Abstract
The cascade effect attacks (PETS’ 18) on the untraceability of Monero are circumvented by two approaches. The first one is to increase the minimum ring size of each input, from 3 (version 0.9.0) to 7 in the latest update (version 0.12.0). The second approach is introducing the ring confidential transactions with enhanced privacy guarantee. However, so far, no formal analysis has been conducted on the level of anonymity provided by the new countermeasures in Monero. In addition, since Monero is only an example of leading CryptoNote-style blockchains, the actual privacy guarantee provided by other similar blockchains in the wild remains unknown.
In this paper, we propose a more sophisticated statistical analysis on CryptoNote-style cryptocurrencies. In particular, we introduce a new attack on the transaction untraceability called closed set attack. We prove that our attack is optimal assuming that no additional information is given. In other words, in terms of the result, closed set attack is
equivalent to brute-force attack, which exhausts all possible input choices and removes those that are impossible given the constraints imposed by the mixins of each transaction. To verify the impact of our attack in reality, we conduct experiments on the top 3 CryptoNote-style cryptocurrencies, namely, Monero, Bytecoin and DigitalNote, according to their market capitalization. Since the computational cost of performing closed set attack is prohibitively expensive, we propose an efficient algorithm, called clustering algorithm, to (approximately) implement our attack. By combining our clustering method with the cascade attack, we are able to identify the real coin
being spent in 70.52% Monero inputs, 74.25% Bytecoin inputs, and in 91.56% DigitalNote inputs.
In addition, we provide a theoretical analysis on the identified closed set attack, i.e., if every input in a CryptoNote-style blockchain has 3 mixins, and all mixins are sampled uniformly from all existing coins, the success rate of this attack is very small (about 2−19). Given that closed set attack is equivalent to the best possible statistical attack, our findings provide two key insights. First, the current system configuration of Monero secure against statistical attacks, as the minimum number of mixin is 6. Second, we identify a new factor in improving anonymity, that is, the number of unspent keys. Our analysis indicates that the number of mixins in an input does not need to be very large, if the percentage of unspent keys is high.
In this paper, we propose a more sophisticated statistical analysis on CryptoNote-style cryptocurrencies. In particular, we introduce a new attack on the transaction untraceability called closed set attack. We prove that our attack is optimal assuming that no additional information is given. In other words, in terms of the result, closed set attack is
equivalent to brute-force attack, which exhausts all possible input choices and removes those that are impossible given the constraints imposed by the mixins of each transaction. To verify the impact of our attack in reality, we conduct experiments on the top 3 CryptoNote-style cryptocurrencies, namely, Monero, Bytecoin and DigitalNote, according to their market capitalization. Since the computational cost of performing closed set attack is prohibitively expensive, we propose an efficient algorithm, called clustering algorithm, to (approximately) implement our attack. By combining our clustering method with the cascade attack, we are able to identify the real coin
being spent in 70.52% Monero inputs, 74.25% Bytecoin inputs, and in 91.56% DigitalNote inputs.
In addition, we provide a theoretical analysis on the identified closed set attack, i.e., if every input in a CryptoNote-style blockchain has 3 mixins, and all mixins are sampled uniformly from all existing coins, the success rate of this attack is very small (about 2−19). Given that closed set attack is equivalent to the best possible statistical attack, our findings provide two key insights. First, the current system configuration of Monero secure against statistical attacks, as the minimum number of mixin is 6. Second, we identify a new factor in improving anonymity, that is, the number of unspent keys. Our analysis indicates that the number of mixins in an input does not need to be very large, if the percentage of unspent keys is high.
| Original language | English |
|---|---|
| Title of host publication | Financial Cryptography and Data Security |
| Subtitle of host publication | 23rd International Conference, FC 2019 Frigate Bay, St. Kitts and Nevis, February 18–22, 2019 Revised Selected Papers |
| Editors | Ian Goldberg, Tyler Moore |
| Place of Publication | Cham Switzerland |
| Publisher | Springer |
| Pages | 133-149 |
| Number of pages | 17 |
| Volume | 11598 LNCS |
| ISBN (Electronic) | 9783030321017 |
| ISBN (Print) | 9783030321000 |
| DOIs | |
| Publication status | Published - 2019 |
| Event | Financial Cryptography and Data Security Conference 2019 - St Kitts, St Kitts and Nevis Duration: 18 Feb 2019 → 22 Feb 2019 Conference number: 23rd https://fc19.ifca.ai/ (Website) https://link.springer.com/book/10.1007/978-3-030-32101-7 (Proceedings) |
Publication series
| Name | Lecture Notes in Computer Science |
|---|---|
| Publisher | Springer |
| Volume | 11598 |
| ISSN (Print) | 0302-9743 |
| ISSN (Electronic) | 1611-3349 |
Conference
| Conference | Financial Cryptography and Data Security Conference 2019 |
|---|---|
| Abbreviated title | FC 2019 |
| Country/Territory | St Kitts and Nevis |
| City | St Kitts |
| Period | 18/02/19 → 22/02/19 |
| Internet address |
|