Covert channels in blockchain networks achieve undetectable and reliable communication, while transactions incorporating secret data are perpetually stored on the chain, thereby leaving the secret data continuously susceptible to extraction. MTMM (IEEE Transactions on Computers 2023) is a state-of-the-art blockchain-based covert channel. It utilizes Bitcoin network traffic that will not be recorded on the chain to embed data, thus mitigating the above issues. However, we identify a distinctive pattern in MTMM, based on which we propose a comparison attack to accurately detect MTMM traffic. To defend against the attack, we present an improvement named ORIM, which exploits the permutation of transaction hashes within inventory messages to transmit secret data. ORIM leverages a pseudo-random function to obscure the transaction hashes involved in the permutation to ensure unobservability. The obfuscated values, rather than the original transaction hashes, are utilized to encode the confidential data. Furthermore, we introduce a variable-length encoding scheme predicated on complete binary trees. This scheme considerably amplifies the bandwidth and facilitates efficient encoding and decoding of secret data. Experimental results indicate that ORIM maintains unobservability and that ORIM’s bandwidth is approximately $3.7\times $ of MTMM.

中文翻译：

---

基于区块链的隐蔽通信：一种检测攻击与高效改进


区块链网络中的隐蔽通道实现了无法检测的可靠通信，而包含秘密数据的交易永久存储在链上，从而使秘密数据持续容易受到提取。MTMM （IEEE Transactions on Computers 2023） 是一种最先进的基于区块链的隐蔽通道。它利用不会记录在链上的比特币网络流量来嵌入数据，从而缓解上述问题。但是，我们在 MTMM 中发现了一种独特的模式，基于该模式，我们提出了一种比较攻击来准确检测 MTMM 流量。为了抵御攻击，我们提出了一个名为 ORIM 的改进，它利用清单消息中交易哈希的排列来传输秘密数据。ORIM 利用伪随机函数来掩盖排列中涉及的交易哈希值，以确保不可观察性。使用混淆的值（而不是原始交易哈希值）对机密数据进行编码。此外，我们引入了一种基于完整二叉树的可变长度编码方案。该方案大大放大了带宽，有利于对秘密数据进行高效的编码和解码。实验结果表明，ORIM 保持不可观察性，并且 ORIM 的带宽约为 3.7 美元 × MTMM。