research-article

On How Zero-Knowledge Proof Blockchain Mixers Improve, and Worsen User Privacy

Authors:

Stefanos Chaliasos,

Pascal Berrang,

Benjamin Livshits,

Arthur GervaisAuthors Info & Claims

WWW '23: Proceedings of the ACM Web Conference 2023

Pages 2022 - 2032

https://doi.org/10.1145/3543507.3583217

Published: 30 April 2023 Publication History

Abstract

Zero-knowledge proof (ZKP) mixers are one of the most widely-used blockchain privacy solutions, operating on top of smart contract-enabled blockchains. We find that ZKP mixers are tightly intertwined with the growing number of Decentralized Finance (DeFi) attacks and Blockchain Extractable Value (BEV) extractions. Through coin flow tracing, we discover that 205 blockchain attackers and 2, 595 BEV extractors leverage mixers as their source of funds, while depositing a total attack revenue of 412.87M USD. Moreover, the US OFAC sanctions against the largest ZKP mixer, Tornado.Cash, have reduced the mixer’s daily deposits by more than .

Further, ZKP mixers advertise their level of privacy through a so-called anonymity set size, which similarly to k-anonymity allows a user to hide among a set of k other users. Through empirical measurements, we, however, find that these anonymity set claims are mostly inaccurate. For the most popular mixers on Ethereum (ETH) and Binance Smart Chain (BSC), we show how to reduce the anonymity set size on average by and respectively. Our empirical evidence is also the first to suggest a differing privacy-predilection of users on ETH and BSC.

State-of-the-art ZKP mixers are moreover interwoven with the DeFi ecosystem by offering anonymity mining (AM) incentives, i.e., users receive monetary rewards for mixing coins. However, contrary to the claims of related work, we find that AM does not necessarily improve the quality of a mixer’s anonymity set. Our findings indicate that AM attracts privacy-ignorant users, who then do not contribute to improving the privacy of other mixer users.

References

[1]

Kurt M. Alonso. 2020. Zero to Monero: First Edition. A Technical Guide to A Private Digital Currency; for Beginners, Amateurs, and Experts. https://web.getmonero.org/library/Zero-to-Monero-2-0-0.pdf.

[2]

Elli Androulaki, Ghassan O Karame, Marc Roeschlin, Tobias Scherer, and Srdjan Capkun. 2013. Evaluating User Privacy in Bitcoin. In International Conference on Financial Cryptography and Data Security. Springer, Springer Science & Business Media, Berlin, Heidelberg, 34–51.

[3]

barryWhiteHat. 2018. Miximus. Available at: https://github.com/barryWhiteHat/miximus.

[4]

Ferenc Béres, István A Seres, András A Benczúr, and Mikerah Quintyne-Collins. 2021. Blockchain is Watching You: Profiling and Deanonymizing Ethereum Users. In 2021 IEEE International Conference on Decentralized Applications and Infrastructures (DAPPS). IEEE Computer Society, Los Alamitos, CA, USA, 69–78.

[5]

Alex Biryukov, Daniel Feher, and Giuseppe Vitto. 2019. Privacy Aspects and Subliminal Channels in Zcash. In Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security. ACM, London, UK, 1813–1830.

Digital Library

[6]

George Bissias, A Pinar Ozisik, Brian N Levine, and Marc Liberatore. 2014. Sybil-Resistant Mixing for Bitcoin. In Proceedings of the 13th Workshop on Privacy in the Electronic Society. ACM, Scottsdale, AZ, USA, 149–158.

Digital Library

[7]

Joseph Bonneau, Arvind Narayanan, Andrew Miller, Jeremy Clark, Joshua A Kroll, and Edward W Felten. 2014. Mixcoin: Anonymity for Bitcoin with Accountable Mixes. In International Conference on Financial Cryptography and Data Security. Springer, Springer, Christ Church, Barbados, 486–504.

[8]

Chainalysis. 2022. Understanding Tornado Cash, Its Sanctions Implications, and Key Compliance Questions. Available at: https://blog.chainalysis.com/reports/tornado-cash-sanctions-challenges/.

[9]

David L Chaum. 1981. Untraceable Electronic Mail, Return Addresses and Digital Pseudonyms. Commun. ACM 24, 2 (1981), 84–90.

Digital Library

[10]

Mauro Conti, E Sandeep Kumar, Chhagan Lal, and Sushmita Ruj. 2018. A Survey on Security and Privacy Issues of Bitcoin. IEEE Communications Surveys & Tutorials 20, 4 (2018), 3416–3452.

