OnionCoin: Peer-to-Peer Anonymous Messaging with Incentive System by Tianri Gu A THESIS SUBMITTED IN PARTIAL FULFILLMENT OF THE REQUIREMENTS FOR THE DEGREE OF MASTER OF SCIENCE in THE FACULTY OF GRADUATE AND POSTDOCTORAL STUDIES (Computer Science) THE UNIVERSITY OF BRITISH COLUMBIA (Vancouver) August 2018 c Tianri Gu, 2018 i The following individuals certify that they have read, and recommend to the Faculty of Graduate and Postdoctoral Studies for acceptance, a thesis/dissertation entitled: OnionCoin: Peer-to-Peer Anonymous Messaging with Incentive System submitted by Tianri Gu in partial fulfillment of the requirements for the degree of Master of Science in Computer Science Examining Committee: Mike Feeley Supervisor Alan Wagner Supervisory Committee Member Supervisory Committee Member Additional Examiner Additional Supervisory Committee Members: Supervisory Committee Member Supervisory Committee Member Abstract The "free-riders" issue happens in many peer-to-peer system, and this issue severely damages the liveness of the system especially for the system that heav- ily relies on coordination of multiple peers. Many peer-to-peer system assumes that the peers are willing to volunteer their resources to support functionality of the system, such as content storage and traffic relay. However, the assumption is hardly true in real Internet world, in which most of the users are trying to maximize their profit playing to take advantages from the system without pro- viding corresponding services to others in the system. The notable decentralized anonymous network, TOR[1], also does not have any explicit incentives for the peer to host Onion Router as infrastructures relaying secure traffics to protect the other peers’ anonymity. Therefore, eventually the behaving users lose their faith in the system due to the unfairness, and the system may cease to properly run. OnionCoin(OC) is the first decentralized peer-to-peer anonymous messag- ing system based on Onion Routing with the integration of currency system attempting to resolve such issues in Onion Routing based systems. A peer in OC will have to "pay" for using the anonymous messaging service, and will "gain" by helping other peers. The purpose of this currency system is to record the transactions of "pay" and "gain" in order to provide incentives for peers to participate more in the system. Several protocols are designed so that the in- troduction of the currency system does not compromise any existing protection in Onion Routing on the anonymity of the communicating parties. iii Lay Summary This paper presents the design of an peer-to-peer anonymous messaging system named OnionCoin(OC). In OC, for an user to send an anonymous message to another, the message is going to passed through multiple other users till reaching the final destination, so that the path of the message is hard to discover by the adversary. OC also provide a solution to resolve the "free-rider" issue in such system by introducing a currency system. A "Coin" represents a token for services. Any user will have to "pay" a Coin for the service to deliver its own message, and every time a peer helps delivering the message from other peer, it gets "paid" anonymously with one Coin. As a result, every peer trades its contribution to the community to earn Coins saved for future communication and be able to communicate with anonymity. iv Preface This dissertation is original, unpublished, independent work by the author, Tianri Gu. v Table of Contents Abstract .................................... iii Lay Summary ................................ iv Preface ..................................... v Table of Contents ..............................viii List of Tables ................................. ix List of Figures ................................ x Acknowledgement .............................. xi Dedication ................................... xii 1 Introduction ............................... 1 2 System Overview ............................ 3 2.1 Decentralized Identity Provider . 3 2.2 Roles and Duties . 3 2.3 Global Ledger . 4 2.4 Message Encoding Scheme . 6 2.5 Routing Table . 6 2.6 ThreatModel............................. 7 2.7 Challenges............................... 7 3 Currency System: No Pay No Gain ................ 9 3.1 CoSignProtocol ........................... 9 3.2 WhatExactlyisaCoin?....................... 10 3.3 Blind Signature Review . 11 3.4 CoinExchange ............................ 12 3.5 FailToExchangeCoin........................ 14 4 Join and Discover ............................ 15 4.1 Register Protocol . 15 4.2 Registration Failures . 17 4.3 Finding Peers . 17 4.4 Active Advertisement . 18 4.5 Potential Threat on Peer Discovery . 18 5 Anonymous Message Delivery .................... 19 5.1 Preparation Stage . 