Jiajun Du,Zhonghui Ge,Yu Long,Zhen Liu,Shifeng Sun,Xian Xu,Dawu Gu

DOI: https://doi.org/10.1007/978-3-031-17143-7_39

2022-01-01

Abstract:Mixing protocols serve as a promising solution to the unlinkability in blockchains. They work by hiding one transaction among a set of transactions and enjoy the advantage of high compatibility with the underlying system. However, due to the inherent public addresses of the blockchains built on the account-based model, the unlinkability is highly restricted to non-confidential transactions. In this paper, we propose MixCT, a mixing service for confidential payment systems built from homomorphic commitment in the account-based model. We provide an efficient instantiation of MixCT by the Pedersen commitment and the one-out-of-many proof. The evaluation results show that MixCT introduces a small cost for its users while being highly compatible with the underlying blockchain.

Jingting Xue,Lingjie Shi,Liang Liu,Xiaojun Zhang,Fagen Li

DOI: https://doi.org/10.1007/s12083-023-01567-w

IF: 3.488

2023-01-01

Peer-to-Peer Networking and Applications

Abstract:Mixing serves as an effective method to safeguard the privacy of nodes in digital currency systems by introducing a mixer to break the link between transaction inputs and outputs. Existing mixing schemes heavily rely on stringent security assumptions to prevent potential risks, including privacy breaches and coin loss. Recognizing this concern, we propose DcMix, a decentralized private coin mixing scheme that ensures unconditional anonymity for nodes within a peer-to-peer network. To establish a mixing group that offers forward security, we employ the challenge-response model, forming a one-time chat room. This room utilizes a hierarchical key tree structure, generated through a key derivation primitive, wherein distinct branches serve specific purposes. This approach enables nodes in the group to construct their individual key trees, preventing the tracing of mixing records in an open network environment. Additionally, DcMix incorporates a variation of the Abe-Ohkubo-Suzuki (AOS) ring signature to conceal identities from both group nodes and online adversaries. DcMix achieves robust anonymity and transaction unforgeability, effectively countering known message attacks. Experimental results demonstrate that DcMix exhibits a computation overhead approximately 60% lower than CoinParty and CoinLayering with eight mixers. Furthermore, even with a high transaction volume of up to 1,900, DcMix’s computation overhead remains 25% lower than that of the aforementioned schemes.

QingChun ShenTu,JianPing Yu

DOI: https://doi.org/10.48550/arXiv.1510.05833

2015-10-20

Abstract:To strengthen the anonymity of Bitcoin, several centralized coin-mixing providers (mixers) such as <a class="link-external link-http" href="http://BitcoinFog.com" rel="external noopener nofollow">this http URL</a>, <a class="link-external link-http" href="http://BitLaundry.com" rel="external noopener nofollow">this http URL</a>, and <a class="link-external link-http" href="http://Blockchain.info" rel="external noopener nofollow">this http URL</a> assist users to mix Bitcoins through CoinJoin transactions with multiple inputs and multiple outputs to uncover the relationship between them. However, these mixers know the output address of each user, such that they cannot provide true anonymity. This paper proposes a centralized coin-mixing algorithm based on an elliptic curve blind signature scheme (denoted as Blind-Mixing) that obstructs mixers from linking an input address with an output address. Comparisons among three blind signature based algorithms, Blind-Mixing, BlindCoin, and RSA Coin-Mixing, are conducted. It is determined that BlindCoin may be deanonymized because of its use of a public log. In RSA Coin-Mixing, a user's Bitcoins may be falsely claimed by another. In addition, the blind signature scheme of Blind-Mixing executes 10.5 times faster than that of RSA Coin-Mixing.

