No full-text available
To read the full-text of this research,
you can request a copy directly from the author.
Abstract
Privacy is important to financial industry, so as to blockchain based cryptocurrencies. Bitcoin can provide only weak identity privacy. To overcome privacy challenges of Bitcoin, some privacy focused cryptocurrencies are proposed, such as Dash, Monero, Zcash, Grin and Verge. Private address, confidential transaction, and network anonymization service are adopted to improve privacy in these privacy focused cryptocurrencies. We propose four privacy metrics for blockchain based cryptocurrencies as identity anonymity, transaction confidentiality, transaction unlinkability, and network anonymity. Then make a comparative analysis on privacy of Bitcoin, Dash, Monero, Verge, Zcash, and Grin from these privacy metrics. Finally, open challenges and future directions on blockchain based privacy cryptocurrencies are discussed. In the future, multi-level privacy enhancement schemes can be combined in privacy cryptocurrencies to improve privacy, performance and scalability.
... Despite the fact that this pseudonymity can offer some degree of privacy, it is not the same as true anonymity. Users can be deanonymized with enough data analysis and linking [42,43]. Data cannot be changed or removed after it has been recorded due to the blockchain's immutability. ...
... The "right to be forgotten" and data rectification principles of GDPR may collide with the immutability and decentralized nature of blockchain, creating compliance issues. By obscuring transaction details, privacy-focused cryptocurrencies like Monero and Zcash [43] and mixing services [46] strive to improve user privacy. Despite the improved privacy these technologies provide, they have also come under regulatory scrutiny and might be misused [22]. ...
The focus of this review article is on the societal problems and end user acceptance of blockchain technology. The paper begins by outlining the importance of blockchain in modernizing trust and data management systems and highlighting its rapid spread across numerous industries. In‐depth analysis of the adoption‐influencing aspects is done, which also lists the advantages and typical end‐user problems. It examines the privacy implications, restrictions on pseudonymity, and function of technologies that improve privacy, such as zero‐knowledge proofs, while also exploring the legal and regulatory environment around blockchain, putting a focus on digital identity, intellectual property, and data ownership. It also evaluates blockchain security features, such as flaws and risks associated with smart contracts, discusses best practices for boosting security, discusses the societal effects of blockchain, and makes suggestions for legislators, companies, and scholars. The use of blockchain technology and its effects on privacy, rights, and security are discussed in real‐world case studies as well.
... Their focus on privacy and secure sharing is particularly relevant to this research's aim of enhancing privacy management. Zhang [13] provided a comparative analysis of privacy cryptocurrencies, offering insights into the application of blockchain in nancial privacy [13]. ...
... Their focus on privacy and secure sharing is particularly relevant to this research's aim of enhancing privacy management. Zhang [13] provided a comparative analysis of privacy cryptocurrencies, offering insights into the application of blockchain in nancial privacy [13]. ...
The urgent need for advanced privacy mechanisms in the digital era is underscored by the growing concerns over data breaches and privacy invasions. Traditional privacy management methods often fall short in addressing these challenges, primarily due to their static nature and limited adaptability to evolving cyber threats. This work presents an efficient method to privacy management by integrating blockchain technology with adaptive privacy mechanisms, leveraging the power of machine learning (ML) and deep learning (DL) algorithms. Existing privacy management systems are predominantly rigid, offering limited scope for dynamic adaptation to changing network conditions and user behaviors. Such systems are increasingly inadequate in handling the complexities of modern data environments, often leading to compromised data confidentiality and higher instances of unauthorized data access or policy violations for different use cases. In response, this paper introduces an innovative model that employs smart contracts on the blockchain for privacy policy enforcement operations. These smart contracts ensure secure, transparent, and immutable privacy management, markedly enhancing data confidentiality and reducing policy violations under different attacks. Furthermore, the application of Reinforcement Learning (RL), enables dynamic privacy policy management operations. RL's ability to learn and adjust policies adaptively in response to environmental feedback ensures improved responsiveness and efficiency in privacy settings. A novel aspect of this work is the integration of Anomaly Detection using Deep Neural Networks (DNNs) with blockchain technology for self-adaptive security. DNNs' proficiency in identifying complex patterns in large datasets allows for the early detection of privacy breaches, enhancing the overall security performance levels. Additionally, the implementation of Differential Privacy in Federated Learning addresses the challenge of preserving data privacy during collective model training, thus ensuring robust privacy protection operations. The proposed methods were tested on various real-time simulation datasets, showcasing superior performance over existing methods in terms of energy efficiency, speed, throughput, consistency, and packet delivery ratio sets. This work not only presents a significant advancement in privacy management but also sets a new standard for future research in the field of data privacy and security levels.
