DOCSLIB.ORG

Toward Deployable and Incoercible E2E Elections

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Democracy Enhancing Technologies: Toward deployable and incoercible E2E elections by Jeremy Clark A thesis presented to the University of Waterloo in fulfillment of the thesis requirement for the degree of Doctor of Philosophy in Computer Science Waterloo, Ontario, Canada, 2011 Some rights reserved I hereby declare that I am the sole author of this thesis. This is a true copy of the thesis, including any required final revisions, as accepted by my examiners. I understand that my thesis may be made electronically available to the public. This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 Canada License. For more information, visit: http://creativecommons.org/licenses/by-nc-sa/2.5/ca/ ii Abstract End-to-end verifiable election systems (E2E systems) provide a provably correct tally while maintaining the secrecy of each voter’s ballot, even if the voter is complicit in demon- strating how they voted. Providing voter incoercibility is one of the main challenges of designing E2E systems, particularly in the case of internet voting. A second challenge is building deployable, human-voteable E2E systems that conform to election laws and conventions. This dissertation examines deployability, coercion-resistance, and their inter- section in election systems. In the course of this study, we introduce three new election systems, (Scantegrity, Eperio, and Selections), report on two real-world elections using E2E systems (Punchscan and Scantegrity), and study incoercibility issues in one deployed system (Punchscan). In addition, we propose and study new practical primitives for ran- dom beacons, secret printing, and panic passwords. These are tools that can be used in an election to, respectively, generate publicly verifiable random numbers, distribute the printing of secrets between non-colluding printers, and to covertly signal duress during authentication. While developed to solve specific problems in deployable and incoercible E2E systems, these techniques may be of independent interest. Supervisor • Urs Hengartner Committee & Examiners • Ian Goldberg • Alfred Menezes • Steve Schneider • Douglas R. Stinson iii Acknowledgements I would first like to thank my advisor, Urs Hengartner, for his guidance through my PhD. Urs was always keen on our research, motivating, and accommodating. I admire his sensibility toward solving real-world problems. Much of this dissertation would not have been the same without his thorough examination of the protocols, threat models, and their presentation. I would like to thank the rest of my committee, Ian Goldberg, Alfred Menezes, Steve Schneider and Doug Stinson for their corrections, suggestions, and prompts for clarification when it was most certainly needed. I had the pleasure to work with David Chaum on three of his projects: Punchscan, Scantegrity, and a forthcoming project. I learned a lot from David, both technically and on a range of other subjects. I also enjoyed the collaboration with the rest of the team: Rick Carback, Aleks Essex, Stefan Popovenuic, Ron Rivest, Emily Shen, Alan Sherman, Poorvi Vora, and Filip Zagórski. A special acknowledgement to Rick, who once suggested using panic passwords for internet voting. That suggestion motivated much of Part II of this dissertation. The CrySP lab was an excellent incubator for ideas and friendship. In particular, I would like to thank Aniket Kate and Greg Zaverucha. Both provided as much knowledge and assistance as they did entertainment and friendship. Thank you to the rest of lab as well and my friends in the broader Waterloo graduate community (sorry, too many people to name). I’d like to especially thank one person who intersects both Scantegrity and CrySP, as well as almost my whole academic career: Aleks Essex. Aleks is always the first person I bounce ideas off of and has been a