Digital Library

[11]

Philip Daian, Steven Goldfeder, Tyler Kell, Yunqi Li, Xueyuan Zhao, Iddo Bentov, Lorenz Breidenbach, and Ari Juels. 2020. Flash Boys 2.0: Frontrunning, Transaction Reordering, and Consensus Instability in Decentralized Exchanges. In IEEE Symposium on Security and Privacy (SP). IEEE, San Francisco, CA, USA, 910–927.

[12]

Arthur Gervais, Srdjan Capkun, Ghassan O Karame, and Damian Gruber. 2014. On the Privacy Provisions of Bloom Filters in Lightweight Bitcoin Clients. In Computer Security Applications Conference. ACM, New Orleans, LA, USA, 326–335.

[13]

Ethan Heilman, Leen Alshenibr, Foteini Baldimtsi, Alessandra Scafuro, and Sharon Goldberg. 2017. Tumblebit: An Untrusted Bitcoin-Compatible Anonymous Payment Hub. In Network and Distributed System Security Symposium. The Internet Society, San Diego, California, USA.

[14]

Abraham Hinteregger and Bernhard Haslhofer. 2018. An Empirical Analysis of Monero Cross-Chain Traceability. CoRR abs/1812.02808 (2018). http://arxiv.org/abs/1812.02808

[15]

George Kappos, Haaroon Yousaf, Mary Maller, and Sarah Meiklejohn. 2018. An Empirical Analysis of Anonymity in Zcash. In 27th USENIX Security Symposium, USENIX Security. USENIX Association, Baltimore, MD, USA, 463–477.

[16]

Ghassan O Karame, Elli Androulaki, Marc Roeschlin, Arthur Gervais, and Srdjan Čapkun. 2015. Misbehavior in Bitcoin: A Study of Double-Spending and Accountability. ACM Transactions on Information and System Security (TISSEC) 18, 1 (2015), 2.

Digital Library

[17]

Amrit Kumar, Clément Fischer, Shruti Tople, and Prateek Saxena. 2017. A Traceability Analysis of Monero’s Blockchain. In European Symposium on Research in Computer Security(Lecture Notes in Computer Science, Vol. 10493). Springer, Oslo, Norway, 153–173.

[18]

Duc Viet Le and Arthur Gervais. 2021. AMR: Autonomous Coin Mixer with Privacy Preserving Reward Distribution. In AFT ’21: 3rd ACM Conference on Advances in Financial Technologies. ACM, Arlington, Virginia, USA, 142–155.

Digital Library

[19]

Greg Maxwell. 2013. CoinJoin: Bitcoin Privacy for The Real World. Available at: https://bitcointalk.org/index.php¿topic=279249.0.

[20]

Sarah Meiklejohn and Rebekah Mercer. 2018. Möbius: Trustless Tumbling for Transaction Privacy. Proceedings on Privacy Enhancing Technologies 2018, 2 (2018), 105–121.

[21]

Ian Miers, Christina Garman, Matthew Green, and Aviel D. Rubin. 2013. Zerocoin: Anonymous Distributed E-Cash from Bitcoin. In 2013 IEEE Symposium on Security and Privacy. IEEE Computer Society, Berkeley, CA, USA, 397–411.

Digital Library

[22]

Malte Möser, Kyle Soska, Ethan Heilman, Kevin Lee, Henry Heffan, Shashvat Srivastava, Kyle Hogan, Jason Hennessey, Andrew Miller, Arvind Narayanan, 2018. An Empirical Analysis of Traceability in the Monero Blockchain. Proceedings on Privacy Enhancing Technologies 2018, 3 (2018), 143–163.

[23]

Jaswant Pakki, Yan Shoshitaishvili, Ruoyu Wang, Tiffany Bao, and Adam Doupé. 2021. Everything You Ever Wanted to Know About Bitcoin Mixers (But Were Afraid to Ask). In International Conference on Financial Cryptography and Data Security. Springer, Virtual Event, 117–146.

Digital Library

[24]

Kaihua Qin, Liyi Zhou, Pablo Gamito, Philipp Jovanovic, and Arthur Gervais. 2021. An Empirical Study of DeFi Liquidations: Incentives, Risks, and Instabilities. In Proceedings of the 21st ACM Internet Measurement Conference. ACM, Virtual Event, USA, 336–350.

