A Tale of Two Trees: One Writes, and Other Reads

Optimized Oblivious Accesses to Bitcoin and other UTXO-based Blockchains

Duc V. Le 1 , Lizzy Tengana Hurtado 2 , Adil Ahmad 3 , Mohsen Minaei 4 , Byoungyoung Lee 5  and Aniket Kate 6
  • 1 Purdue University,
  • 2 National University of Colombia,
  • 3 Purdue University,
  • 4 Purdue University,
  • 5 Seoul National University,
  • 6 Purdue University,


The Bitcoin network has offered a new way of securely performing financial transactions over the insecure network. Nevertheless, this ability comes with the cost of storing a large (distributed) ledger, which has become unsuitable for personal devices of any kind. Although the simplified payment verification (SPV) clients can address this storage issue, a Bitcoin SPV client has to rely on other Bitcoin nodes to obtain its transaction history and the current approaches offer no privacy guarantees to the SPV clients.

This work presents T3, a trusted hardware-secured Bitcoin full client that supports efficient oblivious search/update for Bitcoin SPV clients without sacrificing the privacy of the clients. In this design, we leverage the trusted execution and attestation capabilities of a trusted execution environment (TEE) and the ability to hide access patterns of oblivious random access machine (ORAM) to protect SPV clients’ requests from potentially malicious nodes. The key novelty of T3 lies in the optimizations introduced to conventional ORAM, tailored for expected SPV client usages. In particular, by making a natural assumption about the access patterns of SPV clients, we are able to propose a two-tree ORAM construction that overcomes the concurrency limitation associated with traditional ORAMs. We have implemented and tested our system using the current Bitcoin Unspent Transaction Output (UTXO) Set. Our experiment shows that T3 is feasible to be deployed in practice while providing strong privacy and security guarantees to Bitcoin SPV clients.

If the inline PDF is not rendering correctly, you can download the PDF file here.

  • [1] Address reuse. https://en.bitcoin.it/wiki/Address_reuse. Accessed in Dec 2019.

  • [2] Bitcoin core. https://bitcoin.org/en/bitcoin-core/. Accessed in Dec 2019.

  • [3] Bitcoin Developer Reference. https://bitcoin.org/en/\developer-reference. Accessed in Dec 2019.

  • [4] Bitcoin difficulty and network hash rate. https://bitcoinwisdom.com/bitcoin/difficulty. Accessed in Nov 2019.

  • [5] Bitcoinj. https://bitcoinj.github.io/. Accessed in Dec 2019.

  • [6] Dash. https://www.dash.org/. Accessed in Dec 2019.

  • [7] Deterministic wallet. https://en.bitcoin.it/wiki/Deterministic_wallet. Accessed in Dec 2019.

  • [8] Electrum Bitcoin Wallet. https://electrum.org/. Accessed in Dec 2019.

  • [9] Json-roc-cpp. https://github.com/cinemast/libjson-rpc-cpp. Accessed in Dec 2019.

  • [10] Key stone project. https://keystone-enclave.org/. Accessed in Dec 2019.

  • [11] Litecoin. https://litecoin.org/. Accessed in Dec 2019.

  • [12] Python-bitcoinlib. https://github.com/petertodd/python-bitcoinlib. Accessed in Dec 2019.

  • [13] T3 prototype implementation, 2019. https://github.com/TEE-3/T3.

  • [14] Adil Ahmad, Kyungtae Kim, Muhammad Ihsanulhaq Sarfaraz, and Byoungyoung Lee. OBLIVIATE: A data oblivious filesystem for intel SGX. In NDSS, 2018.

  • [15] Sergei Arnautov, Bohdan Trach, Franz Gregor, Thomas Knauth, Andre Martin, Christian Priebe, Joshua Lind, Divya Muthukumaran, Dan O’Keeffe, Mark L. Stillwell, David Goltzsche, Dave Eyers, Rüdiger Kapitza, Peter Pietzuch, and Christof Fetzer. SCONE: Secure linux containers with intel SGX. In OSDI, 2016.

  • [16] Andrew Baumann, Marcus Peinado, and Galen Hunt. Shielding applications from an untrusted cloud with haven. In OSDI, 2014.

  • [17] Iddo Bentov, Yan Ji, Fan Zhang, Lorenz Breidenbach, Philip Daian, and Ari Juels. Tesseract: Real-time cryptocurrency exchange using trusted hardware. In CCS, 2019.

  • [18] Ferdinand Brasser, Urs Müller, Alexandra Dmitrienko, Kari Kostiainen, Srdjan Capkun, and Ahmad-Reza Sadeghi. Software grand exposure: SGX cache attacks are practical. In WOOT, 2017.

  • [19] Anrin Chakraborti and Radu Sion. ConcurORAM: High-throughput stateless parallel multi-client ORAM. In NDSS, 2019.

