Conference Paper

POSTER: I Don't Want That Content! On the Risks of Exploiting Bitcoin's Blockchain as a Content Store

Authors:
To read the full-text of this research, you can request a copy directly from the authors.

Abstract

Bitcoin has revolutionized digital currencies and its underlying blockchain has been successfully applied to other domains. To be verifiable by every participating peer, the blockchain maintains every transaction in a persistent, distributed, and tamper-proof log that every participant needs to replicate locally. While this constitutes the central innovation of blockchain technology and is thus a desired property, it can also be abused in ways that are harmful to the overall system. We show for Bitcoin that blockchains potentially provide multiple ways to store (malicious and illegal) content that, once stored, cannot be removed and is replicated by every participating user. We study the evolution of content storage in Bitcoin’s blockchain, classify the stored content, and highlight implications of allowing the storage of arbitrary data in globally replicated blockchains.

No full-text available

Request Full-text Paper PDF

To read the full-text of this research,
you can request a copy directly from the authors.

... data storage [11]- [13] has put a permanent burden onto the system and its users, as (a) such misuse typically bloats the set of unspent transaction outputs (UTXO set) with entries that are never spendable and (b) objectionable content can irrevocably be engraved into the blockchain and is subsequently distributed to all nodes [14]. Large blockchain sizes and the presence of objectionable blockchain content cause individual nodes to prune older blockchain data [15], i.e., older payment flows that have been superseded by newer ones, or locally erase UTXOs that hold unwanted content [16] at the cost of becoming dependent on other nodes for transaction validation. ...
... Other works that consider blockchain data management include analyses of blockchain data [11]- [13], [29], [51]- [53] and the UTXO set [54], lightweight payment schemes [55], [56], approaches to prevent illicit content from being engraved into the blockchain [14], [16], [57]- [60], and sharding approaches [61]- [63]. In the following, we provide pointers to cover the research perspectives for this further related work. ...
... Higher-level data semantics were the subject of further analyses. After Shirriff [68] highlighted the presence of non-financial blockchain content hidden within transactions, Matzutt et al. [11], [12] further formalized this aspect with a quantitative content analysis with a focus on potentially objectionable content on Bitcoin's blockchain. Sward et al. [13] concurrently investigated more sophisticated content insertion methods. ...
Preprint
Popular cryptocurrencies continue to face serious scalability issues due to their ever-growing blockchains. Thus, modern blockchain designs began to prune old blocks and rely on recent snapshots for their bootstrapping processes instead. Unfortunately, established systems are often considered incapable of adopting these improvements. In this work, we present CoinPrune, our block-pruning scheme with full Bitcoin compatibility, to revise this popular belief. CoinPrune bootstraps joining nodes via snapshots that are periodically created from Bitcoin's set of unspent transaction outputs (UTXO set). Our scheme establishes trust in these snapshots by relying on CoinPrune-supporting miners to mutually reaffirm a snapshot's correctness on the blockchain. This way, snapshots remain trustworthy even if adversaries attempt to tamper with them. Our scheme maintains its retrospective deployability by relying on positive feedback only, i.e., blocks containing invalid reaffirmations are not rejected, but invalid reaffirmations are outpaced by the benign ones created by an honest majority among CoinPrune-supporting miners. Already today, CoinPrune reduces the storage requirements for Bitcoin nodes by two orders of magnitude, as joining nodes need to fetch and process only 6 GiB instead of 271 GiB of data in our evaluation, reducing the synchronization time of powerful devices from currently 7 h to 51 min, with even larger potential drops for less powerful devices. CoinPrune is further aware of higher-level application data, i.e., it conserves otherwise pruned application data and allows nodes to obfuscate objectionable and potentially illegal blockchain content from their UTXO set and the snapshots they distribute.
... data storage [11]- [13] has put a permanent burden onto the system and its users, as (a) such misuse typically bloats the set of unspent transaction outputs (UTXO set) with entries that are never spendable and (b) objectionable content can irrevocably be engraved into the blockchain and is subsequently distributed to all nodes [14]. Large blockchain sizes and the presence of objectionable blockchain content cause individual nodes to prune older blockchain data [15], i.e., older payment flows that have been superseded by newer ones, or locally erase UTXOs that hold unwanted content [16] at the cost of becoming dependent on other nodes for transaction validation. ...
... Other works that consider blockchain data management include analyses of blockchain data [11]- [13], [29], [51]- [53] and the UTXO set [54], lightweight payment schemes [55], [56], approaches to prevent illicit content from being engraved into the blockchain [14], [16], [57]- [60], and sharding approaches [61]- [63]. In the following, we provide pointers to cover the research perspectives for this further related work. ...