Cryptography and Security

Yankai Xie,Qingtao Wang,Songwei Li,Ruiyang Xiao,Chi Zhang,Lingbo Wei

DOI: https://doi.org/10.1109/icc45855.2022.9838686

2022-01-01

Abstract:Mixing schemes have been applied by Bitcoin users to break their payment links in the blockchain to enhance privacy. However, most mixing schemes cannot provide secure mixing service without compromising efficiency since they are relying on complex cryptographic techniques or interactive protocols. To provide secure yet efficient mixing service, researchers introduce Intel SGX enclave, which provides Trusted Execution Environment (TEE) with confidentiality and integrity guarantees to execute mixing operations. Unfortunately, users will lose their mixing funds if a malicious service provider compromises the confidentiality guarantee of his/her enclave. Moreover, the scheme cannot scale to a large number of users in a single mixing round, that is, limited scalability. In this paper, we present a novel decentralized mixing scheme with multiple enclaves run by different service providers, which uses Shamir secret sharing scheme and additive homomorphic property of keys in Elliptic Curve Cryptography to tolerate a subset of enclaves to be compromised. Moreover, our scheme also provides stronger scalability so it achieves anonymity sets by orders of magnitude higher than the existing TEE-based mixing scheme. The experiment shows our scheme can provide stronger security and anonymity guarantees without compromising efficiency which outperforms existing mixing schemes.

Mixue Xu,Chao Yuan,Xueming Si,Gang Yu,Jinhua Fu,Feng Gao

DOI: https://doi.org/10.1109/hoticn.2018.8605975

2018-01-01

Abstract:Bitcoin is the first decentralized cryptocurrency proposed by Satoshi Nakamoto. Although transactions are conducted between pseudonyms, Bitcoin cannot offer strong privacy guarantees. Mixing coins, to some extent, can address this drawback through different technologies, but also meets flexibility, storage and anonymity problems. This paper proposes a decentralized coin mixing scheme CoinMingle, based on ring signature, one-time output address, CoinJoin and our mutual recognition delegation strategy. Our mutual recognition delegation strategy is simple but effective: when a user prepares to submit messages, he will delegate it to other users for anonymity. Users in CoinMingle don’t need pre-compute. And CoinMingle can tolerate different input amounts and plug the leak of personal information in shuffling phase. In addition, CoinMingle owns parallel structure which is more efficient than other coin mixing schemes.

Zhipeng Wang,Stefanos Chaliasos,Kaihua Qin,Liyi Zhou,Lifeng Gao,Pascal Berrang,Ben Livshits,Arthur Gervais

DOI: https://doi.org/10.48550/arXiv.2201.09035

2022-01-22

Cryptography and Security

Abstract:Zero-knowledge proof (ZKP) mixers are one of the most widely-used blockchain privacy solutions, operating on top of smart contract-enabled blockchains. We find that ZKP mixers are tightly intertwined with the growing number of Decentralized Finance (DeFi) attacks and Blockchain Extractable Value (BEV) extractions. Through coin flow tracing, we discover that 205 blockchain attackers and 2,595 BEV extractors leverage mixers as their source of funds, while depositing a total attack revenue of 412.87M USD. Moreover, the US OFAC sanctions against the largest ZKP mixer, Tornado.Cash, have reduced the mixer's daily deposits by more than 80%. Further, ZKP mixers advertise their level of privacy through a so-called anonymity set size, which similarly to k-anonymity allows a user to hide among a set of k other users. Through empirical measurements, we, however, find that these anonymity set claims are mostly inaccurate. For the most popular mixers on Ethereum (ETH) and Binance Smart Chain (BSC), we show how to reduce the anonymity set size on average by 27.34% and 46.02% respectively. Our empirical evidence is also the first to suggest a differing privacy-predilection of users on ETH and BSC. State-of-the-art ZKP mixers are moreover interwoven with the DeFi ecosystem by offering anonymity mining (AM) incentives, i.e., users receive monetary rewards for mixing coins. However, contrary to the claims of related work, we find that AM does not necessarily improve the quality of a mixer's anonymity set. Our findings indicate that AM attracts privacy-ignorant users, who then do not contribute to improving the privacy of other mixer users.

