Ruffing T, Thyagarajan SAK, Ronge V, Schröder D (2018)
Publication Language: English
Publication Type: Conference contribution
Publication year: 2018
Pages Range: 116 - 119
URI: https://ieeexplore.ieee.org/document/8706614
Zerocoin (Miers et. al, IEEE S&P'13), designed as an extension to Bitcoin and similar cryptocurrencies, was the first anonymous cryptocurrency proposal which supports large anonymity sets. We identify a cryptographic denial-of-spending attack on the original Zerocoin protocol and a second Zerocoin protocol (Groth and Kohlweiss, EUROCRYPT'15), which enables a network attacker to destroy money of honest users. The attack leads to real-world vulnerabilities in multiple cryptocurrencies, which rely on implementations of the original Zerocoin protocol. The existence of the attack does not contradict the formal security analyses of the two Zerocoin protocols but exposes the lack of an important missing property in the security model of Zerocoin. While the security definitions model that the attacker should not be able to create money out of thin air or steal money from honest users, they do not model that the attacker cannot destroy money of honest users. Fortunately, there are simple fixes for the security model and for both protocols.
APA:
Ruffing, T., Thyagarajan, S.A.K., Ronge, V., & Schröder, D. (2018). Burning Zerocoins for Fun and for Profit - A Cryptographic Denial-of-Spending Attack on the Zerocoin Protocol. In Proceedings of the 2018 Crypto Valley Conference on Blockchain Technology (CVCBT) (pp. 116 - 119). Zug, CH.
MLA:
Ruffing, Tim, et al. "Burning Zerocoins for Fun and for Profit - A Cryptographic Denial-of-Spending Attack on the Zerocoin Protocol." Proceedings of the 2018 Crypto Valley Conference on Blockchain Technology (CVCBT), Zug 2018. 116 - 119.
BibTeX: Download