... Higher-level data semantics were the subject of further analyses. After Shirriff [68] highlighted the presence of non-financial blockchain content hidden within transactions, Matzutt et al. [11], [12] further formalized this aspect with a quantitative content analysis with a focus on potentially objectionable content on Bitcoin's blockchain. Sward et al. [13] concurrently investigated more sophisticated content insertion methods. ...
Article
Popular cryptocurrencies continue to face serious scalability issues due to their ever-growing blockchains. Thus, modern blockchain designs began to prune old blocks and rely on recent snapshots for their bootstrapping processes instead. Unfortunately, established systems are often considered incapable of adopting these improvements. In this work, we present Coin-Prune, our block-pruning scheme with full Bitcoin compatibility, to revise this popular belief. CoinPrune bootstraps joining nodes via snapshots that are periodically created from Bitcoin’s set of unspent transaction outputs (UTXO set). Our scheme establishes trust in these snapshots by relying on CoinPrune-supporting miners to mutually reaffirm a snapshot’s correctness on the blockchain. This way, snapshots remain trustworthy even if adversaries attempt to tamper with them. Our scheme maintains its retrospective deployability by relying on positive feedback only, i.e., blocks containing invalid reaffirmations are not rejected, but invalid reaffirmations are outpaced by the benign ones created by an honest majority among CoinPrune-supporting miners. Already today, CoinPrune reduces the storage requirements for Bitcoin nodes by two orders of magnitude, as joining nodes need to fetch and process only 6GiB instead of 271GiB of data in our evaluation, reducing the synchronization time of powerful devices from currently 7 h to 51min, with even larger potential drops for less powerful devices. CoinPrune is further aware of higher-level application data, i.e., it conserves otherwise pruned application data and allows nodes to obfuscate objectionable and potentially illegal blockchain content from their UTXO set and the snapshots they distribute.
... However, Bitcoin's reference client only accepts standard transactions based on the standard scripts. Matzutt et al. [11] identify approximately 290,000 nonstandard transactions in Bitcoin's blockchain until July 2016, almost all of which are OP Return transactions with an empty payload. Only 132 are non-standard transactions that do not use standard script templates. ...
... Consequently, spending this output in a subsequent transaction requires the input script to satisfy the conditions of the previous output script. Output scripts relate to signing transactions, so that an input script allows a miner to verify that the sender is also the owner of the respective BTC [11]. ...
... This accelerated its acceptance by Bitcoin miners. Furthermore, unlike other methods, OP Return transactions do not require the sender to burn BTC valued higher than "dust" 11 [11,16]. That is, the amount of Bitcoin associated with the output of the OP Return transaction can be small or even zero. ...
Article
Full-text available
Bitcoin has always been used to store arbitrary data, particularly since Bitcoin Core developers added a dedicated method for data storage in 2014: the OP Return operator. This paper provides an in-depth analysis of all OP Return transactions published on Bitcoin between September 14, 2018, and December 31, 2019. The 32.4 million OP Return transactions (22% of all Bitcoin transactions) published during this period added 10 GB to the blockchain’s size. Almost all OP Return transactions can be attributed to one of 37 blockchain services. The two dominant services are Veriblock (58% of OP Return transactions) and Omni/Tether (40%). Veriblock transactions pay only 14% of the average transaction fee, partly because most of them are submitted during times when overall activity on Bitcoin is low. Omni transactions, on the other hand, pay more than twice the average transaction fee and therefore compete with regular Bitcoin transactions for inclusion in new blocks.
... Consequently, spending this output in a subsequent transaction requires the input script to satisfy the conditions of the previous output script. Output scripts relate to signing transactions, so that an input script allows a miner to verify that the sender is also the owner of the respective BTC (Matzutt et al., 2016). ...
... However, Bitcoin's reference client only accepts standard transactions based on the standard scripts. Matzutt et al. (2016) the version release specifies that the introduction of the OP Return operator is not an endorsement for storing data on Bitcoin's blockchain, its recognition in the reference client is most likely a reaction to the increasing activity of storing arbitrary data on the blockchain using various inefficient methods Antonopoulos (2016). 9 ...
... This accelerated its acceptance by Bitcoin miners. Furthermore, unlike other methods, OP Return transactions do not require the sender to burn BTC valued higher than "dust" 11 (Matzutt et al., 2016;Sward et al., 2018). That is, the amount of Bitcoin associated with the output of the OP Return transaction can be small or even zero. ...
