References of "Tikhomirov, Sergei 50023104"
     in
Bookmark and Share    
Full Text
Peer Reviewed
See detailSecurity and Privacy of Mobile Wallet Users in Bitcoin, Dash, Monero, and Zcash
Biryukov, Alex UL; Tikhomirov, Sergei UL

in Pervasive and Mobile Computing (2019)

Mobile devices play an increasingly important role in the cryptocurrency ecosystem, yet their privacy guarantees remain unstudied. To verify transactions, they either trust a server or use simple payment ... [more ▼]

Mobile devices play an increasingly important role in the cryptocurrency ecosystem, yet their privacy guarantees remain unstudied. To verify transactions, they either trust a server or use simple payment verification. First, we review the security and privacy of popular Android wallets for Bitcoin and the three major privacy-focused cryptocurrencies (Dash, Monero, Zcash). Then, we investigate the network-level properties of cryptocurrencies and propose a method of transaction clustering based on timing analysis. We implement and test our method on selected wallets and show that a moderately resourceful attacker can correlate transactions issued from one device with relatively high accuracy. [less ▲]

Detailed reference viewed: 32 (2 UL)
Full Text
Peer Reviewed
See detailTransaction Clustering Using Network Traffic Analysis for Bitcoin and Derived Blockchains
Biryukov, Alex UL; Tikhomirov, Sergei UL

in IEEE INFOCOM 2019 Workshop Proceedings (2019)

Bitcoin is a decentralized digital currency introduced in 2008 and launched in 2009. Bitcoin provides a way to transact without any trusted intermediary, but its privacy guarantees are questionable, and ... [more ▼]

Bitcoin is a decentralized digital currency introduced in 2008 and launched in 2009. Bitcoin provides a way to transact without any trusted intermediary, but its privacy guarantees are questionable, and multiple deanonymization attacks have been proposed. Cryptocurrency privacy research has been mostly focused on blockchain analysis, i.e., extracting information from the transaction graph. We focus on another vector for privacy attacks: network analysis. We describe the message propagation mechanics in Bitcoin and propose a novel technique for transaction clustering based on network traffic analysis. We show that timings of transaction messages leak information about their origin, which can be exploited by a well connected adversarial node. We implement and evaluate our method in the Bitcoin testnet with a high level of accuracy, deanonymizing our own transactions issued from a desktop wallet (Bitcoin Core) and from a mobile (Mycelium) wallet. Compared to existing approaches, we leverage the propagation information from multiple peers, which allows us to overcome an anti-deanonymization technique (“diffusion”) used in Bitcoin. [less ▲]

Detailed reference viewed: 34 (3 UL)
Full Text
Peer Reviewed
See detailDeanonymization and linkability of cryptocurrency transactions based on network analysis
Biryukov, Alex UL; Tikhomirov, Sergei UL

in 2019 IEEE European Symposium on Security and Privacy (EuroS&P) (2019)

Bitcoin, introduced in 2008 and launched in 2009, is the first digital currency to solve the double spending problem without relying on a trusted third party. Bitcoin provides a way to transact without ... [more ▼]

Bitcoin, introduced in 2008 and launched in 2009, is the first digital currency to solve the double spending problem without relying on a trusted third party. Bitcoin provides a way to transact without any trusted intermediary, but its privacy guarantees are questionable. Despite the fact that Bitcoin addresses are not linked to any identity, multiple deanonymization attacks have been proposed. Alternative cryptocurrencies such as Dash, Monero, and Zcash aim to provide stronger privacy by using sophisticated cryptographic techniques to obfuscate transaction data. Previous work in cryptocurrency privacy mostly focused on applying data mining algorithms to the transaction graph extracted from the blockchain. We focus on a less well researched vector for privacy attacks: network analysis. We argue that timings of transaction messages leak information about their origin, which can be exploited by a well connected adversarial node. For the first time, network level attacks on Bitcoin and the three major privacy-focused cryptocurrencies have been examined. We describe the message propagation mechanics and privacy guarantees in Bitcoin, Dash, Monero, and Zcash. We propose a novel technique for linking transactions based on transaction propagation analysis. We also unpack address advertisement messages (ADDR), which under certain assumptions may help in linking transaction clusters to IP addresses of nodes. We implement and evaluate our method, deanonymizing our own transactions in Bitcoin and Zcash with a high level of accuracy. We also show that our technique is applicable to Dash and Monero. We estimate the cost of a full-scale attack on the Bitcoin mainnet at hundreds of US dollars, feasible even for a low budget adversary. [less ▲]

Detailed reference viewed: 143 (6 UL)
Full Text
Peer Reviewed
See detailSmartCheck: Static Analysis of Ethereum Smart Contracts
Tikhomirov, Sergei UL; Voskresenskaya, Ekaterina; Ivanitskiy, Ivan et al

