DOCSLIB.ORG

Twistedpair: Towards Practical Anonymity in the Bitcoin P2P Network

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

TwistedPair: Towards Practical Anonymity in the Bitcoin P2P Network Abstract—Recent work has demonstrated significant anonymity vulnerabilities in Bitcoin’s networking stack. In particular, the current mechanism for broadcasting Bitcoin transactions allows third-party observers to link transactions to the IP addresses that originated them. This lays the groundwork for low-cost, large-scale deanonymization attacks. In this Fig. 1: Supernodes can observe flooding metadata to infer work, we present TwistedPair, a first-principles, theoretically- which node was the source of a transaction message (tx). justified defense against large-scale deanonymization attacks. TwistedPair is lightweight, scalable, and completely interoperable with the existing Bitcoin network. We evaluate TwistedPair through experiments on Bitcoin’s mainnet to demonstrate with an overview of Bitcoin’s P2P network, and explain why its interoperability with the current network, as well as low it enables deanonymization attacks. broadcast latency overhead. A. Bitcoin’s P2P Network I. INTRODUCTION Bitcoin nodes are connected over a P2P network of TCP links. This network is used to communicate transactions, the Anonymity is an important property for a financial system, blockchain, and control packets, and it plays a crucial role in especially given the often-sensitive nature of transactions [15]. maintaining the network’s consistency. Each peer is identified Unfortunately, the anonymity protections in Bitcoin and similar by its (IP address, port) combination. Whenever a node gen­ cryptocurrencies can be fragile. This is largely because Bitcoin erates a transaction, it broadcasts a record of the transaction users are identified by cryptographic pseudonyms (a user can over the P2P network; critically, transaction messages do not have multiple pseudonyms). When a user Alice wishes to include the sender’s IP address—only their pseudonym. Since transfer funds to another user Bob, she generates a transaction the network is not fully-connected, transactions are relayed message that includes Alice’s pseudonym, the quantity of funds according to epidemic flooding [37]. This ensures that all transferred, the prior transaction from which these funds are nodes receive the transaction and can add it to the blockchain. drawn, and a reference to Bob’s pseudonym [35]. The system- Hence, the broadcasting of transactions enables the network to wide sequence of transactions is recorded in a public, append- learn about transactions quickly and reliably. only ledger known as the blockchain. The public nature of the blockchain means that users only remain anonymous as long However, the broadcasting of transactions can also have as their pseudonyms cannot be linked to their true identities. negative anonymity repercussions. The statistical symmetry of Bitcoin’s current broadcasting mechanism spreads content This mandate has proved challenging to uphold in practice. isotropically over the graph; this allows adversarial peers Several vulnerabilities have enabled researchers, law enforce­ who observe the spreading dynamics of a given transaction ment, and possibly others to partially deanonymize users [12]. to infer the source IP of each transaction. For example, in Publicized attacks have so far included: (1) linking different recent attacks [10], [28], researchers launched a supernode public keys that belong to the same user [31], (2) associating that connected to all nodes in the P2P network (Figure 1), users’ public keys with their IP addresses [10], [28], and in and logged all observed traffic. This allowed the supernode some cases, (3) linking public keys to human identities [21]. to observe the spread of each transaction over the network Such deanonymization exploits tend to be cheap, easy, and over time, and ultimately infer the source IP. Since transaction scalable [31], [10], [28]. messages include the sender’s pseudonym, the supernodes were able to deanonymize users, or link their pseudonyms to Although researchers have traditionally focused on the an IP address [10], [28]. Such deanonymization attacks are privacy implications of the blockchain [36], [41], [31], we problematic because of Bitcoin’s transparency: once a user is are interested in lower-layer vulnerabilities that emerge from deanonymized, her other transactions can often be linked, even Bitcoin’s peer-to-peer (P2P) network. Recent work has demon­ if she creates fresh pseudonyms for each transaction [31]. strated P2P-layer anonymity vulnerabilities that allow trans­ actions to to be linked to users’ IP addresses with accu­ There have been recent proposals for mitigating these racies up to 30% [10], [28]. Understanding how to patch vulnerabilities, included broadcasting protocols that reduce the these vulnerabilities without