mirror of
https://github.com/Ownercz/ssme-thesis.git
synced 2024-11-16 15:05:10 +01:00
658 lines
44 KiB
TeX
658 lines
44 KiB
TeX
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
%% I, the copyright holder of this work, release this work into the
|
|
%% public domain. This applies worldwide. In some countries this may
|
|
%% not be legally possible; if so: I grant anyone the right to use
|
|
%% this work for any purpose, without any conditions, unless such
|
|
%% conditions are required by law.
|
|
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
|
|
\documentclass[
|
|
printed, %% This option enables the default options for the
|
|
%% digital version of a document. Replace with `printed`
|
|
%% to enable the default options for the printed version
|
|
%% of a document.
|
|
table, %% Causes the coloring of tables. Replace with `notable`
|
|
%% to restore plain tables.
|
|
nolof, %% Prints the List of Figures. Replace with `nolof` to
|
|
%% hide the List of Figures.
|
|
nolot, %% Prints the List of Tables. Replace with `nolot` to
|
|
%% hide the List of Tables.
|
|
oneside, color
|
|
%% More options are listed in the user guide at
|
|
%% <http://mirrors.ctan.org/macros/latex/contrib/fithesis/guide/mu/fi.pdf>.
|
|
]{fithesis3}
|
|
%% The following section sets up the locales used in the thesis.
|
|
\usepackage[resetfonts]{cmap} %% We need to load the T2A font encoding
|
|
\usepackage[T1,T2A]{fontenc} %% to use the Cyrillic fonts with Russian texts.
|
|
\usepackage[
|
|
main=english, %% By using `czech` or `slovak` as the main locale
|
|
%% instead of `english`, you can typeset the thesis
|
|
%% in either Czech or Slovak, respectively.
|
|
german, russian, czech, slovak %% The additional keys allow
|
|
]{babel} %% foreign texts to be typeset as follows:
|
|
%%
|
|
%% \begin{otherlanguage}{german} ... \end{otherlanguage}
|
|
%% \begin{otherlanguage}{russian} ... \end{otherlanguage}
|
|
%% \begin{otherlanguage}{czech} ... \end{otherlanguage}
|
|
%% \begin{otherlanguage}{slovak} ... \end{otherlanguage}
|
|
%%
|
|
%% For non-Latin scripts, it may be necessary to load additional
|
|
%% fonts:
|
|
\usepackage{paratype}
|
|
\def\textrussian#1{{\usefont{T2A}{PTSerif-TLF}{m}{rm}#1}}
|
|
%%
|
|
%% The following section sets up the metadata of the thesis.
|
|
\thesissetup{
|
|
date = \the\year/\the\month/\the\day,
|
|
university = mu,
|
|
faculty = fi,
|
|
type = mgr,
|
|
author = Bc. Radim Lipovčan,
|
|
gender = m,
|
|
advisor = RNDr. Vlasta Šťavová,
|
|
title = {Monero usage and mining from usable security view},
|
|
TeXtitle = {Monero usage and mining from usable security view},
|
|
keywords = {Monero, usable security, cryptocurrency, mining, pool, blockchain},
|
|
TeXkeywords = {Monero, usable security, cryptocurrency, mining, pool, blockchain},
|
|
}
|
|
\thesislong{abstract}{
|
|
This is the abstract of my thesis, which can
|
|
|
|
span multiple paragraphs.
|
|
}
|
|
\thesislong{thanks}{
|
|
This is the acknowledgement for my thesis, which can
|
|
|
|
span multiple paragraphs.
|
|
}
|
|
%% The following section sets up the bibliography.
|
|
\usepackage{csquotes}
|
|
\usepackage[ %% When typesetting the bibliography, the
|
|
backend=biber, %% `numeric` style will be used for the
|
|
style=numeric, %% entries and the `numeric-comp` style
|
|
citestyle=numeric-comp, %% for the references to the entries. The
|
|
sorting=none, %% entries will be sorted in cite order.
|
|
sortlocale=auto %% For more unformation about the available
|
|
]{biblatex} %% `style`s and `citestyles`, see:
|
|
%% <http://mirrors.ctan.org/macros/latex/contrib/biblatex/doc/biblatex.pdf>.
|
|
\addbibresource{Thesis.bib} %% The bibliograpic database within
|
|
%% the file `example.bib` will be used.
|
|
\usepackage{makeidx} %% The `makeidx` package contains
|
|
\makeindex %% helper commands for index typesetting.
|
|
%% These additional packages are used within the document:
|
|
\usepackage{paralist}
|
|
\usepackage{amsmath}
|
|
\usepackage{amsthm}
|
|
\usepackage{amsfonts}
|
|
\usepackage{url}
|
|
\usepackage{menukeys}
|
|
|
|
%packages
|
|
\usepackage{float}
|
|
\usepackage{hyperref}
|
|
\usepackage[strings]{underscore}
|
|
|
|
%timeline
|
|
\usepackage{xcolor}
|
|
\newcommand\ytl[2]{
|
|
\parbox[b]{8em}{\hfill{\color{cyan}\bfseries\sffamily #1}~$\cdots\cdots$~}\makebox[0pt][c]{$\bullet$}\vrule\quad \parbox[c]{.7\linewidth}{\vspace{7pt}\color{red!40!black!80}\raggedright\sffamily #2.\\[7pt]}\\[-3pt]}
|
|
|
|
%caption
|
|
\usepackage{caption}
|
|
|
|
%branches
|
|
\usepackage{tikz}
|
|
%
|
|
\usetikzlibrary{trees}
|
|
|
|
%flowchart
|
|
\usetikzlibrary{shapes,arrows}
|
|
\usetikzlibrary{positioning}
|
|
|
|
%ringct
|
|
\usetikzlibrary{arrows,shapes,snakes,automata,backgrounds,petri}
|
|
|
|
%table
|
|
\usepackage{rotating}
|
|
\begin{document}
|
|
|
|
\chapter{Introduction}
|
|
%% Komentář Vlasta 10.7.: tady někde (možná samostatná kapitola) bude nutné nadefinovat pojmy. Nazvat to "Kryptoměny" a popsat tam myšlenku, z čeho se skládají, co je blockchain, co to znamená fork... a tak.