Digital Library

[25]

Kaihua Qin, Liyi Zhou, and Arthur Gervais. 2022. Quantifying Blockchain Extractable Value: How dark is the forest¿. In 2022 IEEE Symposium on Security and Privacy (SP). IEEE, San Francisco, CA, USA, 198–214.

[26]

Kaihua Qin, Liyi Zhou, Benjamin Livshits, and Arthur Gervais. 2021. Attacking the DeFi Ecosystem with Flash Loans for Fun and Profit. In International Conference on Financial Cryptography and Data Security. Springer, Virtual Event, 3–32.

[27]

Matteo Romiti, Friedhelm Victor, Pedro Moreno-Sanchez, Peter Sebastian Nordholt, Bernhard Haslhofer, and Matteo Maffei. 2021. Cross-Layer Deanonymization Methods in the Lightning Protocol. In International Conference on Financial Cryptography and Data Security. Springer, Virtual Event, 187–204.

[28]

Tim Ruffing, Pedro Moreno-Sanchez, and Aniket Kate. 2014. CoinShuffle: Practical Decentralized Coin Mixing for Bitcoin. In European Symposium on Research in Computer Security. Springer, Wroclaw, Poland, 345–364.

[29]

Tim Ruffing, Pedro Moreno-Sanchez, and Aniket Kate. 2017. P2P Mixing and Unlinkable Bitcoin Transactions. In 24th Annual Network and Distributed System Security Symposium, NDSS. The Internet Society, San Diego, California, USA.

[30]

Eli Ben Sasson, Alessandro Chiesa, Christina Garman, Matthew Green, Ian Miers, Eran Tromer, and Madars Virza. 2014. Zerocash: Decentralized anonymous payments from bitcoin. In Symposium on Security and Privacy. IEEE, San Francisco, CA, USA, 459–474.

Digital Library

[31]

Erkan Tairi, Pedro Moreno-Sanchez, and Matteo Maffei. 2021. A2L: Anonymous Atomic Locks for Scalability in Payment Channel Hubs. In 2021 IEEE Symposium on Security and Privacy (SP). IEEE, San Francisco, CA, USA, 1834–1851.

[32]

Weizhao Tang, Weina Wang, Giulia Fanti, and Sewoong Oh. 2020. Privacy-Utility Tradeoffs in Routing Cryptocurrency over Payment Channel Networks. Proceedings of the ACM on Measurement and Analysis of Computing Systems 4, 2 (2020), 1–39.

Digital Library

[33]

Tornado.Cash. 2019. Tornado cash. Available at: https://tornado.cash/, before August 8th, 2022.

[34]

TornadoCash. 2020. Tornado.Cash Governance Proposal. Available at: https://tornado-cash.medium.com/tornado-cash-governance-proposal-a55c5c7d0703.

[35]

U.S. DEPARTMENT OF THE TREASURY. 2022. Cyber-related Sanctions. Available at: https://home.treasury.gov/taxonomy/term/1546.

[36]

U.S. DEPARTMENT OF THE TREASURY. 2022. U.S. Treasury Sanctions Notorious Virtual Currency Mixer Tornado Cash. Available at: https://home.treasury.gov/news/press-releases/jy0916.

[37]

Luke Valenta and Brendan Rowan. 2015. Blindcoin: Blinded, Accountable Mixes for Bitcoin. In Financial Cryptography and Data Security - FC 2015 International Workshops, BITCOIN. Springer, San Juan, Puerto Rico, 112–126.

[38]

Friedhelm Victor. 2020. Address Clustering Heuristics for Ethereum. In International Conference on Financial Cryptography and Data Security. Springer, Kota Kinabalu, Malaysia, 617–633.

[39]

Zhipeng Wang, Kaihua Qin, Duc Vu Minh, and Arthur Gervais. 2022. Speculative multipliers on defi: Quantifying on-chain leverage risks. In Financial Cryptography and Data Security: 26th International Conference, FC 2022, Grenada, May 2–6, 2022, Revised Selected Papers. Springer, Springer, Grenada, 38–56.

Digital Library

[40]

Lei Wu, Yufeng Hu, Yajin Zhou, Haoyu Wang, Xiapu Luo, Zhi Wang, Fan Zhang, and Kui Ren. 2021. Towards Understanding and Demystifying Bitcoin Mixing Services. In Proceedings of the Web Conference 2021. ACM / IW3C2, Virtual Event / Ljubljana, Slovenia, 33–44.