great friend through many of my major life events. The least likely person to ever read this is Clint Mansell but I feel indebted to his musical genius, and hope some of his creativity transferred to all the words I wrote as his scores swelled around me. I’d like to thank my family; in particular, my parents Marvin and Sharon and my brother Jonathan. As well, I’d like to thank new family: Subhash and family, Sindhu and family, and Shaan and Shunker. Last but not least, thank you to my wife Neha for her support, welcome distractions, tolerance, and encouragement. It is impossible to describe all direct and indirect ways she helped. This research was supported by the Natural Sciences and Engineering Research Council of Canada (NSERC) through an Alexander Graham Bell Canada Graduate Scholarship. iv Contents List of Tables xiii List of Figures xiv 1 Introductory Remarks 1 1.1 Background . .2 1.2 Contributions . .3 1.3 Organization . .6 2 Preliminaries 7 2.1 Election Technologies . .7 2.1.1 Elections in Canada . .9 2.2 Requirements . 10 2.2.1 Core Requirements . 10 2.2.2 Potential Requirements . 11 2.2.3 Deployability Requirements . 12 2.3 Cryptographic Primitives . 13 2.3.1 Mathematical Background . 13 2.3.2 Commitments . 13 2.3.3 Encryption . 15 2.3.4 Σ-Protocols . 17 2.3.5 Cryptographic Tests . 20 v I Booth Voting 22 3 Related Work on Booth Voting 23 3.1 Introductory Remarks . 23 3.2 Election Set-up . 24 3.2.1 Participants . 24 3.2.2 Phases . 24 3.2.3 Channels . 24 3.3 Protocols for Ballot Casting . 26 3.3.1 Anonymous Channels . 27 3.3.2 Homomorphic Secret Sharing . 28 3.3.3 Mix Networks Revisited . 30 3.3.4 Anonymous Channels and Blind Signatures . 31 3.3.5 Homomorphic Threshold Encryption . 32 3.3.6 Miscellaneous . 35 3.3.7 Deployment . 36 3.4 Protocols for Unaided Ballot Casting . 37 3.4.1 A Framework . 37 3.4.2 DRE-based E2E Systems . 38 3.4.3 Paper-based E2E Systems . 40 4 Deploying Punchscan and Scantegrity 45 4.1 Introductory Remarks . 45 4.2 Case Study: Punchscan . 46 4.2.1 Requirements . 46 4.2.2 The Election . 48 4.2.3 Lessons Learned . 50 4.3 Scantegrity: an E2E add-on . 51 4.3.1 Ballot Features . 51 4.3.2 Election Preparation . 52 vi 4.3.3 Election Day . 54 4.3.4 Posting and Tallying . 56 4.3.5 Auditing the Results . 56 4.3.6 Dispute Resolution . 59 4.4 Scantegrity Case Study . 60 4.4.1 Requirements . 60 4.4.2 Mock Election . 62 4.4.3 The Election . 63 4.4.4 Lessons Learned . 66 4.5 Open Problems . 68 4.6 Concluding Remarks. 69 4.7 Disclosure . 71 5 A Game-Theoretic Analysis of Coercion Contracts 72 5.1 Introductory Remarks . 72 5.2 Extensive Form of the Ballot Casting Process . 74 5.3 Contract-based Attacks . 75 5.3.1 Voter Coercion and Vote-Buying . 76 5.3.2 The MN Contract . 77 5.3.3 The BMR Contract . 79 5.3.4 The KRMC Contract . 79 5.3.5 The Optimal Contract . 80 5.4 Extending the Base Model . 83 5.4.1 Multiple-Candidate Contracts . 83 5.4.2 Reordering the Game . 84 5.4.3 Voter Types . 85 5.4.4 Money is an Object . 85 5.4.5 Coercion Contracts in other E2E Systems . 86 5.5 Concluding Remarks . 88 vii 6 Implementing Random Beacons with Financial Data 89 6.1 Introductory Remarks . 89 6.2 Related Work . 91 6.2.1 Public Randomness in Cryptography . 91 6.2.2 Public Randomness in Elections . 92 6.2.3 Cryptographic Elections . 92 6.2.4 Stock Market for Public Randomness . 93 6.3 Model and Assumptions . 94 6.3.1 Terminology . 94 6.3.2 Black-Scholes Model . 95 6.3.3 Market Manipulation . 96 6.3.4 Official Closing Price . 97 6.4 Entropy Estimates . 98 6.4.1 Historical Drift and Diffusion . 99 6.4.2 Monte-Carlo Simulation . 100 6.4.3 Entropy Estimation . 101 6.4.4 Experimental Results . 103 6.4.5 Portfolio Entropy . 105 6.5 Beacon Implementation . 106 6.5.1 Definitions . 107 6.5.2 Security Properties . 109 6.5.3 Protocol . 110 6.5.4 Security Analysis (Abstract) . 114 6.6 Concluding Remarks . ..
Recommended publications
  • Consensgx: Scaling Anonymous Communications Networks With

