Monero: Privacy

Figure by osuke.icon

https://gyazo.com/0fc16b3bdd0b284245752fe51804e148

Protocols

History

CryptoNote v 2.0

Nicolas van Saberhagen, October 17, 2013

RING CONFIDENTIAL TRANSACTIONS

SHEN NOETHER- MONERO RESEARCH LABS

Proposals

RingCT 2.0: A Compact Accumulator-Based (Linkable Ring Signature) Protocol for Blockchain Cryptocurrency Monero

Shi-Feng Sun, Man Ho Au, Joseph K. Liu, Tsz Hon Yuen, Dawu Gu

Use a specific (universal) accumulator for DDH groups Ref

Drawback: Trusted setup

RingCT 3.0 for Blockchain Confidential Transaction: Shorter Size and Stronger Security

Tsz Hon Yuen (The University of Hong Kong), Shi-feng Sun, Joseph K. Liu (Monash University), Man Ho Au (Hong Kong Polytechnic University), Muhammed F. Esgin (Monash University), Qingzhao Zhang, Dawu Gu (Shanghai Jiao Tong University)

Background: RingCT (Monero) linkable ring signature + confidential transaction

The size of each signatures is the ring size$ O(n)($ nis the number of potential signers, hence$ n \le 20in practice)

$ O(Mn)for$ Mtransaction inputs

RingCT2.0: $ O(1)size signature w/ trusted public parameters

Contribution: Propose RingCT3.0 w/ ring signature size of$ O(M + \log n)

Based on a new ring signature scheme; the shortest ring signature without trusted setup in the literature

Able to support larger anonymity set (e.g., 10^5 users with less than 1800 bytes for the signature size)

Give a stronger security model for anonymity by considering insider attack for RingCT3.0

Tutorials

Monero Building Blocks Delfr

Auditing

View key

Let a third party review the user’s transactions (Ref)

Only allows seeing incoming transactions, not the outgoing ones.

There doesn’t seem to be a way to prove that the list of incoming transactions is complete.

Linkability

Monero Ring Attack: Recreating Zero Mixin Transaction Effect

Dimaz Ankaa Wijaya, Joseph Liu, Ron Steinfeld (Monash University), Dongxi Liu

TrustCom'18

A Traceability Analysis of Monero’s Blockchain

Amrit Kumar, Clément Fischer, Shruti Tople, Prateek Saxena (National University of Singapore)

ESORICS'17

Heuristic I: Over 65% of inputs are traceable due to zero mix-ins

Lead to a cascade effect: affects the untraceability of other inputs with which they have a non-empty anonymity-set intersection.

Do not obtain any ground truth on RingCTs

Heuristic II: Several outputs from a previous transaction are often merged to aggregate funds when creating a new transaction

Heuristic III: the most recent output (in terms of block height) in the anonymity-set as the real one being redeemed

An Empirical Analysis of Traceability in the Monero Blockchain

Malte Möser*, Kyle Soska, Ethan Heilman, Kevin Lee, Henry Heffan, Shashvat Srivastava, Kyle Hogan, Jason Hennessey, Andrew Miller, Arvind Narayanan, and Nicolas Christin

Proceedings on Privacy Enhancing Technologies, 2018

Findings

1. About 62% of transaction inputs with one or more mixins are vulnerable to “chain-reaction” analysis

The real input can be deduced by elimination.

2. Monero mixins are sampled in such a way that they can be easily distinguished from the real coins by their age distribution; in short, the real input is usually the “newest” input.

We estimate that this heuristic can be used to guess the real input with 80 % accuracy over all transactions with 1 or more mixins

An Empirical Analysis of Monero Cross-Chain Traceability

Abraham Hinteregger and Bernhard Haslhofer

Privacy across hard-fork chains

See also: Anonymity Analysis by osuke.icon

#Monero