9 research outputs found
Beyond a Fistful of Tumblers: Toward a Taxonomy of Ethereum-based Mixers
The role played by decentralised services in the obfuscation of crypto-asset transactions performed on transparent blockchains has increasingly captured the attention of regulators. This is exemplified by the headlines about the U.S. Treasury\u27s sanctions on the Ethereum-based mixer Tornado Cash. Yet, despite the existing controversies on the use of mixers, the different functionalities of these information systems with an inherent dark side remain to be explored by the literature. So far, contributions primarily encompass technical works and studies that focus on the Bitcoin ecosystem. This paper puts forward a multi-layer taxonomy of the smart-contract-based - and, therefore, functionally richer - family of mixers on Ethereum. Our proposed taxonomy is grounded on (1) a review of existing literature, (2) an analysis of mixers\u27 project documentation, (3) their corresponding smart contracts, and (4) expert interviews. The evaluation included the application of the taxonomy to two mixers - RAILGUN and zkBob. Our taxonomy represents a valuable tool for law enforcement, regulators, and other stakeholders to explore critical properties affecting compliance and use of Ethereum-based mixers
Towards Solving the Blockchain Trilemma: An Exploration of Zero-Knowledge Proofs
Research on blockchain has found that the technology is no silver bullet compared to traditional data structures due to limitations regarding decentralization, security, and scalability. These limitations are summarized in the blockchain trilemma, which today represents the greatest barrier to blockchain adoption and applicability. To address these limitations, recent advancements by blockchain businesses have focused on a new cryptographic technique called Zero-knowledge proofs . While these primitives have been around for some time and despite their potential significance on blockchains, not much is known in information systems research about them and their potential effects. Therefore, we employ a multivocal literature review to explore this new tool and find that although it has the potential to resolve the trilemma, it currently only solves it in certain dimensions, which necessitates further attention and research
Secure and efficient covert communication for blockchain-integrated SAGINs
Blockchain has brought great potential in improving Space-Air-Ground Integrated Networks (SAGINs) in terms of security and efficiency. In blockchain-integrated SAGINs, many applications and services inherently require both the communication contents and communication behaviors to be secure against eavesdroppers, in which a covert communication algorithm is always deployed as a fundamental communication component. However, existing covert communication schemes suffer from critical problems. On the one hand, they require a sender to locally maintain a cryptographic key for a long period of time, which is very costly and inefficient to renew which means renewing the secret key. On the other hand, the ciphertext of covertly sent data would explicitly appear in the network, and thereby the schemes are vulnerable to secret key breach. In this paper, we propose a secure and efficient covert communication scheme for blockchain-integrated SAGINs, dubbed CC-BSAGINs, to free the sender from maintaining secret keys. The key technique is to map the covertly sent data to some transactions on the underlying blockchain in a secure and efficient way; the mapping information is sent via a covert communication algorithm. Such a two-step mechanism releases the sender from key management and does not require the ciphertext to be communicated. We provide formal security proofs and conduct a comprehensive performance evaluation, which demonstrates the security and efficiency of CC-BSAGINs
An Empirical Analysis of Privacy in the Lightning Network
Payment channel networks, and the Lightning Network in particular, seem to
offer a solution to the lack of scalability and privacy offered by Bitcoin and
other blockchain-based cryptocurrencies. Previous research has focused on the
scalability, availability, and crypto-economics of the Lightning Network, but
relatively little attention has been paid to exploring the level of privacy it
achieves in practice. This paper presents a thorough analysis of the privacy
offered by the Lightning Network, by presenting several attacks that exploit
publicly available information about the network in order to learn information
that is designed to be kept secret, such as how many coins a node has available