    Consensgx: Scaling Anonymous Communications Networks With

    Proceedings on Privacy Enhancing Technologies ; 2019 (3):331–349 Sajin Sasy* and Ian Goldberg* ConsenSGX: Scaling Anonymous Communications Networks with Trusted Execution Environments Abstract: Anonymous communications networks enable 1 Introduction individuals to maintain their privacy online. The most popular such network is Tor, with about two million Privacy is an integral right of every individual in daily users; however, Tor is reaching limits of its scala- society [72]. With almost every day-to-day interaction bility. One of the main scalability bottlenecks of Tor and shifting towards using the internet as a medium, it similar network designs originates from the requirement becomes essential to ensure that we can maintain the of distributing a global view of the servers in the network privacy of our actions online. Furthermore, in light to all network clients. This requirement is in place to of nation-state surveillance and censorship, it is all avoid epistemic attacks, in which adversaries who know the more important that we enable individuals and which parts of the network certain clients do and do not organizations to communicate online without revealing know about can rule in or out those clients from being their identities. There are a number of tools aiming to responsible for particular network traffic. provide such private communication, the most popular In this work, we introduce a novel solution to this of which is the Tor network [21]. scalability problem by leveraging oblivious RAM con- Tor is used by millions of people every day to structions and trusted execution environments in order protect their privacy online [70].
  • Doswell, Stephen (2016) Measurement and Management of the Impact of Mobility on Low-Latency Anonymity Networks

    Doswell, Stephen (2016) Measurement and Management of the Impact of Mobility on Low-Latency Anonymity Networks

    Citation: Doswell, Stephen (2016) Measurement and management of the impact of mobility on low-latency anonymity networks. Doctoral thesis, Northumbria University. This version was downloaded from Northumbria Research Link: http://nrl.northumbria.ac.uk/30242/ Northumbria University has developed Northumbria Research Link (NRL) to enable users to access the University’s research output. Copyright © and moral rights for items on NRL are retained by the individual author(s) and/or other copyright owners. Single copies of full items can be reproduced, displayed or performed, and given to third parties in any format or medium for personal research or study, educational, or not-for-profit purposes without prior permission or charge, provided the authors, title and full bibliographic details are given, as well as a hyperlink and/or URL to the original metadata page. The content must not be changed in any way. Full items must not be sold commercially in any format or medium without formal permission of the copyright holder. The full policy is available online: http://nrl.northumbria.ac.uk/policies.html MEASUREMENT AND MANAGEMENT OF THE IMPACT OF MOBILITY ON LOW-LATENCY ANONYMITY NETWORKS S.DOSWELL Ph.D 2016 Measurement and management of the impact of mobility on low-latency anonymity networks Stephen Doswell A thesis submitted in partial fulfilment of the requirements of the University of Northumbria at Newcastle for the degree of Doctor of Philosophy Research undertaken in the Department of Computer Science and Digital Technologies, Faculty of Engineering and Environment October 2016 Declaration I declare that the work contained in this thesis has not been submitted for any other award and that it is all my own work.
  • Threat Modeling and Circumvention of Internet Censorship by David Fifield

    Threat Modeling and Circumvention of Internet Censorship by David Fifield

    Threat modeling and circumvention of Internet censorship By David Fifield A dissertation submitted in partial satisfaction of the requirements for the degree of Doctor of Philosophy in Computer Science in the Graduate Division of the University of California, Berkeley Committee in charge: Professor J.D. Tygar, Chair Professor Deirdre Mulligan Professor Vern Paxson Fall 2017 1 Abstract Threat modeling and circumvention of Internet censorship by David Fifield Doctor of Philosophy in Computer Science University of California, Berkeley Professor J.D. Tygar, Chair Research on Internet censorship is hampered by poor models of censor behavior. Censor models guide the development of circumvention systems, so it is important to get them right. A censor model should be understood not just as a set of capabilities|such as the ability to monitor network traffic—but as a set of priorities constrained by resource limitations. My research addresses the twin themes of modeling and circumvention. With a grounding in empirical research, I build up an abstract model of the circumvention problem and examine how to adapt it to concrete censorship challenges. I describe the results of experiments on censors that probe their strengths and weaknesses; specifically, on the subject of active probing to discover proxy servers, and on delays in their reaction to changes in circumvention. I present two circumvention designs: domain fronting, which derives its resistance to blocking from the censor's reluctance to block other useful services; and Snowflake, based on quickly changing peer-to-peer proxy servers. I hope to change the perception that the circumvention problem is a cat-and-mouse game that affords only incremental and temporary advancements.
  • Changing of the Guards: a Framework for Understanding and Improving Entry Guard Selection in Tor

