【Author】
Chervinski, Joao Otavio; Kreutz, Diego; Yu, Jiangshan
【Source】2021 IEEE INTERNATIONAL CONFERENCE ON BLOCKCHAIN AND CRYPTOCURRENCY (ICBC)
【Abstract】Monero was one of the first cryptocurrencies to address the problem of providing privacy-preserving digital asset trading. Currently, it has a market capitalization of over 2.5 billion US dollars and is among the 15 most valuable cryptocurrencies. This digital currency aims to protect users' identities and hide transaction information by using obfuscation mechanisms such as stealth addresses and ring signatures. However, in spite of the efforts to protect Monero's users' privacy, researchers have found ways to identify true payment keys within a ring signature in the past, making attacks against transaction privacy feasible. Since then, the system has received updates and adopted improved measures to provide privacy. This work presents an analysis on how an attacker can take advantage of the system's current settings to conduct both a high-profile transaction flooding attack and a stealthier version. Our results show that after flooding the network for 12 months, the attacker can identify the true spend of 46.24% of newly created transaction inputs by conducting the strongest attack and 14.47% by using the low-profile strategy.
【Keywords】Monero; Privacy; Blockchain; Transaction tracing
【摘要】Monero是首批解决提供保护隐私的数字资产交易问题的加密货币之一。目前,它的市值超过25亿美元,是15种最有价值的加密货币之一。这种数字货币旨在通过使用隐藏地址和环签名等模糊机制来保护用户身份和隐藏交易信息。然而,尽管努力保护Monero用户的隐私,但研究人员过去已经找到了在环签名中识别真实支付密钥的方法,使得攻击交易隐私成为可能。自那时以来,该系统已收到更新,并采取了改进措施来提供隐私。这项工作分析了攻击者如何利用系统的当前设置进行引人注目的交易泛滥攻击和更隐蔽的版本。我们的结果表明,在泛洪攻击12个月后,攻击者可以通过执行最强的攻击和使用低调策略来识别新创建事务输入的46.24%和14.47%的真实开销。
评论