一種匿名可撤銷的比特幣混淆方案

李雪蓮; 王海玉; 高軍濤; 李偉

doi:10.11999/JEIT180874

一種匿名可撤銷的比特幣混淆方案

doi: 10.11999/JEIT180874 cstr: 32379.14.JEIT180874

1.
西安電子科技大學數(shù)學與統(tǒng)計學院 ??西安 ??710071
2.
西安電子科技大學通信工程學院 ??西安 ??710071

基金項目: 國家重點研發(fā)計劃(2016YFB0800601)，國家自然科學基金(61303217, 61502372)

詳細信息

作者簡介:
李雪蓮：女，1979年生，副教授，研究方向為有限域及其在密碼學中的應用

王海玉：女，1994年生，碩士生，研究方向為分布式信息系統(tǒng)安全，密碼貨幣

高軍濤：男，1979年生，副教授，研究方向為密碼學和信息安全，包括區(qū)塊鏈的安全性分析

李偉：男，1992年生，碩士生，研究方向為物聯(lián)網(wǎng)及認證加密

通訊作者:
李雪蓮　xuelian202@163.com

中圖分類號: TN918
計量
- 文章訪問數(shù): 3873
- HTML全文瀏覽量: 1593
- PDF下載量: 104
- 被引次數(shù): 0
出版歷程
- 收稿日期: 2018-09-07
- 修回日期: 2018-12-09
- 網(wǎng)絡出版日期: 2019-02-26
- 刊出日期: 2019-08-01

Anonymous Revocation Scheme for Bitcoin Confusion

1.
School of Mathematics and Statistics, Xidian University, Xi’an 710071, China
2.
School of Telecommunications engineering, Xidian University, Xi’an 710071, China

Funds: The Nation Key Research and Development Program of China (2016YFB0800601), The National Natural Science Foundation of China (61303217, 61502372)

摘要

摘要: 為解決用戶在混幣過程中無法請求退出的問題，該文提出一種支持用戶匿名撤銷混幣的方案。采用承諾技術將用戶和其目的地址進行綁定；當用戶請求退出混洗服務時，利用累加器和知識簽名對承諾進行零知識證明。最后將撤銷用戶的混淆輸出地址修改為其指定的目的地址。安全性分析表明，該方案基于雙離散對數(shù)問題和強RSA假設滿足退群用戶匿名性，且不用修改當前比特幣系統(tǒng)即可實施。在n(n≥10)個誠實用戶參與的混淆過程中，方案允許至多n–2個用戶退出混幣操作。
- 隱私保護 /
- 比特幣混淆 /
- 可撤銷
Abstract: In order to solve the problem that users can not request to exit during the bitcoin confusion process, an anonymous revocation scheme for Bitcoin confusion is proposed. The commitment is used to bind the user with its destination address. When the user requests to quit the shuffle service, a zero-knowledge proof of the commitment is made using the accumulator and the signatures of knowledge. Finally, the shuffled output address of the user who quits the service is modified to its destination address. Security analysis shows that the scheme satisfies the anonymity of the user who quits the service based on the double discrete logarithm problem and the strong RSA assumption, and can be implemented without modifying the current bitcoin system. The scheme allows at most n–2 users to exit in the confusion process of n (n≥10) honest users participation.
- Privacy protection /
- Bitcoin confusion /
- Revocable

HTML全文

圖 1 系統(tǒng)模型

下載: 全尺寸圖片幻燈片

圖 2 方案流程

下載: 全尺寸圖片幻燈片

表 1 不同方案性能比較

方案	抗主動/被動攻擊	退出混洗	兼容比特幣系統(tǒng)	懲罰恢復機制	身份隱私	交易金額隱私
Coinjoin^[3]	抗被動攻擊	×	√	×	√	×
Mixcoin^[4]	抗被動攻擊	×	√	×	√	×
TumbleBit^[5]	抗被動攻擊	×	√	√	√	×
CoinShuffle^[6]	抗被動攻擊	×	√	×	√	×
CoinShuffle++^[8]	抗被動攻擊	×	√	×	√	×
CoinParty^[10]	抗被動攻擊	×	√	√	√	×
ZeroCoin^[14]	均抗	×	×	×	√	×
SecureCoin^[17]	抗被動攻擊	×	√	√	√	×
CoinExit	均抗	√	√	√	√	×

下載: 導出CSV

表 2 不同方案理論執(zhí)行時間對比

方案	加密	模乘	模指數(shù)	哈希	橢圓曲線上的點乘
CoinParty^[10]	${\left( {{n^2}} \right)_{\nu \left( E \right)}}$	${\left( {8n} \right)_{\nu \left( m \right)}}$	${\left( {4n} \right)_{\nu \left( M \right)}}$	${\left( {4n} \right)_{\nu \left( H \right)}}$	${\left( {10n} \right)_{\nu \left( R \right)}}$
ZeroCoin^[14]	0	${\left( {9n} \right)_{\nu \left( m \right)}}$	${\left( {12n} \right)_{\nu \left( M \right)}}$	${\left( n \right)_{\nu \left( H \right)}}$	0
CoinExit	${\left( {2{n^2}} \right)_{\nu \left( E \right)}}$	${\left( {11n} \right)_{\nu \left( m \right)}}$	${\left( {17n} \right)_{\nu \left( M \right)}}$	${\left( {2n} \right)_{\nu \left( H \right)}}$	${\left( {5n} \right)_{\nu \left( R \right)}}$