Preprint
Bitcoin has always been used to store arbitrary data, particularly since Bitcoin Core developers added a dedicated method for data storage in 2014: the OP Return operator. This paper provides an in-depth analysis of all OP Return transactions published on Bitcoin between September 14, 2018, and December 31, 2019. The 32.4 million OP Return transactions (22% of all Bitcoin transactions) published during this period added 10 GB to the blockchain's size. Almost all OP Return transactions can be attributed to one of 37 blockchain services. The two dominant services are Veriblock (58% of OP Return transactions) and Omni/Tether (40%). Veriblock transactions pay only 14% of the average transaction fee, partly because most of them are submitted during times when overall activity on Bitcoin is low. Omni transactions, on the other hand, pay more than twice the average transaction fee and therefore compete with regular Bitcoin transactions for inclusion in new blocks.
... However, since all Bitcoin participants maintain a complete local copy of the blockchain (e.g., to ensure correctness of blockchain updates and to bootstrap new users), these desired and vital features put all users at risk when objectionable content is irrevocably stored on the blockchain. This risk potential is exemplified by the (mis)use of Bitcoin's blockchain as an anonymous and irrevocable content store [40,56,35]. In this paper, we systematically analyse non-financial content on Bitcoin's blockchain. ...
... content considered illegal in di↵erent jurisdictions. Subsequently and in contrast to related work [56,40,12], we quantify and discuss unintended blockchain content w.r.t. the wide range of insertion methods. We believe that objectionable blockchain content is a pressuring issue despite potential benefits and hope to stimulate research to mitigate the resulting risks for novel as well as existing systems such as Bitcoin. ...
... As we discuss in the following, each insertion method has distinguishing benefits: OP RETURN. Augmenting transactions with short pieces of arbitrary data is beneficial for a wide area of applications [40,12,62]. Di↵erent services use OP RETURN to link non-financial assets, e.g., vouchers, to Bitcoin's blockchain [40,12], to attest the existence of digital documents at a certain point of time as a digital notary service [58,50,12], to realize distributed digital rights management [70,12], or to create non-equivocation logs [62,8]. ...
Chapter
Blockchains primarily enable credible accounting of digital events, e.g., money transfers in cryptocurrencies. However, beyond this original purpose, blockchains also irrevocably record arbitrary data, ranging from short messages to pictures. This does not come without risk for users as each participant has to locally replicate the complete blockchain, particularly including potentially harmful content. We provide the first systematic analysis of the benefits and threats of arbitrary blockchain content. Our analysis shows that certain content, e.g., illegal pornography, can render the mere possession of a blockchain illegal. Based on these insights, we conduct a thorough quantitative and qualitative analysis of unintended content on Bitcoin’s blockchain. Although most data originates from benign extensions to Bitcoin’s protocol, our analysis reveals more than 1600 files on the blockchain, over 99% of which are texts or images. Among these files there is clearly objectionable content such as links to child pornography, which is distributed to all Bitcoin participants. With our analysis, we thus highlight the importance for future blockchain designs to address the possibility of unintended data insertion and protect blockchain users accordingly.
... Current research focuses on blockchain-based storage covert channels. Common carriers of blockchain-based covert storage channels are special fields for on-chain transactions, including the coinbase transaction of Bitcoin [14,15], custom storage fields [16][17][18], input/output addresses [19][20][21], and digital signatures [22][23][24]. However, these fields often exhibit distinct formats and characteristics [25], leading to noticeable discrepancies between fields containing secret information and normal ones, which in turn diminishes the stealthiness of the model. ...
Article
Full-text available
With the widespread adoption of blockchain technology, its public ledger characteristic enhances transaction transparency but also amplifies the risk of privacy breaches. Attackers can infer users’ real identities and behaviors by analyzing public transaction patterns and address relationships, posing a severe threat to users’ privacy and security, and thus hindering further advancements in blockchain applications. To address this challenge, covert communication has emerged as an effective strategy for safeguarding the privacy of blockchain users and preventing information leakage. But existing blockchain-based covert communication schemes rely solely on the immutability of blockchain itself for robustness and suffer from low transmission efficiency. To tackle these issues, this paper proposes a stealthy communication model with blockchain smart contract for bidding systems. The model initiates by preprocessing sensitive information using a secret-sharing algorithm-the Shamir (t, n) threshold scheme-and subsequently embeds this information into bidding amounts, facilitating the covert transfer of sensitive data. We implemented and deployed this model on the Ethereum platform and conducted comprehensive performance evaluations. To assess the stealthiness of our approach, we employed a suite of statistical tests including the CDF, the Kolmogorov–Smirnov test, Welch’s t-test and K–L divergence. These analyses confirmed that amounts carrying concealed information were statistically indistinguishable from regular transactions, thus validating the effectiveness of our solution in maintaining the anonymity and confidentiality of information transmission within the blockchain ecosystem.