harming utility remains an open symmetry of epidemic flooding. Bitcoin Core [5], the most question. The goal of our work is to propose a practical, commonly-used Bitcoin implementation, adopted a protocol lightweight modification to Bitcoin’s networking stack that called diffusion, where each node spreads transactions with provides theoretical anonymity guarantees against the types independent, exponential delays to its neighbors on the P2P of attacks demonstrated in [10], [28], and others. We begin graph. Diffusion is still in use today. However, proposed solutions (including diffusion) tend to be heuristic, and recent suggesting that transactions by the same user can be linked, work shows that they do not provide sufficient anonymity even if the user adopts different addresses [31]. In response, protection [19]. Other proposed solutions offer theoretical researchers proposed alternative cryptocurrencies and/or tum­ anonymity guarantees [13], but do so under idealistic assump­ blers that provide anonymity at the blockchain level [29], tions that are unlikely to hold in practice. The aim of this [4], [43], [42], [25], [26]. It was not until 2014 that re­ work is to propose a broadcasting mechanism that (a) provides searchers turned to the P2P network, showing that regardless provable anonymity guarantees under realistic adversarial and of blockchain implementation, users can be deanonymized network assumptions, and (b) does not harm the network’s by network attackers [28], [10], [11], [19]. In some cases broadcasting robustness or latency. We do this by revisiting researchers were able to link transactions to IP addresses the DANDELION system proposed in [13], and redesigning it with accuracies up to 30% [10]. These attacks proceeded by to withstand a variety of practical threats. connecting a supernode to a majority of active Bitcoin server nodes. More recently, [8] demonstrated the serious anonymity B. Contributions and routing risks posed by an AS-level attacker. These papers suggest a need for networking protocols that defend against The main contributions of this paper are threefold: deanonymization attacks. (1) We identify several key idealistic assumptions made by Anonymous communication for P2P/overlay networks has DANDELION [13], and show how anonymity is degraded when been an active research topic for decades. Most work relies on those assumptions are violated. In particular, [13] assumes an two ideas: randomized routing (e.g., onion routing, Chaumian honest-but-curious adversary that has limited knowledge of mixes) and/or dining cryptographer (DC) networks. Systems the P2P graph topology and only observes one transaction that use DC nets [14] are typically designed for broadcast per node. If adversaries are instead malicious and collect communication, which is our application of interest. However, more information over time, we show that they are able to DC nets are known to be inefficient and brittle [24]. Proposed arbitrarily weaken the anonymity guarantees of [13] through systems [23], [49], [16], [48] improved these properties sig­ a combination of attacks, including side information, graph nificantly, but DC networks never became scalable enough to manipulation, black hole, and intersection attacks. enjoy widespread adoption in practice. (2) We propose a new protocol called TWISTEDPAIR1 that Systems based on randomized routing are generally more subtly changes most of the implementation choices of DAN­ efficient, but focus on point-to-point communication (though DELION, from the graph topology to the randomization mech­ these tools can be adapted for broadcast communication). Early anisms for message forwarding. Mathematically, these (rel­ works like Crowds [40], Tarzan [20], and P5 [45] paved the atively small) algorithmic changes completely change the way for later practical systems, such as Tor [18] and I2P anonymity analysis by exponentially augmenting the problem [50], as well as recent proposals like Drac [17], Pisces [34], state space. Using analytical tools from the theory of Galton- and Vuvuzela [46]. Our work differs from this body of work Watson trees and random processes over graphs, we show that along two principal axes: (1) usage goals, and (2) analysis TWISTEDPAIR offers significant anonymity gains over DAN­ metrics/results. DELION, both theoretically and in simulation, when adversaries (1) Usage goals. have stronger capabilities. TWISTEDPAIR is currently being Among tools with real-world adoption, Tor considered for integration in Bitcoin Core.2 [18] is the most prominent; privacy-conscious Bitcoin users frequently use it to anonymize transmissions. However, Tor (3) We demonstrate the practical feasibility of TWISTED­ requires users to route their network traffic through a
Recommended publications
  • Prospectus, Which Is in the Swedish-Language, and Which Was Approved by the Swedish Financial Supervisory Authority on 17 May 2019

