Developments in Blockchain Security & Privacy

Nexus’ Signature Chain Sidesteps Dusting Attacks

Recently, Litecoin users were subject to a new form of attack called dusting. The attack was predicated on taking exploiting Litecoin’s UTXO architecture. Fortunately, Nexus’ Signature Chain offers an appealing alternative to this Bitcoin-based legacy.

Last month’s dusting attack left many investors scrambling to understand how minuscule coin deposits (dust) could compromise their identity.

Unfortunately, once deposited dust gets caught up in another transaction, it can be traced to other wallet addresses. Carefully tracking these addresses enable attackers to discern wallet holder identities. 

How is this achieved? The dust in user wallets constitutes what is known as an unspent transaction output (UTXO).

Since wallets create a new address each time a deposit is made, UTXOs are found in several addresses.  These UTXOs eventually merge and serve as a unique (dust) identifier in the process.

Dusting attackers use this identifier to analyze and track specific wallet addresses back to a single user.

An Alternative to UTXO

Nexus replaces this Bitcoin-based UTXO architecture with a signature chain. Like a banking app, a signature chain is a decentralized blockchain account that can be accessed using a username, password, and pin.

As the name implies, a signature chain consists of a “chain of signatures and public keys, all linked together through the next hash and previous transaction hash” (Nexus). 

However, it’s still highly scalable, as this information can be verified and discarded by attaching a single signature to the latest transaction. 

Indeed, verifying the entire chain merely requires signatures for the first and last transactions. Once signed, the chain is immutable. As the Nexus’ website notes

Nexus transactions are decoupled from the block, which means that only a single hash or ‘proof’ per transaction is required in the block level data, rather than the entire transaction itself. these innovations produce lightweight blocks and efficient transaction processing, without the requirement of off chain (Layer 2) scaling solutions.

And since Nexus’ signature chain is lightweight, its also incredibly fast.

Nexus’ Security Features

Dynamic Private Keys

In much the same way, Nexus’ signature chain decouples an account’s identity from cryptography. Consequently, key pairs can be changed by the user after each transaction (while the public key is kept hidden).

This is not unlike how “hierarchical deterministic wallets” operate, generating a new address for each transaction in order to better owner privacy.

Thus, Nexus users seeking to conduct a transaction must simply reveal “the public key of the NextHash (the hash of the public key) by producing a valid signature from the one-time use private key.”  

MITM Attacks

The configuration above alleviates the need to ensure endpoint authentication using third-party Certificates of Authority.  These Certificates safeguard the network from Man-in-the-Middle attacks.

Fortunately, one-time-use private keys severely limit these attacks as well, as they dramatically limit the time available to carry out such attacks.  

51% Attacks

Nexus incorporates two Proof of Work (PoW) channels and one Proof of Stake (PoS) channel to secure its network against 51% attacks.

Achieving consensus involves all three channels checking and balancing each other.

Network Identity

To ascertain network identity, Nexus employs both an End Point Identifier (EID) and a Routing Locator (RLOC).   The former is a fixed identifier associated with a cryptographic ledger while the latter provides for location flexibility. 

Nexus’ LISP (Location Identifier Separation Protocol) allows the RLOC to be separated from the EID, thus allowing it to move freely between networks. 

Network Security

Network security is typically at risk for being compromised anytime greater decentralization or scalability is attempted. This is famously known as the blockchain trilemma.

To remedy this, the Nexus ledger operates as a multi-layered processing system, combining reputation, immutability, and time into a three-dimensional object. The result is a Three Dimensional Chain (3DC).

Although this 3DC is rather complex, security is achieved through multiple layers of transaction processing. As Nexus notes,

… each of the layers aggregate data from the layer below. The nodes performing work on L2, resolve any conflicts in L1 shards, using ‘Stake’ and ‘Trust’ as the ‘Weight’ to determine consensus. In the event that there is a conflict, it is resolved through the validity of data, which is defined as (Trust + Weight). The L3 layer will consolidate hashes from L2 to create the final 3D block.

Nexus defines ‘Trust’ in terms of network contributions by a user over time. Alternatively, ‘Weight’ is formulated as network contributions by a given node for a single transaction.

Key/Username Generation

Nexus employs an open-source password hashing function named Argon2 for key and username generation. In particular, Argon2 is 

a memory-hard password hashing algorithm with variable complexity which means it can control how many seconds it takes to generate a key or username. This drastically increases the time and resources it takes an offline hacker to brute-force a Signature Chain. Because the time to generate an Argon2 hash is bound by memory latency, a specialized ‘password cracking’ device has no advantage over a general-purpose CPU.

With Argon2 in place, a hacker is limited to only two to three password attempts per second. When combined with 8 character password requirement, a successful hack can be achieved only once every 5 million years.

Quantum Computing

Since a quantum computer may alter this calculus, Nexus is gearing up to incorporate quantum-resistant technology for its signature chain as well.

In particular, Nexus intends to offer FALCON (Fast-Fourier Lattice-Based Compact-Signatures Over NTRU) as a signature scheme security option. Based on Lattice Based cryptography, FALCON is a cryptographic signature algorithm expected to provide resistance against quantum computers.  

Conclusion

Nexus’ Signature Chain is primed to facilitate widespread adoption. They recognize the unspoken desire among many to forego the use of public and private keys.

Asking users to retain such numbers is akin to asking internet users to record numerical IP addresses. While not at all difficult to do, it has been off-putting for those seeking simplicity and ease-of-use.

The capacity for Nexus to offer a promising alternative suggests that blockchain technology may soon become mainstream.