Cryptocurrency: Privacy Tech Considered Essential

[grarpamp]

Bitcoin Privacy - A Survey on Mixing Techniques
Simin Ghesmati and Walid Fdhila and Edgar Weippl
https://eprint.iacr.org/2021/629
Abstract: Blockchain is a disruptive technology that promises a
multitude of benefits such as transparency, traceability, and
immutability. However, this unique bundle of key characteristics
rapidly proved to be a double-edged sword that can put user privacy at
risk. Unlike traditional systems, Bitcoin transactions are publicly
and permanently recorded, and anyone can access the full history of
the records. Despite using pseudonymous identities, an adversary can
undermine the financial privacy of users and reveal their actual
identities using advanced heuristics and techniques to identify
eventual links between transactions, senders, receivers, and consumed
services (e.g., online purchases). In this regard, a multitude of
approaches has been proposed in an attempt to overcome financial
transparency and enhance user anonymity. These techniques range from
using mixing services to off-chain transactions and address different
privacy issues. In this survey, we particularly focus on comparing and
evaluating mixing techniques in the Bitcoin blockchain, present their
limitations, and highlight the new challenges.
Category / Keywords: applications / blockchain anonymity Mixing
Date: received 13 May 2021, last revised 20 Aug 2021
Contact author: ghesmti at icloud com
Version: 20210820:155838




Studying Bitcoin privacy attacks and their Impact on Bitcoin-based
Identity Methods
Simin Ghesmati and Walid Fdhila and Edgar Weippl
https://eprint.iacr.org/2021/1088
Abstract: The Bitcoin blockchain was the first publicly verifiable,
and distributed ledger, where it is possible for everyone to download
and check the full history of all data records from the genesis block.
These properties lead to the emergence of new types of applications
and the redesign of traditional systems that no longer respond to
current business needs (e.g., transparency, protection against
censorship, decentralization). One particular application is the use
of blockchain technology to enable decentralized and self-sovereign
identities including new mechanisms for creating, resolving, and
revoking them. The public availability of data records has, in turn,
paved the way for new kinds of attacks that combine sophisticated
heuristics with auxiliary information to compromise users' privacy and
deanonymize their identities. In this paper, we review and categorize
Bitcoin privacy attacks, investigate their impact on one of the
Bitcoin-based identity methods namely did:btcr, and analyze and
discuss its privacy properties.
Original Publication (with minor differences): Springer
Date: received 24 Aug 2021
Contact author: ghesmti at icloud com
Version: 20210825:064031




WabiSabi: Centrally Coordinated CoinJoins with Variable Amounts
Ádám Ficsór and Yuval Kogman and Lucas Ontivero and István András Seres
https://eprint.iacr.org/2021/206
Abstract: Bitcoin transfers value on a public ledger of transactions
anyone can verify. Coin ownership is defined in terms of public keys.
Despite potential use for private transfers, research has shown that
users’ activity can often be traced in practice. Businesses have been
built on dragnet surveillance of Bitcoin users because of this lack of
strong privacy, which harms its fungibility, a basic property of
functional money. Although the public nature of this design lacks
strong guarantees for privacy, it does not rule it out. A number of
methods have been proposed to strengthen privacy. Among these is
CoinJoin, an approach based on multiparty transactions that can
introduce ambiguity and break common assumptions that underlie
heuristics used for deanonymization. Existing implementations of
CoinJoin have several limitations which may partly explain the lack of
their widespread adoption. This work introduces WabiSabi, a new
protocol for centrally coordinated CoinJoin implementations utilizing
keyed verification anonymous credentials and homomorphic value
commitments. This improves earlier approaches which utilize blind
signatures in both privacy and flexibility, enabling novel use cases
and reduced overhead.
Category / Keywords: cryptographic protocols / Bitcoin, anonymity,
privacy, financial privacy
Date: received 24 Feb 2021
Contact author: adam ficsor73 at gmail com, nothingmuch at woobling
org, lucasontivero at gmail com, istvanseres at caesar elte hu
Version: 20210301:171314






