Beyond a Fistful of Tumblers: Toward a Taxonomy of Ethereum-based Mixers

The role played by decentralised services in the obfuscation of crypto-asset transactions performed on transparent blockchains has increasingly captured the attention of regulators. This is exemplified by the headlines about the U.S. Treasury\u27s sanctions on the Ethereum-based mixer Tornado Cash. Yet, despite the existing controversies on the use of mixers, the different functionalities of these information systems with an inherent dark side remain to be explored by the literature. So far, contributions primarily encompass technical works and studies that focus on the Bitcoin ecosystem. This paper puts forward a multi-layer taxonomy of the smart-contract-based - and, therefore, functionally richer - family of mixers on Ethereum. Our proposed taxonomy is grounded on (1) a review of existing literature, (2) an analysis of mixers\u27 project documentation, (3) their corresponding smart contracts, and (4) expert interviews. The evaluation included the application of the taxonomy to two mixers - RAILGUN and zkBob. Our taxonomy represents a valuable tool for law enforcement, regulators, and other stakeholders to explore critical properties affecting compliance and use of Ethereum-based mixers

Towards Solving the Blockchain Trilemma: An Exploration of Zero-Knowledge Proofs

Research on blockchain has found that the technology is no silver bullet compared to traditional data structures due to limitations regarding decentralization, security, and scalability. These limitations are summarized in the blockchain trilemma, which today represents the greatest barrier to blockchain adoption and applicability. To address these limitations, recent advancements by blockchain businesses have focused on a new cryptographic technique called Zero-knowledge proofs . While these primitives have been around for some time and despite their potential significance on blockchains, not much is known in information systems research about them and their potential effects. Therefore, we employ a multivocal literature review to explore this new tool and find that although it has the potential to resolve the trilemma, it currently only solves it in certain dimensions, which necessitates further attention and research

Secure and efficient covert communication for blockchain-integrated SAGINs

Blockchain has brought great potential in improving Space-Air-Ground Integrated Networks (SAGINs) in terms of security and efficiency. In blockchain-integrated SAGINs, many applications and services inherently require both the communication contents and communication behaviors to be secure against eavesdroppers, in which a covert communication algorithm is always deployed as a fundamental communication component. However, existing covert communication schemes suffer from critical problems. On the one hand, they require a sender to locally maintain a cryptographic key for a long period of time, which is very costly and inefficient to renew which means renewing the secret key. On the other hand, the ciphertext of covertly sent data would explicitly appear in the network, and thereby the schemes are vulnerable to secret key breach. In this paper, we propose a secure and efficient covert communication scheme for blockchain-integrated SAGINs, dubbed CC-BSAGINs, to free the sender from maintaining secret keys. The key technique is to map the covertly sent data to some transactions on the underlying blockchain in a secure and efficient way; the mapping information is sent via a covert communication algorithm. Such a two-step mechanism releases the sender from key management and does not require the ciphertext to be communicated. We provide formal security proofs and conduct a comprehensive performance evaluation, which demonstrates the security and efficiency of CC-BSAGINs

An Empirical Analysis of Privacy in the Lightning Network

Payment channel networks, and the Lightning Network in particular, seem to offer a solution to the lack of scalability and privacy offered by Bitcoin and other blockchain-based cryptocurrencies. Previous research has focused on the scalability, availability, and crypto-economics of the Lightning Network, but relatively little attention has been paid to exploring the level of privacy it achieves in practice. This paper presents a thorough analysis of the privacy offered by the Lightning Network, by presenting several attacks that exploit publicly available information about the network in order to learn information that is designed to be kept secret, such as how many coins a node has available or who the sender and recipient are in a payment routed through the network.Comment: 26 pages, 5 figure

Beyond a Fistful of Tumblers: Toward a Taxonomy of Ethereum-based Mixers

peer reviewedThe role played by decentralised services in the obfuscation of crypto-asset transactions performed on transparent blockchains has increasingly captured the attention of regulators. This is exemplified by the headlines about the U.S. Treasury's sanctions on the Ethereum-based mixer Tornado Cash. Yet, despite the existing controversies on the use of mixers, the different functionalities of these information systems with an inherent dark side remain to be explored by the literature. So far, contributions primarily encompass technical works and studies that focus on the Bitcoin ecosystem. This paper puts forward a multi-layer taxonomy of the smart-contract-based-and, therefore, functionally richer family of mixers on Ethereum. Our proposed taxonomy is grounded on (1) a review of existing literature, (2) an analysis of mixers' project documentation, (3) their corresponding smart contracts, and (4) expert interviews. Our evaluation included the application of the taxonomy to two mixers - RAILGUN and zkBob. The taxonomy represents a valuable tool for law enforcement, regulators, and other stakeholders to explore critical properties affecting compliance and use of Ethereum-based mixers.U-AGR-7110 - C21/IS/16326754/PABLO (01/06/2022 - 31/05/2026) - FRIDGEN GilbertU-AGR-7001 - C20/IS/14783405/FIReSpARX (01/07/2021 - 30/06/2025) - FRIDGEN Gilber

On the Anonymity Guarantees of Anonymous Proof-of-Stake Protocols

In proof-of-stake (PoS) blockchains, stakeholders that extend the chain are selected according to the amount of stake they own. In S\&P 2019 the ``Ouroboros Crypsinous\u27\u27 system of Kerber et al.\ (and concurrently Ganesh et al.\ in EUROCRYPT 2019) presented a mechanism that hides the identity of the stakeholder when adding blocks, hence preserving anonymity of stakeholders both during payment and mining in the Ouroboros blockchain. They focus on anonymizing the messages of the blockchain protocol, but suggest that potential identity leaks from the network-layer can be removed as well by employing anonymous broadcast channels. In this work we show that this intuition is flawed. Even ideal anonymous broadcast channels do not suffice to protect the identity of the stakeholder who proposes a block. We make the following contributions. First, we show a formal network-attack against Ouroboros Crypsinous, where the adversary can leverage network delays to distinguish who is the stakeholder that added a block on the blockchain. Second, we abstract the above attack and show that whenever the adversary has control over the network delay -- within the synchrony bound -- loss of anonymity is inherent for any protocol that provides liveness guarantees. We do so, by first proving that it is impossible to devise a (deterministic) state-machine replication protocol that achieves basic liveness guarantees and better than (1-2\f) anonymity at the same time (where \f is the fraction of corrupted parties). We then connect this result to the PoS setting by presenting the tagging and reverse tagging attack that allows an adversary, across several executions of the PoS protocol, to learn the stake of a target node, by simply delaying messages for the target. We demonstrate that our assumption on the delaying power of the adversary is realistic by describing how our attack could be mounted over the Zcash blockchain network (even when Tor is used). We conclude by suggesting approaches that can mitigate such attacks

Privacy Aspects and Subliminal Channels in Zcash

In this paper we analyze two privacy and security issues for the privacy-oriented cryptocurrency Zcash. First we study shielded transactions and show ways to fingerprint user transactions, including active attacks.We introduce two new attacks which we call Danaan-gift attack and Dust attack. Following the recent Sapling update of Zcash protocol we study the interaction between the new and the old zk-SNARK protocols and the effects of their interaction on transaction privacy. In the second part of the paper we check for the presence of subliminal channels in the zk-SNARK protocol and in Pedersen Commitments. We show presence of efficient 70-bit channels which could be used for tagging of shielded transactions which would allow the attacker (malicious transaction verifier) to link transactions issued by a maliciously modified zk-SNARK prover, while would be indistinguishable from regular transactions for the honest verifier/user. We discuss countermeasures against both of these privacy issues