Renpeng Zou,Xixiang Lv

DOI: https://doi.org/10.48550/arXiv.2009.11546

2020-09-24

Abstract:Increasing awareness of privacy-preserving has led to a strong focus on anonymous systems protecting anonymity. By studying early schemes, we summarize some intractable problems of anonymous systems. Centralization setting is a universal problem since most anonymous system rely on central proxies or presetting nodes to forward and mix messages, which compromises users' privacy in some way. Besides, availability becomes another important factor limiting the development of anonymous system due to the large requirement of additional additional resources (i.e. bandwidth and storage) and high latency. Moreover, existing anonymous systems may suffer from different attacks including abominable Man-in-the-Middle (MitM) attacks, Distributed Denial-of-service (DDoS) attacks and so on. In this context, we first come up with a BlockChain-based Mix-Net (BCMN) protocol and theoretically demonstrate its security and anonymity. Then we construct a concrete dynamic self-organizing BlockChain-based MIX anonymous system (BCMIX). In the system, users and mix nodes utilize the blockchain transactions and their addresses to negotiate keys with each other, which can resist the MitM attacks. In addition, we design an IP sharding algorithm to mitigate Sybil attacks. To evaluate the BCMIX system, we leverage the distribution of mining pools in the real world to test the system's performance and ability to resistant attacks. Compared with other systems, BCMIX provides better resilience to known attacks, while achieving low latency anonymous communication without significant bandwidth or storage resources.

Cryptography and Security

Sheng Zhong

DOI: https://doi.org/10.1016/j.compeleceng.2009.02.002

IF: 4.152

2009-01-01

Computers & Electrical Engineering

Abstract:A mix is a cryptographic construction for anonymizing communications. Existing mixes require that the public key certificates of mix servers have been distributed among users. In this paper, we propose a new mix that uses techniques from identity-based cryptography. Our mix does not require any public certificates; as long as the users know the identities of mix servers, the mix can anonymize messages. We give proofs of correctness and privacy, as well as analysis of efficiency.

Yi Liu,Zhen Liu,Yu Long,Zhiqiang Liu,Dawu Gu,Fei Huan,Yanxue Jia

DOI: https://doi.org/10.1007/978-3-030-31919-9_21

2019-01-01

Abstract:Since the advent of bitcoin, the privacy of bitcoin has become a hot issue. Many coin mixing protocols guarantee the anonymity and unlinkability of the payer and payee of a transaction. However, due to the publicity of blockchain, the confidentiality of transaction amounts has not been provided. Everyone has the chance to get the amount of a transaction, which poses a challenge to the privacy of users. To overcome the problem, we propose an improved mixing protocol based on TumbleBit, which is named TumbleBit++. TumbleBit++ combines confidential transactions with centralized untrusted anonymous payment hub, and achieves the protection of transaction amounts without undermining the anonymity of TumbleBit. TumbleBit++ allows multiple payers to trade in different transaction amounts, and Tumbler, as an untrusted third party, does not know the exact amount of each transaction and the flow of funds between the payer and payee of one transaction.

Lei Wu,Yufeng Hu,Yajin Zhou,Haoyu Wang,Xiaopu Luo,Zhi Wang,Fan Zhang,Kui Ren

DOI: https://doi.org/10.1145/3442381.3449880

2021-01-01

Abstract:ABSTRACT One reason for the popularity of Bitcoin is due to its anonymity. Although several heuristics have been used to break the anonymity, new approaches are proposed to enhance its anonymity at the same time. One of them is the mixing service. Unfortunately, mixing services have been abused to facilitate criminal activities, e.g., money laundering. As such, there is an urgent need to systematically understand Bitcoin mixing services. In this paper, we take the first step to understand state-of-the-art Bitcoin mixing services. Specifically, we propose a generic abstraction model for mixing services and observe that there are two mixing mechanisms in the wild, i.e. swapping and obfuscating. Based on this model, we conduct a transaction-based analysis and successfully reveal the mixing mechanisms of four representative services. Besides, we propose a method to identify mixing transactions that leverage the obfuscating mechanism. The proposed approach is able to identify over 92% of the mixing transactions. Based on identified transactions, we then estimate the profit of mixing services and provide a case study of tracing the money flow of stolen Bitcoins.

