A Tale of Two Trees: One Writes, and Other Reads. Optimized Oblivious Accesses to Large-Scale Blockchains

by   Duc V. Le, et al.

The Bitcoin network has offered a new way of securely performing financial transactions over the insecure network. Nevertheless, this ability comes with the cost of storing a large (distributed) ledger, which has become unsuitable for personal devices of any kind. Although the simplified payment verification (SPV) clients can address this storage issue, a Bitcoin SPV client has to rely on other Bitcoin nodes to obtain its transaction history and the current approaches offer no privacy guarantees to the SPV clients. This work presents T^3, a trusted hardware-secured Bitcoin full client that supports efficient oblivious search/update for Bitcoin SPV clients without sacrificing the privacy of the clients. In this design, we leverage the trusted execution and attestation capabilities of a trusted execution environment (TEE) and the ability to hide access patterns of oblivious random access memory (ORAM) to protect SPV clients' requests from a potentially malicious server. The key novelty of T^3 lies in the optimizations introduced to conventional ORAM, tailored for expected SPV client usages. In particular, by making a natural assumption about the access patterns of SPV clients, we are able to propose a two-tree ORAM construction that overcomes the concurrency limitation associated with traditional ORAMs. We have implemented and tested our system using the current Bitcoin Unspent Transaction Output database. Our experiment shows that the system is feasible to be deployed in practice while providing strong privacy and security guarantees to Bitcoin SPV clients.


page 3

page 8


Tithonus: A Bitcoin Based Censorship Resilient System

Providing reliable and surreptitious communications is difficult in the ...

ConcurORAM: High-Throughput Stateless Parallel Multi-Client ORAM

ConcurORAM is a parallel, multi-client ORAM that eliminates waiting for ...

PDoT: Private DNS-over-TLS with TEE Support

Security and privacy of the Internet Domain Name System (DNS) have been ...

Applying Private Information Retrieval to Lightweight Bitcoin Clients

Lightweight Bitcoin clients execute a Simple Payment Verification (SPV) ...

Improving Bitcoin Transaction Propagation by Leveraging Unreachable Nodes

The Bitcoin P2P network is at the core of all communications between cli...

CACTI: Captcha Avoidance via Client-side TEE Integration

Preventing abuse of web services by bots is an increasingly important pr...

Enabling Strong Database Integrity using Trusted Execution Environments

Immutable and consistent sharing of data across organization boundaries ...