    Prospectus, Which Is in the Swedish-Language, and Which Was Approved by the Swedish Financial Supervisory Authority on 17 May 2019

    NB: This English-language document is an unofficial translation of XBT Provider AB's base prospectus, which is in the Swedish-language, and which was approved by the Swedish Financial Supervisory Authority on 17 May 2019. In the case of any discrepancies between the base prospectus and this English translation, the Swedish-language base prospectus shall prevail. BASE PROSPECTUS Dated 17 May 2019 for the issuance of BITCOIN TRACKER CERTIFICATES, BITCOIN CASH TRACKER CERTIFICATES, ETHEREUM TRACKER CERTIFICATES, ETHEREUM CLASSIC TRACKER CERTIFICATES, LITECOIN TRACKER CERTIFICATES, XRP TRACKER CERTIFICATES, NEO TRACKER CERTIFICATES & BASKET CERTIFICATES under the Issuance programme of XBT Provider AB (publ) (a limited liability company incorporated under the laws of Sweden) The Certificates are guaranteed by CoinShares (Jersey) Limited ______________________________________ IMPORTANT INFORMATION This base prospectus (the "Base Prospectus") contains information relating to Certificates (as defined below) to be issued under the programme (the "Programme"). Under the Base Prospectus, XBT Provider AB (publ) (the "Issuer" or "XBT Provider") may, from time to time, issue Certificates and apply for such Certificates to be admitted to trading on one or more regulated markets or multilateral trading facilities ("MTF’s") in Finland, Germany, the Netherlands, Norway, Sweden, the United Kingdom or, subject to completion of relevant notification measures, any other Member State within the European Economic Area ("EEA"). The correct performance of the Issuer's payment obligations regarding the Certificates under the Programme are guaranteed by CoinShares (Jersey) Limited (the "Guarantor"). The Certificates are not principal-protected and do not bear interest. Consequently, the value of, and any amounts payable under, the Certificates will be strongly influenced by the performance of the Tracked Digital Currencies (as defined herein) and, unless the certificates are denominated in USD, the USD-SEK exchange rate or, as the case may be, the USD-EUR exchange rate.
  • Probability Cheatsheet V2.0 Thinking Conditionally Law of Total Probability (LOTP)

    Probability Cheatsheet V2.0 Thinking Conditionally Law of Total Probability (LOTP)

    Probability Cheatsheet v2.0 Thinking Conditionally Law of Total Probability (LOTP) Let B1;B2;B3; :::Bn be a partition of the sample space (i.e., they are Compiled by William Chen (http://wzchen.com) and Joe Blitzstein, Independence disjoint and their union is the entire sample space). with contributions from Sebastian Chiu, Yuan Jiang, Yuqi Hou, and Independent Events A and B are independent if knowing whether P (A) = P (AjB )P (B ) + P (AjB )P (B ) + ··· + P (AjB )P (B ) Jessy Hwang. Material based on Joe Blitzstein's (@stat110) lectures 1 1 2 2 n n A occurred gives no information about whether B occurred. More (http://stat110.net) and Blitzstein/Hwang's Introduction to P (A) = P (A \ B1) + P (A \ B2) + ··· + P (A \ Bn) formally, A and B (which have nonzero probability) are independent if Probability textbook (http://bit.ly/introprobability). Licensed and only if one of the following equivalent statements holds: For LOTP with extra conditioning, just add in another event C! under CC BY-NC-SA 4.0. Please share comments, suggestions, and errors at http://github.com/wzchen/probability_cheatsheet. P (A \ B) = P (A)P (B) P (AjC) = P (AjB1;C)P (B1jC) + ··· + P (AjBn;C)P (BnjC) P (AjB) = P (A) P (AjC) = P (A \ B1jC) + P (A \ B2jC) + ··· + P (A \ BnjC) P (BjA) = P (B) Last Updated September 4, 2015 Special case of LOTP with B and Bc as partition: Conditional Independence A and B are conditionally independent P (A) = P (AjB)P (B) + P (AjBc)P (Bc) given C if P (A \ BjC) = P (AjC)P (BjC).
  • 4. Stochas C Processes

    4. Stochas C Processes

    51 4. Stochasc processes Be able to formulate models for stochastic processes, and understand how they can be used for estimation and prediction. Be familiar with calculation techniques for memoryless stochastic processes. Understand the classification of discrete state space Markov chains, and be able to calculate the stationary distribution, and recognise limit theorems. Science is often concerned with the laws that describe how a system changes over time, such as Newton’s laws of motion. When we use probabilistic laws to describe how the system changes, the system is called a stochastic process. We used a stochastic process model in Section 1.2 to analyse Bitcoin; the probabilistic part of our model was the randomness of who generates the next Bitcoin block, be it the attacker or the rest of the peer-to-peer network. In Part II, you will come across stochastic process models in several courses: • in Computer Systems Modelling they are used to describe discrete event simulations of communications networks • in Machine Learning and Bayesian Inference they are used for computing posterior distributions • in Information Theory they are used to describe noisy communications channels, and also the data streams sent over such channels. 4.1. Markov chains Example 4.1. The Russian mathematician Andrei Markov (1856–1922) invented a new type of probabilistic model, now given his name, and his first application was to model Pushkin’s poem Eugeny Onegin. He suggested the following method for generating a stream of text C = (C ;C ;C ;::: ) where each C is an alphabetic character: 0 1 2 n As usual, we write C for the random 1 alphabet = [ ’a ’ , ’b ’ ,...] # a l l p o s s i b l e c h a r a c t e r s i n c l .
  • Segwit2x &#8211