Yilei Wang,Andrea Bracciali,Guoyu Yang,Tao Li,Xiaomei Yu

DOI: https://doi.org/10.1016/j.asoc.2020.106605

IF: 8.7

2020-11-01

Applied Soft Computing

Abstract:<p>Criminals can launder crypto-currencies through mixing coins, whose original purpose is preservation of privacy in the presence of traceability. Therefore, it's essential to elaborately design mixing polices to achieve both privacy and anti-money laundering. Existing work on mixing policies relies on the knowledge of a blacklist. However, these policies are paralyzed under the scenario where the blacklist is unknown or evolving. In this paper, we regard the above scenario as games under incomplete information where parties put down a deposit for the quality of coins, which is suitably managed by a smart contract in case of mixing bad coins. We extend the <em>poison</em> and <em>haircut</em> policies to incomplete information games, where the blacklist is updated after mixing. We prove the existence of equilibria for the improved polices, while it is known that there is no equilibria in the original <em>poison</em> and <em>haircut</em> policies, where blacklist is public known. Furthermore, we propose a seminal <em>suicide</em> policy: the one who mixes more bad coins will be punished by not having the deposit refunded. Thus, parties have no incentives to launder money by leveraging mixing coins. In effect, all three policies contrast money laundering while preserving privacy under incomplete information. Finally, we simulate and verify the validity of these policies.</p>

computer science, artificial intelligence, interdisciplinary applications

Yilei Wang,Ming Liu,Huawei Ma,Shuyu Fan,Huiyu Zhou,Siqi Ju,Xiaoying Wang,Qintai Yang

DOI: https://doi.org/10.1016/j.ins.2023.02.024

IF: 8.1

2023-01-01

Information Sciences

Abstract:Payment channel networks (PCNs) are effective techniques for extending the scalability of cryptocurrencies. It achieves this by establishing a direct off-line channel from the sender to the receiver, going through one intermediary (aka. the hubs). In such scenarios, the hubs know the origin and destination of each transaction flowing through them, which jeopardizes the privacy of the underlying systems. Unfortunately, former efforts in ensuring transaction unlinkability either rely on trusted mixing services, are inefficient constructed (e.g., constructed inefficient cryptographic primitives), or have limited applicability. In this paper, we present ObliHub, an efficient payment channel scheme that conceals transaction direction information to the hubs. The core technique of ObliHub in achieving unlinkability is our tailored oblivious puzzle transfer protocol (OPT), which enables puzzle solving among the payer, the hub, and the receiver to be conducted in an oblivious manner – the hub center neither knows where a puzzle hint came from nor who acquired it. The implementation of ObliHub only requires efficient cryptographic primitives, and compared with A2L (a state-of-the-art Bitcoin-compatible PCH using homomorphic encryption), ObliHub saves 0.2 seconds in computation time over previous solutions and improves transfer throughput. Besides, our scheme is in accord with Universal Composability (UC) framework and we provide a comprehensive security analysis of it.

Ming Zheng,Haixin Duan,Jianping Wu

DOI: https://doi.org/10.1007/978-3-642-24650-0_16

2011-01-01

Abstract:Protect the identity of participants may be advantageous or essential and even critical for many internet applications. Mix rings architecture give better performance than mix-nets while maintaining anonymity that is stronger than onion routing. This paper presents an enhancement of mix rings, which is a hybrid P2P system and is designed to provide anonymity under a strong adversarial model in terms of identification, anonymity and resilience to collusion, along with low latency of data delivery and the link utilization. We use a double-layer overlay network, composed of nodes that are interested in anonymity and trusted index nodes and introduce several cluster escape and random extend mechanisms into mix rings. We present a description of the protocol, an analysis of common attack defense, and evaluate the degree of anonymity using MATLAB simulations.

Shaowei Wang,Changyu Dong,Xiangfu Song,Jin Li,Zhili Zhou,Di Wang,Han Wu

2024-07-12

Abstract:In data-driven applications, preserving user privacy while enabling valuable computations remains a critical challenge. Technologies like Differential Privacy (DP) have been pivotal in addressing these concerns. The shuffle model of DP requires no trusted curators and can achieve high utility by leveraging the privacy amplification effect yielded from shuffling. These benefits have led to significant interest in the shuffle model. However, the computation tasks in the shuffle model are limited to statistical estimation, making the shuffle model inapplicable to real-world scenarios in which each user requires a personalized output. This paper introduces a novel paradigm termed Private Individual Computation (PIC), expanding the shuffle model to support a broader range of permutation-equivariant computations. PIC enables personalized outputs while preserving privacy, and enjoys privacy amplification through shuffling. We propose a concrete protocol that realizes PIC. By using one-time public keys, our protocol enables users to receive their outputs without compromising anonymity, which is essential for privacy amplification. Additionally, we present an optimal randomizer, the Minkowski Response, designed for the PIC model to enhance utility. We formally prove the security and privacy properties of the PIC protocol. Theoretical analysis and empirical evaluations demonstrate PIC's capability in handling non-statistical computation tasks, and the efficacy of PIC and the Minkowski randomizer in achieving superior utility compared to existing solutions.