... Crypto currency creation is a field that is surprisingly innovative and always changing. Block chain-based crypto currency is the new technology's greatest potential [1]. A distributed ledger that uses encryption and a consensus method to protect its privacy and security, a block chainprimarily based crypto currency facts and validates transactions on a public ledger. ...
Coin mixing is a class of techniques used to enhance Bitcoin transaction privacy, and those well-performing coin mixing algorithms can effectively prevent most transaction analysis attacks. Based on this premise, to have a well-functioning transaction analysis algorithm requires coin mixing detection with a high recall to ensure accuracy. Most practical coin mixing algorithms do not change the Bitcoin protocol. Therefore, the transactions they generate are not fundamentally different from regular transactions. Existing coin mixing detection methods are commonly rule-based that can only identify coin mixing classes with well-defined patterns, which leads to an overall low recall rate. Multiple rules could improve the recall in this situation, yet they are ineffective for new classes and classes with ambiguous patterns. This paper considers coin mixing detection as a transaction classification problem and proposes an LSTM Transaction Tree Classifier (LSTM-TC) solution, which includes feature extraction and classification of Bitcoin transactions based on deep learning. We also build a dataset to validate our solution. Experiments show that our approach has better performance and the potential for discovering new classes of coin mixing transactions than rule-based approaches and graph neural network-based Bitcoin transaction classification algorithms.
As of September 2019, Monero is the most capitalized privacy-preserving cryptocurrency, and is ranked tenth among all cryptocurrencies. Monero’s on-chain data privacy guarantees, i.e., how mixins are selected in each transaction, have been extensively studied. However, despite Monero’s prominence, the network of peers running Monero clients has not been analyzed. Such analysis is of prime importance, since potential vulnerabilities in the peer-to-peer network may lead to attacks on the blockchain’s safety (e.g., by isolating a set of nodes) and on users’ privacy (e.g., tracing transactions flow in the network).
As a kind of point-to-point distributed public ledger technology, blockchain has been widely concerned in recent years. The privacy protection of blockchain technology has always been the core issue of people’s attention. In this paper, some existing solutions to the current problems of user identity and transaction privacy protection are surveyed, including coin mixing mechanism, zero knowledge proof, ring signature and other technologies. Secondly, five typical applications of privacy protection technology based on blockchain are proposed and analyzed, which are mainly divided into technology applications based on coin mixing protocol, encryption protocol, secure channel protocol and so on. Finally, in view of the shortages of the existing blockchain privacy protection technology, we explore future research challenges that need to be studied in order to preserve privacy in blockchain system, and looks forward to the future development direction.
With the continuous development and popularity of blockchain technology, anonymity of cryptocurrency has attracted wide attention. Zcash is an altcoin of Bitcoin aiming to protect blockchain anonymity. Its anonymity is highly guaranteed by zero-knowledge proofs. However, it is still practicable to decrease Zcash’s anonymity. In this paper, we provide a refined empirical analysis of Zcash anonymity. We improve current address clustering methods and increase the clustering rate by 9%. We also analyze the whole process of distributing mining reward and identify 87.5% addresses and 25.7% transactions. Besides, we simplify Zcash transaction network and then pick out nodes (edges) which play important roles in network connectivity. We show that these nodes are mostly mining pools. In particular, users participating in shieldedpool are mostly founders, miners and mining pools, although shieldedpool itself is designed for protecting anonymity of users with high privacy requirements. Our results, to an extent, are opposite to the original intention of Zcash.
Monero is a privacy-centric cryptocurrency that allows users to obscure their transactions by including chaff coins, called “mixins,” along with the actual coins they spend. In this paper, we empirically evaluate two weaknesses in Monero’s mixin sampling strategy. First, about 62% of transaction inputs with one or more mixins are vulnerable to “chain-reaction” analysis - that is, the real input can be deduced by elimination. Second, Monero mixins are sampled in such a way that they can be easily distinguished from the real coins by their age distribution; in short, the real input is usually the “newest” input. We estimate that this heuristic can be used to guess the real input with 80% accuracy over all transactions with 1 or more mixins. Next, we turn to the Monero ecosystem and study the importance of mining pools and the former anonymous marketplace AlphaBay on the transaction volume. We find that after removing mining pool activity, there remains a large amount of potentially privacy-sensitive transactions that are affected by these weaknesses. We propose and evaluate two countermeasures that can improve the privacy of future transactions.
