Anonymous technological development block chain

Summary

This report focuses on the development of academic research in the context of the block chain technology anonymity technology. Research anonymity, mainly originated in Bitcoin. Bitcoin is the pseudonym of the user, but can not achieve true anonymity, as more and higher requirements for anonymity, scholars began to study the increase of anonymous Bitcoin technology or create a new encryption currency. These anonymous technologies are mixed coins from the beginning of the service to the later zero-knowledge proof. These have the following encryption learned to do a rough sort.

Bitcoin is insufficient in terms of anonymity

Bitcoin is a decentralized distributed to the books, everyone can generate a bitcoin address myself, therefore, if without the help of other forces, other people can not be a bitcoin address and a person linking. But many of Bitcoin users exchange trust, and each user will provide my identity at the time of registration Exchange, Stock Exchange as a centralized organization, which many users to master the address and identity. It can be said, can easily exchange each user and their Bitcoin address linked to the use of address if the cluster attack, all a user's address will likely be exposed.

In the address cluster analysis, all inputs can be considered a deal in Bitcoin's belong to the same entity [1,2]. A user, if you have multiple Bitcoin address, when the transfers, it is likely these addresses are on the same transaction for large payments. At present, this heuristic clustering method using encryption with a lot of money, this approach has been started from 2013, until now, is still the monetary analysis clustering analysis ultimately want to encrypt.

In addition, the other more well-known address of the analytical methods used to find the change address output if a transaction appeared in only one never seen before the new address, then the address is likely to be the change address [2 3], but this method has the potential existence of false alarm rate, but early analysis of Bitcoin transactions are still very useful. The above two heuristic methods together, to the vast majority of Bitcoin Bitcoin address cluster can then be exposed through the Bitcoin forum, mining pools official website and pages about Bitcoin address linked to possible to identify all of those corresponding to the user account information. If you once correlates real-world identity and a Bitcoin address of the user, the user entire transaction recorded on the block chain is likely to expose all, this is the inadequacies of Bitcoin in terms of anonymity. To solve these problems, industry and academia have made related efforts to promote monetary anonymous encryption technology has been in development.

The first generation of anonymous technology

Development of technology anonymous Bitcoin, in order to overcome the anonymity of the correlation for the attack, in order to cope address clustering method, there have been similar to the relay service transactions. Bitcoin in the early development, there has been "Bitcoin Fog", "BitLaundry" and "Bitmixer" and other service providers. Users will transfer their transactions go to the hands of these services, then these traders in currency forwards the same value to the recipient. When users use these services, you must be unconditional trust these service providers, and service providers will not believe their transfer record information. In addition to service providers, no one can guarantee that service providers will be forwarded to the recipient by other transactions after the user does not receive transfers.

When using a mixed currency services in addition to the user's transfer record may be recorded, there may be situations loss occurs, but also a problem of single point of failure, if mixed currency service attacks from hackers and lead to data exposure, the greater the risk of privacy exposure . It was suggested that the use of reputation systems, service by service providers to evaluate and build a reputation for service and tend to use a higher reputation service provider, although a good idea, but no one specific implementation from start to finish.

The second-generation technology Anonymous

Compared to the first generation of anonymous technology, the second generation of anonymity technology is committed to eliminate single point of failure problem. These technologies include mixed coins, CoinJoin and stealth address and zero-knowledge proof.

Mixed credits (Mixing)

Behind the currency mix of logic is very simple, if you want to anonymization, that is to use a media agency, which looks somewhat similar to the first generation of trading, but there are some differences. The main idea is to mix currency Bitcoin user by sending an intermediary to the media, and then recover the Bitcoin by other users, which makes the clustering method fails, because mixed in currency trading, all input transaction no longer belong to the same one user. However, this mix coins are still some problems. First of all, most of the coins mixed service does not necessarily ensure the realization of mixed currency effect, the user can not be guaranteed, and secondly, and the first generation of the same technology, the user completes the mixed coins, currency mix internal service providers will also be used to keep a record matching deposit and withdrawal. No one can guarantee the service provider itself is not a hacker or be hacked.