    Segwit2x –

    SegWit2x – A New Statement The Overwhelming power of SegWit2x In order to safeguard the community from an undesired chain split, the upgrade should be overwhelming, but it’s not enough. It should also ‘appear’ as overwhelming. People, businesses and services needs to be certain about what is going to happen and the risks if they won’t follow. My impression is that still too many speaking english people in the western world think the upgrade will be abandoned before or immediately after block 494784 is mined, thus they are going to simply ignore it. That could lead to unprepared patch up and confusion, while naïve users risk to harm themselves. For this reason and for the sake of the Bitcoin community as a whole, we need to show again, clearly and publicly the extent of the support to SegWit2x. We also need to commit ourselves in a widespread communication campaign. I know this is not a strict technical matter, but it could help a lot avoiding technical issues in the future. What we have to do First, we need a new statement from the original NYA signers and all the business, firms and individuals who joined the cause later. That statement should be slightly different from the original NYA though, and I am explaining why. We all know that what Bitcoin is will be ultimately determined by market forces, comprehensive of all the stakeholders involved: businesses, miners, users, developers, traders, investors, holders etc. Each category has its own weight in the process, and everybody has incentives in following the market.
  • 5 Stochastic Processes

    5 Stochastic Processes

    5 Stochastic Processes Contents 5.1. The Bernoulli Process ...................p.3 5.2. The Poisson Process .................. p.15 1 2 Stochastic Processes Chap. 5 A stochastic process is a mathematical model of a probabilistic experiment that evolves in time and generates a sequence of numerical values. For example, a stochastic process can be used to model: (a) the sequence of daily prices of a stock; (b) the sequence of scores in a football game; (c) the sequence of failure times of a machine; (d) the sequence of hourly traffic loads at a node of a communication network; (e) the sequence of radar measurements of the position of an airplane. Each numerical value in the sequence is modeled by a random variable, so a stochastic process is simply a (finite or infinite) sequence of random variables and does not represent a major conceptual departure from our basic framework. We are still dealing with a single basic experiment that involves outcomes gov- erned by a probability law, and random variables that inherit their probabilistic † properties from that law. However, stochastic processes involve some change in emphasis over our earlier models. In particular: (a) We tend to focus on the dependencies in the sequence of values generated by the process. For example, how do future prices of a stock depend on past values? (b) We are often interested in long-term averages,involving the entire se- quence of generated values. For example, what is the fraction of time that a machine is idle? (c) We sometimes wish to characterize the likelihood or frequency of certain boundary events.
  • (Introduction to Probability at an Advanced Level) - All Lecture Notes

    (Introduction to Probability at an Advanced Level) - All Lecture Notes

    Fall 2018 Statistics 201A (Introduction to Probability at an advanced level) - All Lecture Notes Aditya Guntuboyina August 15, 2020 Contents 0.1 Sample spaces, Events, Probability.................................5 0.2 Conditional Probability and Independence.............................6 0.3 Random Variables..........................................7 1 Random Variables, Expectation and Variance8 1.1 Expectations of Random Variables.................................9 1.2 Variance................................................ 10 2 Independence of Random Variables 11 3 Common Distributions 11 3.1 Ber(p) Distribution......................................... 11 3.2 Bin(n; p) Distribution........................................ 11 3.3 Poisson Distribution......................................... 12 4 Covariance, Correlation and Regression 14 5 Correlation and Regression 16 6 Back to Common Distributions 16 6.1 Geometric Distribution........................................ 16 6.2 Negative Binomial Distribution................................... 17 7 Continuous Distributions 17 7.1 Normal or Gaussian Distribution.................................. 17 1 7.2 Uniform Distribution......................................... 18 7.3 The Exponential Density...................................... 18 7.4 The Gamma Density......................................... 18 8 Variable Transformations 19 9 Distribution Functions and the Quantile Transform 20 10 Joint Densities 22 11 Joint Densities under Transformations 23 11.1 Detour to Convolutions......................................
  • Download English-US Transcript (PDF)

    Download English-US Transcript (PDF)