Scientific Conference (2018, May 27)

Ethereum is a major blockchain-based platform for smart contracts – Turing complete programs that are executed in a decentralized network and usually manipulate digital units of value. Solidity is the ... [more ▼]

Ethereum is a major blockchain-based platform for smart contracts – Turing complete programs that are executed in a decentralized network and usually manipulate digital units of value. Solidity is the most mature high-level smart contract language. Ethereum is a hostile execution environment, where anonymous attackers exploit bugs for immediate financial gain. Developers have a very limited ability to patch deployed contracts. Hackers steal up to tens of millions of dollars from flawed contracts, a well-known example being “The DAO“, broken in June 2016. Advice on secure Ethereum programming practices is spread out across blogs, papers, and tutorials. Many sources are outdated due to a rapid pace of development in this field. Automated vulnerability detection tools, which help detect potentially problematic language constructs, are still underdeveloped in this area. We provide a comprehensive classification of code issues in Solidity and implement SmartCheck – an extensible static analysis tool that detects them. SmartCheck translates Solidity source code into an XML-based intermediate representation and checks it against XPath patterns. We evaluated our tool on a big dataset of real-world contracts and compared the results with manual audit on three contracts. Our tool reflects the current state of knowledge on Solidity vulnerabilities and shows significant improvements over alternatives. SmartCheck has its limitations, as detection of some bugs requires more sophisticated techniques such as taint analysis or even manual audit. We believe though that a static analyzer should be an essential part of contract developers’ toolbox, letting them fix simple bugs fast and allocate more effort to complex issues. [less ▲]

Detailed reference viewed: 1033 (27 UL)
Full Text
Peer Reviewed
See detailPrivacy-preserving KYC on Ethereum
Biryukov, Alex UL; Khovratovich, Dmitry; Tikhomirov, Sergei UL

Scientific Conference (2018, May 09)

Identity is a fundamental concept for the financial industry. In order to comply with regulation, financial institutions must verify the identity of their customers. Identities are currently handled in a ... [more ▼]

Identity is a fundamental concept for the financial industry. In order to comply with regulation, financial institutions must verify the identity of their customers. Identities are currently handled in a centralized way, which diminishes users' control over their personal information and threats their privacy. Blockchain systems, especially those with support for smart contracts (e.g.,~Ethereum), are expected to serve as a basis of more decentralized systems for digital identity management. We propose a design of a privacy-preserving KYC scheme on top of Ethereum. It would let providers of financial services leverage the potential of blockchain technology to increase efficiency of customer onboarding while complying with regulation and protecting users' privacy. [less ▲]

Detailed reference viewed: 397 (19 UL)
Full Text
Peer Reviewed
See detailEthereum: state of knowledge and research perspectives
Tikhomirov, Sergei UL

Scientific Conference (2017, October 24)

Ethereum is a decentralized application platform that allows users to write, deploy, and interact with smart contracts -- programs that encode financial agreements. A peer-to-peer network of mutually ... [more ▼]

Ethereum is a decentralized application platform that allows users to write, deploy, and interact with smart contracts -- programs that encode financial agreements. A peer-to-peer network of mutually distrusting nodes maintains a common view of the state of all accounts and executes smart contracts' code upon request. The global state is stored in a blockchain secured by a proof-of-work consensus mechanism similar to that in Bitcoin. The core value proposition of Ethereum is a Turing-complete programming language that enables implementing complex logic in smart contracts. Decentralized applications without a trusted third party are appealing in many areas, such as financial services, crowdfunding, and gambling. Smart contracts as a research topic contains many unsolved challenges and spans over areas ranging from cryptography, consensus algorithms, and programming languages to governance, ethical, and legal issues. This paper is the first to summarize the state of knowledge in this field. We provide a technical overview of Ethereum and outline open challenges along with proposed solutions. We also mention alternative blockchains with Turing complete programming capabilities. [less ▲]

Detailed reference viewed: 1067 (37 UL)
Full Text
Peer Reviewed
See detailFindel: Secure Derivative Contracts for Ethereum
Biryukov, Alex UL; Khovratovich, Dmitry UL; Tikhomirov, Sergei UL

Scientific Conference (2017, April 07)

Blockchain-based smart contracts are considered a promising technology for handling financial agreements securely. In order to realize this vision, we need a formal language to unambiguously describe ... [more ▼]

Blockchain-based smart contracts are considered a promising technology for handling financial agreements securely. In order to realize this vision, we need a formal language to unambiguously describe contract clauses. We introduce Findel -- a purely declarative financial domain-specific language (DSL) well suited for implementation in blockchain networks. We implement an Ethereum smart contract that acts as a marketplace for Findel contracts and measure the cost of its operation. We analyze challenges in modeling financial agreements in decentralized networks and outline directions for future work. [less ▲]

Detailed reference viewed: 1490 (84 UL)