Internet of Things (IoT) is the new technological revolution that aspires to connect all the everyday physical objects to the Internet, making a huge global network of uniquely things which can share information amongst each other and complete scheduled tasks, bringing significant benefits to users and companies of a Smart City (SC). A Smart City represents a new future framework, which integrates multiple information and communication technology (ICT) and Internet of Things (IoT) solutions, so as to improve the quality life of its citizens. However, there are many security and privacy issues which must be taken into account before the official launching of this new technological concept. Many methods which focus on media security of wireless sensor networks have been proposed and can be adopted in the new expandable network of IoT. In this paper, we describe the upcoming IoT network architecture and its security challenges and analyze the most important researches on media security and privacy in wireless sensor networks (WSNs). Subsequently, we propose an Efficient Algorithm for Media-based Surveillance System (EAMSuS) in IoT network for Smart City Framework, which merges two algorithms introduced by other researchers for WSN packet routing and security, while it reclaims the new media compression standard, High Efficiency Video Coding (HEVC). Experimental analysis shows the efficacy of our proposed scheme in terms of users’ privacy, media security, and sensor node memory requirements. This scheme can be successfully integrated into the IoT network of the upcoming Smart City concept.
Bitcoin is a decentralized P2P digital currency in which coins are generated
by a distributed set of miners and transaction are broadcasted via a
peer-to-peer network. While Bitcoin provides some level of anonymity (or rather
pseudonymity) by encouraging the users to have any number of random-looking
Bitcoin addresses, recent research shows that this level of anonymity is rather
low. This encourages users to connect to the Bitcoin network through
anonymizers like Tor and motivates development of default Tor functionality for
popular mobile SPV clients. In this paper we show that combining Tor and
Bitcoin creates an attack vector for the deterministic and stealthy
man-in-the-middle attacks. A low-resource attacker can gain full control of
information flows between all users who chose to use Bitcoin over Tor. In
particular the attacker can link together user's transactions regardless of
pseudonyms used, control which Bitcoin blocks and transactions are relayed to
the user and can delay or discard user's transactions and blocks. In collusion
with a powerful miner double-spending attacks become possible and a totally
virtual Bitcoin reality can be created for such set of users.
Bitcoin is a digital currency which relies on a distributed set of miners to mint coins and on a peer-to-peer network to broadcast transactions. The identities of Bitcoin users are hidden behind pseudonyms (public keys) which are recommended to be changed frequently in order to increase transaction unlinkability.
We present an efficient method to deanonymize Bitcoin users, which allows to link user pseudonyms to the IP addresses where the transactions are generated. Our techniques work for the most common and the most challenging scenario when users are behind NATs or firewalls of their ISPs. They allow to link transactions of a user behind a NAT and to distinguish connections and transactions of different users behind the same NAT. We also show that a natural countermeasure of using Tor or other anonymity services can be cut-off by abusing anti-DoS countermeasures of the Bitcoin network. Our attacks require only a few machines and have been experimentally verified. The estimated success rate is between 11% and 60% depending on how stealthy an attacker wants to be. We propose several countermeasures to mitigate these new attacks.
Bitcoin is a purely online virtual currency, unbacked by either physical commodities or sovereign obligation; instead, it relies on a combination of cryptographic protection and a peer-to-peer protocol for witnessing settlements. Consequently, Bitcoin has the unintuitive property that while the ownership of money is implicitly anonymous, its flow is globally visible. In this paper we explore this unique characteristic further, using heuristic clustering to group Bitcoin wallets based on evidence of shared authority, and then using re-identification attacks (i.e., empirical purchasing of goods and services) to classify the operators of those clusters. From this analysis, we characterize longitudinal changes in the Bitcoin market, the stresses these changes are placing on the system, and the challenges for those seeking to use Bitcoin for criminal or fraudulent purposes at scale.
With the development of blockchain and digital currencies, central banks all over the world are accelerating the process of CBDC development. However, it is still controversial on adoption of blockchain in CBDC design. In the paper, we analyze both functional and non-functional requirements of CBDC design, and make a literature review on blockchain based CBDC schemes. Analysis findings show that permissioned blockchain are more suitable for CBDC than permissionless blockchain. Besides, there are some challenges in blockchain based CBDC, such as performance, scalability, and cross-chain interoperability. Our analysis is timely and can provide guidelines for blockchain based CBDC design.
Among the now numerous alternative cryptocurrencies derived from Bitcoin, Zcash is often touted as the one with the strongest anonymity guarantees, due to its basis in well-regarded cryptographic research. In this paper, we examine the extent to which anonymity is achieved in the deployed version of Zcash. We investigate all facets of anonymity in Zcash's transactions, ranging from its transparent transactions to the interactions with and within its main privacy feature, a shielded pool that acts as the anonymity set for users wishing to spend coins privately. We conclude that while it is possible to use Zcash in a private way, it is also possible to shrink its anonymity set considerably by developing simple heuristics based on identifiable patterns of usage.