... In addition to the trustworthy digital payments offered by cryptocurrencies, these applications store nonfinancial on the blockchain, i.e., they make use of smart contracts or augment Bitcoin transactions with arbitrary data. However, allowing any user to irrevocably store arbitrary data on the blockchain and distribute that data across the Bitcoin network also has notable downsides, especially if objectionable or even illegal content is added [32,40,42,47]. Consequently, nonfinancial blockchain content has both a great potential and a great inherent risk of misuse. ...
Chapter
Augmenting public blockchains with arbitrary, nonfinancial content fuels novel applications that facilitate the interactions between mutually distrusting parties. However, new risks emerge at the same time when illegal content is added. This chapter thus provides a holistic overview of the risks of content insertion as well as proposed countermeasures. We first establish a simple framework for how content is added to the blockchain and subsequently distributed across the blockchain’s underlying peer-to-peer network. We then discuss technical as well as legal implications of this form of content distribution and give a systematic overview of basic methods and high-level services for inserting arbitrary blockchain content. Afterward, we assess to which extent these methods and services have been used in the past on the blockchains of Bitcoin Core, Bitcoin Cash, and Bitcoin SV, respectively. Based on this assessment of the current state of (unwanted) blockchain content, we discuss (a) countermeasures to mitigate its insertion, (b) how pruning blockchains relates to this issue, and (c) how strategically weakening the otherwise desired immutability of a blockchain allows for redacting objectionable content. We conclude this chapter by identifying future research directions in the domain of blockchain content insertion.
... Despite all its advantages, blockchain systems still suffer from significant scalability issues, such as low transaction throughput, significant payment verification delays [13], and, most crucially, ever-growing blockchain sizes (In July 2022, Bitcoin measured 404.6 GiB in size, with a 343 byte average transaction size). The unexpected massive use of the Bitcoin blockchain [30], [22] has also placed an ongoing burden on the system. What further complicates matters is that the unspent transaction outputs (UTXO set) are frequently bloated with entries that are never spendable. ...
... In 2014, Spagnuolo [8] proposed a modular framework called Bitlodine for identifying blockchain, investigating CryptoLocker ransomware, and accurately quantifying the amount of ransom paid and victim information. In 2016, Matzutt [9] identified and analyzed the data stored in the blockchain, classified various contents, and found some illegal information. In 2018, based on previous research, Matzutt [10] identified blockchain fund transfers and uploaded illegal content and found that in more than 1600 documents, most of them were text or images, and these documents had obvious illegal content. ...
Article
Full-text available
Malicious users can upload illegal data to the blockchain to spread it, resulting in serious threats due to the tamper-proof characteristics of the blockchain. However, the existing methods for uploading illegal data identification cannot select trust nodes and ensure the credibility of the identification results, leading to a decrease in the credibility of the methods. To solve the problem, this paper proposes a blockchain-based trust model for uploading illegal data identification. The trust model mainly has the following two core modules: Reputation-based random selection algorithm (RBRSA) and incentive mechanism. By assigning reputation attributes to nodes, the proposed RBRSA will select nodes according to reputation values. RBRSA favors the nodes with high reputation value to ensure the randomness and credibility of the identification nodes. The incentive mechanism is designed to ensure the credibility of the identification results through the credibility analysis of the model based on game theory and Nash equilibrium. Identification nodes that identify illegal data correctly will obtain incentives. In order to obtain a higher income, the identification nodes must identify illegal data correctly. Credibility analysis and comparative experiments show that the probability of selecting credible nodes by RBRSA is up to 23% higher than the random selection algorithm. The probability of selecting the nodes with a reputation value of 20 by RBRSA is 27% lower than the random selection algorithm; that is, the probability that RBRSA selects untrusted nodes is lower. Therefore, the nodes selected by RBRSA have superior credibility compared with other methods. In terms of the effect of the incentive mechanism, the incentive mechanism can encourage nodes to identify data credibly and improve the credibility of identification results. All in all, the trusted model has higher credibility than other methods.
... Full nodes on a blockchain network are required to store the entire blockchain ledger. Since the ledger is append-only, the capacity of these nodes to store the ledger will eventually be exceeded, and their storage capacity would have to be expanded to adapt [45][46][47][48][49]. ...
