Florian Tschorsch

Charmaine Ndolo, Florian Tschorsch

Bitcoin recently introduced a new protocol for the encryption of peer-to-peer (P2P) communication. The protocol, known as V2 P2P transport, represents a big step towards securing the overlay network against various previously-known attack vectors. Based on an analysis of V2 P2P transport, this work examines the current viability of said attacks and concludes that while they are now remediated, alternative attacks and paths to similar objectives exist. The identified shortcomings are conceptual (and not implementation bugs) and even applicable to other P2P networks. We show how a network-level attacker can identify application messages using the length of TCP payloads, can eclipse a target node by taking advantage of how encrypted communication channels work and can downgrade all of a node's connections to the unencrypted protocol by using the mechanisms designed for compatibility. We validate our contributions using a combination of network measurements, emulations and simulations. Finally, we propose a series of short-term and long-term countermeasures towards securing Bitcoin's P2P network. To the best of our knowledge, we are the first to study Bitcoin's security under V2 P2P transport.

Konrad Yuri Gbur, Florian Tschorsch

The QUIC protocol is a new approach to combine encryption and transport layer stream abstraction into one protocol to lower latency and improve security. However, the decision to encrypt transport layer functionality may limit the capabilities of firewalls to protect networks. To identify these limitations we created a test environment and analyzed generated QUIC traffic from the viewpoint of a middlebox. This paper shows that QUIC indeed exposes traditional stateful firewalls to UDP hole punching bypass attacks. On the contrary we show the robustness against censorship of QUIC through the encrypted transport layer design and analyze the capabilities to re-gain stateful tracking capabilities by deep packet inspection of the few exposed QUIC header fields.

Erik Daniel, Florian Tschorsch

Due to their immutable log of information, blockchains can be considered as a transparency-enhancing technology. The immutability, however, also introduces threats and challenges with respect to privacy laws and illegal content. Introducing a certain degree of mutability, which enables the possibility to store and remove information, can therefore increase the opportunities for blockchains. In this paper, we present a concept for a mutable blockchain structure. Our approach enables the removal of certain blocks, while maintaining the blockchain's verifiability property. Since our concept is agnostic to any consensus algorithms, it can be implemented with permissioned and permissionless blockchains.

Fabian Stiehle, Erik Daniel, Florian Tschorsch

An important aspect of the propagation delay in blockchain networks is the block verification time, which is also responsible for the so-called verifier's dilemma. Models for the block verification time can help to understand and improve the verification process. Moreover, modeling the verification time is necessary for blockchain network simulations. In this paper, we present JOIST, a new model for the block verification time of Zcash. We identify computationally complex operations in the verification process of Zcash, and derive our model based on characteristic transaction features. We evaluate JOIST and show that the model is consistently more accurate than existing models, which consider the block size only.

Saskia Nuñez von Voigt, Mira Pauli, Johanna Reichert et al.

An exploratory data analysis is an essential step for every data analyst to gain insights, evaluate data quality and (if required) select a machine learning model for further processing. While privacy-preserving machine learning is on the rise, more often than not this initial analysis is not counted towards the privacy budget. In this paper, we quantify the privacy loss for basic statistical functions and highlight the importance of taking it into account when calculating the privacy-loss budget of a machine learning approach.

Elias Rohrer, Florian Tschorsch

The Lightning Network is a scaling solution for Bitcoin that promises to enable rapid and private payment processing. In Lightning, multi-hop payments are secured by utilizing Hashed Time-Locked Contracts (HTLCs) and encrypted on the network layer by an onion routing scheme to avoid information leakage to intermediate nodes. In this work, we however show that the privacy guarantees of the Lightning Network may be subverted by an on-path adversary conducting timing attacks on the HTLC state negotiation messages. To this end, we provide estimators that enable an adversary to reduce the anonymity set and infer the likeliest payment endpoints. We developed a proof-of-concept measurement node that shows the feasibility of attaining time differences and evaluate the adversarial success in model-based network simulations. We find that controlling a small number malicious nodes is sufficient to observe a large share of all payments, emphasizing the relevance of the on-path adversary model. Moreover, we show that adversaries of different magnitudes could employ timing-based attacks to deanonymize payment endpoints with high precision and recall.

Erik Daniel, Elias Rohrer, Florian Tschorsch

Zcash is a privacy-preserving cryptocurrency that provides anonymous monetary transactions. While Zcash's anonymity is part of a rigorous scientific discussion, information on the underlying peer-to-peer network are missing. In this paper, we provide the first long-term measurement study of the Zcash network to capture key metrics such as the network size and node distribution as well as deeper insights on the centralization of the network. Furthermore, we present an inference method based on a timing analysis of block arrivals that we use to determine interconnections of nodes. We evaluate and verify our method through simulations and real-world experiments, yielding a precision of 50 % with a recall of 82 % in the real-world scenario. By adjusting the parameters, the topology inference model is adaptable to the conditions found in other cryptocurrencies and therefore also contributes to the broader discussion of topology hiding in general.

Elias Rohrer, Julian Malliaris, Florian Tschorsch

The Lightning Network is the most widely used payment channel network (PCN) to date, making it an attractive attack surface for adversaries. In this paper, we analyze the Lightning Network's PCN topology and investigate its resilience towards random failures and targeted attacks. In particular, we introduce the notions of channel exhaustion and node isolation attacks and show that the Lightning Network is susceptible to these attacks. In a preliminary analysis, we confirm that the Lightning Network can be classified as a small-world and scale-free network. Based on these findings, we develop a series of strategies for targeted attacks and introduce metrics that allow us to quantify the adversary's advantage. Our results indicate that an attacker who is able to remove a certain number of nodes should follow a centrality-based strategy, while a resource-limited attacker who aims for high efficiency should employ a highest ranked minimum cut strategy.

Elias Rohrer, Jann-Frederik Laß, Florian Tschorsch

Payment channel networks use off-chain transactions to provide virtually arbitrary transaction rates. In this paper, we provide a new perspective on payment channels and consider them as a flow network. We propose an extended push-relabel algorithm to find payment flows in a payment channel network. Our algorithm enables a distributed and concurrent execution without violating capacity constraints. To this end, we introduce the concept of capacity locking. We prove that flows are valid and present first results.