This paper introduces and describes a novel architecture scenario based on Cloud Computing and count on the innovative model of Federated Learning. The proposed model named Integrated Federated Model, with acronym InFeMo. InFeMo incorporates all the existing Cloud models with a federated learning scenario, as well as other related technologies that may have integrated use with each other, offering a novel integrated scenario. In addition to this, proposed model is motivated to deliver a more energy efficient system architecture and environment for the users, which aims to the scope of data management. Also, by applying the InFeMo the user would have less waiting time in every procedure queue. Proposed system was built on the resources made available by Cloud Service Providers (CSPs), by using the PaaS (Platform as a Service) model, in order to be able to handle user requests better and faster. This research tries to fill a scientific gap in the field of federated Cloud systems. Thus, taking advantage of the existing scenarios of FedAvg and CO-OP, we keen to ended up to a new federated scenario that merges these two algorithms, and aiming to has a more efficient model, that it is able to select, depending on the occasion, if it “train” the model locally in client of globally in server.
In this paper we analyze two privacy and security issues for the privacy-oriented cryptocurrency Zcash. First we study shielded transactions and show ways to fingerprint user transactions, including active attacks. We introduce two new attacks which we call Danaan-gift attack and Dust attack. Following the recent Sapling update of Zcash protocol we study the interaction between the new and the old zk-SNARK protocols and the effects of their interaction on transaction privacy. In the second part of the paper we check for the presence of subliminal channels in the zk-SNARK protocol and in Pedersen Commitments. We show presence of efficient 70-bit channels which could be used for tagging of shielded transactions which would allow the attacker (malicious transaction verifier) to link transactions issued by a maliciously modified zk-SNARK prover, while would be indistinguishable from regular transactions for the honest verifier/user. We discuss countermeasures against both of these privacy issues.
The cascade effect attacks (PETS’ 18) on the untraceability of Monero are circumvented by two approaches. The first one is to increase the minimum ring size of each input, from 3 (version 0.9.0) to 7 in the latest update (version 0.12.0). The second approach is introducing the ring confidential transactions with enhanced privacy guarantee. However, so far, no formal analysis has been conducted on the level of anonymity provided by the new countermeasures in Monero. In addition, since Monero is only an example of leading CryptoNote-style blockchains, the actual privacy guarantee provided by other similar blockchains in the wild remains unknown.
Blockchain offers an innovative approach to storing information, executing transactions, performing functions, and establishing trust in an open environment. Many consider blockchain as a technology breakthrough for cryptography and cybersecurity, with use cases ranging from globally deployed cryptocurrency systems like Bitcoin, to smart contracts, smart grids over the Internet of Things, and so forth. Although blockchain has received growing interests in both academia and industry in the recent years, the security and privacy of blockchains continue to be at the center of the debate when deploying blockchain in different applications. This article presents a comprehensive overview of the security and privacy of blockchain. To facilitate the discussion, we first introduce the notion of blockchains and its utility in the context of Bitcoin-like online transactions. Then, we describe the basic security properties that are supported as the essential requirements and building blocks for Bitcoin-like cryptocurrency systems, followed by presenting the additional security and privacy properties that are desired in many blockchain applications. Finally, we review the security and privacy techniques for achieving these security properties in blockchain-based systems, including representative consensus algorithms, hash chained storage, mixing protocols, anonymous signatures, non-interactive zero-knowledge proof, and so forth. We conjecture that this survey can help readers to gain an in-depth understanding of the security and privacy of blockchain with respect to concept, attributes, techniques, and systems.
Blockchain, as a decentralized and distributed public ledger technology in peer-to-peer network, has received considerable attention recently. It applies a linked block structure to verify and store data, and applies the trusted consensus mechanism to synchronize changes in data, which makes it possible to create a tamper-proof digital platform for storing and sharing data. It is believed that blockchain can be utilized in diverse Internet interactive systems (e.g., Internet of Things, supply chain systems, identity management, and so on). However, there are some privacy challenges that may hinder the applications of blockchain. The goal of this survey is to provide some insights into the privacy issues associated with blockchain. We analyze the privacy threats in blockchain and discuss existing cryptographic defense mechanisms, i.e., anonymity and transaction privacy preservation. Furthermore, we summarize some typical implementations of privacy preservation mechanisms in blockchain and explore future research challenges that still need to be addressed in order to preserve privacy when blockchain is used.