Mixed currency criteria

• If mixed credits, should multiple rounds of mixed coins, a set of a ring, and should not be used once, which is a principle has been widely accepted.
• In the mixed coins service, if the user uses a different number of bits different coins, such a mixed credits may not be effective, since the number of bits of external users in mixed coins into and out of currency, may be established by observation without association. Thus, the best case, a mixture should be such that no currency trading, all inputs are the same, all inputs are the same, mixed credits using a fixed input value, anonymity can be enhanced by mixing all transactions and services credits .
• Mixed currency fee all-or-nothing. If you charge a fee in mixed currency trading, the possible damage to the anonymous user, because the input to charge a fee no longer meets the mixed currency formats, users will try other output merger, which will expose the user's privacy.

In fact, as of 2015, there is not a mixed coins ecosystem functioning. There are a lot of mixed currency services on the market, but all have relatively low trading volumes, and many service providers are mixed coins reported stolen coins behavior, the occurrence of such events, is a great blow to the entire mixed currency services industry, based on this non-assurance services to general users willing to sacrifice privacy, do not want to lose Bitcoin.

CoinJoin (co currency)

Compared with the general mixed credits, CoinJoin [3] is mixed with a distributed token, it is implemented by means of a user-Point Protocol currency transactions mixed mode, and this concept was created for more credits bits fit. Distributed mixed currency service does not exist bootstrapping problem, users do not need to wait for a credible currency mix of centralized services, and stealing money behavior is unlikely to occur in the distributed case, mixed and distributed money to provide services better anonymity.

As a typical representative CoinJoin mixed coins distributed in CoinJoin, different users to create a single transaction, the transaction contains all the user input and output. The transaction each input is separate and independent of each other, which would allow a group of users to perform transactions through the use of mixed credits single transaction, each user provides an input and output address, after the person on the line that are combined to a deal. In the process of the organization, the sequence of random input and output disrupted, so that the external attacker can not establish a relationship between the input and output match. Each participant in the transaction signature, check the output address is already included in the output and input and they have the same bit of money, it can be confirmed and signed. The general steps CoinJoin transaction are as follows:

1. Find other users want to mix coins, grouped together
2. Get a different user inputs and outputs, the establishment of trading
3. The transaction is sent to the user, the user confirms the legitimacy of the transaction and signature
4. Broadcast deal

In a distributed system, all nodes follow this agreement, then the system can work properly. Any node can be assembled and broadcast deals.

In fact, it is a typical implementation PrivateSend CoinJoin technology in the Dash, Dash in the middle, CoinJoin transaction before the user needs to be in line with long-denomination CoinJoin Dash split transaction before it can be CoinJoin transaction.

Stealth Address (address hidden)

In Bitcoin, when someone needs to receive bitcoins, you need to publish their payment address, and once payment address released out, so anyone can see the address associated with the transaction, even if the address is not advertised, it is also possible to receive cluster analysis attacks exposed. Stealth Address [5] so that the user does not need to receive an address announcement, but a public announcement identifier, anyone who wants to send to the user, an identifier may be used and a number of published random number generating an address, and then under shall be sent to this address. The recipient can inspect according to their own private accounts and a random number in the block to the associated receiver address, thereby verifying a sum transfer transaction. But for external accounts, even in the block can be determined, it is difficult to determine the specific transmitted to the receiving party according to the identifier and the random number that is a transaction.