|
|
%% Komentář Vlasta 10.7.: Nechceš to psát anglicky? Myslím, že by sis tím ušetřil hromadu práce s překlady. Dotazník bude v jakém jazyce?
|
|
|
|
%% Komentář Radim 13.07: Kapitola s pojmy - udělám zvlášť krátkou, ve které popíšu tyto základní principy, ještě tedy před Monero Cryptocurrency kapitolou. Monero specific věci pak budou popsány už pod Monerem.
|
|
%% Komentář Radim 13.07: Po domluvě mailem tedy začnu psát Anglicky. Dotazníky budou ve dvou jazykových mutacích - ENG a CZ. Hlavně kvůli CZ komunitě těžařů a pool operátorům - https://bohemianpool.com/#/home bych dal i tu češtinu.
|
|
\chapter{Cryptocurrency}
|
|
\textbf{Cryptocurrency} is a digital currency that is designed to use cryptography to secure and verify its transactions. Cryptocurrencies are decentralized as opposed to traditional money transaction systems used in the banks. Decentralisation is established by using distributed blockchain that functions as a transaction database within the currency. First cryptocurrency available was Bitcoin \cite{farell2015analysis}.
|
|
|
|
\textbf{Altcoin} is a term used for every cryptocurrency that is not Bitcoin as it is a direct concurrent for the first of the cryptocurrency.
|
|
|
|
The \textbf{fork} happens when developers create a copy of existing project codebase and start their individual path of development with it.
|
|
|
|
\textbf{Market Cap} is a total value of cryptocurrency that refers to the total number of emitted coins multiplied by the value of the coin.
|
|
|
|
\textbf{The blockchain} is a technology responsible for storing every transaction that has ever been processed in the cryptocurrency, also often called as a ledger. The main purpose of the blockchain is to ensure the validity of completed transactions.
|
|
|
|
\textbf{Transactions} within cryptocurrency are processed together as blocks that are verified by miners and then added to the blockchain as a new mined block.
|
|
|
|
\textbf{The wallet} is a storage medium that holds private and public keys by which user can access, send and receive funds. Wallet effectively does not have the coins but is rather a key to access them from the blockchain.
|
|
|
|
\textbf{Node} is a computer connected to the cryptocurrency network. Node is often referred to as a full node which means that the computer maintains a full copy of blockchain. This results in node downloading every block and transaction and checking them against cryptocurrency rules, especially whether the transaction has correct signatures, data format and the right number of emitted coins per block.
|
|
|
|
\textbf{Mining} process is done by miners that verifies transactions on the network and adds them to the blockchain together in form of a block which results in new coins being emitted as a reward for block solving.
|
|
|
|
\textbf{Mining in pools} is the way how individual miners pool their computational resources. Due to resources pooling, there is a higher chance of solving the block thus gaining the reward of newly emitted coins. %After solving each block, the reward is distributed equally to miners connected to the pool according to PPS or PPLNS system.
|
|
|
|
\chapter{Monero Cryptocurrency}
|
|
Monero is an open-source cryptocurrency that is developed under the Monero project in order to create a decentralized and anonymous currency. Its main goal is to make the user the one who has complete control over own funds.
|
|
|
|
Meaning that every single digital transaction and the exact number of coins in users wallet cannot be traced back to the user without sharing the view key of the transaction \cite{moneroprojectgithub}. Main distinctive points compared to other cryptocurrencies are:
|
|
|
|
\begin{itemize}\itemsep0em
|
|
\item The blockchain is public, but a large part of it is encrypted.
|
|
\item The sender of the transaction is hidden by using Ring Signatures explained in chapter \ref{sec:ringsignatures}.
|
|
\item The exact amount of transferred coins is encrypted using RingCT as described in \ref{sec:ringct}.
|
|
\item Transaction history and receiving party is hidden by the usage of stealth addresses that are referenced in chapter \ref{sec:stealthaddresses}.
|
|
\end{itemize}
|
|
|
|
\section{Origin and the main focus}
|
|
Monero started its way by forking from Bytecoin, which was proof-of-concept cryptocurrency that used as first of its kind protocol called CryptoNote. CryptoNote was published by the start of the year 2014 \cite{githubbytecoin}.
|
|
|
|
Although Bytecoin had a promising protocol aimed at privacy, there was a problem with premine, meaning that cryptocurrency at the time of publishing had already 82\% of the coins already emitted \cite{fluffyponyonbytecoin}. That was the reason why people interested in anonymous cryptocurrencies decided to create a Bytecoin fork under the name of BitMonero \cite{bitmonero}.
|
|
|
|
Next important moment was when a significant part of the developers decided to abandon the project in favor of creating a new fork named Monero in 23.06.2014. By this action, Monero cryptocurrency was created with publicly known blockchain from the start, strictly defined goals and motivated team of developers \cite{monerofork}.
|
|
|
|
%% Komentář Vlasta 10.7.: Návrh: v téhle kapitole by bylo moc hezká nějaká přehledová tabulka cca 5 největších kryptoměn, kde bys je porovnal podle vybraných kriterii. Třeba kriterium "Množství odesílané měny je šifrováno" by bylo v sloupečku a v pro každou kryptoměnu na řádek vyznačil, zda to splňuje nebo ne. Bylo by pak přehledně vidět čím je Monero tak vyjimečné a jak jsou na tom v těhle kriteriích ostatní kryptoměny.
|
|
|
|
%% Komentář Radim 4.8.: Tabulku jsem udělal, akorát ještě musím zakomponovat sloupec, který ukazuje samotný market cap. Spíš jsem se totiž nejdříve zaměřil, jak top5 crypto vypadá z hlediska privacy features. Tzn. dávám si tu DOPLNIT .
