TY - GEN
T1 - Authenticated Data Structures for Privacy-Preserving Monero Light Clients
AU - Lee, Kevin
AU - Miller, Andrew
N1 - Publisher Copyright:
© 2018 IEEE.
PY - 2018/7/6
Y1 - 2018/7/6
N2 - Monero, a leading privacy-oriented cryptocurrency, supports a client/server operating mode that allows lightweight clients to avoid storing the entire blockchain, instead relying on a remote node to provide necessary information about the blockchain. However, a weakness of Monero's current blockchain data structure is that lightweight clients cannot authenticate the responses returned from a remote node. In this paper, we show that malicious responses from a remote node can lead to reduced privacy for the client. We discuss several lightweight mitigations that reduce the attack's effectiveness. To fully eliminate this class of attack, we also show how to augment Monero's blockchain data structure with an additional index that clients can use to authenticate responses from remote nodes. Our proposed solution could be implemented as a hard fork, or alternatively through a 'Refereed Delegation' approach without needing any fork. We developed a prototype implementation to demonstrate the feasibility of our proposal.
AB - Monero, a leading privacy-oriented cryptocurrency, supports a client/server operating mode that allows lightweight clients to avoid storing the entire blockchain, instead relying on a remote node to provide necessary information about the blockchain. However, a weakness of Monero's current blockchain data structure is that lightweight clients cannot authenticate the responses returned from a remote node. In this paper, we show that malicious responses from a remote node can lead to reduced privacy for the client. We discuss several lightweight mitigations that reduce the attack's effectiveness. To fully eliminate this class of attack, we also show how to augment Monero's blockchain data structure with an additional index that clients can use to authenticate responses from remote nodes. Our proposed solution could be implemented as a hard fork, or alternatively through a 'Refereed Delegation' approach without needing any fork. We developed a prototype implementation to demonstrate the feasibility of our proposal.
KW - Authenticated Data Structures
KW - Cryptocurrencies
KW - Privacy
UR - http://www.scopus.com/inward/record.url?scp=85050952008&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85050952008&partnerID=8YFLogxK
U2 - 10.1109/EuroSPW.2018.00010
DO - 10.1109/EuroSPW.2018.00010
M3 - Conference contribution
AN - SCOPUS:85050952008
T3 - Proceedings - 3rd IEEE European Symposium on Security and Privacy Workshops, EURO S and PW 2018
SP - 20
EP - 28
BT - Proceedings - 3rd IEEE European Symposium on Security and Privacy Workshops, EURO S and PW 2018
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 3rd IEEE European Symposium on Security and Privacy Workshops, EURO S and PW 2018
Y2 - 24 April 2018 through 26 April 2018
ER -