    MITOCW | MITRES6_012S18_L06-06_300k We will now work with a geometric random variable and put to use our understanding of conditional PMFs and conditional expectations. Remember that a geometric random variable corresponds to the number of independent coin tosses until the first head occurs. And here p is a parameter that describes the coin. It is the probability of heads at each coin toss. We have already seen the formula for the geometric PMF and the corresponding plot. We will now add one very important property which is usually called Memorylessness. Ultimately, this property has to do with the fact that independent coin tosses do not have any memory. Past coin tosses do not affect future coin tosses. So consider a coin-tossing experiment with independent tosses and let X be the number of tosses until the first heads. And X is a geometric with parameter p. Suppose that you show up a little after the experiment has started. And you're told that there was so far just one coin toss. And that this coin toss resulted in tails. Now you have to take over and carry out the remaining tosses until heads are observed. What should your model be about the future? Well, you will be making independent coin tosses until the first heads. So the number of such tosses will be a random variable, which is geometric with parameter p. So this duration-- as far as you are concerned-- is geometric with parameter p. Therefore, the number of remaining coin tosses starting from here-- given that the first toss was tails-- has the same geometric distribution as the original random variable X.
  • Viacoin Whitepaper

    Viacoin Whitepaper

    Viacoin Whitepaper Viacoin Dev Team September 12, 2017 Last updated on September 22, 2017 Abstract Viacoin is an open source crypto-currency created in 2014, derived from the [6]Bitcoin protocol that supports embedded consensus with an extended OP_RETURN of 120 byte. Viacoin features Scrypt Merged mining, also called Auxiliary proof of work or AuxPoW, and 25x faster transactions than Bitcoin. Viacoin mining reward halving takes place every 6 months and has a total supply of 23,000,000 coins. The inflation rate of Viacoin is low due to minimal mining reward. As the block reward of Viacoin is low, miners are given incentive to mine Viacoin through Merged mining (AuxPoW). Viacoin is currently mined by one of the biggest mining pools (F2Pool) with a very high hashrate. Other features include a mining difficulty adjustment algorithm to address flaws in Kimoto’s Gravity Well (DarkGravityWave), Versionbits to allow for 29 simultaneous Soft Fork changes to be implemented at a time, Segwit and the Lightning Network Note: The whitepaper, documentation, designs are in research and development phase and subject to change. 1 1 Scrypt In cryptography, [7]Scrypt is a password based key derivation function created by Colin Percival. The al- gorithm was designed to make it costly to perform large-scale custom hardware attacks by requiring large amounts of memory. In 2012, the algorithm was published by the IETF as an internet draft intended to become an informational RFC, but a version of Scrypt is now used as a proof of work scheme by cryptocur- rencies like Viacoin. Scrypt is a memory hard key derivation function, it requires a reasonably large amount of Random Ac- cess Memory to be evaluated.
  • A Survey on Consensus Mechanisms and Mining Strategy Management

    A Survey on Consensus Mechanisms and Mining Strategy Management

    1 A Survey on Consensus Mechanisms and Mining Strategy Management in Blockchain Networks Wenbo Wang, Member, IEEE, Dinh Thai Hoang, Member, IEEE, Peizhao Hu, Member, IEEE, Zehui Xiong, Student Member, IEEE, Dusit Niyato, Fellow, IEEE, Ping Wang, Senior Member, IEEE Yonggang Wen, Senior Member, IEEE and Dong In Kim, Fellow, IEEE Abstract—The past decade has witnessed the rapid evolution digital tokens between Peer-to-Peer (P2P) users. Blockchain in blockchain technologies, which has attracted tremendous networks, especially those adopting open-access policies, are interests from both the research communities and industries. The distinguished by their inherent characteristics of disinterme- blockchain network was originated from the Internet financial sector as a decentralized, immutable ledger system for transac- diation, public accessibility of network functionalities (e.g., tional data ordering. Nowadays, it is envisioned as a powerful data transparency) and tamper-resilience [2]. Therefore, they backbone/framework for decentralized data processing and data- have been hailed as the foundation of various spotlight Fin- driven self-organization in flat, open-access networks. In partic- Tech applications that impose critical requirement on data ular, the plausible characteristics of decentralization, immutabil- security and integrity (e.g., cryptocurrencies [3], [4]). Further- ity and self-organization are primarily owing to the unique decentralized consensus mechanisms introduced by blockchain more, with the distributed consensus provided by blockchain networks. This survey is motivated by the lack of a comprehensive networks, blockchains are fundamental to orchestrating the literature review on the development of decentralized consensus global state machine1 for general-purpose bytecode execution. mechanisms in blockchain networks. In this survey, we provide a Therefore, blockchains are also envisaged as the backbone systematic vision of the organization of blockchain networks.
  • P2P Mixing and Unlinkable Bitcoin Transactions Anonymity of the People, by the People, and for the People