    Changing of the Guards: a Framework for Understanding and Improving Entry Guard Selection in Tor

    Changing of the Guards: A Framework for Understanding and Improving Entry Guard Selection in Tor Tariq Elahi†, Kevin Bauer†, Mashael AlSabah†, Roger Dingledine‡, Ian Goldberg† †University of Waterloo ‡The Tor Project, Inc. †{mtelahi,k4bauer,malsabah,iang}@cs.uwaterloo.ca ‡[email protected] ABSTRACT parties with anonymity from their communication partners as well Tor is the most popular low-latency anonymity overlay network as from passive third parties observing the network. This is done for the Internet, protecting the privacy of hundreds of thousands by distributing trust over a series of Tor routers, which the network of people every day. To ensure a high level of security against cer- clients select to build paths to their Internet destinations. tain attacks, Tor currently utilizes special nodes called entry guards If the adversary can anticipate or compel clients to choose com- as each client’s long-term entry point into the anonymity network. promised routers then clients can lose their anonymity. Indeed, While the use of entry guards provides clear and well-studied secu- the client router selection protocol is a key ingredient in main- rity benefits, it is unclear how well the current entry guard design taining the anonymity properties that Tor provides and needs to achieves its security goals in practice. be secure against adversarial manipulation and leak no information We design and implement Changing of the Guards (COGS), a about clients’ selected routers. simulation-based research framework to study Tor’s entry guard de- When the Tor network was first launched in 2003, clients se- sign. Using COGS, we empirically demonstrate that natural, short- lected routers uniformly at random—an ideal scheme that provides term entry guard churn and explicit time-based entry guard rotation the highest amount of path entropy and thus the least amount of contribute to clients using more entry guards than they should, and information to the adversary.
  • Improving and Analysing Bingo Voting

    Improving and Analysing Bingo Voting

    Improving and Analysing Bingo Voting zur Erlangung des akademischen Grades eines Doktors der Naturwissenschaften von der Fakultät für Informatik des Karlsruher Instituts für Technologie (KIT) genehmigte Dissertation von Christian Henrich aus Marburg Tag der mündlichen Prüfung: 5. Juli 2012 Erster Gutachter: Prof. Dr. Jörn Müller-Quade Zweiter Gutachter: Juniorprof. Dr. Dennis Hofheinz KIT – University of the State of Baden-Wuerttemberg and National Laboratory of the Helmholtz Association www.kit.edu Contents Abstract 9 Zusammenfassung 11 1 Introduction 15 1.1 Contribution of this Work . 16 1.2 Structure of this Work . 16 2 Preliminaries 19 2.1 About Elections . 19 2.1.1 Election Types . 19 2.1.2 Voting Procedure . 20 2.1.3 Electoral Systems . 21 2.1.4 Properties of Elections . 22 2.1.5 Attacks on Voting Schemes . 23 2.1.6 Paper vs. Machine . 24 2.1.6.1 Paper Ballots . 24 2.1.6.2 Optical Scan Voting System . 25 2.1.6.3 Voting Machines . 25 2.1.7 Presence vs. Remote Voting . 26 2.2 Terminology and Notions . 27 2.2.1 Roles in an Election . 27 2.2.2 Phases of an Election . 27 2.2.3 Tally and Result . 28 2.3 Security Notions . 29 2.3.1 Correctness . 29 2.3.1.1 Software Independence . 29 2.3.1.2 End-to-end Security . 30 2.3.2 Ballot Secrecy . 30 2.3.2.1 Receipt Freeness . 31 2.3.2.2 Coercion Resistance . 31 2.3.3 Practical Requirements . 32 2.3.3.1 Dispute Freeness . 32 2.3.3.2 Robustness .
  • Electronic Voting: Methods and Protocols Christopher Andrew Collord James Madison University

