Burning Zerocoins for Fun and for Profit - A Cryptographic Denial-of-Spending Attack on the Zerocoin Protocol

Ruffing T, Thyagarajan SAK, Ronge V, Schröder D (2018)

Publication Language: English

Publication Type: Conference contribution

Publication year: 2018

Pages Range: 116 - 119

Event location: Zug CH

URI: https://ieeexplore.ieee.org/document/8706614

DOI: 10.1109/cvcbt.2018.00023

Abstract

Zerocoin (Miers et. al, IEEE S&P'13), designed as an extension to Bitcoin and similar cryptocurrencies, was the first anonymous cryptocurrency proposal which supports large anonymity sets. We identify a cryptographic denial-of-spending attack on the original Zerocoin protocol and a second Zerocoin protocol (Groth and Kohlweiss, EUROCRYPT'15), which enables a network attacker to destroy money of honest users. The attack leads to real-world vulnerabilities in multiple cryptocurrencies, which rely on implementations of the original Zerocoin protocol. The existence of the attack does not contradict the formal security analyses of the two Zerocoin protocols but exposes the lack of an important missing property in the security model of Zerocoin. While the security definitions model that the attacker should not be able to create money out of thin air or steal money from honest users, they do not model that the attacker cannot destroy money of honest users. Fortunately, there are simple fixes for the security model and for both protocols.

Authors with CRIS profile

Sri Aravinda Krishnan Thyagarajan Lehrstuhl für Informatik 13 (Angewandte Kryptographie) Viktoria Ronge Lehrstuhl für Informatik 13 (Angewandte Kryptographie) Dominique Schröder Lehrstuhl für Informatik 13 (Angewandte Kryptographie)

How to cite

APA:

Ruffing, T., Thyagarajan, S.A.K., Ronge, V., & Schröder, D. (2018). Burning Zerocoins for Fun and for Profit - A Cryptographic Denial-of-Spending Attack on the Zerocoin Protocol. In Proceedings of the 2018 Crypto Valley Conference on Blockchain Technology (CVCBT) (pp. 116 - 119). Zug, CH.

MLA:

Ruffing, Tim, et al. "Burning Zerocoins for Fun and for Profit - A Cryptographic Denial-of-Spending Attack on the Zerocoin Protocol." Proceedings of the 2018 Crypto Valley Conference on Blockchain Technology (CVCBT), Zug 2018. 116 - 119.

BibTeX: Download