Cryptography and Security,Machine Learning

Yuxian Li,Jian Weng,Wei Wu,Ming Li,Yingjiu Li,Haoxin Tu,Yongdong Wu,Robert.H. Deng

DOI: https://doi.org/10.1016/j.jpdc.2023.104721

IF: 4.542

2023-06-03

Journal of Parallel and Distributed Computing

Abstract:Blockchain systems, one of the most popular distributed systems, are well-applied in various scenarios, e.g., logistics and finance. However, traditional blockchain systems suffer from scalability issues. To tackle this issue, Payment Channel Hubs (PCHs) are proposed. Recent efforts, such as A2L (SP'21) and Teechain (SOSP'19), enhance the privacy, reusability, and interoperability properties of PCHs. Nevertheless, these solutions have intrinsic limitations: they rely on trusted hardware or suffer from the deposit lock-in problem. Furthermore, the functionalities of some of these solutions are restricted to fixed-amount payments and do not support multi-party participation. These aforementioned problems limit their capabilities to alleviate blockchain scalability issues. In this paper, we propose PRI, a novel PCH solution that simultaneously guarantees transaction P rivacy (i.e., relationship unlinkability and value confidentiality), deposit R eusability, and blockchain I nteroperability, which can mitigate the aforementioned problems. PRI is constructed by several new building blocks, including (1) an atomic deposit protocol that enforces user and hub to deposit equivalent assets in a shared address for building a fair payment channel; (2) a privacy-preserving deposit certification scheme that leverages the Pointcheval and Sanders signature and non-interactive zero-knowledge proof to resolve the deposit lock-in issue in maintaining payment channels; (3) a range proof which ensures the legality and confidentiality of transaction values. We conduct extensive experimental evaluations of PRI, demonstrating that it improves the state-of-the-art approaches in terms of performance.

computer science, theory & methods

Bo Mi,Bingqing Wu,Darong Huang,Yang Liu,Lu Chen,Shaohua Wan

DOI: https://doi.org/10.1155/2022/9946088

IF: 1.968

2022-01-01

Security and Communication Networks

Abstract:Immutability and traceability are the main reasons for the popularity of blockchain. Nevertheless, its transparency also makes the transactions visible to all participants, which seriously violates the privacy of some dealers. In order to transfer accounts over blockchain, all verifiers should be empowered with the ability to confirm the transactions, leading to the conflict between extensive consensus and individual privacy. Orienting to privacy issues of UTXO (Unspent Transaction Output), this paper exploited the unconditional security of Shamir's secret sharing to construct a logic-physical map for public chain, which enabled noninteractive transaction verification without privacy infringement. A comprehensive analysis indicated that the proposed scheme is secure under UC (Universal Composability) framework with practical computation and communication overheads.

Shaowei Wang,Yun Peng,Jin Li,Zikai Wen,Zhipeng Li,Shiyu Yu,Di Wang,Wei Yang

2024-07-29

Abstract:The shuffle model of differential privacy provides promising privacy-utility balances in decentralized, privacy-preserving data analysis. However, the current analyses of privacy amplification via shuffling lack both tightness and generality. To address this issue, we propose the \emph{variation-ratio reduction} as a comprehensive framework for privacy amplification in both single-message and multi-message shuffle protocols. It leverages two new parameterizations: the total variation bounds of local messages and the probability ratio bounds of blanket messages, to determine indistinguishability levels. Our theoretical results demonstrate that our framework provides tighter bounds, especially for local randomizers with extremal probability design, where our bounds are exactly tight. Additionally, variation-ratio reduction complements parallel composition in the shuffle model, yielding enhanced privacy accounting for popular sampling-based randomizers employed in statistical queries (e.g., range queries, marginal queries, and frequent itemset mining). Empirical findings demonstrate that our numerical amplification bounds surpass existing ones, conserving up to $30\%$ of the budget for single-message protocols, $75\%$ for multi-message ones, and a striking $75\%$-$95\%$ for parallel composition. Our bounds also result in a remarkably efficient $\tilde{O}(n)$ algorithm that numerically amplifies privacy in less than $10$ seconds for $n=10^8$ users.