    Electronic Voting: Methods and Protocols Christopher Andrew Collord James Madison University

    James Madison University JMU Scholarly Commons Masters Theses The Graduate School Spring 2013 Electronic voting: Methods and protocols Christopher Andrew Collord James Madison University Follow this and additional works at: https://commons.lib.jmu.edu/master201019 Part of the Computer Sciences Commons Recommended Citation Collord, Christopher Andrew, "Electronic voting: Methods and protocols" (2013). Masters Theses. 177. https://commons.lib.jmu.edu/master201019/177 This Thesis is brought to you for free and open access by the The Graduate School at JMU Scholarly Commons. It has been accepted for inclusion in Masters Theses by an authorized administrator of JMU Scholarly Commons. For more information, please contact [email protected]. Electronic Voting: Methods and Protocols Christopher A. Collord A thesis submitted to the Graduate Faculty of JAMES MADISON UNIVERSITY In Partial Fulfillment of the Requirements for the degree of Master of Science InfoSec 2009 Cohort May 2013 Dedicated to my parents, Ross and Jane, my wife Krista, and my faithful companions Osa & Chestnut. ii Acknowledgements: I would like to acknowledge Krista Black, who has always encouraged me to get back on my feet when I was swept off them, and my parents who have always been there for me. I would also like to thank my dog, Osa, for sitting by my side for countless nights and weekends while I worked on this thesis—even though she may never know why! Finally, I would also like to thank all who have taught me at James Madison University. I believe that the education I have received will serve me well for many years to come.
  • A Secure Environment for Untrusted Helper Applications (Confining the Wily Hacker)

    A Secure Environment for Untrusted Helper Applications (Confining the Wily Hacker)

    The following paper was originally published in the Proceedings of the Sixth USENIX UNIX Security Symposium San Jose, California, July 1996. A Secure Environment for Untrusted Helper Applications (Confining the Wily Hacker) Ian Goldberg, David Wagner, Randi Thomas, and Eric Brewer Computer Science Division University of California, Berkeley For more information about USENIX Association contact: 1. Phone: 510 528-8649 2. FAX: 510 548-5738 3. Email: [email protected] 4. WWW URL: http://www.usenix.org A Secure Environment for Untruste d Help er Applications Con ningtheWilyHacker Ian Goldb erg David Wagner Randi Thomas Er ic A. Brewer fiang,daw,randit,[email protected] University of California, Berkeley cious programs to spawn pro ce ss e s andto read or Ab stract wr iteanunsusp ecting us er's le s [15,18,19,34,36]. Whatisnee ded in thi s new environment, then, i s Manypopular programs, suchasNetscap e, us e un- protection for all re source s on a us er's system f rom trusted help er applications to pro ce ss data f rom the thi s threat. network. Unfortunately,theunauthenticated net- workdatathey interpret could well have b een cre- Our aim i s tocon netheuntrusted software anddata ated byanadversary,andthehelp er applications are by monitor ingand re str ictingthe system calls it p er- 1 usually to o complex to b e bug-f ree. Thi s rai s e s s ig- forms. We builtJanus , a s ecure environment for ni cant s ecur ity concer ns. Therefore, it i s de s irable untrusted help er applications, bytaking advantage to create a s ecure environmenttocontain untrusted of the Solar i s pro ce ss tracing f acility.
  • El Gamal Mix-Nets and Implementation of a Verifier

