TY - GEN
T1 - New Empirical Traceability Analysis of CryptoNote-Style Blockchains
AU - Yu, Zuoxia
AU - Au, Man Ho
AU - Yu, Jiangshan
AU - Yang, Rupeng
AU - Xu, Qiuliang
AU - Lau, Wang Fat
N1 - Funding Information:
Acknowledgement. We appreciate the anonymous reviewers for their valuable suggestions. Part of this work was supported by the National Natural Science Foundation of China (Grant No. 61602396, U1636205, 61572294, 61632020), the MonashU-PolyU-Collinstar Capital Joint Lab on Blockchain and Cryptocurrency Technologies, from the Research Grants Council of Hong Kong (Grant No. 25206317), and the Fonds National de la Recherche Luxembourg (FNR) through PEARL grant FNR/P14/8149128.
Publisher Copyright:
© 2019, International Financial Cryptography Association.
PY - 2019
Y1 - 2019
N2 - The cascade effect attacks (PETS’ 18) on the untraceability of Monero are circumvented by two approaches. The first one is to increase the minimum ring size of each input, from 3 (version 0.9.0) to 7 in the latest update (version 0.12.0). The second approach is introducing the ring confidential transactions with enhanced privacy guarantee. However, so far, no formal analysis has been conducted on the level of anonymity provided by the new countermeasures in Monero. In addition, since Monero is only an example of leading CryptoNote-style blockchains, the actual privacy guarantee provided by other similar blockchains in the wild remains unknown. In this paper, we propose a more sophisticated statistical analysis on CryptoNote-style cryptocurrencies. In particular, we introduce a new attack on the transaction untraceability called closed set attack. We prove that our attack is optimal assuming that no additional information is given. In other words, in terms of the result, attack is equivalent to brute-force attack, which exhausts all possible input choices and removes those that are impossible given the constraints imposed by the mixins of each transaction. To verify the impact of our attack in reality, we conduct experiments on the top 3 CryptoNote-style cryptocurrencies, namely, Monero, Bytecoin and DigitalNote, according to their market capitalization. Since the computational cost of performing attack is prohibitively expensive, we propose an efficient algorithm, called clustering algorithm, to (approximately) implement our attack. By combining our clustering method with the cascade attack, we are able to identify the real coin being spent in Monero inputs, Bytecoin inputs, and in DigitalNote inputs. In addition, we provide a theoretical analysis on the identified attack, i.e., if every input in a CryptoNote-style blockchain has 3 mixins, and all mixins are sampled uniformly from all existing coins, the success rate of this attack is very small (about). Given that attack is equivalent to the best possible statistical attack, our findings provide two key insights. First, the current system configuration of Monero is secure against statistical attacks, as the minimum number of mixin is 6. Second, we identify a new factor in improving anonymity, that is, the number of unspent keys. Our analysis indicates that the number of mixins in an input does not need to be very large, if the percentage of unspent keys is high.
AB - The cascade effect attacks (PETS’ 18) on the untraceability of Monero are circumvented by two approaches. The first one is to increase the minimum ring size of each input, from 3 (version 0.9.0) to 7 in the latest update (version 0.12.0). The second approach is introducing the ring confidential transactions with enhanced privacy guarantee. However, so far, no formal analysis has been conducted on the level of anonymity provided by the new countermeasures in Monero. In addition, since Monero is only an example of leading CryptoNote-style blockchains, the actual privacy guarantee provided by other similar blockchains in the wild remains unknown. In this paper, we propose a more sophisticated statistical analysis on CryptoNote-style cryptocurrencies. In particular, we introduce a new attack on the transaction untraceability called closed set attack. We prove that our attack is optimal assuming that no additional information is given. In other words, in terms of the result, attack is equivalent to brute-force attack, which exhausts all possible input choices and removes those that are impossible given the constraints imposed by the mixins of each transaction. To verify the impact of our attack in reality, we conduct experiments on the top 3 CryptoNote-style cryptocurrencies, namely, Monero, Bytecoin and DigitalNote, according to their market capitalization. Since the computational cost of performing attack is prohibitively expensive, we propose an efficient algorithm, called clustering algorithm, to (approximately) implement our attack. By combining our clustering method with the cascade attack, we are able to identify the real coin being spent in Monero inputs, Bytecoin inputs, and in DigitalNote inputs. In addition, we provide a theoretical analysis on the identified attack, i.e., if every input in a CryptoNote-style blockchain has 3 mixins, and all mixins are sampled uniformly from all existing coins, the success rate of this attack is very small (about). Given that attack is equivalent to the best possible statistical attack, our findings provide two key insights. First, the current system configuration of Monero is secure against statistical attacks, as the minimum number of mixin is 6. Second, we identify a new factor in improving anonymity, that is, the number of unspent keys. Our analysis indicates that the number of mixins in an input does not need to be very large, if the percentage of unspent keys is high.
UR - http://www.scopus.com/inward/record.url?scp=85075562054&partnerID=8YFLogxK
U2 - 10.1007/978-3-030-32101-7_9
DO - 10.1007/978-3-030-32101-7_9
M3 - Conference article published in proceeding or book
AN - SCOPUS:85075562054
SN - 9783030321000
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 133
EP - 149
BT - Financial Cryptography and Data Security - 23rd International Conference, FC 2019, Revised Selected Papers
A2 - Goldberg, Ian
A2 - Moore, Tyler
PB - Springer
T2 - 23rd International Conference on Financial Cryptography and Data Security, FC 2019
Y2 - 18 February 2019 through 22 February 2019
ER -