  • [20] Chia che Tsai, Donald E. Porter, and Mona Vij. Graphenesgx: A practical library OS for unmodified applications on SGX. In USENIX ATC, 2017.

  • [21] Stephen Checkoway and Hovav Shacham. Iago Attacks: Why the System Call API is a Bad Untrusted RPC Interface. SIGARCH Comput. Archit. News, 2013.

  • [22] R. Cheng, F. Zhang, J. Kos, W. He, N. Hynes, N. Johnson, A. Juels, A. Miller, and D. Song. In EuroSP, 2019.

  • [23] Victor Costan and Srinivas Devadas. Intel sgx explained. Cryptology ePrint Archive, Report 2016/086, 2016. https://eprint.iacr.org/2016/086.

  • [24] Victor Costan, Ilia Lebedev, and Srinivas Devadas. Sanctum: Minimal hardware extensions for strong software isolation. In 25th USENIX Security Symposium, 2016.

  • [25] Artur Czumaj. Lecture notes on approximation and randomized algorithms. http://www.ic.unicamp.br/~celio/peer2peer\/math/czumaj-balls-into-bins.pdf. Accessed in 2019.

  • [26] Sergi Delgado-Segura, Cristina Pérez-Solà, Guillermo Navarro-Arribas, and Jordi Herrera-Joancomartí. Analysis of the bitcoin UTXO set. In BITCOIN, 2018.

  • [27] W. Diffie and M. Hellman. New directions in cryptography. IEEE Transactions on Information Theory, 1976.

  • [28] Saba Eskandarian and Matei Zaharia. Oblidb: Oblivious query processing for secure databases. PVLDB, 2019.

  • [29] Bin Fan, Dave G. Andersen, Michael Kaminsky, and Michael D. Mitzenmacher. Cuckoo filter: Practically better than bloom. In Proceedings of the 10th ACM International on Conference on Emerging Networking Experiments and Technologies, CoNEXT ’14, 2014.

  • [30] Arthur Gervais, Srdjan Capkun, Ghassan O. Karame, and Damian Gruber. On the privacy provisions of bloom filters in lightweight bitcoin clients. In ACSAC, 2014.

  • [31] O. Goldreich. Towards a theory of software protection and simulation by oblivious rams. In STOC, 1987.

  • [32] Danny Harnik, Eliad Tsfadia, Doron Chen, and Ronen I. Kat. Securing the storage data path with SGX enclaves. CoRR, abs/1806.10883, 2018.

  • [33] Mike Hearn and Matt Corallo. Connection Bloom filtering, 2012.

  • [34] Ryan Henry, Amir Herzberg, and Aniket Kate. Blockchain access privacy: Challenges and directions. IEEE Security & Privacy, 16(4):38–45, 2018.

  • [35] Thang Hoang, Muslum Ozgur Ozmen, Yeongjin Jang, and Attila A. Yavuz. Hardware-Supported ORAM in Effect: Practical Oblivious Search and Update on Very Large Dataset. In PoPETs, 2019.

  • [36] Tyler Hunt, Zhiting Zhu, Yuanzhong Xu, Simon Peter, and Emmett Witchel. Ryoan: A distributed sandbox for un-trusted computation on secret data. In OSDI, 2016.

  • [37] Angela Jäschke, Björn Grohmann, Frederik Armknecht, and Andreas Schaad. Short paper: Industrial feasibility of private information retrieval. In SECRYPT, 2017.

  • [38] Paul Kocher, Jann Horn, Anders Fogh,, Daniel Genkin, Daniel Gruss, Werner Haas, Mike Hamburg, Moritz Lipp, Stefan Mangard, Thomas Prescher, Michael Schwarz, and Yuval Yarom. Spectre attacks: Exploiting speculative execution. In S&P, 2019.

  • [39] Jaehyuk Lee, Jinsoo Jang, Yeongjin Jang, Nohyun Kwak, Yeseul Choi, Changho Choi, Taesoo Kim, Marcus Peinado, and Brent ByungHoon Kang. Hacking in darkness: Return-oriented programming against secure enclaves. In 26th USENIX Security Symposium, 2017.

  • [40] Sangho Lee, Ming-Wei Shih, Prasun Gera, Taesoo Kim, Hyesoon Kim, and Marcus Peinado. Inferring fine-grained control flow inside SGX enclaves with branch shadowing. In 26th USENIX Security Symposium, 2017.

  • [41] Joshua Lind, Oded Naor, Ittay Eyal, Florian Kelbert, Emin Gün Sirer, and Peter Pietzuch. Teechain: A secure payment network with asynchronous blockchain access. In SOSP, 2019.

  • [42] Moritz Lipp, Michael Schwarz, Daniel Gruss, Thomas Prescher, Werner Haas, Anders Fogh, Jann Horn, Stefan Mangard, Paul Kocher, Daniel Genkin, Yuval Yarom, and Mike Hamburg. Meltdown: Reading kernel memory from user space. In 27th USENIX Security Symposium, 2018.