    El Gamal Mix-Nets and Implementation of a Verifier

    KTH Royal Institute of Technology School of Computer Science and Communication El Gamal Mix-Nets and Implementation of a Verifier SA104X Degree Project in Engineering Physics Erik Larsson ([email protected]) Carl Svensson ([email protected]) Supervisor: Douglas Wikstr¨om Abstract A mix-net is a cryptographic protocol based on public key cryptography which enables untraceable communication through a collection of nodes. One important application is electronic voting where it enables the construction of systems which satisfies many voting security requirements, including veri- fiability of correct execution. Verificatum is an implementation of a mix-net by Douglas Wikstr¨om. This report concerns the implementation of a verifier and evaluation of the implementation manual for the Verificatum mix-net. The purpose of the document is to enable third parties to convince themselves that the mix- net has behaved correctly without revealing any secret information. This implementation is a simple version of the verifier using the document and some test vectors generated by the mix-net. The document contains all information but there are still some possibilities for further clarification in order to make it comprehensible to a larger audience. Contents 1 Introduction 2 1.1 Verificatum . 2 1.2 Goals and Scope . 3 2 Background 3 2.1 El Gamal Cryptography . 3 2.1.1 Definition . 4 2.1.2 Security . 4 2.1.3 Properties . 5 2.2 Cryptographic Primitives . 6 2.2.1 Hash functions . 6 2.2.2 Pseudo Random Generators . 6 2.2.3 Random Oracles . 7 2.3 Mix Networks . 7 2.3.1 Overview . 7 2.3.2 El Gamal Mix-Nets .
  • Effective Attacks and Provable Defenses for Website Fingerprinting

    Effective Attacks and Provable Defenses for Website Fingerprinting

    Effective Attacks and Provable Defenses for Website Fingerprinting Tao Wang, University of Waterloo; Xiang Cai, Rishab Nithyanand, and Rob Johnson, Stony Brook University; Ian Goldberg, University of Waterloo https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/wang_tao This paper is included in the Proceedings of the 23rd USENIX Security Symposium. August 20–22, 2014 • San Diego, CA ISBN 978-1-931971-15-7 Open access to the Proceedings of the 23rd USENIX Security Symposium is sponsored by USENIX Effective Attacks and Provable Defenses for Website Fingerprinting Tao Wang1 Xiang Cai2 Rishab Nithyanand2 Rob Johnson2 Ian Goldberg1 1University of Waterloo 2Stony Brook University t55wang,iang @cs.uwaterloo.ca xcai,rnithyanand,rob @cs.stonybrook.edu { } { } Abstract When a client browses the web, she reveals her desti- Website fingerprinting attacks allow a local, passive nation and packet content to intermediate routers, which eavesdropper to identify a user’s web activity by lever- are controlled by ISPs who may be susceptible to ma- aging packet sequence information. These attacks break licious attackers, eavesdroppers, and legal pressure. To the privacy expected by users of privacy technologies, protect her web-browsing privacy, the client would need including low-latency anonymity networks such as Tor. to encrypt her communication traffic and obscure her In this paper, we show a new attack that achieves sig- destinations with a proxy such as Tor. Website finger- nificantly higher accuracy than previous attacks in the printing refers to the set of techniques that seek to re- same field, further highlighting website fingerprinting as identify these clients’ destination web pages by passively a genuine threat to web privacy.
  • Performance Evaluation of the Bingo Electronic Voting Protocol

    Performance Evaluation of the Bingo Electronic Voting Protocol

    IOSR Journal of Computer Engineering (IOSR-JCE) e-ISSN: 2278-0661,p-ISSN: 2278-8727, Volume 17, Issue 2, Ver. 1 (Mar – Apr. 2015), PP 89-102 www.iosrjournals.org Performance Evaluation of the Bingo Electronic Voting Protocol Waleed A. Naji, Sherif Khattab and Fatma A. Omara Department of Computer Science, Faculty of Computers and Information Cairo University, Egypt Abstract: Research in e-voting aims at designing usable and secure electronic voting systems. This paper provides an empirical analysis of the computational performance of a prototype implementation of the Bingo electronic voting protocol. Bingo is a receipt-based end-to-end verifiable electronic voting protocol that claims the property of coercion resistance. According to this work, a prototype of the Bingo design has been described in terms of sequence and class diagrams. Also, its operation has been demonstrated using a case study of a sample election. Four main operations have been analyzed; initialization of cyclic groups, generation of dummy votes, zero-knowledge proof of fair vote distribution over candidates, and zero-knowledge proof of receipt correctness. The performance was affected by the cyclic group order, number of candidates, and number of voters. Keywords: E-voting, Bingo voting, coercion resistance, zero-knowledge proof, commitments. I. Introduction Voting plays an essential role in a democracy. The result of voting determines the future of a country. Voting must achieve a set of requirements. On the other hands, an e-voting system must achieve technical requirements, user interaction requirements, integration requirements, and (most critically) security requirements [1-4]. Security requirements of the e-voting system are classified into two group; voter-related requirements and voting-related requirements.
  • Multiparty Routing: Secure Routing for Mixnets

