一種匿名可撤銷的比特幣混淆方案

李雪蓮; 王海玉; 高軍濤; 李偉

doi:10.11999/JEIT180874

一種匿名可撤銷的比特幣混淆方案

doi: 10.11999/JEIT180874

1.
西安電子科技大學(xué)數(shù)學(xué)與統(tǒng)計(jì)學(xué)院 ??西安 ??710071
2.
西安電子科技大學(xué)通信工程學(xué)院 ??西安 ??710071

基金項(xiàng)目: 國(guó)家重點(diǎn)研發(fā)計(jì)劃(2016YFB0800601)，國(guó)家自然科學(xué)基金(61303217, 61502372)

詳細(xì)信息

作者簡(jiǎn)介:
李雪蓮：女，1979年生，副教授，研究方向?yàn)橛邢抻蚣捌湓诿艽a學(xué)中的應(yīng)用

王海玉：女，1994年生，碩士生，研究方向?yàn)榉植际叫畔⑾到y(tǒng)安全，密碼貨幣

高軍濤：男，1979年生，副教授，研究方向?yàn)槊艽a學(xué)和信息安全，包括區(qū)塊鏈的安全性分析

李偉：男，1992年生，碩士生，研究方向?yàn)槲锫?lián)網(wǎng)及認(rèn)證加密

通訊作者:
李雪蓮　xuelian202@163.com

中圖分類號(hào): TN918
計(jì)量
- 文章訪問(wèn)數(shù): 3824
- HTML全文瀏覽量: 1568
- PDF下載量: 103
- 被引次數(shù): 0
出版歷程
- 收稿日期: 2018-09-07
- 修回日期: 2018-12-09
- 網(wǎng)絡(luò)出版日期: 2019-02-26
- 刊出日期: 2019-08-01

Anonymous Revocation Scheme for Bitcoin Confusion

1.
School of Mathematics and Statistics, Xidian University, Xi’an 710071, China
2.
School of Telecommunications engineering, Xidian University, Xi’an 710071, China

Funds: The Nation Key Research and Development Program of China (2016YFB0800601), The National Natural Science Foundation of China (61303217, 61502372)

摘要

摘要: 為解決用戶在混幣過(guò)程中無(wú)法請(qǐng)求退出的問(wèn)題，該文提出一種支持用戶匿名撤銷混幣的方案。采用承諾技術(shù)將用戶和其目的地址進(jìn)行綁定；當(dāng)用戶請(qǐng)求退出混洗服務(wù)時(shí)，利用累加器和知識(shí)簽名對(duì)承諾進(jìn)行零知識(shí)證明。最后將撤銷用戶的混淆輸出地址修改為其指定的目的地址。安全性分析表明，該方案基于雙離散對(duì)數(shù)問(wèn)題和強(qiáng)RSA假設(shè)滿足退群用戶匿名性，且不用修改當(dāng)前比特幣系統(tǒng)即可實(shí)施。在n(n≥10)個(gè)誠(chéng)實(shí)用戶參與的混淆過(guò)程中，方案允許至多n–2個(gè)用戶退出混幣操作。
- 隱私保護(hù) /
- 比特幣混淆 /
- 可撤銷
Abstract: In order to solve the problem that users can not request to exit during the bitcoin confusion process, an anonymous revocation scheme for Bitcoin confusion is proposed. The commitment is used to bind the user with its destination address. When the user requests to quit the shuffle service, a zero-knowledge proof of the commitment is made using the accumulator and the signatures of knowledge. Finally, the shuffled output address of the user who quits the service is modified to its destination address. Security analysis shows that the scheme satisfies the anonymity of the user who quits the service based on the double discrete logarithm problem and the strong RSA assumption, and can be implemented without modifying the current bitcoin system. The scheme allows at most n–2 users to exit in the confusion process of n (n≥10) honest users participation.
- Privacy protection /
- Bitcoin confusion /
- Revocable

HTML全文

圖 1 系統(tǒng)模型

下載: 全尺寸圖片幻燈片

圖 2 方案流程

下載: 全尺寸圖片幻燈片

表 1 不同方案性能比較

方案	抗主動(dòng)/被動(dòng)攻擊	退出混洗	兼容比特幣系統(tǒng)	懲罰恢復(fù)機(jī)制	身份隱私	交易金額隱私
Coinjoin^[3]	抗被動(dòng)攻擊	×	√	×	√	×
Mixcoin^[4]	抗被動(dòng)攻擊	×	√	×	√	×
TumbleBit^[5]	抗被動(dòng)攻擊	×	√	√	√	×
CoinShuffle^[6]	抗被動(dòng)攻擊	×	√	×	√	×
CoinShuffle++^[8]	抗被動(dòng)攻擊	×	√	×	√	×
CoinParty^[10]	抗被動(dòng)攻擊	×	√	√	√	×
ZeroCoin^[14]	均抗	×	×	×	√	×
SecureCoin^[17]	抗被動(dòng)攻擊	×	√	√	√	×
CoinExit	均抗	√	√	√	√	×

下載: 導(dǎo)出CSV

表 2 不同方案理論執(zhí)行時(shí)間對(duì)比

方案	加密	模乘	模指數(shù)	哈希	橢圓曲線上的點(diǎn)乘
CoinParty^[10]	${\left( {{n^2}} \right)_{\nu \left( E \right)}}$	${\left( {8n} \right)_{\nu \left( m \right)}}$	${\left( {4n} \right)_{\nu \left( M \right)}}$	${\left( {4n} \right)_{\nu \left( H \right)}}$	${\left( {10n} \right)_{\nu \left( R \right)}}$
ZeroCoin^[14]	0	${\left( {9n} \right)_{\nu \left( m \right)}}$	${\left( {12n} \right)_{\nu \left( M \right)}}$	${\left( n \right)_{\nu \left( H \right)}}$	0
CoinExit	${\left( {2{n^2}} \right)_{\nu \left( E \right)}}$	${\left( {11n} \right)_{\nu \left( m \right)}}$	${\left( {17n} \right)_{\nu \left( M \right)}}$	${\left( {2n} \right)_{\nu \left( H \right)}}$	${\left( {5n} \right)_{\nu \left( R \right)}}$

下載: 導(dǎo)出CSV

表 3 不同方案執(zhí)行時(shí)間對(duì)比(ms)

方案	模乘	模指數(shù)	哈希	橢圓曲線上的點(diǎn)乘	總運(yùn)行時(shí)間
CoinParty^[10]	0.48	1452.48	35.28	26800.00	26288.24
ZeroCoin^[14]	0.54	4357.44	8.82	0.00	4366.80
CoinExit	0.66	6173.04	17.64	13400.00	19591.34

下載: 導(dǎo)出CSV

參考文獻(xiàn)(19)

秦波, 陳李昌豪, 伍前紅, 等. 比特幣與法定數(shù)字貨幣[J]. 密碼學(xué)報(bào), 2017, 4(2): 176–186. doi: 10.13868/j.cnki.jcr.000172

QIN Bo, CHEN Lichanghao, WU Qianhong, et al. Bitcoin and digital fiat currency[J]. Journal of Cryptologic Research, 2017, 4(2): 176–186. doi: 10.13868/j.cnki.jcr.000172

KHALILOV M C K and LEVI A. A survey on anonymity and privacy in bitcoin-like digital cash systems[J]. IEEE Communications Surveys & Tutorials, 2018, 20(4): 2543–2585. doi: 10.1109/COMST.2018.2818623

MAXWELL G. CoinJoin: Bitcoin privacy for the real world[EB/OL]. https://en.bitcoin.it/wiki/CoinJoin, 2019.

BONNEAU J, NARAYANAN A, MILLER A, et al. Mixcoin: Anonymity for Bitcoin with accountable mixes[C]. The 18th International Conference on Financial Cryptography and Data Security, Christ Church, Barbados, 2014: 486–504.

