Research Area:  Blockchain Technology
Monero, a leading privacy-oriented cryptocurrency, supports a client/server operating mode that allows lightweight clients to avoid storing the entire blockchain, instead relying on a remote node to provide necessary information about the blockchain. However, a weakness of Monero-s current blockchain data structure is that lightweight clients cannot authenticate the responses returned from a remote node. In this paper, we show that malicious responses from a remote node can lead to reduced privacy for the client. We discuss several lightweight mitigations that reduce the attack-s effectiveness. To fully eliminate this class of attack, we also show how to augment Monero-s blockchain data structure with an additional index that clients can use to authenticate responses from remote nodes. Our proposed solution could be implemented as a hard fork, or alternatively through a "Refereed Delegation" approach without needing any fork. We developed a prototype implementation to demonstrate the feasibility of our proposal.
Keywords:  
Author(s) Name:  Kevin Lee; Andrew Miller
Journal name:  
Conferrence name:  IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)
Publisher name:  IEEE
DOI:  10.1109/EuroSPW.2018.00010
Volume Information:  
Paper Link:   https://ieeexplore.ieee.org/abstract/document/8406557