|
|
|
|
\section{Monero market cap}
|
|
As Monero is often mentioned for its privacy features, decentralization in mind and fungibility as main asset, table \ref{table:monero-top5} puts Monero in the direct comparison against top 5 cryptocurrencies.
|
|
|
|
To compare different cryptocurrency projects, market capitalization (market cap) is often used as a way of ranking \cite{elbahrawy2017evolutionary}. It indicates the relative size of cryptocurrency by the formula: \\ \centerline{
|
|
\textit{\textit{Market Cap = Circulating Supply * Price} }}
|
|
|
|
\textbf{Privacy} in cryptocurrency is a feature that assures that amount of coin user owns, sends or receives cannot be seen on the blockchain.
|
|
|
|
\textbf{Decentralization} in cryptocurrency network all nodes are equals. That means that no supernode can override how transactions are being processed as well as there is no single entity in control.
|
|
|
|
\textbf{Fungibility} means that every coin ever emitted has the same value as the others and cannot be traced back thus there cannot be coin blacklist.
|
|
|
|
\begin{figure}[H]
|
|
\centering\begin{tabular}{{p{0.06\linewidth}p{0.13\linewidth}p{0.17\linewidth}p{0.15\linewidth}p{0.15\linewidth}p{0.15\linewidth}}}
|
|
\textbf{Rank} & \textbf{Name} & \textbf{Transactions per day} & \textbf{Privacy} & \textbf{Decentra-lization} & \textbf{Fungibility} \\
|
|
1 & Bitcoin & 225039 & No & Yes & No \\
|
|
2 & Ethereum & 610953 & No & Yes & No \\
|
|
3 & XRP & 633974 & No & No & Varies \\
|
|
4 & Bitcoin Cash & 125404 & No & Yes & No \\
|
|
5 & EOS & 406380 & No & Yes & Varies \\
|
|
13 & Monero & 4010 & Yes & Yes & Yes
|
|
\end{tabular}
|
|
\captionof{table}{Monero features in top 5 cryptocurrencies.}
|
|
\label{table:monero-top5}
|
|
\end{figure}
|
|
As can be seen from data in table \ref{table:monero-top5}, coins that are most popular by market cap metrics, are not centered around privacy. Altought it is often believed that using cryptography means anonymity, it isn't true in most cryptocurrencies especially in Bitcoin \cite{conti2018survey}.
|
|
|
|
XRP and EOS are in unique position compared to typical cryptocurrency as they offer a crypto platform with contracts, so privacy implementation and fungibility varies from contract to contract \cite{domingues2018allvor}.
|
|
%Zdroj transaction volume: https://bitinfocharts.com/monero/
|
|
%Zdroj Bitcoin: https://bitcoin.org/en/protect-your-privacy
|
|
%Zdroj Ethereum: https://ieeexplore.ieee.org/document/8356459/
|
|
%Zdroj XRP: https://ieeexplore.ieee.org/document/8356459/
|
|
%https://ripple.com/insights/xrp-compares-btc-eth/
|
|
%https://bitcoinist.com/not-decentralized-ripple-freezes-1m-user-funds/
|
|
\newpage
|
|
\section{Monero competitors}
|
|
\label{sec:monero-timeline}
|
|
Monero is not the only one cryptocurrency that aims at privacy and anonymity features, and there are many privacy coins already in existence. Most similar to Monero is ByteCoin from which Monero was forked, but is overall unpopular due to 82\% premine. A viable alternative to Monero offers its fork Aeon that is more lightweight as opposed to Monero with slightly fewer privacy features.
|
|
|
|
\begin{figure}[H]
|
|
\centering
|
|
\begin{tabular}{p{0.1\linewidth}p{0.16\linewidth}p{0.1\linewidth}p{0.15\linewidth}p{0.15\linewidth}p{0.15\linewidth}}
|
|
\textbf{Name} & \textbf{Protocol} & \textbf{Block Time {[}s{]}} & \textbf{Stealth Address } & \textbf{Anonymous transactions} & \textbf{Transaction signing} \\
|
|
Aeon & CryptoNote-Light & 240 & Yes & Yes & Ring Signature \\
|
|
Byte-Coin & CryptoNote & 120 & Yes & Yes & Ring Signature \\
|
|
DASH & X11 & 150 & No & Not fully & Yes \\
|
|
Monero (XMR) & CryptoNote & 120 & Yes & Yes & RingCT \\
|
|
PIVX & Zerocoin & 60 & Partialy & Yes & x \\
|
|
Verge (XVG) & Scrypt & 150 & Yes & Ne, TOR\&I2P & RingCT WIP \\
|
|
Zcash (ZEC) & Zerocash & 150 & Shielded addresses & Yes by SNARKS & x \\
|
|
Zcoin (XZC) & Lyra2 =\textgreater MTP & 600 & Yes & Yes by minting \& spending & Ring Signature
|
|
|
|
\end{tabular}
|
|
\captionof{table}{Comparison of Anonymous Cryptocurrencies and their features.}
|
|
\label{table:monero-alternatives}
|
|
|
|
%Zdroje:
|
|
%dash https://bitcointalk.org/index.php?topic=1562109.0
|
|
%ďash https://docs.dash.org/en/latest/introduction/information.html
|
|
%pivx https://github.com/PIVX-Project/PIVX
|
|
%pivx https://www.reddit.com/r/pivx/comments/7gjjyw/what_are_the_benefits_of_multisig_addresses/
|
|
%zcoin https://github.com/zcoinofficial/zcoin/wiki/Information-for-exchanges
|
|
%zcoin https://zcoin.io/zcoins-privacy-technology-compares-competition/
|
|
|
|
\end{figure}
|
|
Information sources used in table \ref{table:monero-alternatives} and in the picture \ref{pict:monero-alternatives-codebase}:\\
|
|
Aeon \cite{moneroalternativeaeon}, ByteCoin \cite{moneroalternativebytecoin}, Dash \cite{moneroalternativedash,moneroalternativedashdev}, Monero \cite{moneroprojectgithub}, Pivx \cite{moneroalternativepivx}, Verge \cite{moneroalternativeverge}, Zcash \cite{moneroalternativezcash}, Zcoin \cite{moneroalternativezcoin}.