Article
Full-text available
Since the inception of blockchain-based cryptocurrencies, researchers have been fascinated with the idea of integrating blockchain technology into other fields, such as health and manufacturing. Despite the benefits of blockchain, which include immutability, transparency, and traceability, certain issues that limit its integration with IIoT still linger. One of these prominent problems is the storage inefficiency of the blockchain. Due to the append-only nature of the blockchain, the growth of the blockchain ledger inevitably leads to high storage requirements for blockchain peers. This poses a challenge for its integration with the IIoT, where high volumes of data are generated at a relatively faster rate than in applications such as financial systems. Therefore, there is a need for blockchain architectures that deal effectively with the rapid growth of the blockchain ledger. This paper discusses the problem of storage inefficiency in existing blockchain systems, how this affects their scalability, and the challenges that this poses to their integration with IIoT. This paper explores existing solutions for improving the storage efficiency of blockchain–IIoT systems, classifying these proposed solutions according to their approaches and providing insight into their effectiveness through a detailed comparative analysis and examination of their long-term sustainability. Potential directions for future research on the enhancement of storage efficiency in blockchain–IIoT systems are also discussed.
... However, blockchain rewriting is often required in practice, or even legally necessary in data regulation laws such as GDPR in Europe [4]. Since the platform is open, it is possible some users append transactions into a chain containing illicit content such as sensitive information, stolen private keys, and inappropriate videos [39,40]. The existence of illicit content in the chain could pose a challenge to law enforcement agencies like Interpol [53]. ...
Preprint
Full-text available
Blockchain rewriting with fine-grained access control allows a user to create a transaction associated with a set of attributes, while another user (or modifier) who possesses enough rewriting privileges from a trusted authority satisfying the attribute set can rewrite the transaction. However, it lacks accountability and is not designed for open blockchains that require no trust assumptions. In this work, we introduce accountable fine-grained blockchain rewriting in a permissionless setting. The property of accountability allows the modifier's identity and her rewriting privileges to be held accountable for the modified transactions in case of malicious rewriting (e.g., modify the registered content from good to bad). We first present a generic framework to secure blockchain rewriting in the permissionless setting. Second, we present an instantiation of our approach and show its practicality through evaluation analysis. Last, we demonstrate that our proof-of-concept implementation can be effectively integrated into open blockchains.
... Content Insertion in Bitcoin. There have been several works [13,35,36,42,44,45] on analysing and assessing the consequences of content insertions in public blockchains. They shed light on the distribution and the usage of such inserted data entries. ...
Preprint
Bitcoin is an immutable permissionless blockchain system that has been extensively used as a public bulletin board by many different applications that heavily relies on its immutability. However, Bitcoin's immutability is not without its fair share of demerits. Interpol exposed the existence of harmful and potentially illegal documents, images and links in the Bitcoin blockchain, and since then there have been several qualitative and quantitative analysis on the types of data currently residing in the Bitcoin blockchain. Although there is a lot of attention on blockchains, surprisingly the previous solutions proposed for data redaction in the permissionless setting are far from feasible, and require additional trust assumptions. Hence, the problem of harmful data still poses a huge challenge for law enforcement agencies like Interpol (Tziakouris, IEEE S&P'18). We propose the first efficient redactable blockchain for the permissionless setting that is easily integrable into Bitcoin, and that does not rely on heavy cryptographic tools or trust assumptions. Our protocol uses a consensus-based voting and is parameterised by a policy that dictates the requirements and constraints for the redactions; if a redaction gathers enough votes the operation is performed on the chain. As an extra feature, our protocol offers public verifiability and accountability for the redacted chain. Moreover, we provide formal security definitions and proofs showing that our protocol is secure against redactions that were not agreed by consensus. Additionally, we show the viability of our approach with a proof-of-concept implementation that shows only a tiny overhead in the chain validation of our protocol when compared to an immutable one.
... The blockchain-based solution explores how to publish the metadata files to an immutable ledger, the blockchain. While it is possible to store non-transactional data on these blockchains, it is not highly recommended for many reasons [13]. Therefore, this narrows the possibility of implementing metadata storage on blockchain to two approaches: 1) start an entirely new blockchain that supports data storage, and 2) use blockchain to store the pointer to data stored off-blockchain. ...
Article
Full-text available
It is feasible to deploy Docker containers in IoT (Internet of Things) devices because their runtime overhead is almost zero. Default Docker installation does not verify an image authenticity. Authentication is vital for users to trust that the image is not malicious or tampered with. As Docker is currently a popular choice for developers, tightening its security is a priority for system administrators and DevOps engineers. Docker recently deployed Notary as a solution to verify authenticity of their images. Notary is a viable solution, but it has some potential threats. This paper specifically addresses its vulnerability towards Denial-of-Service (DoS) attacks, and propose a potential solution: blockchain-based Decentralized Docker Trust (DDT). The proposed solution involves decentralizing the trust via a blockchain. The solution greatly reduces the risk of DoS and at the same time provides a signature verification service for Docker images. We demonstrate the proposed blockchain-based solution’s scalability and efficiency by conducting performance evaluation. At the same time, we also implemented a system prototype of Decentralized Docker Trust (DDT), and conducted performance evaluation for it on Amazon Web Services (AWS) across multiple data centers.
