307 research outputs found
An Empirical Analysis of Anonymity in Zcash
Among the now numerous alternative cryptocurrencies derived from Bitcoin,
Zcash is often touted as the one with the strongest anonymity guarantees, due
to its basis in well-regarded cryptographic research. In this paper, we examine
the extent to which anonymity is achieved in the deployed version of Zcash. We
investigate all facets of anonymity in Zcash's transactions, ranging from its
transparent transactions to the interactions with and within its main privacy
feature, a shielded pool that acts as the anonymity set for users wishing to
spend coins privately. We conclude that while it is possible to use Zcash in a
private way, it is also possible to shrink its anonymity set considerably by
developing simple heuristics based on identifiable patterns of usage.Comment: 27th USENIX Security Symposium (USENIX Security '18), 15 pages, Zcas
Incentivising Privacy in Cryptocurrencies
Privacy was one of the key points mentioned in Nakamoto's Bitcoin whitepaper,
and one of the selling points of Bitcoin in its early stages. In hindsight,
however, de-anonymising Bitcoin users turned out to be more feasible than
expected. Since then, privacy focused cryptocurrencies such as Zcash and Monero
have surfaced. Both of these examples cannot be described as fully successful
in their aims, as recent research has shown. Incentives are integral to the
security of cryptocurrencies, so it is interesting to investigate whether they
could also be aligned with privacy goals. A lack of privacy often results from
low user counts, resulting in low anonymity sets. Could users be incentivised
to use the privacy preserving implementations of the systems they use? Not only
is Zcash much less used than Bitcoin (which it forked from), but most Zcash
transactions are simply transparent transactions, rather than the (at least
intended to be) privacy-preserving shielded transactions. This paper and poster
briefly discusses how incentives could be incorporated into systems like
cryptocurrencies with the aim of achieving privacy goals. We take Zcash as
example, but the ideas discussed could apply to other privacy-focused
cryptocurrencies. This work was presented as a poster at OPERANDI 2018, the
poster can be found within this short document
Tracing Transactions Across Cryptocurrency Ledgers
One of the defining features of a cryptocurrency is that its ledger,
containing all transactions that have evertaken place, is globally visible. As
one consequenceof this degree of transparency, a long line of recent re-search
has demonstrated that even in cryptocurrenciesthat are specifically designed to
improve anonymity it is often possible to track money as it changes hands,and
in some cases to de-anonymize users entirely. With the recent proliferation of
alternative cryptocurrencies, however, it becomes relevant to ask not only
whether ornot money can be traced as it moves within the ledgerof a single
cryptocurrency, but if it can in fact be tracedas it moves across ledgers. This
is especially pertinent given the rise in popularity of automated trading
platforms such as ShapeShift, which make it effortless to carry out such
cross-currency trades. In this paper, weuse data scraped from ShapeShift over a
thirteen-monthperiod and the data from eight different blockchains to explore
this question. Beyond developing new heuristics and creating new types of links
across cryptocurrency ledgers, we also identify various patterns of
cross-currency trades and of the general usage of these platforms, with the
ultimate goal of understanding whetherthey serve a criminal or a profit-driven
agenda.Comment: 14 pages, 13 tables, 6 figure
An Empirical Analysis of Privacy in Cryptocurrencies
Cryptocurrencies have emerged as an important technology over the past decade
and have, undoubtedly, become blockchain’s most popular application. Bitcoin has
been by far the most popular out of the thousands of cryptocurrencies that have been
created. Some of the features that made Bitcoin such a fascinating technology include
its transactions being made publicly available and permanently stored, and the
ability for anyone to have access. Despite this transparency, it was initially believed
that Bitcoin provides anonymity to its users, since it allowed them to transact using
a pseudonym instead of their real identity. However, a long line of research has
shown that this initial belief was false and that, given the appropriate tools, Bitcoin
transactions can indeed be traced back to the real-life entities performing them.
In this thesis, we perform a survey to examine the anonymity aspect of cryptocurrencies.
We start with early works that made first efforts on analysing how private
this new technology was. We analyse both from the perspective of a passive observer
with eyes only to the public immutable state of transactions, the blockchain,
as well as from an observer who has access to network layer information. We then
look into the projects that aimed to enhance the anonymity provided in cryptocurrencies
and also analyse the evidence of how much they succeeded in practice.
In the first part of our own contributions we present our own take on Bitcoin’s
anonymity, inspired by the research already in place. We manage to extend existing
heuristics and provide a novel methodology on measuring the confidence we have in
our anonymity metrics, instead of looking into the issue from a binary perspective,
as in previous research.
In the second part we provide the first full-scale empirical work on measuring anonymity in a cryptocurrency that was built with privacy guarantees, based on a
very well established cryptography, Zcash. We show that just building a tool which
provides anonymity in theory is very different than the privacy offered in practice
once users start to transact with it.
Finally, we look into a technology that is not a cryptocurrency itself but is built
on top of Bitcoin, thus providing a so-called layer 2 solution, the Lightning network.
Again, our measurements showed some serious privacy concerns of this technology,
some of which were novel and highly applicable
Investigating transactions in cryptocurrencies
This thesis presents techniques to investigate transactions in uncharted cryptocur- rencies and services. Cryptocurrencies are used to securely send payments on- line. Payments via the first cryptocurrency, Bitcoin, use pseudonymous addresses that have limited privacy and anonymity guarantees. Research has shown that this pseudonymity can be broken, allowing users to be tracked using clustering and tag- ging heuristics. Such tracking allows crimes to be investigated. If a user has coins stolen, investigators can track addresses to identify the destination of the coins. This, combined with an explosion in the popularity of blockchain, has led to a vast increase in new coins and services. These offer new features ranging from coins focused on increased anonymity to scams shrouded as smart contracts. In this study, we investigated the extent to which transaction privacy has improved and whether users can still be tracked in these new ecosystems. We began by analysing the privacy-focused coin Zcash, a Bitcoin-forked cryptocurrency, that is consid- ered to have strong anonymity properties due to its background in cryptographic research. We revealed that the user anonymity set can be considerably reduced using heuristics based on usage patterns. Next, we analysed cross-chain transac- tions collected from the exchange ShapeShift, revealing that users can be tracked as they move across different ledgers. Finally, we present a measurement study on the smart-contract pyramid scheme Forsage, a scam that cycled $267 million USD (of Ethereum) within its first year, showing that at least 88% of the participants in the scheme suffered a loss. The significance of this study is the revelation that users can be tracked in newer cryptocurrencies and services by using our new heuristics, which informs those conducting investigations and developing these technologies
- …