An Empirical Analysis of Anonymity in Zcash

Among the now numerous alternative cryptocurrencies derived from Bitcoin, Zcash is often touted as the one with the strongest anonymity guarantees, due to its basis in well-regarded cryptographic research. In this paper, we examine the extent to which anonymity is achieved in the deployed version of Zcash. We investigate all facets of anonymity in Zcash's transactions, ranging from its transparent transactions to the interactions with and within its main privacy feature, a shielded pool that acts as the anonymity set for users wishing to spend coins privately. We conclude that while it is possible to use Zcash in a private way, it is also possible to shrink its anonymity set considerably by developing simple heuristics based on identifiable patterns of usage.Comment: 27th USENIX Security Symposium (USENIX Security '18), 15 pages, Zcas

Incentivising Privacy in Cryptocurrencies

Privacy was one of the key points mentioned in Nakamoto's Bitcoin whitepaper, and one of the selling points of Bitcoin in its early stages. In hindsight, however, de-anonymising Bitcoin users turned out to be more feasible than expected. Since then, privacy focused cryptocurrencies such as Zcash and Monero have surfaced. Both of these examples cannot be described as fully successful in their aims, as recent research has shown. Incentives are integral to the security of cryptocurrencies, so it is interesting to investigate whether they could also be aligned with privacy goals. A lack of privacy often results from low user counts, resulting in low anonymity sets. Could users be incentivised to use the privacy preserving implementations of the systems they use? Not only is Zcash much less used than Bitcoin (which it forked from), but most Zcash transactions are simply transparent transactions, rather than the (at least intended to be) privacy-preserving shielded transactions. This paper and poster briefly discusses how incentives could be incorporated into systems like cryptocurrencies with the aim of achieving privacy goals. We take Zcash as example, but the ideas discussed could apply to other privacy-focused cryptocurrencies. This work was presented as a poster at OPERANDI 2018, the poster can be found within this short document

Tracing Transactions Across Cryptocurrency Ledgers

One of the defining features of a cryptocurrency is that its ledger, containing all transactions that have evertaken place, is globally visible. As one consequenceof this degree of transparency, a long line of recent re-search has demonstrated that even in cryptocurrenciesthat are specifically designed to improve anonymity it is often possible to track money as it changes hands,and in some cases to de-anonymize users entirely. With the recent proliferation of alternative cryptocurrencies, however, it becomes relevant to ask not only whether ornot money can be traced as it moves within the ledgerof a single cryptocurrency, but if it can in fact be tracedas it moves across ledgers. This is especially pertinent given the rise in popularity of automated trading platforms such as ShapeShift, which make it effortless to carry out such cross-currency trades. In this paper, weuse data scraped from ShapeShift over a thirteen-monthperiod and the data from eight different blockchains to explore this question. Beyond developing new heuristics and creating new types of links across cryptocurrency ledgers, we also identify various patterns of cross-currency trades and of the general usage of these platforms, with the ultimate goal of understanding whetherthey serve a criminal or a profit-driven agenda.Comment: 14 pages, 13 tables, 6 figure

An Empirical Analysis of Privacy in Cryptocurrencies

Cryptocurrencies have emerged as an important technology over the past decade and have, undoubtedly, become blockchain’s most popular application. Bitcoin has been by far the most popular out of the thousands of cryptocurrencies that have been created. Some of the features that made Bitcoin such a fascinating technology include its transactions being made publicly available and permanently stored, and the ability for anyone to have access. Despite this transparency, it was initially believed that Bitcoin provides anonymity to its users, since it allowed them to transact using a pseudonym instead of their real identity. However, a long line of research has shown that this initial belief was false and that, given the appropriate tools, Bitcoin transactions can indeed be traced back to the real-life entities performing them. In this thesis, we perform a survey to examine the anonymity aspect of cryptocurrencies. We start with early works that made first efforts on analysing how private this new technology was. We analyse both from the perspective of a passive observer with eyes only to the public immutable state of transactions, the blockchain, as well as from an observer who has access to network layer information. We then look into the projects that aimed to enhance the anonymity provided in cryptocurrencies and also analyse the evidence of how much they succeeded in practice. In the first part of our own contributions we present our own take on Bitcoin’s anonymity, inspired by the research already in place. We manage to extend existing heuristics and provide a novel methodology on measuring the confidence we have in our anonymity metrics, instead of looking into the issue from a binary perspective, as in previous research. In the second part we provide the first full-scale empirical work on measuring anonymity in a cryptocurrency that was built with privacy guarantees, based on a very well established cryptography, Zcash. We show that just building a tool which provides anonymity in theory is very different than the privacy offered in practice once users start to transact with it. Finally, we look into a technology that is not a cryptocurrency itself but is built on top of Bitcoin, thus providing a so-called layer 2 solution, the Lightning network. Again, our measurements showed some serious privacy concerns of this technology, some of which were novel and highly applicable

Investigating transactions in cryptocurrencies

This thesis presents techniques to investigate transactions in uncharted cryptocur- rencies and services. Cryptocurrencies are used to securely send payments on- line. Payments via the first cryptocurrency, Bitcoin, use pseudonymous addresses that have limited privacy and anonymity guarantees. Research has shown that this pseudonymity can be broken, allowing users to be tracked using clustering and tag- ging heuristics. Such tracking allows crimes to be investigated. If a user has coins stolen, investigators can track addresses to identify the destination of the coins. This, combined with an explosion in the popularity of blockchain, has led to a vast increase in new coins and services. These offer new features ranging from coins focused on increased anonymity to scams shrouded as smart contracts. In this study, we investigated the extent to which transaction privacy has improved and whether users can still be tracked in these new ecosystems. We began by analysing the privacy-focused coin Zcash, a Bitcoin-forked cryptocurrency, that is consid- ered to have strong anonymity properties due to its background in cryptographic research. We revealed that the user anonymity set can be considerably reduced using heuristics based on usage patterns. Next, we analysed cross-chain transac- tions collected from the exchange ShapeShift, revealing that users can be tracked as they move across different ledgers. Finally, we present a measurement study on the smart-contract pyramid scheme Forsage, a scam that cycled $267 million USD (of Ethereum) within its first year, showing that at least 88% of the participants in the scheme suffered a loss. The significance of this study is the revelation that users can be tracked in newer cryptocurrencies and services by using our new heuristics, which informs those conducting investigations and developing these technologies