Zcash is a fork of Bitcoin with optional anonymity features. While transparent transactions are fully linkable, shielded transactions use zero-knowledge proofs to obscure the parties and amounts of the transactions. First, we observe various metrics regarding the usage of shielded addresses. Moreover, we show that most coins sent to shielded addresses are later sent back to transparent addresses. We then search for round-trip transactions, where the same, or nearly the same number of coins are sent from a transparent address, to a shielded address, and back again to a transparent address. We argue that such behavior exhibits high linkability, especially when they occur nearby temporally. Using this heuristic our analysis matched 31.5% of all coins sent to shielded addresses.
Privacy and anonymity are important desiderata in the use of cryptocurrencies. Monero—a privacy centric cryptocurrency has rapidly gained popularity due to its unlinkability and untraceablity guarantees. It has a market capitalization of USD 290M. In this work, we quantify the efficacy of three attacks on Monero’s untraceability guarantee, which promises to make it hard to trace the origin of a received fund, by analyzing its blockchain data. To this end, we develop three attack routines and evaluate them on the Monero blockchain. Our results show that in 88% of cases, the origin of the funds can be easily determined with certainty. Moreover, we have compelling evidence that two of the attack routines also extend to Monero RingCTs—the second generation Monero that even hides the transaction amount. We further observe that over 98% of the results can in fact be obtained by a simple temporal analysis. In light of our findings, we discuss mitigations to strengthen Monero against these attacks. We shared our findings with the Monero development team and the general community. This has resulted into several discussions and proposals for fixes.
Bit coin has emerged as the most successful cryptographic currency in history. Within two years of its quiet launch in 2009, Bit coin grew to comprise billions of dollars of economic value despite only cursory analysis of the system's design. Since then a growing literature has identified hidden-but-important properties of the system, discovered attacks, proposed promising alternatives, and singled out difficult future challenges. Meanwhile a large and vibrant open-source community has proposed and deployed numerous modifications and extensions. We provide the first systematic exposition Bit coin and the many related crypto currencies or 'altcoins.' Drawing from a scattered body of knowledge, we identify three key components of Bit coin's design that can be decoupled. This enables a more insightful analysis of Bit coin's properties and future stability. We map the design space for numerous proposed modifications, providing comparative analyses for alternative consensus mechanisms, currency allocation mechanisms, computational puzzles, and key management tools. We survey anonymity issues in Bit coin and provide an evaluation framework for analyzing a variety of privacy-enhancing proposals. Finally we provide new insights on what we term disinter mediation protocols, which absolve the need for trusted intermediaries in an interesting set of applications. We identify three general disinter mediation strategies and provide a detailed comparison.
Bitcoin is quickly emerging as a popular digital payment system. However, in spite of its reliance on pseudonyms, Bitcoin raises a number of privacy concerns due to the fact that all of the transactions that take place are publicly announced in the system. In this paper, we investigate the privacy provisions in Bitcoin when it is used as a primary currency to support the daily transactions of individuals in a university setting. More specifically, we evaluate the privacy that is provided by Bitcoin (i) by analyzing the genuine Bitcoin system and (ii) through a simulator that faithfully mimics the use of Bitcoin within a university. In this setting, our results show that the profiles of almost 40% of the users can be, to a large extent, recovered even when users adopt privacy measures recommended by Bitcoin. To the best of our knowledge, this is the first work that comprehensively analyzes, and evaluates the privacy implications of Bitcoin.
A purely peer-to-peer version of electronic cash would allow online payments to be sent directly from one party to another without going through a financial institution. Digital signatures provide part of the solution, but the main benefits are lost if a trusted third party is still required to prevent double-spending. We propose a solution to the double-spending problem using a peer-to-peer network. The network timestamps transactions by hashing them into an ongoing chain of hash-based proof-of-work, forming a record that cannot be changed without redoing the proof-of-work. The longest chain not only serves as proof of the sequence of events witnessed, but proof that it came from the largest pool of CPU power. As long as a majority of CPU power is controlled by nodes that are not cooperating to attack the network, they'll generate the longest chain and outpace attackers. The network itself requires minimal structure. Messages are broadcast on a best effort basis, and nodes can leave and rejoin the network at will, accepting the longest proof-of-work chain as proof of what happened while they were gone.
Linking 96% of grin transactions
- I Bogatyy
Coinjoin: Bitcoin privacy for the real world
- G Maxwell
Deanonymization of hidden transactions in Zcash
- A Biryukov
- D Feher
Ring signature confidential transactions for Monero
- S Noether