Privacy and Linkability of Mining in Zcash

With the growth in popularity for cryptocurrencies the need for privacy preserving blockchains is growing as well. Zcash is such a blockchain, providing transaction privacy through zero-knowledge proofs. In this paper we analyze transaction linkability in Zcash based on the currency minting transactions (mining). Using predictable usage patterns and clustering heuristics on mining transactions an attacker can link to publicly visible addresses over 84% of the volume of the transactions that use a ZK-proof. Since majority of Zcash transactions are not yet using ZK-proofs, we show that overall 95.5% of the total number of Zcash transactions are potentially linkable to public addresses by just observing the mining activity

Recent Advances and Success of Zero-Knowledge Security Protocols

How someone can get health insurance without sharing his health infor-mation? How you can get a loan without disclosing your credit score? There is a method to certify certain attributes of various data, either this is health metrics or finance information, without revealing the data itself or any other kind of personal data. This method is known as “zero-knowledge proofs”. Zero-Knowledge techniques are mathematical methods used to verify things without sharing or revealing underlying data. Zero-Knowledge protocols have vast applications from simple identity schemes and blockchains to de-fense research programs and nuclear arms control. In this article we present the basic principles behind ZKP technology, possible applications and the threats and vulnerabilities that it is subject to and we review proposed securi-ty solutions

Alt-Coin Traceability

Many alt-coins developed in recent years make strong privacy guarantees, claiming to be virtually untraceable. This paper explores the extent to which these claims are true after the first appraisals were made about these coins. In particular, we will investigate Monero (XMR) and Zcash (ZEC), competitors in the private cryptocurrency space. We will test how traceable these currencies are after the most recent security updates, and how they hold up against their claims. We run some traceability experiments based on previously published papers for each coin. Results show that, introducing strict security and anonymity requirements into the cryptocurrency ecosystem makes the coin effectively untraceable, as shown by Monero. On the other hand, Zcash still hesitates to introduce changes that alter user behavior. Despite its strong cryptographic features, transactions are overall more traceable

Live Graph Lab: Towards Open, Dynamic and Real Transaction Graphs with NFT

Numerous studies have been conducted to investigate the properties of large-scale temporal graphs. Despite the ubiquity of these graphs in real-world scenarios, it's usually impractical for us to obtain the whole real-time graphs due to privacy concerns and technical limitations. In this paper, we introduce the concept of {\it Live Graph Lab} for temporal graphs, which enables open, dynamic and real transaction graphs from blockchains. Among them, Non-fungible tokens (NFTs) have become one of the most prominent parts of blockchain over the past several years. With more than \$40 billion market capitalization, this decentralized ecosystem produces massive, anonymous and real transaction activities, which naturally forms a complicated transaction network. However, there is limited understanding about the characteristics of this emerging NFT ecosystem from a temporal graph analysis perspective. To mitigate this gap, we instantiate a live graph with NFT transaction network and investigate its dynamics to provide new observations and insights. Specifically, through downloading and parsing the NFT transaction activities, we obtain a temporal graph with more than 4.5 million nodes and 124 million edges. Then, a series of measurements are presented to understand the properties of the NFT ecosystem. Through comparisons with social, citation, and web networks, our analyses give intriguing findings and point out potential directions for future exploration. Finally, we also study machine learning models in this live graph to enrich the current datasets and provide new opportunities for the graph community. The source codes and dataset are available at https://livegraphlab.github.io.Comment: Accepted by NeurIPS 2023, Datasets and Benchmarks Trac

SoK: Assumptions Underlying Cryptocurrency Deanonymizations -- A Taxonomy for Scientific Experts and Legal Practitioners

In recent years, cryptocurrencies have increasingly been used in cybercrime and have become the key means of payment in darknet marketplaces, partly due to their alleged anonymity. Furthermore, the research attacking the anonymity of even those cryptocurrencies that claim to offer anonymity by design is growing and is being applied by law enforcement agencies in the fight against cybercrime. Their investigative measures require a certain degree of suspicion and it is unclear whether findings resulting from attacks on cryptocurrencies\u27 anonymity can indeed establish that required degree of suspicion. The reason for this is that these attacks are partly based upon uncertain assumptions which are often not properly addressed in the corresponding papers. To close this gap, we extract the assumptions in papers that are attacking Bitcoin, Monero and Zcash, major cryptocurrencies used in darknet markets which have also received the most attention from researchers. We develop a taxonomy to capture the different nature of those assumptions in order to help investigators to better assess whether the required degree of suspicion for specific investigative measures could be established. We found that assumptions based on user behaviour are in general the most unreliable and thus any findings of attacks based on them might not allow for intense investigative measures such as pre-trial detention. We hope to raise awareness of the problem so that in the future there will be fewer unlawful investigations based upon uncertain assumptions and thus fewer human rights violations

SoK: Layer-Two Blockchain Protocols

Blockchains have the potential to revolutionize markets and services. However, they currently exhibit high latencies and fail to handle transaction loads comparable to those managed by traditional financial systems. Layer-two protocols, built on top of layer-one blockchains, avoid disseminating every transaction to the whole network by exchanging authenticated transactions off-chain. Instead, they utilize the expensive and low-rate blockchain only as a recourse for disputes. The promise of layer-two protocols is to complete off-chain transactions in sub-seconds rather than minutes or hours while retaining asset security, reducing fees and allowing blockchains to scale. We systematize the evolution of layer-two protocols over the period from the inception of cryptocurrencies in 2009 until today, structuring the multifaceted body of research on layer-two transactions. Categorizing the research into payment and state channels, commit-chains and protocols for refereed delegation, we provide a comparison of the protocols and their properties. We provide a systematization of the associated synchronization and routing protocols along with their privacy and security aspects. This Systematization of Knowledge (SoK) clears the layer-two fog, highlights the potential of layer-two solutions and identifies their unsolved challenges, indicating propitious avenues of future work

Behind the chain of obscurity : methodologies for cryptocurrency forensic analysis

Bitcoin and alternative cryptocurrencies are decentralised digital currencies that allow users to anonymously exchange money without requiring the presence of a trusted third party. The privacy components of cryptocurrency can facilitate illegal activities and present new challenges for cybercrime forensic analysis. Tackling such challenges motivates new research interest in cryptocurrency tracking. This thesis explores and proposes novel methodologies and improvements to existing cryptocurrency tracking and analysis methodologies. Our first contribution explores the most commonly used cryptocurrency tracking methodology named Taint Analysis and investigates a potential improvement to the methodology’s tracking precision with the implementation of address profiling. We also introduce two context-based taint analysis strategies and hypothesise behaviours related to the tracked Bitcoins context to create a set of evaluation metrics. We conducted an experiment using sample data from known illegal Bitcoin cases to illustrate and evaluate the methodology, and the results reveal distinct transaction behaviours in tracking between the results with and without address profiling for all of the metrics. Our second contribution proposes a cryptocurrency tracking methodology named Address Taint Analysis that is capable of tracking zero-taint coins created by Privacy-Enhancing Technologies (PETs) called centralised mixer services, which are untrackable with taint analysis tracking. Our results indicate that our proposed address taint analysis can trace the zero-taint Bitcoins from nine well-known mixer services back to the original Bitcoins. Our third contribution investigates and proposes a detection method for Wasabi Wallet’s CoinJoin transactions, which is one of the most recent well-known PET services. Our fourth contribution introduces an open-source library for cryptocurrency tracking and analysis named, TaintedTX , that we utilised to perform our research experiments. The library supports a variety of taint analysis strategies that users can select to track targeted transactions or addresses. The library also includes a compilation of utility functions for address clustering, website scraping, transaction and address classifications