Crypto Anonymization Techniques
Staying anonymous: what is the quietest cryptocurrency security solution?
Is bitcoin anonymous and are mixing services ready to construct it more private? Here are the strengths and weaknesses of popular crypto privacy solutions.
The cryptocurrency industry was originally positioned as an anonymous digital cash. While experts have been keen to point out that this is not entirely accurate, bitcoin (btc) found its initial popularity in dark web markets like the silk road, where merchants sold illegal goods ranging from soft drugs to hitmen. The silk road company, founded 7 years ago, prospered for the next 2 years until the federal bureau of investigation shut it down in 2013. The authorities later reported, and this was assisted in their investigation completely free of charge by blockchain researchers.
Bitcoin's transaction log is fully formed for all to see. What the blockchain simply lacks is public identities, as all transactions are conducted between wallet addresses, which can be considered pseudonyms. However, no wallet address is unique and can be linked to determined people or organizations.
Linking an address to its owner can be as easy as making a transaction. The client and the seller can potentially disclose to each other the entire history of their transactions. While they may not know who they have previously transacted with, they can find out balances and spending amounts with a simple test on the blockchain explorer. Technically, this is called connectivity: how easy it is to reverse engineer a particular chain of transactions.
Theoretically, bitcoin's chain of transactions is easy to link. In practice, however, this is not a trivial task, because it may not be possible to choose how much of a bitcoin transaction is change and how much is almost money spent.
Bitcoin-based privacy solutions
Given the apparent weakness of bitcoin and other public ledgers in the area of privacy, various ideas have been devised over the years to remedy the situation. The first was proposed at the very beginning of 2013 by gregory maxwell, the main developer of bitcoin. Later, this technology, called coinjoin, used the already existing principle of bitcoin, according to which individual transactions can contain many "outputs" and "inputs" that go to and from many wallets.
Each transaction takes some amount. Bitcoin is like input, and transforms that time like plasticine into all sorts of chunks of output. With coinjoin, multiple participants provide their bitcoins in a single transaction, which then converts them into all sorts of outputs that travel to wallets specified by each client. Wallet a does not remember to which wallet b the bitcoin was sent. Wallet b may include bitcoins collected from dozens of input wallets. The number of participants, called the anonymity set, is important to the overall strength of the mix. It is significantly more problematic to track one wallet in ten thousand than one in 10.
See: cryptocurrency mixers and when governments may want to shut them down
Another solution suggested bitcoin mixers. Although they took a similar approach, they were made as centralized services that held the bitcoins while they were scrambling. However, mixers initially proved to be in demand among users, as they were much easier to implement than peer-to-peer coinjoin.
Researchers soon found their shortcomings, in relative comfort. Above felix maduakor from december 2017 demonstrates a fairly simple heuristic process for deanonymizing mixer transactions. The algorithm relied on important factors like time, bitcoin transaction amounts and related fees to filter the destination wallet. Also, there was a simple web vulnerability in one of the services that could leak mandatory mixed transaction data using an internal record keeping system. The 2017 feature paper also concluded that even outdoor fans of popular mixers used poor privacy guarantor practices that made their operations easier to track.
Despite major security flaws, mixers continued to be popular until the current year itself. However, police confiscations and voluntary closures have put pressure on the sector and may have generally helped limit their use.As chainalysis noted in a webinar in july of the new year, the coinjoin-based wallets offered by wasabi and samourai steadily gained respect over the next year, handling over $250 million worth of bitcoin. T rely on the safety skills of mixer operators, which eliminates unnecessary points of failure. Despite this, the system is far from perfect. Maxwell later distanced himself from pure coinjoin implementations, noting in a presentation that since all users deposit and withdraw different amounts, you can easily guess coinjoin.
Although this is not difficult to mitigate by using fixed withdrawal amounts similar to cash accounts, this is not enough to prevent tracking. Speaking to cointelegraph, chainalysis ceo michael gronager explained:
“Coinjoins and mixers do reach a specific level of dissociation between funds. However, in many cases, this connection can be restored with the help of forensic evidence.”
Additional evidence of the coinjoin vulnerability was obtained at the end of the investigation into the chainalysis of plustoken operations. According to an excerpt from a december 2019 report, the company was able to trace 45,000 bitcoins out of 180,000 collected by the ponzi scheme, despite complex obfuscation tactics that highly included coinjoin services. Nopara73, a pseudonymous developer of the wasabi wallet, defended the technology in an "ask me anything" thread on reddit, saying, "i don't think the technical part of the story is impossible to understand. Hint: they have more coins than every modern monero capitalization.”
Privacy-based altcoins are growing
Dozens of specific projects have emerged as the ecosystem has matured . To provide private transactions to users. The current landscape is broken down into 3 major coin families based on diverse protocols.
Monero (xmr) is currently the largest privacy coin by market capitalization and has been featured in the front row. On sale. It is based on the cryptonote protocol developed by bytecoin (bcn) in 2014 and enhanced by ringct, a system that combines ring painting and confidential transaction cryptography.
Monero tries to hide all the components of a transaction: sender, recipient, amount.
The sender is hidden by ring signatures. When creating a transaction, monero merges the sender's true output with generic semi-random outputs selected from previous blocks. The above provides an effect similar to coinjoin, providing the customer with plausible deniability, since outside parties are unable to select real coins without additional information. . Coins for each exit. Hidden addresses, part of the original cryptonote protocol, hide the recipient by creating a one-time wallet address for each transaction.
Monero's closest competitor is zcash (zec), which uses zero knowledge. Cryptography to save transactions. Qualitatively, zero-knowledge proofs allow the “prover”—the user who sends money—to convincingly demonstrate to the “verifier”—or blockchain node—that they know a certain value without, under any circumstances, disclosing the actual number. Used in a privacy-focused blockchain, the device allows full encryption of transaction details and uses zero-knowledge proofs as a guarantee of its authenticity. There are a huge number of options for zero-knowledge proofs. The person currently using zcash is called zk-snarks.
The latest major addition to privacy coins is the mimblewimble protocol. Embodied in projects like grin and beam, mimblewimble only uses coinjoin and confidential transactions to guarantee secrecy. However, its blockchain architecture is significantly different from most other coins.
For example, mimblewimble blockchains are not burdened with permanent addresses. Instead, the exchange of cryptographic data is done in 2 steps: the sender delivers the partially completed transaction details via external means such as email, and the receiver must then add their own data before retransmitting the completed transaction file.
Several other projects use variants of coinjoin in their privacy features. Privatesend dash mixes coins through multiple coinjoin steps, and the privacy option decred (dcr) uses coinshuffle , an updated and improved implementation of the original protocol. Despite bitter disputes between the opposing camps, each protocol has its pluses and minuses.
The price of anonymity
Entire privacy protocols can suffer from performance and scalability issues. The extra layer of secrecy often comes at a somewhat measurable cost in terms of transaction size, fabrication speed, and computational performance.
Monero transactions are several times heavier than their online bitcoin equivalents. While the introduction of "bulletproof" range proofs has been an important solution to this turmoil, monero transactions tend to be heavier than 1500 bytes, while simple bitcoin transactions can be as little as 280 bytes.
This presents a serious problem for scalability. Despite the fact that monero has dynamic block sizes, which avoids tight areas, the entire block chain continues to grow in size much more efficiently. Eventually it will become impossible to support monero nodes on ordinary computers, which its community sees as a nuance worthy of decentralization.
Zcash is a mixed blockchain containing both transparent and "shielded" transactions. Private transactions suffer from the same size problem as monero and weigh in at around 2000 bytes.
Before sapling, money transfers also required about 4 gb of available ram on an individual basis , which made shielded transactions very reliable. Impractical.
There are similar problems for small coins based on mimblewimble. Its raw transactions are over 5000 bytes due to the presence of large range evidence. The main scalability of coins based on mimblewimble is the chance to “cut off” the blockchain: remove the necessary data about past transactions without affecting their reliability. Green estimated an average reduction of 98% for a sample of ten million transactions, from 130 gb to just under two gb. According to blockchain.Com, this is less than half the size of the bitcoin blockchain with a similar number of transactions in december 2012.
The ability to shrink the blockchain is a very important factor for most scientists. Although it was believed that monero could not scale through pruning, at the dawn of 2019, the team released a limited implementation of it. Critics described it as "more like segmentation, it's more like pruning" because it failed to completely remove transactions. The developers of monero explained on twitter that deleting output data is not possible with advanced technology, adding: “our implementation definitely deletes certain transaction data.”
Zcash and was able to delete their data, but the electric coin company team — the company behind zcash — decided to use zero-knowledge proofs to introduce a similar concept of scaling. The halo technology he proposes will use a “proof of evidence” system that will confirm the validity of past states of the blockchain. This will allow nodes to store only recent transactions, along with validation of everything that has happened before. Often present a trilemma for all individual privacy technologies. While monero is relatively effective in terms of usability and decentralization, its secrecy has been questioned in the past.
Fireice_uk, a pseudonymous contributor to monero and developer of software support for using xmr-stak, has identified several flaws in the approach with ring signature, noting that churning immediately reveals the true origin of money, creating a cycle of transactions. They demonstrated, among other things, a way to break conventional ring signatures based on metadata leaks: it is fair to compare the creation time of a transaction with the records of an online connection to determine the true result. Fears, but downplaying their relevance. On cointelegraph's interest in whether the team responded to these concerns, fireice_uk said that the effort was not enough:
“Over the past year, the amount of research into metadata leaks has increased which only fixed very low-hanging fruits. The current state of affairs leaves me unsure whether an entire family of ring signature based coins is viable and i say this as the developer of one of them.”