Article
Blockchain rewriting with fine-grained access control allows a user to create a transaction associated with a set of attributes, while a modifier who possesses sufficient rewriting privileges from a trusted authority satisfying the attribute set can anonymously rewrite the transaction. However, it lacks accountability and is not designed for open blockchains that require no centralized trust authority. In this work, we introduce accountable fine-grained blockchain rewriting in a permissionless setting. The property of accountability allows the modifier’s identity and their rewriting privileges to be held accountable for the modified transactions in case of malicious rewriting. Our contributions are three-fold. First, we present a generic framework for secure blockchain rewriting in the permissionless setting. Second, we present an instantiation of our framework and show its practicality through evaluation analysis. Last, we demonstrate that our proof-of-concept implementation can be effectively integrated into open blockchains.
Article
The immutability of blockchains makes it a critical technology for cryptocurrencies, but an imperative need arises for the redaction of on-chain data due to privacy-protecting laws like GPDR. Recently, Ateniese et al. (EuroS&P 2017) proposed an elegant solution to this problem based on chameleon hash functions, followed by many subsequent works. While these works offered a solution to the permissioned blockchain, the approaches were not efficient enough for the permissionless setting, in terms of either security (which may cause inconsistent historical transactions) or performance (only up to a few hundred nodes). In this paper, we investigate this problem and present Wolverine, a redactable permissionless blockchain. First, we present a formal redactable blockchain model, carefully considering transaction consistency. Next, towards a practical scheme, we introduce the novel concept of non-interactive chameleon hash (NITCH). NITCHs dynamically distribute a trapdoor key among a group and each party in the group can compute its partial share without communicating with others. Anyone who possesses enough shares can then find a valid hash collision. To prevent the static group from being compromised after a sufficiently long time, we provide a generic transform from NITCHs to decentralized random beacons (DRBs) and design a committee evolution protocol based on DRBs that refresh the group after every fixed interval of time. Based on NITCH and the committee evolution protocol, we construct Wolverine which offers important features such as scalability, transaction consistency, and public accountability. Finally, we demonstrate the practicality of Wolverine by giving a proof-of-concept implementation based on Bitcoin in Golang.
Article
Covert communication enables covert information transmission in an undetectable way to prevent the exposure of communication behaviors. Blockchain-based covert communication breaks through the limitations on concealment, reliability and anti-traceability, and has shown promising application prospects in both sensitive data transmission and botnets. Although there are studies on blockchain-based covert communication, it still lacks a systematic investigation. In this paper, we conduct a comprehensive study on channel building and survey its core technologies by information embedding, transaction filtering, and transaction obfuscation. We also summarize evaluation metrics to better analyze blockchain-based covert channels. Privacy aspects are also discussed. Finally, we suggest seven future directions to stir research efforts into this area.
Chapter
Policy-based chameleon hash (PCH) is a cryptographic building block which finds increasing practical applications. Given a message and an access policy, for any chameleon hash generated by a PCH scheme, a chameleon trapdoor holder whose rewriting privileges satisfy the access policy can amend the underlying message without affecting the hash value. In practice, it is necessary to revoke the rewriting privileges of a trapdoor holder due to various reasons, such as change of positions, compromise of credentials, or malicious behaviours. In this paper, we introduce the notion of revocable PCH (RPCH) and formally define its security. We instantiate a concrete RPCH construction by putting forward a practical revocable attribute-based encryption (RABE) scheme which is adaptively secure under a standard assumption on prime-order pairing groups. As application examples, we show how to effectively integrate RPCH into mutable blockchain and sanitizable signature for revoking the rewriting privileges of any chameleon trapdoor holders. We implement our RPCH scheme and evaluate its performance to demonstrate its efficiency.
Chapter
In recent years, the UK railway industry has struggled with the effects of poor integration of data across ICT systems, particularly when that data is being used across organizational boundaries. Technical progress is being made by the industry towards enabling data sharing, but an open issue remains around how the costs of gathering and maintaining pooled information can be fairly attributed across the stakeholders who draw on that shared resource. This issue is particularly significant in areas such as Remote Condition Monitoring, where the ability to analyse the network at a whole-systems level is being blocked by the business cases around the purchase of systems as silos. Blockchains are an emerging technology that have the potential to revolutionize the management of transactions in a number of industrial sectors. This chapter will address the outstanding issues around the fair attribution of costs and benefits of data sharing in the rail industry by proposing blockchains as a forth enabler of the rail data revolution, alongside ESB, ontology, and open data.