  • [43] Sinisa Matetic, Karl Wüst, Moritz Schneider, Kari Kostiainen, Ghassan Karame, and Srdjan Capkun. BITE: Bitcoin lightweight client privacy using trusted execution. In 28th USENIX Security Symposium, 2019.

  • [44] Mohsen Minaei, Pedro Moreno-Sanchez, and Aniket Kate. R3c3: Cryptographically secure censorship resistant rendezvous using cryptocurrencies. Cryptology ePrint Archive, Report 2018/454, 2018. https://eprint.iacr.org/2018/454.

  • [45] Satoshi Nakamoto. Bitcoin: A peer-to-peer electronic cash system,” http://bitcoin.org/bitcoin.pdf, 2008.

  • [46] Olga Ohrimenko, Felix Schuster, Cedric Fournet, Aastha Mehta, Sebastian Nowozin, Kapil Vaswani, and Manuel Costa. Oblivious multi-party machine learning on trusted processors. In 25th USENIX Security Symposium, 2016.

  • [47] Meni Orenbach, Pavel Lifshits, Marina Minkin, and Mark Silberstein. Eleos: Exitless os services for sgx enclaves. In EuroSys, 2017.

  • [48] K. Qin, H. Hadass, A. Gervais, and J. Reardon. Applying private information retrieval to lightweight bitcoin clients. In 2019 Crypto Valley Conference on Blockchain Technology (CVCBT), 2019.

  • [49] Ashay Rane, Calvin Lin, and Mohit Tiwari. Raccoon: Closing digital side-channels through obfuscated execution. In 24th USENIX Security Symposium, 2015.

  • [50] Cetin Sahin, Victor Zakhary, Amr El Abbadi, Huijia Lin, and Stefano Tessaro. Taostore: Overcoming asynchronicity in oblivious data storage. In S&P, 2016.

  • [51] E. B. Sasson, A. Chiesa, C. Garman, M. Green, I. Miers, E. Tromer, and M. Virza. Zerocash: Decentralized Anonymous Payments from Bitcoin. In S&P, 2014.

  • [52] Sajin Sasy and Ian Goldberg. ConsenSGX: Scaling anonymous communications networks with trusted execution environments. PoPETs, 2019.

  • [53] Sajin Sasy, Sergey Gorbunov, and Christopher W. Fletcher. Zerotrace : Oblivious memory primitives from intel SGX. In NDSS, 2018.

  • [54] Elaine Shi, T. H. Hubert Chan, Emil Stefanov, and Mingfei Li. Oblivious ram with o((logn)3) worst-case cost. In ASIACRYPT 2011.

  • [55] Emil Stefanov, Marten van Dijk, Elaine Shi, Christopher Fletcher, Ling Ren, Xiangyao Yu, and Srinivas Devadas. Path oram: An extremely simple oblivious ram protocol. In CCS, 2013.

  • [56] Florian Tramer and Dan Boneh. Slalom: Fast, verifiable and private execution of neural networks in trusted hardware. In International Conference on Learning Representations, 2019.

  • [57] Muoi Tran, Loi Luu, Min Suk Kang, Iddo Bentov, and Prateek Saxena. Obscuro: A bitcoin mixer using trusted execution environments. In ACSAC, 2018.

  • [58] Chia-Che Tsai, Kumar Saurabh Arora, Nehal Bandi, Bhushan Jain, William Jannen, Jitin John, Harry A. Kalodner, Vrushali Kulkarni, Daniela Oliveira, and Donald E. Porter. Cooperation and security isolation of library oses for multi-process applications. In EuroSys, 2014.

  • [59] Wenhao Wang, Guoxing Chen, Xiaorui Pan, Yinqian Zhang, XiaoFeng Wang, Vincent Bindschaedler, Haixu Tang, and Carl A. Gunter. Leaky cauldron on the dark land: Understanding memory side-channel hazards in sgx. In CCS, 2017.

  • [60] Xiao Wang, Hubert Chan, and Elaine Shi. Circuit oram: On tightness of the goldreich-ostrovsky lower bound. In CCS, 2015.

  • [61] Karl Wüst, Sinisa Matetic, Moritz Schneider, Ian Miers, Kari Kostiainen, and Srdjan Capkun. ZLiTE: Lightweight Clients for Shielded Zcash Transactions using Trusted Execution. In International Conference on Financial Cryptography and Data Security, 2019.

  • [62] Yuanzhong Xu, Weidong Cui, and Marcus Peinado. Controlled-Channel attacks: Deterministic side channels for untrusted operating systems. In S&P, 2015.

  • [63] Fan Zhang, Ethan Cecchetti, Kyle Croman, Ari Juels, and Elaine Shi. Town crier: An authenticated data feed for smart contracts. In CCS, 2016.


Journal + Issues