    Multiparty Routing: Secure Routing for Mixnets

    Multiparty Routing: Secure Routing for Mixnets Fatemeh Shirazi Elena Andreeva Markulf Kohlweiss Claudia Diaz imec - COSIC KU Leuven imec - COSIC KU Leuven Microsoft Research imec - COSIC KU Leuven Leuven, Belgium Leuven, Belgium Cambridge, UK Leuven, Belgium Abstract—Anonymous communication networks are impor- re-mailer, Freenet [5], [6] used for anonymous file-sharing, and tant building blocks for online privacy protection. One approach DC-Nets [7] that can be deployed for broadcast applications to achieve anonymity is to relay messages through multiple such as group messaging. routers, where each router shuffles messages independently. To achieve anonymity, at least one router needs to be honest. The goal of ACNs is to anonymize communications by In the presence of an adversary that is controlling a subset relaying them over multiple routers. There are three main types of the routers unbiased routing is important for guaranteeing of anonymous routing in terms of how routers are chosen to anonymity. However, the routing strategy also influenced other form the path. factors such as the scalability and the performance of the system. One solution is to use a fixed route for relaying all messages First, in deterministic routing, the paths are predetermined with many routers. If the route is not fixed the routing decision by the system configuration. Chaum’s original ACN pro- can either be made by the communication initiator or the posal [1] considered a sequence of mixes organized in a intermediate routers. However, the existing routing types each cascade. Systems that adopted the cascade network topology have limitations. For example, one faces scalability issues when in their designs include JAP [8], and voting systems, such as increasing the throughput of systems with fixed routes.
  • D6.2 Altcoins – Alternatives to Bitcoin and Their Increasing Presence In

    D6.2 Altcoins – Alternatives to Bitcoin and Their Increasing Presence In

    Ref. Ares(2018)1599225 - 22/03/2018 RAMSES Internet Forensic platform for tracking the money flow of financially-motivated malware H2020 - 700326 D6.2 Altcoins: Alternatives to Bitcoin and their increasing presence in Malware-related Cybercrime Lead Authors: Darren Hurley-Smith (UNIKENT), Julio Hernandez-Castro (UNIKENT) With contributions from: Edward Cartwright (UNIKENT), Anna Stepanova (UNIKENT) Reviewers: Luis Javier Garcia Villalba (UCM) Deliverable nature: Report (R) Dissemination level: Public (PU) (Confidentiality) Contractual delivery date: 31/08/2017 Actual delivery date: 31/08/2017 Version: 1.0 Total number of pages: 36 Keywords: Cryptocurrency, altcoin, malware, darknet market, privacy Abstract Bitcoin is a relatively well-known cryptocurrency, a digital token representing value. It uses a blockchain, a distributed ledger formed of blocks which represent a network of computers agreeing that transactions have occurred, to provide a ledger of sorts. This technology is not unique to Bitcoin, many so-called ‘altcoins’ now exist. These alternative coins provide their own services, be it as a store of value with improved transactions (lower fees, higher speed), or additional privacy. Malware and Dark Net Market (DNM) operators have used Bitcoin to facilitate pseudo-anonymous extraction of value from their victims and customers. However, several high-profile arrests have been made using Bitcoin transaction graphing methods, proving that the emphasis is on the pseudo part of pseudo-anonymity. Altcoins specialising in masking the users’ identity – Monero, ZCash, and Dash – are therefore of interest as the next potential coins of choice for criminals. Ethereum, being the second largest crypto-currencies and imminently implementing its own privacy features, is also of interest.