|
|
\iffalse
|
|
\begin{figure}[H]
|
|
\centering
|
|
\begin{tikzpicture}[sibling distance=10em,
|
|
every node/.style = {shape=rectangle, rounded corners,
|
|
draw, align=center,
|
|
top color=white, bottom color=blue!20}]]
|
|
\node {Bytecoin}
|
|
child { node {DASH}
|
|
child { node {PIVX}}}
|
|
child { node {BitMonero}
|
|
child { node {Monero}
|
|
child { node {AEON} } } };
|
|
\node[xshift=21mm]{Verge};
|
|
\node[xshift=4cm] {Bitcoin}
|
|
child[xshift=25mm] { node {Zcash}}
|
|
child[xshift=0cm] { node {Zcoin}};
|
|
\end{tikzpicture}
|
|
\caption{Codebase overview of the selected cryptocurrencies.}
|
|
\label{pict:monero-alternatives-codebase}
|
|
\end{figure}
|
|
\fi
|
|
%verge ma svoji codebase "non-bitcoin coin" viz prvni commit https://github.com/PIVX-Project/PIVX/commit/4405b78d6059e536c36974088a8ed4d9f0f29898
|
|
|
|
\section{Development cycle}
|
|
%% Komentář Vlasta 10.7.: Trochu popiš jak moc je Monero rozšířené. Pro představu v porovnání s dalšími kryptoměnami. Aby bylo jasné, že to není nějaká obskurní kryptoměna.
|
|
|
|
Monero development cycle is based upon planned network updates that occur every six months. By this developers want to encourage work on the project with regular updates in contrast to other cryptocurrencies that don't want any new hard forks in the future as it brings the danger of splitting the coin into several versions \cite{mccorry2017atomically}.
|
|
|
|
\begin{figure}[H]
|
|
\center
|
|
\color{gray}
|
|
\rule{\linewidth}{1pt}
|
|
\ytl{03.03.2014}{Bytecoin - published on GitHub}
|
|
\ytl{17.04.2014}{ByteCoin fork - the creation of BitMonero cryptocurrency}
|
|
\ytl{23.07.2014}{BitMonero Fork - the creation of Monero cryptocurrency}
|
|
\ytl{22.03.2016}{Monero v2 - ring size change, block time set to 120 seconds}
|
|
\ytl{21.09.2016}{Monero v3 - transactions are split into smaller amounts}
|
|
\ytl{05.01.2017}{Monero v4 - souběh normálních a RingCT transakcí}
|
|
\ytl{15.04.2017}{Monero v5 - block size update and fee algorithm adjustments}
|
|
\ytl{16.09.2017}{Monero v6 - RingCT forced on the network with ring size => 5}
|
|
\ytl{06.04.2018}{Monero v7 - change of CryptoNight mining algorithm to prevent ASIC on the network, ring size set to =>7}
|
|
\ytl{--.10.2018}{Future network update}
|
|
\bigskip
|
|
\rule{\linewidth}{1pt}%
|
|
\color{black}\caption{Monero development timeline.}
|
|
\label{monero-timeline}
|
|
\end{figure} \newpage
|
|
|
|
Updates are meant to improve and enhance the previously established codebase as well as fixing already existing bugs that are continuously being resolved. Known problems in Monero history were:
|
|
|
|
\begin{itemize}
|
|
\item \textbf{Spam attack}
|
|
\begin{itemize}
|
|
\item Was aimed to oversaturate the Moneros network by sending minimal transactions and leveraging low transaction fee of 0.005 XMR. Immediate fix was established by raising the fee to 0.1 XMR. This problem led to the implementation of dynamic transaction fee based on chosen transaction priority \cite{monerospamattack}.
|
|
%zdroj https://bitcointalk.org/index.php?topic=583449.msg8519146#msg8519146
|
|
\end{itemize}
|
|
\item \textbf{Split chain attack}
|
|
\begin{itemize}
|
|
\item The successful exploit of Merkle root calculation vulnerability led to the creation of two blocks of the same height and hash, but with two different transactions on the end of the block \cite{macheta2014counterfeiting}. By this, two separate Monero chains were created. Exploit applied to all CryptoNote based cryptocurrencies. In the case of Monero, all transactions were stopped on exchanges until next day, when the fix was issued \cite{cryptonotemerkletree}.
|
|
\end{itemize}
|
|
\item \textbf{Transaction analysis in Monero blockchain}
|
|
\begin{itemize}
|
|
\item Research published in 2017 uncovered past and present problems in anonymity with Monero transaction system. The most significant discovery was that a substantial portion of transactions used a ring signature of zero which caused traceability of the amount of coin in the transaction output on the blockchain \cite{moser2018empirical}.
|
|
\item This issue was resolved by Monero team already in 2016 with Monero v2, where ring signature was set to =>3 \cite{monerov2release}. Soon after the paper was released, Monero got its v6 update with enforced use of ringCT technology for all transaction outputs \cite{monerov6release}.
|
|
\end{itemize}
|
|
%zdroj https://eprint.iacr.org/2017/338.pdf
|
|
\end{itemize}
|
|
%zdroj https://getmonero.org/2017/05/17/disclosure-of-a-major-bug-in-cryptonote-based-currencies.html
|
|
\newpage
|
|
\section{Transactions in Monero network}
|
|
Monero uses a distributed peer-to-peer consensus network to record transaction outputs in a blockchain. That means that balance is not stored in a wallet, but is represented by control over outputs of transactions accessible with wallet keys \cite{seguias2018moneroa}.
|
|
|
|
By that when user A wants to send funds to user B, the transaction happens in the way of transformation of controlled outputs in one wallet to a new output that belongs to the other wallet. As this is only a principle how coins are transferred between wallets Monero uses additional technology to make transactions private.
