Security Analysis of Accountable Anonymity in Dissent

Syta, Ewa; Corrigan-Gibbs, Henry; Weng, Shu-Chun; Wolinsky, David Isaac; Ford, Bryan; Johnson, Aaron M.

doi:10.1145/2629621

Cited by 13 publications

(13 citation statements)

References 65 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A Generic Attack on P2P Mixing Protocols: As our fourth contribution, we present a deanonymization attack on existing P2P mixing protocols that guarantee termination in the presence of disruptive peers. We exemplify the attack on the Dissent shuffle protocol [23], [56] and then generalize the attack to demonstrate that no P2P mixing protocol simultaneously supports arbitrary input messages, provides anonymity, and terminates in the presence of disruptive peers.…”

Section: )mentioning

confidence: 99%

“…An important guarantee provided by DiceMix is that if a protocol run fails, the honest peers agree on the set of malicious peers to be excluded. Although this is critical for termination, this aspect has not been properly formalized or addressed in some previous P2P mixing protocols supposed to ensure termination [23], [53], [56].…”

Section: ) Consistent Detection Of Disruptionmentioning

confidence: 99%

“…We illustrate the attack on the Dissent shuffle protocol [23], [56]. 5 In the last communication round of the Dissent shuffle protocol, every peer publishes a decryption key.…”

Section: A Example: a Deanonymization Attack On Dissentmentioning

confidence: 99%

“…2) DiceMix Protocol: Although some DC-net successors [31], [42] as well as some anonymous group messaging systems [23], [53], [56] satisfy the P2P mixing requirements, we found those to be too inefficient for large-scale mixing. As our second contribution, we present the new P2P mixing protocol DiceMix, which builds on the original DC-net protocol.…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

P2P Mixing and Unlinkable Bitcoin Transactions

Ruffing

Moreno-Sanchez

Kate

2017

Proceedings 2017 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

Starting with Dining Cryptographers networks (DC-nets), several peer-to-peer (P2P) anonymous communication protocols have been proposed. However, despite their strong anonymity guarantees, none of them have been employed in practice so far: Most protocols fail to simultaneously address the crucial problems of slot collisions and disruption by malicious peers, while the remaining ones handle f malicious peers with O(f 2) communication rounds. We conceptualize these P2P anonymous communication protocols as P2P mixing, and present a novel P2P mixing protocol, DiceMix, that needs only four communication rounds in the best case, and 4 + 2f rounds in the worst case with f malicious peers. As every individual malicious peer can force a restart of a P2P mixing protocol by simply omitting his messages, we find DiceMix with its worst-case complexity of O(f) rounds to be an optimal P2P mixing solution. On the application side, we employ DiceMix to improve anonymity in crypto-currencies such as Bitcoin. The public verifiability of their pseudonymous transactions through publicly available ledgers (or blockchains) makes these systems highly vulnerable to a variety of linkability and deanonymization attacks. We use DiceMix to define CoinShuffle++, a coin mixing protocol that enables pseudonymous peers to perform unlinkable transactions in a manner fully compatible with the current Bitcoin system. Moreover, we demonstrate the efficiency of our protocols with a proof-of-concept implementation. In our evaluation, DiceMix requires less than eight seconds to mix 50 messages (160 bits, i.e., Bitcoin addresses), while the best protocol in the literature requires almost three minutes in the same setting. Finally, we present a deanonymization attack on existing P2P mixing protocols that guarantee termination in the presence of disruptive peers. We generalize the attack to demonstrate that no P2P mixing protocol simultaneously supports arbitrary input messages, provides anonymity, and terminates in the presence of disruptive peers. DiceMix resists this attack by requiring fresh input messages, e.g., cryptographic keys never used before.

show abstract

Section: )mentioning

confidence: 99%

Section: ) Consistent Detection Of Disruptionmentioning

confidence: 99%

“…We illustrate the attack on the Dissent shuffle protocol [23], [56]. 5 In the last communication round of the Dissent shuffle protocol, every peer publishes a decryption key.…”

Section: A Example: a Deanonymization Attack On Dissentmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

P2P Mixing and Unlinkable Bitcoin Transactions

Ruffing

Moreno-Sanchez

Kate

2017

Proceedings 2017 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

show abstract

“…Dissent builds on anonymity primitives that have formal security proofs in a model where the attacker is assumed to monitor all network traffic sent among all participating nodes but cannot break the encryption. We have extended these formal security proofs to cover the first version of the full Dissent protocol [21], and formal analysis of subsequent versions is in progress. Although verifiable shuffles differ from DC-nets in their details, both approaches share one key property that enables formal anonymity proofs: All participants act collectively under a common "control plane" rather than individually as in an ad hoc OR system.…”

Section: Global Traffic Analysismentioning

confidence: 99%