Realization of Stealth Address

If Alice sends Bob to give Bitcoin, in addition to Alice, no one should anybody know Bob is the recipient of the money. In order to do Untraceability, Alice Bob using the public view key and public send key randomly generated one-time public address, called Stealth public Address. Suppose public and private key pair is a view key to Bob $(A, a)$ , spend the public and private key pair is Key $(B,b)$ , wherein $A = aG, B = bG$ , G is a constant of cryptography, is generated as follows:

• Producing a random $r，r∈[1, l]， l$ is a G of prime order.
• make $RG = R, P = H_s (RA) G + B, H_s ()$ Is Keccak Monero hash algorithm used.
• That is generated Stealth public Address P.

P now derived as follows:
$P = \\ H_s (UK) G + B = H_s (RAG) G + G = \\ BG (H_s (RAG) + b) = G (H_s (Uk) + b)$

Alice tells Bob this transfer where the block number and transaction number, Bob use R, private view key a calculated and private spend key b $P = G (H_s (Ra) + b)$ Find all output transactions, and then to find out whether there is an output address corresponding output for P, if present, may prove to Bob Alice does the transfer.

Note: For other people, because they do not know Bob's private view key and private spend key, others can not know where Alice to Bob transfers address Yes.

It is a typical representative of StealthAddress Monero currency, but Monero Monero used not only in technology, but also to use additional round robin and confidential trading technology.

Zero-knowledge proof

In cryptography principles zero money and zero banknotes [6,7] Lu implemented very sublime, but also because of their commitment to achieve anonymity very powerful and effective. So far, the introduction of technology to strengthen anonymity, anonymous treatment are loaded on top of the original core technology agreement, and zero money and zero banknotes are in agreement on the integration layer anonymous treatment.

Zero money and zero banknotes at the protocol layer has been integrated into the functional currency mix, its property from anonymous ensure cryptography from their nature, these guarantees anonymity better than other techniques we discussed earlier. In terms of privacy protection, you do not trust anyone, for example, mixed currency service providers, mixed coins node, or any other form of intermediary, miners and even the mechanisms for consensus agreement. Like most cryptography to ensure that this guarantee of anonymity depends only on the upper limit of the computing power of the attacker.

Ling Chao, represented here mainly to introduce anonymous technology. Ling Chao is a different kind of anonymity encrypted digital currency, which is built on the concept of zero money, but will increase the encryption technology to a higher level. LingChao using a cryptographic technique called zk-SNARKS [8], this technique can be made more compact zero-knowledge proof, more efficient, the point is that the overall efficiency of the system can achieve a certain degree, making the whole network may need to rely on a basic currency and run, all transactions can be carried out with zero knowledge proof manner. In Ling Chao systems, the size of the transaction amount is encapsulated in a commitment and no longer visible on the block chain, cryptography evidence to ensure the correctness of the split and merge, the user can not create out of thin air bills.

The only public record of the content of books is the existence of the sex trade, as well as miners used to verify proof key attributes required for normal operation of the system. Neither appears on the block chain network address transaction, the transaction value is not displayed. The only requires the user to know the amount of the transaction, the sender and recipient of the transaction, the miners do not need to know. Of course, if one of transaction costs, the miners will need to know is that fee, this will not affect the protection of anonymity.

On anonymity and privacy, the Lingchao this totally untraceable martial art trading systems to self. Because the public books does not include transaction amount, Ling Chao bypass attacks against currency mix of services it is immune.

LingChao system

According to technical attributes, the Ling Chao looks a little too good to be true. In fact, it does have its own Vital. Just like pocket change, Ling Chao also need a "public argument" to set the zero-knowledge proof systems. However, unlike a number N requires only a few hundred bytes of length zero credits, Lingchao need is disclosed in a large set of parameters - which size exceeds 1G bytes. To re-emphasize that, in order to generate these public parameters, Ling Chao requires a set of random and secret input. If anyone knows these secrets input, it will have double spending problem can not be monitored, thereby endangering the safety of the entire system.

