search

nopara73 / ZeroLink

The Bitcoin Fungibility Framework
MIT License
348 stars 76 forks source link

Evaluate 2017 Aug research #39

Closed nopara73 closed 6 years ago

nopara73 commented 6 years ago

https://arxiv.org/pdf/1708.04748.pdf

nopara73 commented 6 years ago

The research is about establishing connection between online purchases based on metadata leaked by merchants.

The attack does not work on deep web users, 20% efficient on privacy centric users, who are using browser tracking protections and 40% efficient on not privacy centric users and the attack is only applies to online purchases.
Considering this, it does not pose a risk to ZeroLink users. It is possible occassionally some ZeroLink post-mix wallet separated path gets connected together, but occassional leaks of this information is useless.

Furthermore, see here a brief evaluation of the first part of the research

Keep the issue open, until the "MITIGATION AND DISCUSSION" part of the paper is evaluated.

nopara73 commented 6 years ago

The paper suggest mitigating the attack:

If a mixing service introduces a delay of (say) up to 6 blocks, then for a given coin that was mixed at a given block height, all mix outputs produced in the next 6 blocks can be considered part of its anonymity set. The main complication is the extent to which mix transactions are distinguishable from other transactions, which is likely highly implementation-dependent.

ZeroLink mixes don't happen purchase time.