Article
As an innovated and revolutionized technology, blockchain has been applied in many fields, such as cryptocurrency, food traceability, identity management, or even market prediction. To discover its great potential, both the industry and academia have paid great attention to it and numerous researches have been conducted. Based on the literatures and industry whitepapers, in this survey, we unroll and structure the blockchain related discoveries and scientific results in many aspects. Particularly, we classify blockchain technologies into four layers and carry out a comprehensive study on the consensus strategies, the network, and the applications of blockchain. Different blockchain applications are put into the corresponding categories based on the fields, especially in Internet of Things (IoT). When introducing each layer, we not only organize and summarize the related works, but also discuss the fundamental issues and future research directions. We hope this survey could shed some light on the research of blockchain and serve as a guide for further studies.
Conference Paper
Full-text available
Since the introduction of Bitcoin in 2008, blockchain systems have seen an enormous increase in adoption. By providing a persistent, distributed, and append-only ledger, blockchains enable numerous applications such as distributed consensus, robustness against equivocation, and smart contracts. However, recent studies show that blockchain systems such as Bitcoin can be (mis)used to store arbitrary content. This has already been used to store arguably objectionable content on Bitcoin's blockchain. Already single instances of clearly objectionable or even illegal content can put the whole system at risk by making its node operators culpable. To overcome this imminent risk, we survey and discuss the design space of countermeasures against the insertion of such objectionable content. Our analysis shows a wide spectrum of potential countermeasures, which are often combinable for increased efficiency. First, we investigate special-purpose content detectors as an ad hoc mitigation. As they turn out to be easily evadable, we also investigate content-agnostic countermeasures. We find that mandatory minimum fees as well as mitigation of transaction manipulability via identifier commitments significantly raise the bar for inserting harmful content into a blockchain.
Chapter
In recent years, the UK railway industry has struggled with the effects of poor integration of data across ICT systems, particularly when that data is being used across organizational boundaries. Technical progress is being made by the industry towards enabling data sharing, but an open issue remains around how the costs of gathering and maintaining pooled information can be fairly attributed across the stakeholders who draw on that shared resource. This issue is particularly significant in areas such as Remote Condition Monitoring, where the ability to analyse the network at a whole-systems level is being blocked by the business cases around the purchase of systems as silos. Blockchains are an emerging technology that have the potential to revolutionize the management of transactions in a number of industrial sectors. This chapter will address the outstanding issues around the fair attribution of costs and benefits of data sharing in the rail industry by proposing blockchains as a forth enabler of the rail data revolution, alongside ESB, ontology, and open data.
Conference Paper
Full-text available
Bitcoin is a digital currency that uses anonymous cryptographic identities to achieve financial privacy. However, Bitcoin's promise of anonymity is broken as recent work shows how Bitcoin's blockchain exposes users to reidentification and linking attacks. In consequence, different mixing services have emerged which promise to randomly mix a user's Bitcoins with other users' coins to provide anonymity based on the unlinkability of the mixing. However, proposed approaches suffer either from weak security guarantees and single points of failure, or small anonymity sets and missing deniability. In this paper, we propose CoinParty a novel, decentralized mixing service for Bitcoin based on a combination of decryption mixnets with threshold signatures. CoinParty is secure against malicious adversaries and the evaluation of our prototype shows that it scales easily to a large number of participants in real-world network settings. By the application of threshold signatures to Bitcoin mixing, CoinParty achieves anonymity by orders of magnitude higher than related work as we quantify by analyzing transactions in the actual Bitcoin blockchain and is first among related approaches to provide plausible deniability.
Conference Paper
Full-text available
The Bitcoin cryptocurrency records its transactions in a public log called the blockchain. Its security rests critically on the distributed protocol that maintains the blockchain, run by participants called miners. Conventional wisdom asserts that the mining protocol is incentive-compatible and secure against colluding minority groups, that is, it incentivizes miners to follow the protocol as prescribed. We show that the Bitcoin mining protocol is not incentive-compatible. We present an attack with which colluding miners obtain a revenue larger than their fair share. This attack can have significant consequences for Bitcoin: Rational miners will prefer to join the selfish miners, and the colluding group will increase in size until it becomes a majority. At this point, the Bitcoin system ceases to be a decentralized currency. Unless certain assumptions are made, selfish mining may be feasible for any group size of colluding miners. We propose a practical modification to the Bitcoin protocol that protects Bitcoin in the general case. It prohibits selfish mining by pools that command less than 1/4 of the resources. This threshold is lower than the wrongly assumed 1/2 bound, but better than the current reality where a group of any size can compromise the system.
