Please enable JavaScript.
Coggle requires JavaScript to display documents.
Week 5 Anonymity Mixing Altcoins - Coggle Diagram
Week 5 Anonymity Mixing Altcoins
cryptocurrency vs flat money
user privacy
censorship resistant?
decentralized control
Facebook or Google monetizing user data
centralized system
efficiency
associate with your real personal identity
decentralized system like blockchain
virtual identity
masking their real identities
user may have a set of digital identities
reduce the chance of being identified with the real identity
other issues
global scalability
enterprise blockchain solution
why stay anonymous?
hiding illicit info
protection
most blockchains are not anonymous but just pseudonymous
if one pseudonymous address linking to a real life identity, that will be problematic
Bitcoin design
decentralized
pseudonymous
vs deanonymize
trustless system
every blockchain entity owns same average power
every can access all transaction data
each node can see how addresses interact with each others
transaction history
see how much cryptolcurrency each address owns
balance or outstanding exposed to public
no sense of guaranteed privacy
vs enterprise blockchain which can give strong control of read access
arbitrary identifier like addresses
best practice is not to reuse pseudonymous
generating a new address to receive Bitcoin
using digital wallet to keep track of your Bitcoin addresses
not work in Ethereum because of externally account based
deanoymize
linking virtual identities and the real world entity
method
transaction graph analysis
node is a pseudonym
edge is transaction between pseudonyms
transaction volume or frequency, timing
making link inferences
taint analysis
tracing the movement of Bitcoin network
tag a "bad" address and trace its associated activities
two main heuristics in associating addresses to one real identity
merge of transaction output when there are multiple inputs to a transaction
change addresses
one output to the recipient
another output back to the sender's address (commonly, it is newly generated.)
sending target people Bitcoin
they need to disclose addresses
Posting your Bitcoin address publicly ?
observe online activities , particularly in forum
carelessly post the address
Service provider
methods to identify clusters with real world identities of business
background: we know our own addresses
try to use coinbase to purchase with a shopper
tagging by transaction: which cluster of businesses your address belongs to
Mixing
background
combat deanonymization
public and traceable blockchains like Bitcoin
maybe illegal
similar to money laundering
use fake shell companies
step 1: placement of money to shell companies
write off it s purchases, investments, or service ...
step 2: layering
further passing the money to other shell companies for complicated financial supply chain in order to hide its origin
step 3 integration
spending money on luxury goods or estate
moving undetected money between countries
make it difficult for someone else to track the activities of blockchain users
anonymity set
a set of pseudonyms from an entity cannot distinguish from their counterparts
maximize the association between pseudonyms and resources
N x N x N by associate further to next round of anonymity set
larger anonymity set
harder to link pseudonyms to real identities
properties
trustless
avoid to be stolen
no counterpart risk
plausibly deniable
not outstanding among the transactions
like a normal activity
categories
centralized mixers
TPP, Third Party Protocol
dirty input to centralized mixer
centralized mixer output to clean coin back to sender and himself
issues
centralized mixer may steal the fund or
blackmail
trust or not?
should have enough clean coins in slush fund
centralization risk : single point of failure
being hacked
Gov takedown
altcoin exchange mixing
obfuscate dirty money trail through several exchanging altcoin mixers
using Ether, Zcash, back to Bitcoin
better plausibly deniable
decentralized mixing protocols
privacy focused altcoin
decentralized mixing
making a trustless network outside Bitcoin
input mapping to output
avoid lost, double spent or stolen
truly random
avoid DoS
if unsuccessful, send it back to honest user
threats
passive adversary
not part of mix
using basic anonymity
semi-honest adversary
part of mix
able to deanoymize
Malicious adversary
part of mix
send false message or withhold messages entirely
susceptible to sybil attack
purpose: remove counterparty risk & fee
proposition: making a network outside Bitcoin and not relying on a trusted third party
Sybil resistance in the context of decentralized mixing
resistance to stealing fund
cannot rely on partial threshold cryptography
e.g. m of n multisig
protocols are executed correctly even all other peers are malicious adversaries
resistant to deanonymization
weak
outside participants could not identify the mapping of input and outputs
but participant inside mix can
strong
even participants inside mix do not know the mapping
note a high portion of sybil peers will reduce anonymity set and hence the unique entities within the mix
caveats
side channel attacks
TOR
exit nodes could be adversary-controlled
analyzing transaction amount
solution: using some uniform transaction amounts
network level deanonymization
the first node inform others about a transaction that is probably the source of it
Protocol
CoinJoin in 2011
coins are mixed together in n of n multisig
pro
cannot be stolen
all users need to sign off a transaction
cons
mix facilitator, rather than centralized server which use private and anonymous communication channels for submitting output addresses
not plausibly deniable
because easily be spot by n-of-n multisignature transaction
not DoS resistance
only need 1 malicious node
CoinShuffle in 2014
based on CoinJoin
for decentralized
using decryption mixnet to compute the input and output shuffling
using Accountable anonymous Group messaging protocol called Dissent, against traffic analysis attack
achieve anonymity against mix facilitator because of decentralized
but vulnerable to deanonymization via sybil attack
and vulnerable to DoS attack
but the last peer in the decryption mixnet can determine the outcome of shuffling --> manipulate the ordering
liquidity problem
mixing with others who have dirty coins
fair exchange mixers
input dirty coins and receive cliean coins
no longer require a trusted third part
A pays B via untrusted intermediary T
CoinSwap
hash locked 2-of-2 multisignature transactions
swapping coins with linking to transactions
can't steal fund
better plausible deniable
shortage: use 4 transactions per swap
XIM
using untrusted intermediary
use fee to prevent sybil and DoS attack
using group forming protocols but it takes several hours to run
Blindly signed contract (BSC)
similarly, use anonymous fee vouchers to resist DoS and Sybil attack
cons: requires scripting functionality which is not supported by Bitcoin
improved version: Tamlebit (2016)
Bitcoin compatible
because using RSA evaluation as a service protocol
Altcoin
automatic anonymized or mixed coins for privacy
Dash
dark coin
privacy focused cryptocurrency
using coinjoin mixer
network layer is masternodes
running masternodes to
voting for proposal for network governance
mixing coins
automatic for all
making a larger anonymity set
PrivateSend enable
obscure the origin of fund in transfer
standard denominations for transaction break-down
0.01 dash
0.1 dash
1 dash
10 dash
request to masternode network
when other users give similar requests
1 more item...
better plausible deniability
instantly confirming governance
proof of work reward
Dash wallet having mixing process in the background
get ready beforehand
Monero / Btyecoin
untraceability
for each incoming transaction, all possible senders are equiprobable
ring signatures
to mix with some sets of previous transaction output
using public keys of others to sign in combination
the recipient does not know who is the true sender
but know who the transaction is directed to
unlinkable
for any two outgoing transactions, it is impossible to prove they went to the same person
by hiding the identities of the receivers
features
flexible block size
transaction size increased due to cryptography
ZCash
not revealing the input and output addresses or values
fully anonymous payments
using zk-SNARKs
in scalability, it is about to prove you know something without revealing what you actually know
processes
mint base coin like Bitcoin into ZCash black box
get back black box coin with pour
recall Bitcoin transactions
prove the input Bitcoin has not been spent and sufficient for output
according to digital ledger itself
prove the ownership via the address
prove the sum of output equal to input
new zk-SNARK
transparent layer
zero knowledge security layer
Homomorphic functions
can be integrated with any consensus mechanism
but proof requires semi-trusted one-time set up
MimbleWimble Proposal