Sword: An Opaque Blockchain Protocol
Farid Elwailly
https://eprint.iacr.org/2020/1289
Abstract: I describe a blockchain design that hides the transaction
graph from Blockchain Analyzers. The design is based on the
realization that today the miner creating a block needs enough
information to verify the validity of transactions, which makes
details about the transactions public and thus allows blockchain
analysis. Some protocols, such as Mimblewimble, obscure the
transaction amounts but not the source of the funds which is enough to
allow for analysis. The insight in this technical note is that the
block creator can be restricted to the task of ensuring no double
spends. The task of actually verifying transaction balances really
belongs to the receiver. The receiver is the one motivated to verify
that she is receiving a valid transaction output since she has to
convince the next receiver that the balances are valid, otherwise no
one will accept her spending transaction. The bulk of the transaction
can thus be encrypted in such a manner that only the receiver can
decrypt and examine it. Opening this transaction allows the receiver
to also open previous transactions to allow her to work her way
backward in a chain until she arrives at the coin generation blocks
and completely verify the validity of the transaction. Since
transactions are encrypted on the blockchain a blockchain analyzer
cannot create a transaction graph until he is the receiver of a
transaction that allows backward tracing through to some target
transaction.
Category / Keywords: applications / cryptocurrency, Bitcoin,
confidential transaction, blockchain analyzer, stealth address,
privacy, Mimblewimble, Sword
Date: received 15 Oct 2020
Contact author: sword at elwailly com
Version: 20201016:064939




Zerojoin: Combining Zerocoin and CoinJoin
Alexander Chepurnoy and Amitabh Saxena
https://eprint.iacr.org/2020/560
Abstract: We present Zerojoin, a privacy-enhancing protocol for UTXO
blockchains. Like Zerocoin, our protocol uses zero-knowledge proofs
and a pool of participants. However, unlike Zerocoin, our pool size is
not monotonically increasing. Thus, our protocol overcomes the major
drawback of Zerocoin. Our approach can also be considered a
non-interactive variant of CoinJoin, where the interaction is replaced
by a public transaction on the blockchain. The security of Zerojoin
relies on the Decisional-Diffie-Hellman (DDH) assumption. We also
present ErgoMix, a practical implementation of Zerojoin on top of
Ergo, a smart contract platform based on Sigma protocols. While
Zerojoin contains the key ideas, it leaves open the practical issue of
handling fees. The key contribution of ErgoMix is a novel approach to
handle fees in Zerojoin.
Category / Keywords: cryptographic protocols / cryptocurrency,
privacy, DDH, zero knowledge
Original Publication (with minor differences): Data Privacy
Management, Cryptocurrencies and Blockchain Technology. DPM 2020, CBT
2020.
Date: received 13 May 2020, last revised 29 Aug 2021
Contact author: kushti at protonmail ch
Version: 20210829:211748




Mimblewimble Non-Interactive Transaction Scheme
Gary Yu
https://eprint.iacr.org/2020/1064
Abstract: I describe a non-interactive transaction scheme for
Mimblewimble protocol, so as to overcome the usability issue of the
Mimblewimble wallet. With the Diffie–Hellman, we can use an Ephemeral
Key shared between the sender and the receiver, a public nonce R is
added to the output for that, removing the interactive cooperation
procedure. And an additional one-time public key P' is used to lock
the output to make it only spendable for the receiver, i.e. the owner
of P'. Furtherly, to keep Mimblewimble privacy character, the Stealth
Address is used in this new transaction scheme.
Category / Keywords: public-key cryptography / Mimblewimble, Stealth
address, Bitcoin, Grin, Confidential transaction, Privacy
Date: received 2 Sep 2020, last revised 21 Dec 2020
Contact author: gary yu at gotts tech
Note: A major updating on the scheme, and analysis on replay attack
and rogue-key attack, etc., to substitute the unsafe previous version.
Version: 20201221:130713