HEILMAN E, ALSHENIBR L, BALDIMTSI F, et al. TumbleBit: An untrusted bitcoin-compatible anonymous payment hub[C]. Network and Distributed System Security Symposium, San Diego, California, 2017.

RUFFING T, MORENO-SANCHEZ P, and KATE A. CoinShuffle: Practical decentralized coin mixing for bitcoin[C]. The 19th European Symposium on Research in Computer Security, Wroclaw, Poland, 2014: 345–364.

MEIKLEJOHN S, POMAROLE M, JORDAN G, et al. A fistful of bitcoins: Characterizing payments among men with no names[C]. The 2013 Association for Computing Machinery Conference on Internet Measurement Conference, Barcelona, Spain, 2013: 127–140.

RUFFING T, MORENO-SANCHEZ P, and KATE A. P2P mixing and unlinkable Bitcoin transactions[C]. Network and Distributed System Security Symposium, San Diego, California, 2017.

ZIEGELDORF J H, GROSSMANN F, HENZE M, et al. CoinParty: Secure multi-party mixing of bitcoins[C]. The 5th Association for Computing Machinery Conference on Data and Application Security and Privacy, San Antonio, USA, 2015: 75–86.

ZIEGELDORF J H, MATZUTT R, HENZE M, et al. Secure and anonymous decentralized Bitcoin mixing[J]. Future Generation Computer Systems, 2018, 80: 448–466. doi: 10.1016/j.future.2016.05.018

張衛(wèi)國(guó), 孫嫚, 陳振華, 等. 空間位置關(guān)系的安全多方計(jì)算及其應(yīng)用[J]. 電子與信息學(xué)報(bào), 2016, 38(9): 2294–2300. doi: 10.11999/JEIT160102

ZHANG Weiguo, SUN Man, CHEN Zhenhua, et al. Secure multi-party computation of spatial relationship and its application[J]. Journal of Electronics &Information Technology, 2016, 38(9): 2294–2300. doi: 10.11999/JEIT160102

SAXENA A, MISRA J, and DHAR A. Increasing anonymity in Bitcoin[C]. International Conference on Financial Cryptography and Data Security, Christ Church, Barbados, 2014: 122–139.

CHURYUMOV A. Byteball: A decentralized system for storage and transfer of value[EB/OL]. https://byteball.org/Byteball.pdf, 2018.

MIERS I, GARMAN C, GREEN M, et al. Zerocoin: Anonymous distributed E-cash from bitcoin[C]. 2013 IEEE Symposium on Security and Privacy, Berkeley, USA, 2013: 397–411.

CAMENISCH J and LYSYANSKAYA A. Dynamic accumulators and application to efficient revocation of anonymous credentials[C]. The 22nd Annual International Cryptology Conference on Advances in Cryptology, California, USA, 2002: 61–76.

CHASE M and LYSYANSKAYA A. On signatures of knowledge[C]. Annual International Cryptology Conference on Advances in Cryptology, Santa Barbara, California, USA, 2006: 78–96.

IBRAHIM M H. SecureCoin: A robust secure and efficient protocol for anonymous Bitcoin ecosystem[J]. International Journal of Network Security, 2017, 19(2): 295–312. doi: 10.6633/IJNS.201703.19(2).14

SUN Shifeng, AU M H, LIU J K, et al. RingCT 2.0: A compact accumulator-based (linkable ring signature) protocol for blockchain cryptocurrency monero[C]. The 22nd European Symposium on Research in Computer Security, Oslo, Norway, 2017: 456–474.

CORRIGAN-GIBBS H, BONEH D, and MAZIèRES D. Riposte: An anonymous messaging system handling millions of users[C]. IEEE Symposium on Security and Privacy, San Jose, USA, 2015: 321–338.

相關(guān)文章

施引文獻(xiàn)

資源附件(0)

訪問(wèn)統(tǒng)計(jì)