Anonymity Flashcards
what is adress clustering
H1. If two (or more) addresses are inputs to a transaction, they are controlled by same user.
H2. One-time change address (if exists) is controlled by the use controlling input addresses.
Two addresses in my block,
mine to play with mine to mock
One time I’ll change the name of house
It’s my control it’s my carousel
H1. If two (or more) addresses are inputs to a transaction, they are controlled by same user.
H2. One-time change address (if exists) is controlled by the use controlling input addresses.
Coinjoin
multi signature transactions, that leads to unlinkability
What are the coinjoin issues
who creates the final action who shall sign the inputs
It’s each of you who’ll sign, divine third party make the trans design
now what’s the threat of model mine and which bad parties are maligned
the goat the devil wants to find the link between the inputs
the problem is the builder’s bad and knows the map from inputs to the motherfucking outputs
What I wish I could have done
Mixing as a servive
Mixing-as-a-Service
P2P CoinJoin was proposed in 2013 by Maxwell (as a post in bitcointalk.org).
Even before that, there existed several mixing services in Bitcoin ecosystem.4
o OnionBC : Anonymous transactions and Escrow service. Accessible only on Tor.
o Bitcoin Fog : Deposit-and-Withdraw service for anonymity. Available only on Tor.
o BitLaundry : Simple single-use-deposit and multiple-output-transaction mixing.
o Blockchain.info Send Shared : Shared wallet for the users to mix transactions.
BitLaundry
Deposit input transactions at a single-use address within the mixing network.
Specify fresh output addresses to the mixing network to receive transactions.
I been trapping out the ozarks I’m marty byrdin,.
is byrd the word
Experiments with BitLaundry reveal that
it does not guarantee full unlinkability.
In fact, Moser et al. observed in one
case that their input transaction was
directly linked to output transactions.
Why should you never trust a DJ
the problem is the DJ’s bad(vlad) and knows the map from inputs to the motherfucking outputs
Possible threats
o Mixing service may just steal the money, and never return to the user.
o Mixing service may log or reveal the information on address mapping.
What are the goals of anonymity. anonamia.
VUR-CEA, who got the keys to my motherfucking beamer
Unlinkability Inputs and outputs to a transaction should be unlinkable.
Verifiability Attacker must not be able to steal or destroy transactions.
Robustness Protocol should succeed in presence of malicious parties.
In addition to the standard security and privacy, the protocol should also be
Compatible with the underlying blockchain network and its operation.
Efficient in terms of running the protocol and confirmation timings.
Affordable in terms of transaction fee (or gas) compared to transfers.
What does standard mixing guarantee, and compare that to p2p and distributed mixing
Standard mixing networks simply distance addresses of Sender and Receiver.
P2P and distributed mixing protocols guarantee more in terms of Anonymity
o CoinJoin : P2P protocol for external unlinkability. Vulnerable to DoS attacks.
o CoinShuffle : P2P mixing overlaying CoinJoin. Provides internal unlinkability.
o TumbleBit : Untrusted payment hub for off-chain payment with commitment.
o MixCoin : Distributed mixing network for a third-party mixing of transactions.
o BlindCoin : Distributed mixing network with blinded tokens for unlinkability
Talk about Confidential Unlinkable, Untraceable, Anonymous. Like erm, UC AU. SIlver University. Australian University.
Confidential if amount is hidden, but sender and receiver are public
Unlinkable if transaction appears to be independent of others, its
inputs/outputs also appear independent of each other
Untraceable if the lineage of coins/assets are unattainable
Anonymous if sender, receiver and amount are all h
What is a challenge for blockchain verifiability
“maintaining public verifiability while shielding transaction information”
(sender, receiver, amount, general state transition … )
Obfuscation
≈ k-anonymity set
(hiding in the crowd) for
sender/recipient unlinkability
and/or untraceability
Cryptography
using fancy crypto magic to hide information yet remains verifiable on its integrity. Such as, zero-knowledge proof, ring signature, Pedersen commitment …
Obfuscation v.s.* Cryptography
Obfuscation ✓ simpler construct, more efficient ✗ only unlinking senders/receivers ✗ privacy depends on anonymity set size and set sampling
Cryptography
✓ maximal privacy
✓ selective attributes hiding
✗ computational heavy, complicated
What is centralised coinjoin
basically there’s a central coinjoin server
: Decentralized Mixing + CoinJoin
basically there’s a central coinjoin server but not really idk like a decentralsed group of nodes and they do a lil shuffling
What is coinshuffle
ten people in a line, each have a private and public key pair.
all pass their public keys around, such that guy10 ends up with 10, guy9 ends up with 9 and guy 1 ends up w 1
guy10 encrypts his output address with all 10 public keys, one for one, in the right sequence. he passes it to guy 9
guy 9 decrypts a layer off of guy10’s onion. guy 9 creates his own onion of 9 layers.
all the way passed to guy 1, at this point, guy 1 has 9 onions of 1 layer each. he decrypts all of them and adds his own address in.
Then he creates one big transaction, sends it back to participants to sign. And sign they will, since they can verify that their own transaction is in the mix. So they’ll sign the overall package. See this system is good; while the onions were being passed around no one could tell who’s transaction whose was, cos it was all onioned.
CoinShuffle++
Like the shuffle described above, which was coinjoin, but there’s extra steps of a dice mix and a DC-Net in the wa.y
What is monero’s approach to privacy
- Stealth address for unlinkability
- Ring Signature for untraceable payment
- Traceable Ring Signature for double-spending detection/prevention
- Bulletproofs for confidential transactions hiding the amount
Stealth Address
Alice sends to Bob
In each transaction, a stealth address (a one time public key) is added to the transaction.
Others looking at this transaction can’t figure out where it’s going to (receiver address). However Bob, using his private key, can receive that transaction after scanning the blockchain.
why is zerocash better than zerocoin
zerocoin only hides the origin of payments, not amount or destination
Zerocash is more efficient, hides the amount and destination as well.
I used to know where i was going used to know where i was from
and i didn’t know to pay i sing the zerocash song
now I woke up feeling groggy and I don’t know where I’m from
and I don’t know where im going how much to pay oh lawd im gone
im alright in 6ms cos im a smaller than k
zk snark
zero knowledge succint (short proof size and verification time) noninteractive (doesnt require QnA) argument of knowledge