Closed nopara73 closed 6 years ago
The research is about establishing connection between online purchases based on metadata leaked by merchants.
The attack does not work on deep web users, 20% efficient on privacy centric users, who are using browser tracking protections and 40% efficient on not privacy centric users and the attack is only applies to online purchases.
Considering this, it does not pose a risk to ZeroLink users. It is possible occassionally some ZeroLink post-mix wallet separated path gets connected together, but occassional leaks of this information is useless.
Furthermore, see here a brief evaluation of the first part of the research
Keep the issue open, until the "MITIGATION AND DISCUSSION" part of the paper is evaluated.
The paper suggest mitigating the attack:
If a mixing service introduces a delay of (say) up to 6 blocks, then for a given coin that was mixed at a given block height, all mix outputs produced in the next 6 blocks can be considered part of its anonymity set. The main complication is the extent to which mix transactions are distinguishable from other transactions, which is likely highly implementation-dependent.
ZeroLink mixes don't happen purchase time.
https://arxiv.org/pdf/1708.04748.pdf