or who the sender and recipient are in a payment routed through the network.Comment: 26 pages, 5 figure
Beyond a Fistful of Tumblers: Toward a Taxonomy of Ethereum-based Mixers
peer reviewedThe role played by decentralised services in the obfuscation of crypto-asset transactions performed on transparent blockchains has increasingly captured the attention of regulators. This is exemplified by the headlines about the U.S. Treasury's sanctions on the Ethereum-based mixer Tornado Cash. Yet, despite the existing controversies on the use of mixers, the different functionalities of these information systems with an inherent dark side remain to be explored by the literature. So far, contributions primarily encompass technical works and studies that focus on the Bitcoin ecosystem. This paper puts forward a multi-layer taxonomy of the smart-contract-based-and, therefore, functionally richer family of mixers on Ethereum. Our proposed taxonomy is grounded on (1) a review of existing literature, (2) an analysis of mixers' project documentation, (3) their corresponding smart contracts, and (4) expert interviews. Our evaluation included the application of the taxonomy to two mixers - RAILGUN and zkBob. The taxonomy represents a valuable tool for law enforcement, regulators, and other stakeholders to explore critical properties affecting compliance and use of Ethereum-based mixers.U-AGR-7110 - C21/IS/16326754/PABLO (01/06/2022 - 31/05/2026) - FRIDGEN GilbertU-AGR-7001 - C20/IS/14783405/FIReSpARX (01/07/2021 - 30/06/2025) - FRIDGEN Gilber
On the Anonymity Guarantees of Anonymous Proof-of-Stake Protocols
In proof-of-stake (PoS) blockchains, stakeholders that extend the chain are selected according to the amount of stake they own.
In S\&P 2019 the ``Ouroboros Crypsinous\u27\u27 system of Kerber et al.\ (and concurrently Ganesh et al.\ in EUROCRYPT 2019) presented a
mechanism that hides the identity of the stakeholder when adding blocks, hence preserving anonymity of stakeholders
both during payment and mining in the Ouroboros blockchain.
They focus on anonymizing the messages of the blockchain protocol,
but suggest that potential identity leaks from the network-layer can be removed as well by
employing anonymous broadcast channels.
In this work we show that this intuition is flawed. Even ideal anonymous broadcast channels do not suffice to protect the identity of the stakeholder who proposes a block.
We make the following contributions.
First, we show a formal network-attack against Ouroboros Crypsinous, where the adversary can leverage network delays to distinguish who is the stakeholder that added a block on the blockchain.
Second, we abstract the above attack and show that whenever the adversary has control over the network delay -- within the synchrony bound -- loss of anonymity is inherent for any protocol that provides liveness guarantees.
We do so, by first proving that it is impossible to devise a (deterministic) state-machine replication protocol that achieves basic liveness guarantees and better than (1-2\f) anonymity at the same time (where \f is the fraction of corrupted parties).
We then connect this result to the PoS setting by presenting the tagging and reverse tagging attack that allows an adversary, across
several executions of the PoS protocol, to learn the stake of a target node, by simply delaying messages for the target.
We demonstrate that our assumption on the delaying power of the adversary is realistic by describing how our attack could be mounted over the Zcash blockchain network (even when Tor is used).
We conclude by suggesting approaches that can mitigate such attacks
Privacy Aspects and Subliminal Channels in Zcash
In this paper we analyze two privacy and security issues for the
privacy-oriented cryptocurrency Zcash. First we study shielded
transactions and show ways to fingerprint user transactions, including
active attacks.We introduce two new attacks which we call
Danaan-gift attack and Dust attack. Following the recent Sapling
update of Zcash protocol we study the interaction between the new
and the old zk-SNARK protocols and the effects of their interaction
on transaction privacy. In the second part of the paper we check for
the presence of subliminal channels in the zk-SNARK protocol and
in Pedersen Commitments. We show presence of efficient 70-bit
channels which could be used for tagging of shielded transactions
which would allow the attacker (malicious transaction verifier)
to link transactions issued by a maliciously modified zk-SNARK
prover, while would be indistinguishable from regular transactions
for the honest verifier/user. We discuss countermeasures against
both of these privacy issues