Sarang noether, alias member of the monero research lab , responded to specific criticism in a dialogue with cointelegraph. Noting that this is a "subtle issue" that depends on the implied threat model (who wants to deanonymize transactions), they added:
"Metadata at the network layer circulates around who may or may not be affected on a particular contactee depends on his threat model, and it is difficult to reduce it.There is metadata circulating around on the chain, including all of that, like time, rotation structure, non-standard transaction data, etc. Reducing the metadata that is applied is important, but it is impossible to completely eliminate it.”
Talking about churning, noether pointed out that this is the subject of ongoing experimentation and at the same time showed that there are right and wrong methods to do it: “as if a bad choice of all types of honeypot data can lead to a heuristic that with more is likely to be the true signer. , "Bad" churning leads to heuristics that try to identify the process."
While the cryptography used for secure zcash transactions is often described as fundamentally better than monero, the dominance of transparent addresses poses severe limitations. Researchers at university college london, now officially known as ucl, were able to deanonymize several transfers by performing a conversion step between shielded and unshielded coins. On the issue of whether zcash sees value in increasing the number of secure transactions, and of course, a set of anonymity, the electric coin company's vice president of marketing josh swihart told cointelegraph:
“A large list of anonymity is important. , And man does not believe that there can be a point of diminishing returns. We share the universe with billions of people, each of whom performs dozens of operations per month, and hundreds of millions of offices and offices, which perform much more. The set of anonymous data must be large enough to seriously protect all these people, organizations and organizations in every transaction.”
Swihart also noted that the number of fully secure transactions will one day increase. , Which prolongs its set of anonymity. However, the data shows that the ratio of secure and transparent transactions overduringduringduringduringduringduringduringduringduring duringduringduringduringduringduringduringduringduringduringduringduringduring duringduringduringduringduringduringduringduringduring zcash history mass fluctuated between 10% and 20% since small growth today:
Centralization is also an important issue for zcash, as zk-snarks require a "robust setup" to work properly: certain parameters set by the developers. Any compromise of security or trust during any generation event would be disastrous as attackers would be able to create new coins virtually undetected. However, the introduction of halo-based technology will eliminate the need for a proven setup.
Discussing the importance of anonymity sets, fireice_uk stressed: “it is life-or-death-critical. It is impossible to hide in the crowd from the original person. Anything that can be done to reduce the crowd will have an impact on privacy.” They added: “we see this very correctly in the example of the mimblewimble hack,” referring to the breakthrough of ivan bogaty, a dragonfly capital researcher, who deanonymized up to 96% of grin transactions in real time.
In response the developers of grin dismissed the importance Bitcoin Mixing Protocols of the breakthrough. However, they acknowledged that grin's security is far from perfect", noting that "the ability to chain transactions is a limitation that we are eager to alleviate."
Is there a clear leader? Despite the fact that any system has its winning and unpromising sides, in the end, any customer must use the best available tools in the best possible way. Even zcash, which has arguably the most robust anti-binding system, is still being misused by inadvertently jumping between transparent and secure addresses. Monero is somewhat cooler to use in this regard. As chainalysis reported in a personal webinar, it is the preferred privacy coin in darknet markets.
However, bitcoin is the most common payment method. Also, device users mostly do not pay much attention to privacy, because a large share of the money in the darknet markets is sent directly from centralized exchanges. , Would need specified especially. Until privacy coins become fairly common in such high-stakes environments, the debate about their anonymity will remain purely theoretical.
Non-criminal privacy case
It is important to note that confidentiality need not be strictly illicit.Chainalysis emphasized that just over ten percent of the funds sent to mixers come from criminal activity.
A similar proportion can be expected with confidential coins. While regulators are increasingly scrutinizing crimes related to cryptocurrencies, maintaining privacy for legal use is of fundamental importance, as the ceo of chainalysis says:
“Total privacy opens the door to illegal activity, which by definition is not investigated. This is not the universe you want to be in. On the other hand, complete transparency means an absolute lack of privacy. Such a nuance is also not the world where you want to be. We believe the market decides and privacy-free coins have the most momentum today.”
Speaking on behalf of the company, swihart's stance on transactional privacy has understandably gone a step further. Electric coin company believes that a person's ability to transact with others is a fundamental right, while "enterprises have the right to transact in confidence, without disclosing data to competitors or other individuals who are able to harm them."
Asked if facilitating criminal use is an acceptable trade-off for privacy, swihart added: “the combination argument is a red herring. People with bad intentions will use any tool to do illegal things.
If you liked this article and everyone is craving more information about crypto asset privacy nice to visit our resource.
