ETH privacy

[gpestana]

Blockchain is Watching You: Profiling and Deanonymizing Ethereum Users

• Account-based model is inferior than UTXO model from a privacy perspective; “quasi-identifiers” to tag users based on account addresses (user profiling based on quasi-identifiers);
• Study of the Tornado Cash coin mixer privacy based on strong heuristics that decrease the privacy guarantees of non-custodial mixers on Ethereum;
• Variant of Danaan-gift fingerprint attack for Ethereum;
• Authors use node embedding methods to cluster Eth addresses for user profiling in Ethereum
• Authors collected Ethereum addresses and respective links to users based on data from twitter accounts, tornado cash, humanity-dao; From the 4259 addresses collected, they identified 1,155,188 transactions (sent or received) during 5y.
• Exact identification of accounts pairs/users is not a goal of the paper; instead, the goal is to rank plausible deanonymization candidates and with that reduce the k-anonymity of Ethereum accounts.

Problem 1: In Ethereum, native transactions can only move funds from a single sender and a single receiver, with the change being stored in the sender account. Subsequent transactions will re-use the account that received the unspent amount. Account-based model relies on address-reuse on the protocol level.

Proposed solutions:

• Coin Mixers:

  • M ̈obius: Trustless tumbling for transaction privacy
  • Mixeth: efficient, trustless coin mixing service for ethereum
  • Sharelock: Mixing for cryptocurrencies from multiparty ecdsa
  • Tornado Cash

• Confidential transactions

  • AZTEC
  • Pgc: Pretty good decentralized confidential payment system with auditability
  • Zether: Towards privacy in a smart contract world

Deanonymization vectors:

• Pairing Ethereum accounts from the same user (Section 6)
• Tornado Cash deposit and withdrawals pairs (Section 7) F- ingerprint accounts through Danaan-gift variant (Section 8)

Section 6: Pairing Ethereum accounts from the same user

3 quasi-identifiers user to link accounts from the same user: Active time of the day Gas price selection Location in the Ethereum transaction graph

Evaluation: Given an Ethereum address, order remaining addresses by their Euclidean distance;

Section 7: Tornado Cash deposit and withdrawals pairs

Section 8: Fingerprint accounts through Danaan-gift variant

Conclusions

Actionable insights / open questions

• “... users should avoid sensitive activities on addresses easily linkable to their public identities, such as ENS name or their Twitter handle.” → due to the possibility to link ENS names to which services/service categories have been used over time (e.g. adult/gambling/DeFi, etc..)
• Different wallet softwares use different methods to compute suggested gas prices. Can we fingerprint a wallet software? How to avoid wallet fingerprinting?
• Network-level privacy -- there are several studies showing how wallet privacy is lost when users interact with full nodes or wallet providers. How can the user protect against broadcast and network-level privacy attacks?
• How may browser and mobile wallets affect privacy? (see paper 3. below) What can be done to prevent that?
• Anonymous transaction relayers?

A Fistful of Bitcoins: Characterizing Payments Among Men with No Names

When the cookie meets the blockchain: Privacy risks of web payments via cryptocurrencies