|
|
\subsection{Monero wallet and stealth addresses}
|
|
\label{sec:stealthaddresses}
|
|
Monero wallet seed is 95 characters long string that consists of public view and spend key. To send funds from one wallet to another, a one-time public key is created, that contains senders public view and spend key as well as randomized data.
|
|
|
|
This one-time public key is also referred to as a stealth address and is generated and recorded as part of the transaction to set the controller of the output of the transaction \cite{seguias2018monero}.
|
|
|
|
Stealth address is visible on the blockchain, by this receiving party can scan the blockchain to find exact transaction using their private view key. After locating transaction output, wallet software is then able to calculate one-time private key that aligns with one-time public key and can spend this output using private spend key \cite{courtois2017stealth}.
|
|
|
|
By this, no one from outside can link nor wallet addresses nor people involved in a particular transaction by scanning the blockchain as there is no association with receivers address.
|
|
|
|
To prove that funds were sent from one wallet to another, the sender has to disclose transactions ID, receivers address and transactions key.
|
|
|
|
\subsection{Ring Signatures}
|
|
\label{sec:ringsignatures}
|
|
Ring signatures present a way how to create a distinctive signature that authorizes a transaction. The digital signature of the transaction is compiled from the signer together with past outputs of transactions (decoys) to form a ring where all members are equal and valid. By that, outside party can't identify exact singer as it is not clear which input was signed by one time spend key\cite{mercer2016privacy}.
|
|
|
|
To prevent double spend, a cryptographic key image is derived from the spent output and is part of the ring signature. As each key image is unique, miners can verify that there is no other transaction with the same key image, thus preventing the double-spending attack \cite{miller2017empirical}.
|
|
|
|
\subsection{RingCT}
|
|
\label{sec:ringct}
|
|
So far, senders anonymity is ensured by ring signatures, receivers anonymity relies on stealth addresses, but the amount of Monero transferred would be still visible on the blockchain. To hide transaction amounts, Ring Confidential Transactions are implemented \cite{noether2015ring}.
|
|
|
|
As one output cannot be spent twice, the sender has to spend entire output in the transaction. That typically results in a transaction having two outputs, one for the receiver and one for the original wallet, where the excess amount of coins is returned.
|
|
|
|
To prevent manipulation during a transaction, the total input amount must equal the output amount of coins in each transaction. As one could exploit this by committing to value less than zero, range proofs are there to ensure cryptographic evidence of amounts used in transactions is greater than zero and falls into the valid transaction amount range.
|
|
|
|
To confirm the transaction, sender reveals the masked amount of coins being sent in the transaction to the network that is later verified by miners \cite{sun2017ringct}.
|
|
|
|
By that, amounts transferred between wallets in the form of outputs of transactions are hidden, and the network can still confirm that transaction is valid.
|
|
|
|
\subsection{Kovri}
|
|
Kovri is a C++ implementation of the I2P anonymous network under heavy development process in Monero project. It aims to offer secure network transmissions where a user's IP cannot be associated with a particular transaction ID \cite{monerokovri}.
|
|
|
|
\chapter{Monero usage}
|
|
As pointed out in section \ref{sec:monero-timeline}, Monero is one of the cryptocurrencies that aim to implement as complex anonymity system as possible. And because of that not only underlying technology of the network is different to other cryptocurrency projects but user side as well.
|
|
\section{Wallets}
|
|
The essential part of every currency is the user's ability to access stored funds. In cryptocurrency, this is represented by the wallet and associated software.
|
|
|
|
Monero wallet contains information that is necessary to send and receive Monero currency. Each wallet is encrypted by the password set in the creation process. Typical wallet created using Monero software named \textit{example-wallet} consists of:
|
|
\begin{itemize}\itemsep0em
|
|
\item \textbf{example-wallet.keys file}
|
|
\begin{itemize}\itemsep0em
|
|
\item Is an encrypted file containing private \textbf{spend key} and \textbf{view key} together with \textbf{wallet address}.
|
|
\item Keys file also contains user preferences related to transactions and wallet creation height, so wallet software will only read blockchain from the point the wallet was created.
|
|
\item Using this file, the user can restore wallet by using the monero-wallet-cli command: monero-wallet-cli --generate-from-keys
|
|
\end{itemize}
|
|
\item \textbf{example-wallet file}
|
|
\begin{itemize}\itemsep0em
|
|
\item Acts as an encrypted cache for wallet software that contains:
|
|
\begin{itemize}\itemsep0em
|
|
\item List of outputs of transactions that are associated with the wallet as it does not need to scan the blockchain every time after startup.
|
|
\item History of transactions with metadata containing tx keys.
|
|
\end{itemize}
|
|
\end{itemize}
|
|
\item \textbf{example-wallet.address.txt file}
|
|
\begin{itemize}\itemsep0em
|
|
\item Stores \textbf{unencrypted} information containing generated wallet address.
|
|
\item With recent address-based attacks that swap wallet addresses found in clipboard or files on the hard drive for the attacker's wallet address, this poses a security risk \cite{cryptoshuffler}.
|
|
\end{itemize}
|
|
\item \textbf{Mnemonic seed}
|
|
\begin{itemize}\itemsep0em
|
|
\item Mnemonic seed is a 25-word phrase which the last word is being used as a checksum. Together they represent a 256-bit integer that is the accounts private spend key.
|
|
\item By having accounts private spend key, wallet software can derive private view key by hashing private key with Keccak-256. That produces another 256-bit integer that represents private view key.
|
|
\item Both public keys are then derived from newly recovered private keys.