    P2P Mixing and Unlinkable Bitcoin Transactions Anonymity of the People, by the People, and for the People

    P2P Mixing and Unlinkable Bitcoin Transactions Anonymity of the people, by the people, and for the people Tim Ruffing Pedro Moreno-Sanchez Aniket Kate CISPA, Saarland University Purdue University Purdue University tim.ruffi[email protected] [email protected] [email protected] Abstract—Starting with Dining Cryptographers networks Starting with the dining cryptographers network (DC-net) (DC-net), several peer-to-peer (P2P) anonymous communication protocol [14], another line of ACNs research emerged, where protocols have been proposed. Despite their strong anonymity users (or peers) do not employ any third party proxies and guarantees none of those has been employed in practice so instead communicate with each other to send their messages far: Most fail to simultaneously handle the crucial problems anonymously. While the DC-net protocol can guarantee suc- of slot collisions and malicious peers, while the remaining ones cessful termination and anonymity against honest-but-curious handle those with a significant increased latency (communication rounds) linear in the number of participating peers in the best adversary controlling a subset of users (or peers), it is easily case, and quadratic in the worst case. We conceptualize these prone to disruption by a single malicious peer who sends P2P anonymous communication protocols as P2P mixing, and invalid protocol messages (active disruption) or omits protocol present a novel P2P mixing protocol, DiceMix, that only requires messages entirely (crash). Moreover, a DC-net protects the constant (i.e., four) communication rounds in the best case, and anonymity of the involved malicious peers and subsequently 4 + 2f rounds in the worst case of f malicious peers.
  • Fraud Risk Assessment Within Blockchain Transactions Pierre-Olivier Goffard

    Fraud Risk Assessment Within Blockchain Transactions Pierre-Olivier Goffard

    Fraud risk assessment within blockchain transactions Pierre-Olivier Goffard To cite this version: Pierre-Olivier Goffard. Fraud risk assessment within blockchain transactions. 2019. hal-01716687v2 HAL Id: hal-01716687 https://hal.archives-ouvertes.fr/hal-01716687v2 Preprint submitted on 16 Jan 2019 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. Fraud risk assessment within blockchain transactions Pierre-O. Goard∗ Univ Lyon, Université Lyon 1, LSAF EA2429. December 10, 2018 Abstract The probability of successfully spending twice the same bitcoins is considered. A double-spending attack consists in issuing two transactions transferring the same bitcoins. The rst transaction, from the fraudster to a merchant, is included in a block of the public chain. The second transaction, from the fraudster to himself, is recorded in a block that integrates a private chain, exact copy of the public chain up to substituting the fraudster-to-merchant transaction by the fraudster-to- fraudster transaction. The double-spending hack is completed once the private chain reaches the length of the public chain, in which case it replaces it. The growth of both chains are modeled by two independent counting processes.
  • A Policymaker's Guide to Blockchain Technology Implementation And

    A Policymaker's Guide to Blockchain Technology Implementation And

    Background paper to the preparation of the 24th CSTD priority theme on Harnessing Blockchain for sustainable development Author: Rasim A Policymaker’s Guide to Alam, MPP, Harvard Kennedy School Blockchain Technology Implementation and Innovation Abstract: As Blockchain technology matures and applications of the technology become more widespread, policymakers will need to assess their country’s ability to harness Blockchain technology and recognize the best pathway to Blockchain adoption. This research paper presents a country-level assessment framework for Blockchain implementation and recommends pathways to improve the rate of learning. The assessment framework can be used to identify the stages of Blockchain development, the steps towards full Blockchain adoption, and the opportunities and challenges in the implementation process. Keywords: Blockchain, Assessment Framework The findings, interpretations, and conclusions herein are those of the author and do not necessarily reflect the views of the United Nations or its official Member States. The designations employed and the presentation of material on any map in this work do not imply the expression of any opinion whatsoever on the part of the United Nations concerning the legal status of any country, territory, cities, or area or of its authorities, or concerning the delimitation of its frontiers and boundaries. This paper represents the personal views of the author(s) only, not the views of the CSTD, UNCTAD secretariat or member States. The author accepts full responsibility for