Digital Library

[41]

Pengcheng Xia, Haoyu Wang, Zhou Yu, Xinyu Liu, Xiapu Luo, and Guoai Xu. 2021. Ethereum Name Service: the Good, the Bad, and the Ugly. arXiv preprint arXiv:2104.05185 (2021).

[42]

Haaroon Yousaf, George Kappos, and Sarah Meiklejohn. 2019. Tracing Transactions Across Cryptocurrency Ledgers. In 28th USENIX Security Symposium (USENIX Security 19). USENIX Association, Santa Clara, CA, USA, 837–850.

[43]

Zuoxia Yu, Man Ho Au, Jiangshan Yu, Rupeng Yang, Qiuliang Xu, and Wang Fat Lau. 2019. New Empirical Traceability Analysis of CryptoNote-Style Blockchains. In International Conference on Financial Cryptography and Data Security. Springer, Frigate Bay, St. Kitts and Nevis, 133–149.

[44]

Liyi Zhou, Kaihua Qin, and Arthur Gervais. 2021. A2MM: Mitigating Frontrunning, Transaction Reordering and Consensus Instability in Decentralized Exchanges. CoRR abs/2106.07371 (2021). https://arxiv.org/abs/2106.07371

[45]

Liyi Zhou, Kaihua Qin, Christof Ferreira Torres, Duc V Le, and Arthur Gervais. 2021. High-Frequency Trading on Decentralized On-Chain Exchanges. In 2021 IEEE Symposium on Security and Privacy (SP). IEEE, San Francisco, CA, USA, 428–445.

[46]

Liyi Zhou, Xihan Xiong, Jens Ernstberger, Stefanos Chaliasos, Zhipeng Wang, Ye Wang, Kaihua Qin, Roger Wattenhofer, Dawn Song, and Arthur Gervais. 2022. SoK: Decentralized Finance (DeFi) Attacks. Cryptology ePrint Archive (2022), 1773. https://eprint.iacr.org/2022/1773

Cited By

Kovács ASeres IChua TNgo CKumar RLauw HKa-Wei Lee R(2024)Anonymity Analysis of the Umbra Stealth Address Scheme on EthereumCompanion Proceedings of the ACM Web Conference 202410.1145/3589335.3651963(1768-1775)Online publication date: 13-May-2024
https://dl.acm.org/doi/10.1145/3589335.3651963
Wahrstätter AErnstberger JYaish AZhou LQin KTsuchiya TSteinhorst SSvetinovic DChristin NBarczentewicz MGervais AChua TNgo CKa-Wei Lee RKumar RLauw H(2024)Blockchain CensorshipProceedings of the ACM Web Conference 202410.1145/3589334.3645431(1632-1643)Online publication date: 13-May-2024
https://dl.acm.org/doi/10.1145/3589334.3645431
Wu JLin DFu QYang SChen TZheng ZSong B(2024)Toward Understanding Asset Flows in Crypto Money Laundering Through the Lenses of Ethereum HeistsIEEE Transactions on Information Forensics and Security10.1109/TIFS.2023.334627619(1994-2009)Online publication date: 1-Jan-2024
https://dl.acm.org/doi/10.1109/TIFS.2023.3346276
Show More Cited By

Index Terms

On How Zero-Knowledge Proof Blockchain Mixers Improve, and Worsen User Privacy
1. Security and privacy
  1. Security services
    1. Pseudonymity, anonymity and untraceability

Recommendations

On the use of body biasing to improve linearity in low LO-power CMOS active mixers

In a radio-frequency (RF) transceiver, the linearity of the mixer has a profound effect on the overall transceiver performance. In many RF transceivers, active mixers are used due to their higher gain which also improves the overall receiver noise ...
User-Perceived Privacy in Blockchain
Financial Cryptography and Data Security. FC 2022 International Workshops
Abstract
This paper studies users’ privacy perceptions of UTXO-based blockchains such as Bitcoin. It elaborates – based on interviews and questionnaires – on a mental model of employing privacy-preserving techniques for blockchain transactions. Furthermore,...
GDPR-Compliant Use of Blockchain for Secure Usage Logs
EASE '21: Proceedings of the 25th International Conference on Evaluation and Assessment in Software Engineering

The unique properties of blockchain enable central requirements of distributed secure logging: Immutability, integrity, and availability. Especially when providing transparency about data usages, a blockchain-based secure log can be beneficial, as no ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

WWW '23: Proceedings of the ACM Web Conference 2023

April 2023

4293 pages

ISBN:9781450394161

DOI:10.1145/3543507

Copyright © 2023 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGWEB: ACM Special Interest Group on Hypertext, Hypermedia, and Web