|
|
\end{itemize}
|
|
\end{itemize}
|
|
Example of Monero wallet address and mnemonic seed:
|
|
\begin{itemize}\itemsep0em
|
|
\item \textbf{Wallet address}
|
|
\begin{itemize}\itemsep0em
|
|
\item 461TWLQhsxrR9dD4CXk4p1RRxAAQ3YCEDhNiGCQjj5\\QA33ohhZPnCX6346EyEwC7TiRSB3XB8KgNaJ4vThd5N\\pQqRkGab66
|
|
\end{itemize}
|
|
\item \textbf{Mnemonic seed}
|
|
\begin{itemize}\itemsep0em
|
|
\item serving odometer nifty flippant worry sphere were thorn putty bogeys lyrics feast fawns input biscuit hobby outbreak rash tucks dwelt liquid azure inexact isolated liquid
|
|
\end{itemize}
|
|
\end{itemize}
|
|
\subsection{Wallet types}
|
|
As Monero wallet can be represented as little as one file or 25 words, it is rather a small piece of information which user needs to store in the safe place to keep account under own control. To do that, there exist two main types of wallets:
|
|
\begin{itemize}\itemsep0em
|
|
\item \textbf{Hot wallet}
|
|
\begin{itemize}\itemsep0em
|
|
\item Refers to wallet software running on a computer that is connected to the internet, thus Monero network. By being online, the user can verify incoming transactions, spend from the wallet and check balance as well.
|
|
\item As this type of wallet is not air-gapped, this poses an external intrusion risk.
|
|
\item The hot wallet can also refer to web-based and exchanged wallet that is explained further in this section.
|
|
\end{itemize}
|
|
\item \textbf{View-only wallet}
|
|
\begin{itemize}\itemsep0em
|
|
\item Is a wallet containing only private view key pair to see transactions associated with the wallet.
|
|
\item As this is a view-only wallet, the user can see incoming transactions but is not able to spend, sign or view outgoing transactions. That results in incorrect balance when the wallet is used for sending funds.
|
|
\end{itemize}
|
|
\item \textbf{Cold wallet}
|
|
\begin{itemize}\itemsep0em
|
|
\item Is an offline solution to storing wallet seed or private keys on storage media. Using method, media storing wallet information have no direct access to the internet.The storage medium can be represented by an external hard drive, air-gapped computer as well as paper with wallet seed written on it.
|
|
\item That comes with increased security from the IT standpoint, but the usability of the cryptocurrency suffers. That is mainly due to the hassle of working with funds when the user wants to spend them as it requires:
|
|
\begin{itemize}\itemsep0em
|
|
\item Cold wallet imported into wallet software in the air-gapped computer.
|
|
\item A view-only wallet connected to the internet.
|
|
\end{itemize}
|
|
\item This way, the user can generate an unsigned transaction on the view-only wallet, transfer it for signing to the air-gapped computer and then back to submit transfer to the Monero network.
|
|
\end{itemize}
|
|
\item \textbf{Exchange hosted wallet}
|
|
\begin{itemize}\itemsep0em
|
|
\item In exchange wallet, users funds are stored under an online account in an online exchange.
|
|
\item As opposed to a regular wallet, there is no wallet software or seed required as the whole balance and transaction system is ran by the third party.
|
|
Funds can be controlled through users online account that accessible by traditional username and password.
|
|
\item This poses a risk as the third party has complete access to users funds and the account's security is directly dependent on exchanges security measures as 2FA implementation, IP restriction or email verification.
|
|
\end{itemize}
|
|
\item \textbf{Web-based wallet}
|
|
\begin{itemize}\itemsep0em
|
|
\item Web wallet represents server based Monero client that is served to the user in the browser. By using a web wallet, the user can access funds from any internet connected device by sharing:
|
|
\begin{itemize}\itemsep0em
|
|
\item Mnemonic seed or private spend and view key to send and receive funds.
|
|
\item Public view key and wallet address to view incoming transactions to the wallet.
|
|
\end{itemize}
|
|
\end{itemize}
|
|
\item \textbf{Hardware wallet}
|
|
\begin{itemize}\itemsep0em
|
|
\item Dedicated hardware solution like Ledger is still in its beta phase \cite{ledgermonero}.
|
|
\item Due to lack of real hardware wallet, the community around Monero recommends as the alternative a USB drive with a live distribution of Linux coupled with persistent storage where Monero client and users private key pairs are stored.
|
|
\item Note that although this alternate solution effectively rules out host operating system, there is still a way to capture viable information when interacting with the untrusted machine, for example, GPU output or usage of hardware keylogger.
|
|
|
|
\end{itemize}
|
|
\end{itemize}
|
|
|
|
\subsection{Attacking the wallet}
|
|
With the rapid expansion of cryptocurrencies from 2014 to 2018, this area became a significant spot for malware development \cite{schaupp2018cryptocurrency}. As there are many attack vectors, this section aims to give info about malicious activities on users wallets.
|
|
|
|
\subsubsection{Wallet thieves}
|
|
|
|
Aim to compromise the system in a way that malware finds wallet files and steals cryptographic keys or seed belonging to the wallet. Although in Monero, keys are encrypted while stored on the disk, when running wallet software, keys can be obtained from memory. This attack can also be performed by distributing malicious wallet client software.
|
|
|
|
\subsubsection{Cloud storage}
|
|
|
|
Cloud storage provides an easy way of sharing files between devices as well as users. As the user does not need to set up the infrastructure and the majority of the services provide free tier, it is usual for people to take this for granted as a safe place to store files \cite{caviglione2017covert}.
|
|
|
|
This way, user's security depends on the following factors:
|
|
\begin{itemize}\itemsep0em
|
|
\item Wallet encryption on the file level, user password habits
|
|
\item Account security - login implementation, F2A
|
|
\item Client application implementation for caching and data transfer
|
|
\item Vendors storage system security
|
|
\end{itemize}
|
|
|
|
\subsubsection{Delivery chain}
|
|
|
|
Hardware wallets like Ledger are built to ensure the safety of users coins. Therefore owner of such a device should be pretty confident when using this device that came with original undisrupted packaging.