Here, we do not set too much depth study challenges a zk-SNARKs system faced the problem is a more active research, as of 2015, did not know how to build secure adequate means in practice this system, but fortunately, the current latest ZCash block chain has been successfully applied zk-SNARKs technology.

zkSNARKs process

zkSNARKs reduces the size of the proof and verification required amount calculation thereof. It can be summarized by the process of:

1. To verify the programs into a verification step in the logic, the step of disassembled into these logical arithmetic circuit constituted by arithmetic.
2. Through a series of transformation will require verification program into polynomial product verification are equal, as demonstrated t (x) h (x) = w (x) v (x).
3. In advance randomly select a few authentication checkpoint s, several check points in this equation is satisfied.
4. By homomorphic encoded / encrypted manner such that the verifier does not know the actual input value when the calculation equation, but can still be verified.
5. When the left and right sides of the equation can not simultaneously multiplied by a confidential value k 0, then equals (w (s) v (s) k) verifying (t (s) h (s) k), can not know specific t (s), h (s), w (s), v (s), so that the information can be protected.

to sum up

This report on the current block even in anonymous technology in detail and analysis, bits than anonymity enhancement technology development from 2013 until today, the simple relay from the initial transaction, mixed currency, CoinJoin, Stealth address and zero-knowledge proof, the anonymity of the technology continues to develop, it becomes more and more complex, but can be seen, each of the anonymity of the technology is still insufficient even particular defects, development anonymity technology is still the future of research in the field of security even block hot spot.

Up to now, even the evaluation of anonymity block technology, there is still no uniform evaluation criteria, only the establishment of a unified evaluation criteria, in order to better point out the development direction of technology and the expansion of anonymity manner.

There are some obvious anonymity of harmful applications, but there are many useful applications, it is worth protecting. Although the distinction between moral level is very important, and we still can not clearly identify the technical level. Anonymous appears to have in-depth technical and inherent moral ambiguity, as a human society, we must learn how to face this reality.

references

1. Fergal Reid and Martin Harrigan. “An Analysis of Anonymity in the Bitcoin System”. In: Security and Privacy in Social Networks. Ed. by Y. Altshuler, Y. Elovici, A.B. Cremers, N. Aharony, and A. Pentland. New York: Springer, 2013, pp. 197–223.
2. Dorit Ron and Adi Shamir. “Quantitative Analysis of the Full Bitcoin Transaction Graph”. In: Financial Cryptography and Data Security. Ed. by Ahmad-Reza Sadeghi. Vol. 7859. Lecture Notes in Computer Science. Berlin Heidelberg: Springer, 2013, pp. 6–24.
3. Maxwell, Gregory.“CoinJoin: Bitcoin Privacy for the Real World.” Bitcoin Forum, 2013. https://bitcointalk.org/index.php?topic=279249.0.
4. Elli Androulaki, Ghassan O. Karame, Marc Roeschlin, Tobias Scherer, and Srdjan Capkun. “Evaluating User Privacy in Bitcoin.” In: Financial Cryptography and Data Security. Ed. by Ahmad-Reza Sadeghi. Vol. 7859. Lecture Notes in Computer Science. Berlin Heidelberg: Springer, 2013, pp. 34–51.
5. Peter Todd. Stealth Addresses. 2014. URL: https : / /lists.linuxfoundation.org/pipermail/bitcoin - dev/2014-January/004020.html (visited on 2017-02-10).
6. Miers,Ian,Christina Garman,Matthew Green,and Aviel D.Rubin.“Zerocoin:Anonymous Distributed E-Cash from Bitcoin.”In Proceedings of the 2013 IEEE Symposium on Security and Privacy .Washington,DC:IEEE,2013.
7. Sasson E B , Chiesa A , Garman C , et al. Zerocash: Decentralized Anonymous Payments from Bitcoin[C]// 2014 IEEE Symposium on Security and Privacy. IEEE, 2014.
8. Christian Reitwiessner,《zkSNARKs in a nutshell》,https://blog.ethereum.org/2016/12/05/zksnarks-in-a-nutshell/