Trusted third party

About: Trusted third party is a research topic. Over the lifetime, 2919 publications have been published within this topic receiving 60935 citations.

Deanonymization and Linkability of Cryptocurrency Transactions Based on Network Analysis

Abstract: Bitcoin, introduced in 2008 and launched in 2009, is the first digital currency to solve the double spending problem without relying on a trusted third party. Bitcoin provides a way to transact without any trusted intermediary, but its privacy guarantees are questionable. Despite the fact that Bitcoin addresses are not linked to any identity, multiple deanonymization attacks have been proposed. Alternative cryptocurrencies such as Dash, Monero, and Zcash aim to provide stronger privacy by using sophisticated cryptographic techniques to obfuscate transaction data. Previous work in cryptocurrency privacy mostly focused on applying data mining algorithms to the transaction graph extracted from the blockchain. We focus on a less well researched vector for privacy attacks: network analysis. We argue that timings of transaction messages leak information about their origin, which can be exploited by a well connected adversarial node. For the first time, network level attacks on Bitcoin and the three major privacy-focused cryptocurrencies have been examined. We describe the message propagation mechanics and privacy guarantees in Bitcoin, Dash, Monero, and Zcash. We propose a novel technique for linking transactions based on transaction propagation analysis. We also unpack address advertisement messages (ADDR), which under certain assumptions may help in linking transaction clusters to IP addresses of nodes. We implement and evaluate our method, deanonymizing our own transactions in Bitcoin and Zcash with a high level of accuracy. We also show that our technique is applicable to Dash and Monero. We estimate the cost of a full-scale attack on the Bitcoin mainnet at hundreds of US dollars, feasible even for a low budget adversary.

Micropayments for Decentralized Currencies

Abstract: Electronic financial transactions in the US, even those enabled by Bitcoin, have relatively high transaction costs. As a result, it becomes infeasible to make micropayments, i.e. payments that are pennies or fractions of a penny. In order to circumvent the cost of recording all transactions, Wheeler (1996) and Rivest (1997) suggested the notion of a probabilistic payment, that is, one implements payments that have expected value on the order of micro pennies by running an appropriately biased lottery for a larger payment. While there have been quite a few proposed solutions to such lottery-based micropayment schemes, all these solutions rely on a trusted third party to coordinate the transactions; furthermore, to implement these systems in today's economy would require a a global change to how either banks or electronic payment companies (e.g., Visa and Mastercard) handle transactions. We put forth a new lottery-based micropayment scheme for any ledger-based transaction system, that can be used today without any change to the current infrastructure. We implement our scheme in a sample web application and show how a single server can handle thousands of micropayment requests per second. We provide an analysis for how the scheme can work at Internet scale.

Dongle facilitated wireless consumer payments

Abstract: Computing systems and methods for facilitating consumer transactions in retail and other establishments include communication interfaces adapted to couple a computing system to a plurality of third party mobile electronic devices, storage components adapted to store user information, participating merchant information, or any combination thereof, and processors in communication with the communication interfaces and storage components. The processors are adapted to facilitate automatic wireless transactions between third party users of the third party mobile electronic devices and the participating merchants when the third party devices are present at the participating merchants without any affirmative activity by the third party users.

An authentication method

Abstract: An authentication method for authenticating communication between a first and a second party using a third party which is trusted by said first and second parties comprising the steps of calculating by the trusted third party the value of a first authentication output using a paramater of the first party and a second authentication output using the first authentication output and sending the second authentication output to the second party; calculating by the first party the first authentication output and sending the first authentication output to the second party; and calculating by the second party the second authentication output based on the first authentication output received from the first party and comparing the calculated second authentication output with the second authentication output received from the trusted third party whereby if the two second authentication outputs are the same, the first party is authenticated.

From Pretty Good to Great: Enhancing PGP Using Bitcoin and the Blockchain

Abstract: PGP is built upon a Distributed Web of Trust in which a user’s trustworthiness is established by others who can vouch through a digital signature for that user’s identity. Preventing its wholesale adoption are a number of inherent weaknesses to include (but not limited to) the following: 1) Trust Relationships are built on a subjective honor system, 2) Only first degree relationships can be fully trusted, 3) Levels of trust are difficult to quantify with actual values, and 4) Issues with the Web of Trust itself (Certification and Endorsement). Although the security that PGP provides is proven to be reliable, it has largely failed to garner large scale adoption. In this paper, we propose several novel contributions to address the aforementioned issues with PGP and associated Web of Trust. To address the subjectivity of the Web of Trust, we provide a new certificate format based on Bitcoin which allows a user to verify a PGP certificate using Bitcoin identity-verification transactions - forming first degree trust relationships that are tied to actual values (i.e., number of Bitcoins transferred during transaction). Secondly, we present the design of a novel Distributed PGP key server that leverages the Bitcoin transaction blockchain to store and retrieve our certificates.