|
|
|
|
For this attack, malicious vendor puts pre-generated mnemonic seed on a scratchpad. This piece of paper is made to look like an official one-time generated secret key to the wallet for the user. This way when the user puts seed to the hardware wallet and begins to store coins in here, the reseller has complete access as well as both parties know the seed. Delivery chain attack flow is shown in figure \ref{pict:delivery-chain-attack}.
|
|
|
|
\subsubsection{Malicious seed generation}
|
|
|
|
Similar to Delivery chain attack, the attacker in this scenario provides service that offers secure seed generation to obtain seed information belonging to the wallet. That is usually done by running a malicious web service that offers secure seed generation for cryptocurrencies or developing a standalone software for download.
|
|
|
|
After user generates the seed, package with seed data is automatically send to the attackers listening service and then saved to the database. Both parties know the private information and are able to spend funds from the wallet.
|
|
|
|
\tikzstyle{decision} = [diamond, draw, fill=blue!20,
|
|
text width=4.5em, text badly centered, node distance=2.5cm, inner sep=0pt]
|
|
\tikzstyle{block} = [rectangle, draw, fill=blue!20,
|
|
text width=5em, text centered, rounded corners, minimum height=4em]
|
|
\tikzstyle{line} = [draw, very thick, color=black!50, -latex']
|
|
\tikzstyle{cloud} = [draw, ellipse,fill=red!20, node distance=2.5cm,
|
|
minimum height=2em]
|
|
\begin{figure}[H]
|
|
\center
|
|
\begin{tikzpicture}[scale=2, node distance = 2cm, auto]
|
|
\shorthandoff{-}
|
|
% Place nodes
|
|
\node [block,text width=3cm,minimum width=3cm] (init) {\parbox{3cm}{\centering Expedition from the producer}};
|
|
\node [cloud, left of=init, node distance=5cm] (expert) {\parbox{3cm}{\centering Original \\ package }};
|
|
\node [block, below of=init, node distance=2.5cm,text width=3cm,minimum width=3cm] (identify) {\parbox{3cm}{\centering Repackaging by reseller}};
|
|
\node [block, below of=identify, node distance=2.5cm,text width=3cm,minimum width=3cm] (evaluate) {\parbox{3cm}{\centering HW wallet bought by enduser}};
|
|
\node [cloud, left of=identify, node distance=5cm] (update) {\parbox{3cm}{\centering Malicious scratchpad with seed }};
|
|
\node [block, below of=evaluate, node distance=2.5cm,text width=3cm,minimum width=3cm] (attacker) {\parbox{3cm}{\centering Attacker's database of wallets}};
|
|
% Draw edges
|
|
\path [line] (init) -- (identify);
|
|
\path [line] (update) -- (identify);
|
|
\path [line] (identify) -- (evaluate);
|
|
\path [line] (expert) -- (init);
|
|
\path [line,dashed] (update) |- (attacker);
|
|
\end{tikzpicture}
|
|
\caption{Delivery chain attack}
|
|
\label{pict:delivery-chain-attack}
|
|
\end{figure}
|
|
\begin{sidewaystable}[]
|
|
\subsection{Overview of wallet storage methods}
|
|
\centering
|
|
\resizebox{\textwidth}{!}{%
|
|
\begin{tabular}{p{0.1\linewidth}p{0.1\linewidth}p{0.1\linewidth}p{0.2\linewidth}p{0.1\linewidth}p{0.1\linewidth}p{0.1\linewidth}p{0.1\linewidth}p{0.1\linewidth}}
|
|
\textbf{Wallet type } & \textbf{Recieving} & \textbf{Spending} & \textbf{Online vunerability } & \textbf{System security} & \textbf{Control} & \textbf{Location} & \textbf{Recovery} & \textbf{Delivery chain attack} \\
|
|
Hot wallet & Always ready & Always ready & Vunerable, complete access after breach & Under user's control & User & Local storage & Seed & Wallet software \\
|
|
View-only wallet & Can see incomming transactions & No, only view-key & Vunerable, attacker then could see incomming transactions & Under user's control & User & Local storage & Seed & Wallet software \\
|
|
Cold wallet & No & No & No, unless system is compromised & Under user's control & User & Local storage, paper or other media & Seed & Wallet software \\
|
|
Exchange hosted wallet & Yes & Yes & Account breach, MITM, website spoofing & Fully dependent on 3rd party & User and 3rd party & Someone else's computer & Account recovery & Website spoofing \\
|
|
Web-based wallet & Yes & Yes & Wallet key storing against user's will, MITM, website spoofing & User's security keywise, 3rd party's systemwise & User and 3rd party & Local storage, 3rd party's storage & Seed & Website spoofing \\
|
|
Hardware wallet & Yes & Yes & & Hardware dependant & User & Dedicated hardware storage & Recovery sheet & Modified firmware, scratchpad
|
|
\end{tabular}%
|
|
}
|
|
\caption{List of wallet types from security view.}
|
|
\label{table:wallettypes}
|
|
\end{sidewaystable}\newpage
|
|
|
|
%\subsection{Cryptocurrency wallet software}
|
|
|
|
%\subsection{Creating a wallet}
|
|
|
|
\section{Local and remote node}
|
|
To spend or view the balance in the wallet, the user is required to have a wallet client software or use third party services to access the Monero network. This section covers the most common type of accessing the funds, hot wallet in combination with official Monero client software available at \url{https://getmonero.org/downloads/}.
|
|
|
|
Monero client requires to be in sync with the network to show correct balance as well as to work with the funds. That is done by either running a full local node or connecting to the remote node.
|
|
|
|
\textbf{Node} is a part of the cryptocurrency network that keeps a synced copy of blockchain in the local storage and provides a service that enables clients to access the information from the blockchain file. In Monero client software, this is represented by monerod, a separate daemon which synchronizes with the network.
|
|
|
|
\textbf{Local node} is default option when running wallet software, using monerod client downloads from Monero network the blockchain and stores it in local storage. As of July 2018, blockchain size is about 44.3 GB. By running local node, can independently verify transactions as well as blockchain state.