Article
The decentralized digital currency Bitcoin presents an anonymous alternative to the centralized banking system and indeed enjoys widespread and increasing adoption. Recent works, however, show how users can be reidentified and their payments linked based on Bitcoin's most central element, the blockchain, a public ledger of all transactions. Thus, many regard Bitcoin's central promise of financial privacy as broken.In this paper, we propose . CoinParty, an efficient decentralized mixing service that allows users to reestablish their financial privacy in Bitcoin and related cryptocurrencies. . CoinParty, through a novel combination of decryption mixnets with threshold signatures, takes a unique place in the design space of mixing services, combining the advantages of previously proposed centralized and decentralized mixing services in one system. Our prototype implementation of . CoinParty scales to large numbers of users and achieves anonymity sets by orders of magnitude higher than related work as we quantify by analyzing transactions in the actual Bitcoin blockchain. . CoinParty can easily be deployed by any individual group of users, i.e., independent of any third parties, or provided as a commercial or voluntary service, e.g., as a community service by privacy-aware organizations.
Conference Paper
We study legal and policy issues surrounding crypto currencies, such as Bitcoin, and how those issues interact with technical design options. With an interdisciplinary team, we consider in depth a variety of issues surrounding law, policy, and crypto currencies—such as the physical location where a crypto currency’s value exists for jurisdictional and other purposes, the regulation of anonymous or pseudonymous currencies, and challenges as virtual currency protocols and laws evolve. We reflect on how different technical directions may interact with the relevant laws and policies, raising key issues for both policy experts and technologists.
Article
A purely peer-to-peer version of electronic cash would allow online payments to be sent directly from one party to another without going through a financial institution. Digital signatures provide part of the solution, but the main benefits are lost if a trusted third party is still required to prevent double-spending. We propose a solution to the double-spending problem using a peer-to-peer network. The network timestamps transactions by hashing them into an ongoing chain of hash-based proof-of-work, forming a record that cannot be changed without redoing the proof-of-work. The longest chain not only serves as proof of the sequence of events witnessed, but proof that it came from the largest pool of CPU power. As long as a majority of CPU power is controlled by nodes that are not cooperating to attack the network, they'll generate the longest chain and outpace attackers. The network itself requires minimal structure. Messages are broadcast on a best effort basis, and nodes can leave and rejoin the network at will, accepting the longest proof-of-work chain as proof of what happened while they were gone.
Bitcoin BIP 1. https:// github.com/ bitcoin/ bips/ blob/ master/ bip-0001 .mediawiki
  • A Taaki
A. Taaki. Bitcoin BIP 1. https:// github.com/ bitcoin/ bips/ blob/ master/ bip-0001.mediawiki, 2011.
Global Bitcoin Nodes Distribution
  • Bitnodes
Bitnodes. Global Bitcoin Nodes Distribution. https:// bitnodes.21.co.
Bitcoin Charts. https:// blockchain.info/ charts
  • Blockchain
  • Info
Blockchain.info. Bitcoin Charts. https:// blockchain.info/ charts.
Hidden surprises in the Bitcoin blockchain and how they are stored: Nelson Mandela Wikileaks photos and Python software
  • K Shirriff
K. Shirriff. Hidden surprises in the Bitcoin blockchain and how they are stored: Nelson Mandela, Wikileaks, photos, and Python software. http:// www.righto.com/ 2014/ 02/ ascii-bernanke-wikileaks-photographs.html.
Illegal content in the block chain
  • Bitcoin Wiki
Bitcoin Wiki. Illegal content in the block chain. https:// en.bitcoin.it/ wiki/ Weaknesses.
Blockstack: A Global Naming and Storage System Secured by Blockchains
  • M Ali
  • J Nelson
  • R Shea
  • M J Freedman
M. Ali, J. Nelson, R. Shea, and M. J. Freedman. Blockstack: A Global Naming and Storage System Secured by Blockchains. In USENIX ATC, 2016.
Crypto-Currency Market Capitalizations
  • Coinmarketcap
CoinMarketCap. Crypto-Currency Market Capitalizations. https:// coinmarketcap.com.
Ethereum : A Secure Decentralised Generalised Transaction Ledger . Ethereum Project Yellow Paper
  • G Wood
  • Wood G.
G. Wood. Ethereum: A Secure Decentralised Generalised Transaction Ledger. Ethereum Project Yellow Paper, 2016.
  • A Taaki
A. Taaki. Bitcoin BIP 1. https:// github.com/ bitcoin/ bips/ blob/ master/ bip-0001.mediawiki, 2011.