20 5.2 Messaging Model Adjustment . 20 5.3 Message Forwarding Protocol . 24 5.4 Failure on Delivery . 25 vi 6 The Ledger ................................ 26 6.1 Records . 26 6.1.1 Registration Record . 26 6.1.2 CoinExchangeRecord. 26 6.1.3 Coin Reward Record . 27 6.2 Bank Selection . 27 6.3 Ledger Synchronization Protocol . 28 6.4 Block Generation . 30 6.4.1 Proposing Stage . 30 6.4.2 Pushing Stage . 31 6.4.3 Pulling Stage . 31 7 Threat Case Analysis .......................... 32 7.1 PassiveThreatonMessaging . 32 7.2 Single Malicious Node . 32 7.3 Multiple Malicious Intermediate Nodes . 33 8 Cheating on Currency ......................... 36 8.1 ForgingCoinsandRecords . 36 8.2 CheatingSenderandIntermediateNode . 38 9 Analysis of Encryption Steps ..................... 39 9.1 Encryptions in OMSG . 39 9.2 Encryptions in Protocols . 39 9.2.1 SignaturesInTheRecords . 40 9.2.2 Onioned Messages . 40 9.2.3 Blind Signature . 40 9.3 Analysis Summary . 41 9.3.1 Extra Cost in Coin Exchange . 41 9.3.2 ExtraCostinMessaging. 42 10 Prototype Evaluation .......................... 43 10.1 Implementation............................ 43 10.2 Experiments . 43 10.3 Evaluation . 48 11 Limitation and Future Work ..................... 51 11.1 Unidirectional Message . 51 11.2 Delivery Failure Detection . 51 11.3 Performance as of a Messaging System . 52 11.4 Re-usabilityofaCoin . 52 11.5 Features in Future Work . 53 12 Related Works .............................. 54 13 Conclusion ................................. 56 vii Bibliography ................................. 57 viii List of Tables 1 The probabilities that an adversary can forge Coins . 37 2 Number of Messages and Encryption Steps Summary for Coin Exchange in OC compare with NACE . 41 3NumberofMessagesandEncryptionStepsSummaryforaMes- sage Delivery through L intermediate nodes compared with TOR 42 ix List of Figures 1 RolesSwitchesinOCwith5Nodesand2asBank . 5 2OMSGGeneralFormat.......................5 3 CoSignProtocolwithNC=3.................... 10 4 ContentofaCoin........................... 11 5 CoinExchangeProtocolwithNC=3 . 12 6 RegisterProtocolwithNC=3 ................... 16 7MessageDeliveryfromStoRthrough2intermediatenodes...19 8 Message Delivery from S to R through 2 intermediate nodes with Coins"paid-in-advance" . 21 9 Message Delivery from S to R through 2 intermediate nodes with Coins"paid-afterward". 22 10 Message Delivery from S to R through 2 intermediate nodes with Coins "paid-afterward" and Feedbacks . 23 11 Ledger Synchronization with d0 =3and d1 =5 .......... 29 12 Number of Messages To Deliver 1000 message as Number of CoSignerschanges .......................... 44 13 Number of Encryptions To Deliver 1000 message as Number of CoSignerschanges .......................... 45 14 Number of Messages To Deliver 1000 message as length of Epoch changes ................................ 46 15 Number of Encryptions To Deliver 1000 message as length of Epoch changes . 47 16 Number of Messages To Deliver 1000 message as Number of Banks changes . 48 17 Number of Encryptions To Deliver 1000 message as Number of Banks changes . 49 x Acknowledgement I offer my sincere gratitude to the faulty of Computer Science, staffand my brilliant peers, who have inspired me to continue my study in Computer Science. Also, thanks to my graduated friends on providing precious suggestions. I owe my particular thanks to Dr. Mike Feeley, whose wisdom and guidance had greatly helped me on the path of becoming a better researcher and critical thinker in the field of Distributed Systems design. It was always a wonderful memory when discussing the ideas and thoughts in your office on the third floor at ICICS. xi Dedication To my beloved ones. xii 1 Introduction The significance of anonymous communication system is getting more attention for its capability on protecting the identity of the communication parties under the pervasive network traffics monitoring. Many researchers have proposed dif- ferent approaches designing application level anonymous communication overlay network to protect user’s anonymity. Majority of these [3, 19, 16] are based on the centralized server or a group of servers as the proxy to provide covers for their users. Although many of these system can provide strong guarantee on anonymity, they are relatively more vulnerable to be attacked on the availability such as Denial-of-Service(DoS) compared to the systems with more decentral- ized designs such as TOR [1], instead simply shutting down these messaging servers would prevent the anonymous communication from happening. When the servers are distributed across the globe, it makes the attack on availabil- ity much more difficult to perform but are only able to monitor the traffics at best effort to try to expose the connection among