necessàries per dur a terme aquest procés, des de la recollida de la informació fins a l'agregació de les dades obtingudes.Este proyecto muestra como las conexiones de los usuarios de una red social suponen un riesgo añadido para la privacidad de los usuarios que la forman. Estas conexiones ofrecen información suficiente para poder realizar procesos de agregación de información entre diferentes redes sociales, permitiendo a un atacante mejorar su conocimiento inicial sobre las redes. El proyecto es un recorrido por las diversas fases necesarias para realizar este proceso, desde la recogida de información hasta la agregación de los datos obtenidos.This project shows that link connections in social networks suppose a new risk for user's privacy. These links provide an attacker with enough information to make aggregation processes between different online social networks, improving the attackers initial knowledge of the network. This project is a journey towards this aggregation process, starting from data collection and ending in the aggregation itself

Message anonymity on predictable opportunistic networks

A Predictable Opportunistic Network (POppNet) is a network where end-to-end connectivity is not guaranteed, and node communication happens in an opportunistic manner, but the behavior of the network can be predicted in advance. The predictability of such networks can be exploited to simplify some mechanisms of more generic OppNets where there is no prior knowledge on the network behavior. In this paper, we propose some solutions to provide anonymity for messages on POppNets by using simple onion routing, and thus to increase the privacy of the nodes in communication

On the difficulty of hiding the balance of lightning network channels

International audienceThe Lightning Network is a second layer technology running on top of Bitcoin and other Blockchains. It is composed of a peer-to-peer network, used to transfer raw information data. Some of the links in the peer-to-peer network are identified as payment channels, used to conduct payments between two Lightning Network clients (i.e., the two nodes of the channel). Payment channels are created with a fixed credit amount, the channel capacity. The channel capacity, together with the IP address of the nodes, is published to allow a routing algorithm to find an existing path between two nodes that do not have a direct payment channel. However, to preserve users' privacy, the precise balance of the pair of nodes of a given channel (i.e. the bandwidth of the channel in each direction), is kept secret. Since balances are not announced, second-layer nodes probe routes iteratively, until they find a successful route to the destination for the amount required, if any. This feature makes the routing discovery protocol less efficient but preserves the privacy of channel balances. In this paper, we present an attack to disclose the balance of a channel in the Lightning Network. Our attack is based on performing multiple payments ensuring that none of them is finalized, minimizing the economical cost of the attack. We present experimental results that validate our claims, and countermeasures to handle the attack

Analysis of the Bitcoin UTXO set

Bitcoin relies on the Unspent Transaction Outputs (UTXO) set to efficiently verify new generated transactions. Every unspent out- put, no matter its type, age, value or length is stored in every full node. In this paper we introduce a tool to study and analyze the UTXO set, along with a detailed description of the set format and functionality. Our analysis includes a general view of the set and quantifies the difference between the two existing formats up to the date. We also provide an ac- curate analysis of the volume of dust and unprofitable outputs included in the set, the distribution of the block height in which the outputs where included, and the use of non-standard outputs

Bitcoin Private Key Locked Transactions

Bitcoin smart contracts allow the development of new protocols on top of Bitcoin itself. This usually involves the definition of complex scripts, far beyond the requirement of a single signature. In this paper we introduce the concept of private key locked transactions, a novel type of transactions that allows the atomic verification of a given private key (belonging to an asymmetric key pair) during the script execution