|
|
|
|
\textbf{The remote node}, on the other hand, represents a lighter version with slightly less privacy when it comes to working with the wallet. By either choosing in GUI to connect to the remote node or running cli with parameter \textit{.\textbackslash monero-wallet-cli.exe --daemon-address node.address:port} , the client connects to the remote node and starts scanning the blockchain as if it was a local one.
|
|
|
|
\begin{figure}[H]
|
|
\center
|
|
\begin{tabular}{p{0.45\linewidth}p{0.45\linewidth}}
|
|
\textbf{Local node} & \textbf{Remote node} \\
|
|
Blockchain stored on locally & Blockchain stored remotely \\
|
|
Observable traffic between nodes & Visible connection to the remote server \\
|
|
Default way for desktop clients & Default way for mobile wallets \\
|
|
%Time delay caused by blockchain download & No initial setup needed \\
|
|
Requires 45+ GB and connection to keep in sync & Requires connection to scan blockchain
|
|
\end{tabular}
|
|
\caption{Monero node comparison.}
|
|
\label{table:moneronodes}
|
|
\end{figure}
|
|
\newpage
|
|
\section{Multisig implementation}
|
|
|
|
Monero started to support multisignature transactions and addresses by 17th of December 2017 when codebase for this feature was merged into master by Fluffypony \cite{moneromultisig}. Multisig became available in the Lithium Luna release that was released 23rd of July 2018 \cite{moneromultisigrelease}.
|
|
|
|
This means that although Monero does not support typical multisig transactions where
|
|
%\subsection{Wallet software comparison}
|
|
|
|
\section{Problems in Monero environment}
|
|
|
|
\subsection{Monero scam list}
|
|
|
|
\subsection{Targeted malware}
|
|
|
|
\subsection{Delivery chain disruption}
|
|
|
|
|
|
%\section{Monero usecase}
|
|
%\subsection{Darknet Markets}
|
|
%\subsection{Monero Markets}
|
|
%\subsection{Úskalí tradingu anonymní měny}
|
|
%\subsection{Srovnání s ostatními kryptoměnami}
|
|
|
|
\section{Monero use case}
|
|
|
|
\subsection{Darknet markets}
|
|
|
|
\subsection{Monero markets}
|
|
|
|
\subsection{Trading problems associated with anonymity}
|
|
|
|
\subsection{Usage comparison with other cryptocurrencies}
|
|
|
|
|
|
\section{Usage anonymity}
|
|
|
|
\chapter{Monero user research}
|
|
\section{Definition, research questions}
|
|
\section{Participants selection}
|
|
\section{Results international, CZ}
|
|
|
|
\chapter{Monero usage and storage best practices}
|
|
\section{Designing a secure storage system}
|
|
\section{Secure usage pattern}
|
|
\section{Secure crypto portal}
|
|
|
|
|
|
|
|
\chapter{Obtaining Monero and running the network}
|
|
\section{Monero Proof-of-work}
|
|
\section{Mining pools, solo mining}
|
|
\section{Web mining, botnet mining}
|
|
% Web mining: https://arxiv.org/pdf/1806.01994.pdf
|
|
\section{Cloud mining}
|
|
\section{Systems for mining - ASIC, prebuilds}
|
|
\section{Mining software}
|
|
\section{XMR obtaining comparison}
|
|
|
|
\chapter{Research done on miners}
|
|
\section{Definition, research questions}
|
|
\section{Participants selection}
|
|
\section{Results international, CZ}
|
|
|
|
|
|
|
|
\chapter{Pool owners research}
|
|
\section{Definition, research questions}
|
|
\section{Participants selection}
|
|
\section{Results international, CZ}
|
|
|
|
|
|
\chapter{Mining malware}
|
|
\section{Prevention, detection and recovery}
|
|
\subsection{Systems administrators perspective}
|
|
%kitty https://www.incapsula.com/blog/crypto-me0wing-attacks-kitty-cashes-in-on-monero.html
|
|
\subsection{Regular users}
|
|
|
|
|
|
\chapter{Designing secure mining environment}
|
|
\section{Linux-based solution}
|
|
Ansible, Centos 7
|
|
\section{Windows-based solution}
|
|
Windows 10 ISO unattended install, Powershell scripts, XMR-stak
|
|
|
|
\chapter{Plan}
|
|
|
|
\begin{figure}[H]
|
|
\center
|
|
\begin{tabular}{ll}
|
|
Month & Task \\
|
|
1.7.2018 & Monero cryptocurrency; Monero Usage \\
|
|
1.8.2018 & Research design \\
|
|
1.9.2018 & Data collection; Monero mining and running the network \\
|
|
1.10.2018 & Data summary \\
|
|
1.11.2018 & Best practices for usage and storage \\
|
|
1.12.2018 & Mining malware; Secure mining system design \\
|
|
1.1.2019 & Cryptocore.cz web \\
|
|
1.2.2019 & Spare time \\
|
|
1.3.2019 & Month for completion \\
|
|
1.4.2019 & Final version + print
|
|
\end{tabular}
|
|
\caption{Diploma thesis plan}
|
|
\label{ssme-thesis-plan}
|
|
\end{figure}
|
|
|
|
|
|
|
|
\printbibliography[heading=bibintoc]
|
|
|
|
\appendix %% Start the appendices.
|
|
%\chapter{Zdroje k tabulce 2.2}
|
|
%dash https://bitcointalk.org/index.php?topic=1562109.0
|
|
%dash https://docs.dash.org/en/latest/introduction/information.html
|
|
%pivx https://github.com/PIVX-Project/PIVX
|
|
%pivx https://www.reddit.com/r/pivx/comments/7gjjyw/what_are_the_benefits_of_multisig_addresses/
|
|
%zcoin https://github.com/zcoinofficial/zcoin/wiki/Information-for-exchanges
|
|
%zcoin https://zcoin.io/zcoins-privacy-technology-compares-competition/
|
|
\end{document}
|