下載: 導出CSV

表 3 不同方案執(zhí)行時間對比(ms)

方案	模乘	模指數(shù)	哈希	橢圓曲線上的點乘	總運行時間
CoinParty^[10]	0.48	1452.48	35.28	26800.00	26288.24
ZeroCoin^[14]	0.54	4357.44	8.82	0.00	4366.80
CoinExit	0.66	6173.04	17.64	13400.00	19591.34

下載: 導出CSV

參考文獻(19)

秦波, 陳李昌豪, 伍前紅, 等. 比特幣與法定數(shù)字貨幣[J]. 密碼學報, 2017, 4(2): 176–186. doi: 10.13868/j.cnki.jcr.000172

QIN Bo, CHEN Lichanghao, WU Qianhong, et al. Bitcoin and digital fiat currency[J]. Journal of Cryptologic Research, 2017, 4(2): 176–186. doi: 10.13868/j.cnki.jcr.000172

KHALILOV M C K and LEVI A. A survey on anonymity and privacy in bitcoin-like digital cash systems[J]. IEEE Communications Surveys & Tutorials, 2018, 20(4): 2543–2585. doi: 10.1109/COMST.2018.2818623

MAXWELL G. CoinJoin: Bitcoin privacy for the real world[EB/OL]. https://en.bitcoin.it/wiki/CoinJoin, 2019.

BONNEAU J, NARAYANAN A, MILLER A, et al. Mixcoin: Anonymity for Bitcoin with accountable mixes[C]. The 18th International Conference on Financial Cryptography and Data Security, Christ Church, Barbados, 2014: 486–504.

HEILMAN E, ALSHENIBR L, BALDIMTSI F, et al. TumbleBit: An untrusted bitcoin-compatible anonymous payment hub[C]. Network and Distributed System Security Symposium, San Diego, California, 2017.

RUFFING T, MORENO-SANCHEZ P, and KATE A. CoinShuffle: Practical decentralized coin mixing for bitcoin[C]. The 19th European Symposium on Research in Computer Security, Wroclaw, Poland, 2014: 345–364.

MEIKLEJOHN S, POMAROLE M, JORDAN G, et al. A fistful of bitcoins: Characterizing payments among men with no names[C]. The 2013 Association for Computing Machinery Conference on Internet Measurement Conference, Barcelona, Spain, 2013: 127–140.

RUFFING T, MORENO-SANCHEZ P, and KATE A. P2P mixing and unlinkable Bitcoin transactions[C]. Network and Distributed System Security Symposium, San Diego, California, 2017.

ZIEGELDORF J H, GROSSMANN F, HENZE M, et al. CoinParty: Secure multi-party mixing of bitcoins[C]. The 5th Association for Computing Machinery Conference on Data and Application Security and Privacy, San Antonio, USA, 2015: 75–86.

ZIEGELDORF J H, MATZUTT R, HENZE M, et al. Secure and anonymous decentralized Bitcoin mixing[J]. Future Generation Computer Systems, 2018, 80: 448–466. doi: 10.1016/j.future.2016.05.018

張衛(wèi)國, 孫嫚, 陳振華, 等. 空間位置關系的安全多方計算及其應用[J]. 電子與信息學報, 2016, 38(9): 2294–2300. doi: 10.11999/JEIT160102

ZHANG Weiguo, SUN Man, CHEN Zhenhua, et al. Secure multi-party computation of spatial relationship and its application[J]. Journal of Electronics &Information Technology, 2016, 38(9): 2294–2300. doi: 10.11999/JEIT160102

SAXENA A, MISRA J, and DHAR A. Increasing anonymity in Bitcoin[C]. International Conference on Financial Cryptography and Data Security, Christ Church, Barbados, 2014: 122–139.

CHURYUMOV A. Byteball: A decentralized system for storage and transfer of value[EB/OL]. https://byteball.org/Byteball.pdf, 2018.

MIERS I, GARMAN C, GREEN M, et al. Zerocoin: Anonymous distributed E-cash from bitcoin[C]. 2013 IEEE Symposium on Security and Privacy, Berkeley, USA, 2013: 397–411.

CAMENISCH J and LYSYANSKAYA A. Dynamic accumulators and application to efficient revocation of anonymous credentials[C]. The 22nd Annual International Cryptology Conference on Advances in Cryptology, California, USA, 2002: 61–76.

CHASE M and LYSYANSKAYA A. On signatures of knowledge[C]. Annual International Cryptology Conference on Advances in Cryptology, Santa Barbara, California, USA, 2006: 78–96.

IBRAHIM M H. SecureCoin: A robust secure and efficient protocol for anonymous Bitcoin ecosystem[J]. International Journal of Network Security, 2017, 19(2): 295–312. doi: 10.6633/IJNS.201703.19(2).14

SUN Shifeng, AU M H, LIU J K, et al. RingCT 2.0: A compact accumulator-based (linkable ring signature) protocol for blockchain cryptocurrency monero[C]. The 22nd European Symposium on Research in Computer Security, Oslo, Norway, 2017: 456–474.

CORRIGAN-GIBBS H, BONEH D, and MAZIèRES D. Riposte: An anonymous messaging system handling millions of users[C]. IEEE Symposium on Security and Privacy, San Jose, USA, 2015: 321–338.

施引文獻

資源附件(0)

訪問統(tǒng)計