TitleObscuro: A Bitcoin Mixer Using Trusted Execution Environments
Publication TypeConference Paper
Year of Publication2018
AuthorsTran, Muoi, Luu, Loi, Kang, Min Suk, Bentov, Iddo, Saxena, Prateek
Conference NameProceedings of the 34th Annual Computer Security Applications Conference
Conference LocationNew York, NY, USA
ISBN Number978-1-4503-6569-7
Keywordsanonymity, bitcoin, bitcoin security, Human Behavior, Intel SGX, Mixer, pubcrawl, Scalability, trusted execution environments
AbstractBitcoin provides only pseudo-anonymous transactions, which can be exploited to link payers and payees - defeating the goal of anonymous payments. To thwart such attacks, several Bitcoin mixers have been proposed, with the objective of providing unlinkability between payers and payees. However, existing Bitcoin mixers can be regarded as either insecure or inefficient. We present Obscuro, a highly efficient and secure Bitcoin mixer that utilizes trusted execution environments (TEEs). With the TEE's confidentiality and integrity guarantees for code and data, our mixer design ensures the correct mixing operations and the protection of sensitive data (i.e., private keys and mixing logs), ruling out coin theft and address linking attacks by a malicious service provider. Yet, the TEE-based implementation does not prevent the manipulation of inputs (e.g., deposit submissions, blockchain feeds) to the mixer, hence Obscuro is designed to overcome such limitations: it (1) offers an indirect deposit mechanism to prevent a malicious service provider from rejecting benign user deposits; and (2) scrutinizes blockchain feeds to prevent deposits from being mixed more than once (thus degrading anonymity) while being eclipsed from the main blockchain branch. In addition, Obscuro provides several unique anonymity features (e.g., minimum mixing set size guarantee, resistant to dropping user deposits) that are not available in existing centralized and decentralized mixers. Our prototype of Obscuro is built using Intel SGX and we demonstrate its effectiveness in Bitcoin Testnet. Our implementation mixes 1000 inputs in just 6.49 seconds, which vastly outperforms all of the existing decentralized mixers.