Cryptography and Security

Le Gao,Junzhe Zhang,Jiaxin Yu,Yin Tang,Zhiqiang Zeng

DOI: https://doi.org/10.3934/math.2024302

2024-01-01

AIMS Mathematics

Abstract:The rapid development of blockchain transactions highlights the importance of privacy protection (including anonymity and confidentiality) and underscores the necessity for auditability. Some schemes, such as PGC and Miniledger, support privacy protection and auditability. However, they only offer incomplete privacy protection (i.e., supporting anonymity or confidentiality exclusively). In response to these issues, we propose a scheme that achieves partial anonymity, confidentiality, auditability, and traceability. By integrating a variant of Pedersen commitments and randomizable signatures, we achieve partial anonymity for users and the auditability of transactions, thereby protecting user privacy under audit conditions. Based on the twisted ElGamal encryption algorithm and specially constructed zero-knowledge proofs, we achieve confidentiality of transaction amounts under legal and regulatory conditions. System test results indicate that this scheme effectively meets the above requirements. The feasibility of this scheme is confirmed through system testing, comparative analysis, and security analysis.

mathematics, applied

Yu Wei,Jingyu Jia,Yuduo Wu,Changhui Hu,Changyu Dong,Zheli Liu,Xiaofeng Chen,Yun Peng,Shaowei Wang

DOI: https://doi.org/10.1109/tifs.2024.3351474

IF: 7.231

2024-02-02

IEEE Transactions on Information Forensics and Security

Abstract:How to achieve distributed differential privacy (DP) without a trusted central party is of great interest in both theory and practice. Recently, the shuffle model has attracted much attention. Unlike the local DP model in which the users send randomized data directly to the data collector/analyzer, in the shuffle model an intermediate untrusted shuffler is introduced to randomly permute the data, which have already been randomized by the users, before they reach the analyzer. The most appealing aspect is that while shuffling does not explicitly add more noise to the data, it can make privacy better. The privacy amplification effect in consequence means the users need to add less noise to the data than in the local DP model, but can achieve the same level of differential privacy. Thus, protocols in the shuffle model can provide better accuracy than those in the local DP model. What looks interesting to us is that the architecture of the shuffle model is similar to private aggregation, which has been studied for more than a decade. In private aggregation, locally randomized user data are aggregated by an intermediate untrusted aggregator. Thus, our question is whether aggregation also exhibits some sort of privacy amplification effect? And if so, how good is this "aggregation model" in comparison with the shuffle model. We conducted the first comparative study between the two, covering privacy amplification, functionalities, protocol accuracy, and practicality. The results as yet suggest that the new shuffle model does not have obvious advantages over the old aggregation model. On the contrary, protocols in the aggregation model outperform those in the shuffle model, sometimes significantly, in many aspects.

computer science, theory & methods,engineering, electrical & electronic

Xijian Xu,Jun Wu,Ali Kashif Bashir,Marwan Omar

DOI: https://doi.org/10.1109/tce.2024.3361690

2024-01-01

IEEE Transactions on Consumer Electronics

Abstract:In the next generation of consumer electronics, bitcoin mixing scheme is an essential part to realize decentralized anonymous payment. However, there are still some challenges in existing decentralized schemes. First, existing schemes necessitate broadcast of sensitive information for group construction and lack of machine learning models to make assisted decisions. Second, these schemes fall short in verification of consumers’ integrity prior to their admission. Last but not least, the decentralized protocols tend to lack robust mechanisms for protecting the details of transactions during negotiations. To address the above challenges, this paper proposes a machine learning and zero knowledge empowered trustworthy bitcoin mixing for next-G consumer electronics payment to enhance consumer privacy and transaction details protection. Specifically, we design a mechanism based on zk-SNARKs for verifiable proofs to preserve privacy. Moreover, we construct a model based on machine learning to assist in decision making and verify the integrity by Pedersen commitments. Finally, proposed scheme refines an approach to guard transaction details during negotiations. The experiment demonstrates our approach offers enhanced efficiency and anonymity assurances without sacrificing performance.

telecommunications,engineering, electrical & electronic