Paper 2018/1184
Uncontrolled Randomness in Blockchains: Covert Bulletin Board for Illicit Activities
Nasser Alsalami and Bingsheng Zhang
Abstract
The blockchain technology represents a new paradigm to realize persistent distributed ledgers globally. While the blockchain technology is promising in a great number of fields, it can be abused to covertly store and disseminate potentially harmful digital content. Consequently, using blockchains as uncensored decentralized networks for arbitrary data distribution poses a serious regulatory issue. In this work, we show the severity of the problem by demonstrating a new technique that can be exploited to use the blockchain as a covert bulletin board to secretly store and distribute objectionable content. More specically, all major blockchain systems use randomized cryptographic primitives, such as digital signatures and non-interactive zero-knowledge proofs, and we illustrate how the uncontrolled randomness in such primitives can be maliciously manipulated to enable covert communication and hidden persistent storage. We also demonstrate how the same technique can be extended to launch subversion attacks on the wallets of most top-ranked cryptocurrencies, such as Bitcoin, Ethereum, Monero, etc. To clarify the potential risk of uncontrolled randomness, we design, implement and evaluate our technique against the widely-used ECDSA signature scheme, the CryptoNote's ring signature scheme, and Monero's ring condential transactions. Note that the signicance of the demonstrated attacks stems from their undetectability, their adverse effect on the future of decentralized blockchains, and their serious repercussions on users' privacy and crypto funds. Finally, besides presenting the attacks, we provide a discussion of current countermeasures and suggest some countermeasures to mitigate the threat of such attacks.
Metadata
- Available format(s)
- Category
- Applications
- Publication info
- Preprint. MINOR revision.
- Keywords
- BlockchainSteganographyCovert Broadcast ChannelsContent InsertionWallet Subversion
- Contact author(s)
- n alsalami @ lancaster ac uk
- History
- 2019-02-20: last of 3 revisions
- 2018-12-10: received
- See all versions
- Short URL
- https://ia.cr/2018/1184
- License
-
CC BY