New Empirical Traceability Analysis of CryptoNote-Style Blockchains

【Author】 Yu, Zuoxia; Au, Man Ho; Yu, Jiangshan; Yang, Rupeng; Xu, Qiuliang; Lau, Wang Fat

【Source】FINANCIAL CRYPTOGRAPHY AND DATA SECURITY, FC 2019

【Abstract】The cascade effect attacks (PETS' 18) on the untraceability of Monero are circumvented by two approaches. The first one is to increase the minimum ring size of each input, from 3 (version 0.9.0) to 7 in the latest update (version 0.12.0). The second approach is introducing the ring confidential transactions with enhanced privacy guarantee. However, so far, no formal analysis has been conducted on the level of anonymity provided by the new countermeasures in Monero. In addition, since Monero is only an example of leading CryptoNote-style blockchains, the actual privacy guarantee provided by other similar blockchains in the wild remains unknown. In this paper, we propose a more sophisticated statistical analysis on CryptoNote-style cryptocurrencies. In particular, we introduce a new attack on the transaction untraceability called closed set attack. We prove that our attack is optimal assuming that no additional information is given. In other words, in terms of the result, closed set attack is equivalent to brute-force attack, which exhausts all possible input choices and removes those that are impossible given the constraints imposed by the mixins of each transaction. To verify the impact of our attack in reality, we conduct experiments on the top 3 CryptoNote-style cryptocurrencies, namely, Monero, Bytecoin and DigitalNote, according to their market capitalization. Since the computational cost of performing closed set attack is prohibitively expensive, we propose an efficient algorithm, called clustering algorithm, to (approximately) implement our attack. By combining our clustering method with the cascade attack, we are able to identify the real coin being spent in 70.52% Monero inputs, 74.25% Bytecoin inputs, and in 91.56% DigitalNote inputs. In addition, we provide a theoretical analysis on the identified closed set attack, i.e., if every input in a CryptoNote-style blockchain has 3 mixins, and all mixins are sampled uniformly from all existing coins, the success rate of this attack is very small (about 2(-19)). Given that closed set attack is equivalent to the best possible statistical attack, our findings provide two key insights. First, the current system configuration of Monero is secure against statistical attacks, as the minimum number of mixin is 6. Second, we identify a new factor in improving anonymity, that is, the number of unspent keys. Our analysis indicates that the number of mixins in an input does not need to be very large, if the percentage of unspent keys is high.

【Keywords】

【标题】新的Cryptonote型区块链可追溯性的实证分析

【摘要】有两种方法可以避免对Monero不可追踪性的级联效应攻击（PETS'18）。第一个是将每个输入的最小环大小从3（版本0.9.0）增加到最新更新（版本0.12.0）中的7。第二种方法是引入具有增强隐私保证的环机密交易。然而，到目前为止，尚未对Monero中新对策提供的匿名性进行正式分析。此外，由于Monero只是领先的CryptoNote风格区块链的一个例子，因此其他类似区块链在野外提供的实际隐私保证仍然未知。在本文中，我们对Cryptonote类型的加密货币提出了更复杂的统计分析。特别是，我们引入了一种针对事务不可追踪性的新攻击，称为闭集攻击。我们证明了在不提供额外信息的情况下，我们的攻击是最优的。换句话说，就结果而言，闭集攻击相当于暴力攻击，它耗尽了所有可能的输入选择，并删除了由于每个事务的混合所施加的约束而不可能实现的输入选择。为了验证我们的攻击在现实中的影响，我们根据市值对前3种Cryptonote类型的加密货币，即Monero、Bytecoin和DigitalNote进行了实验。由于执行闭集攻击的计算成本高昂，我们提出了一种高效算法，称为聚类算法，以（近似）实现我们的攻击。通过将聚类方法与级联攻击相结合，我们能够识别70.52%的Monero输入、74.25%的Bytecoin输入和91.56%的DigitalNote输入中花费的真实硬币。此外，我们对已识别的闭集攻击进行了理论分析，即，如果Cryptonote型区块链中的每个输入都有3个混合，并且所有混合都是从所有现有硬币中均匀采样的，则该攻击的成功率非常低（约为2（-19））。鉴于闭集攻击相当于可能的最佳统计攻击，我们的发现提供了两个关键见解。首先，Monero的当前系统配置可以抵御统计攻击，因为最小混合数为6。其次，我们确定了提高匿名性的一个新因素，即未使用密钥的数量。我们的分析表明，如果未使用键的百分比很高，则输入中的混合数不需要很大。

【发表时间】2019

【收录时间】2022-07-16

【文献类型】Proceedings Paper

【论文大主题】加密货币

【论文小主题】匿名性与安全

【翻译者】林定康