You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Blockchain is Watching You: Profiling and Deanonymizing Ethereum Users
Account-based model is inferior than UTXO model from a privacy perspective;
“quasi-identifiers” to tag users based on account addresses (user profiling based on quasi-identifiers);
Study of the Tornado Cash coin mixer privacy based on strong heuristics that decrease the privacy guarantees of non-custodial mixers on Ethereum;
Variant of Danaan-gift fingerprint attack for Ethereum;
Authors use node embedding methods to cluster Eth addresses for user profiling in Ethereum
Authors collected Ethereum addresses and respective links to users based on data from twitter accounts, tornado cash, humanity-dao; From the 4259 addresses collected, they identified 1,155,188 transactions (sent or received) during 5y.
Exact identification of accounts pairs/users is not a goal of the paper; instead, the goal is to rank plausible deanonymization candidates and with that reduce the k-anonymity of Ethereum accounts.
Problem 1: In Ethereum, native transactions can only move funds from a single sender and a single receiver, with the change being stored in the sender account. Subsequent transactions will re-use the account that received the unspent amount. Account-based model relies on address-reuse on the protocol level.
Proposed solutions:
Coin Mixers:
M ̈obius: Trustless tumbling for transaction privacy
Mixeth: efficient, trustless coin mixing service for ethereum
Sharelock: Mixing for cryptocurrencies from multiparty ecdsa
Tornado Cash
Confidential transactions
AZTEC
Pgc: Pretty good decentralized confidential payment system with auditability
Zether: Towards privacy in a smart contract world
Deanonymization vectors:
Pairing Ethereum accounts from the same user (Section 6)
Tornado Cash deposit and withdrawals pairs (Section 7)
F- ingerprint accounts through Danaan-gift variant (Section 8)
Section 6: Pairing Ethereum accounts from the same user
3 quasi-identifiers user to link accounts from the same user:
Active time of the day
Gas price selection
Location in the Ethereum transaction graph
Evaluation:
Given an Ethereum address, order remaining addresses by their Euclidean distance;
Section 7: Tornado Cash deposit and withdrawals pairs
Section 8: Fingerprint accounts through Danaan-gift variant
Conclusions
Actionable insights / open questions
“... users should avoid sensitive activities on addresses easily linkable to their public identities, such as ENS name or their Twitter handle.” → due to the possibility to link ENS names to which services/service categories have been used over time (e.g. adult/gambling/DeFi, etc..)
Different wallet softwares use different methods to compute suggested gas prices. Can we fingerprint a wallet software? How to avoid wallet fingerprinting?
Network-level privacy -- there are several studies showing how wallet privacy is lost when users interact with full nodes or wallet providers. How can the user protect against broadcast and network-level privacy attacks?
How may browser and mobile wallets affect privacy? (see paper 3. below) What can be done to prevent that?
Anonymous transaction relayers?
A Fistful of Bitcoins: Characterizing Payments Among Men with No Names
When the cookie meets the blockchain: Privacy risks of web payments via cryptocurrencies
The text was updated successfully, but these errors were encountered:
Blockchain is Watching You: Profiling and Deanonymizing Ethereum Users
“quasi-identifiers” to tag users based on account addresses (user profiling based on quasi-identifiers);
Problem 1: In Ethereum, native transactions can only move funds from a single sender and a single receiver, with the change being stored in the sender account. Subsequent transactions will re-use the account that received the unspent amount. Account-based model relies on address-reuse on the protocol level.
Proposed solutions:
Coin Mixers:
Confidential transactions
Deanonymization vectors:
F- ingerprint accounts through Danaan-gift variant (Section 8)
Section 6: Pairing Ethereum accounts from the same user
3 quasi-identifiers user to link accounts from the same user:
Active time of the day
Gas price selection
Location in the Ethereum transaction graph
Evaluation:
Given an Ethereum address, order remaining addresses by their Euclidean distance;
Section 7: Tornado Cash deposit and withdrawals pairs
Section 8: Fingerprint accounts through Danaan-gift variant
Conclusions
Actionable insights / open questions
A Fistful of Bitcoins: Characterizing Payments Among Men with No Names
When the cookie meets the blockchain: Privacy risks of web payments via cryptocurrencies
The text was updated successfully, but these errors were encountered: