MIT Research Team Proposes New Bitcoin Encryption Technology to Prevent Identity Theft and Crypto Attacks

At the IEEE Security and Privacy Symposium held from May 22 to May 24, MIT researchers proposed a new encryption method that uses the underlying blockchain technology of Bitcoin to prevent identity theft and encryption attacks.

MIT electrical engineering and computer science graduate student Alin Tomescu and his thesis advisor, Edwin Sibley Webster Professor Srini Devadas, released a paper on the technology at the event (download the full paper), proposing how bitcoin's immutable blockchain can be used to protect the data of individuals and corporate organizations.

Essentially, the MIT team’s crypto attack defense method uses a Bitcoin-based detection system that alerts the network if a false encryption key attempts to undo the real encryption key.

During a cryptojacking attack, an attacker breaks into a public key cryptographic system and convinces a user to reveal confidential information by proving a false encryption key. By using this encryption key, the attacker is able to break into the system and steal sensitive data and valuable information.

The problem with this type of encryption attack is that because the wrong encryption key cannot cancel the real encryption key without triggering a system alarm, the system will usually have two encryption keys. This way, the system and the user will not know whether the real encryption key is being used to extract information.

According to Devadas, the paper and the system developed by his MIT research team address this ambiguity in cryptographic attacks using the public bitcoin blockchain.

The Bitcoin blockchain is immutable and decentralized in nature. To change the data set implemented by the Bitcoin blockchain, it is necessary to hack and modify the entire distributed ledger. Therefore, it is impossible to attack and modify the data set integrated in the Bitcoin block.

Using the immutability of Bitcoin, the MIT research team has released a method to prevent online services from spoofing and using incorrect encryption keys. According to a paper drafted by two of the researchers, using Bitcoin will allow the system to prevent identity theft, and if this method is implemented on a commercial scale, it could help large companies save millions of dollars each year.

Tomescu, first author of the paper, said:

“Our paper is about using Bitcoin to protect web services from fraud. When you’re creating distributed systems and those systems are sending digital signatures to each other, for example, those systems can be corrupted, they can lie. They can say different things to different people. We want to prevent that.”

The key element of the system, called Catena, is that it does not record all public keys authenticated by public key cryptography. Bitcoin transactions provide space for an 80-character text note, which is not enough to store all public keys. However, it can be used to store cryptographic signatures associated with those public keys.

Bryan Ford, an associate professor of computer science at the Swiss Federal Institute of Technology, said the approach outlined in the paper is a practical idea that can be easily used and implemented.

Ford said:

“The abstraction in this paper is a really neat idea — the idea of ​​being able to create smaller blockchains or linked lists within a blockchain, specific to specific accounts or purposes. It’s really cool, really nice, simple to use, clearly explained. It synergizes really well with the idea we’ve been working on, which is to create an efficient traversable timeline, what we call a skip chain, which is a timeline that you can jump back and forth to, and at any point in the timeline you can efficiently verify any other point.”

Disambiguation, in this case telling different things to different institutions, will lead to more secure algorithms, and Ford believes this is a very important issue.

Full paper: Catena: Efficient Non-Ambiguity with Bitcoin.