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 30 April 2023

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

WWW '23

Sponsor:

SIGWEB

WWW '23: The ACM Web Conference 2023

April 30 - May 4, 2023

TX, Austin, USA

Acceptance Rates

Overall Acceptance Rate 1,899 of 8,196 submissions, 23%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

11
Total Citations
View Citations
605
Total Downloads

Downloads (Last 12 months)416
Downloads (Last 6 weeks)22

Reflects downloads up to 30 Aug 2024

Other Metrics

View Author Metrics

Citations

Cited By

Kovács ASeres IChua TNgo CKumar RLauw HKa-Wei Lee R(2024)Anonymity Analysis of the Umbra Stealth Address Scheme on EthereumCompanion Proceedings of the ACM Web Conference 202410.1145/3589335.3651963(1768-1775)Online publication date: 13-May-2024
https://dl.acm.org/doi/10.1145/3589335.3651963
Wahrstätter AErnstberger JYaish AZhou LQin KTsuchiya TSteinhorst SSvetinovic DChristin NBarczentewicz MGervais AChua TNgo CKa-Wei Lee RKumar RLauw H(2024)Blockchain CensorshipProceedings of the ACM Web Conference 202410.1145/3589334.3645431(1632-1643)Online publication date: 13-May-2024
https://dl.acm.org/doi/10.1145/3589334.3645431
Wu JLin DFu QYang SChen TZheng ZSong B(2024)Toward Understanding Asset Flows in Crypto Money Laundering Through the Lenses of Ethereum HeistsIEEE Transactions on Information Forensics and Security10.1109/TIFS.2023.334627619(1994-2009)Online publication date: 1-Jan-2024
https://dl.acm.org/doi/10.1109/TIFS.2023.3346276
Du HChe ZShen MZhu LHu J(2024)Breaking the Anonymity of Ethereum Mixing Services Using Graph Feature LearningIEEE Transactions on Information Forensics and Security10.1109/TIFS.2023.332698419(616-631)Online publication date: 1-Jan-2024
https://dl.acm.org/doi/10.1109/TIFS.2023.3326984
Tang FLiu YZhao QCheng Y(2024)Real-Time Discovery and Mining System of Blockchain Extractable Value for Decentralized Finance Protocol OptimizationIEEE Transactions on Computational Social Systems10.1109/TCSS.2024.338671611:4(5536-5553)Online publication date: Aug-2024
https://doi.org/10.1109/TCSS.2024.3386716
Shen MTang XWang WZhu LShen MTang XWang WZhu L(2024)Malicious Transaction Deanonymity in Web 3.0Security and Privacy in Web 3.010.1007/978-981-97-5752-7_8(133-153)Online publication date: 10-Jul-2024
https://doi.org/10.1007/978-981-97-5752-7_8
Broniszewska MDaszczuk WCzejdo D(2024)Anonymization of Bids in Blockchain Auctions Using Zero-Knowledge ProofSystem Dependability - Theory and Applications10.1007/978-3-031-61857-4_2(19-28)Online publication date: 14-Jun-2024
https://doi.org/10.1007/978-3-031-61857-4_2
KÜÇÜK DÇAKAR EYAKUT ÖERTAM F(2023)Investigation of Cryptocurrency-Centered Money Laundering Scenarios in terms of Digital ForensicsKripto Para Merkezli Kara Para Aklama Senaryolarının Adli Bilişim Açısından İncelenmesiInternational Journal of Advances in Engineering and Pure Sciences10.7240/jeps.122441635:3(285-296)Online publication date: 30-Sep-2023
https://doi.org/10.7240/jeps.1224416
Chaddad AJiang Y(2023)Medical Metaverse: A New Virtual Health Experience2023 IEEE 23rd International Conference on Bioinformatics and Bioengineering (BIBE)10.1109/BIBE60311.2023.00074(414-421)Online publication date: 4-Dec-2023
https://doi.org/10.1109/BIBE60311.2023.00074
Goodridge WKhan KSookram KEdwards K(2023)Blockchain-based Information-sharing and Transparent Security for Vehicle Asset Fintech ManagEment (BITSAFE)2023 IEEE International Conference on Artificial Intelligence, Blockchain, and Internet of Things (AIBThings)10.1109/AIBThings58340.2023.10292459(1-9)Online publication date: 16-Sep-2023
https://doi.org/10.1109/AIBThings58340.2023.10292459
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Media

Figures

Other

Tables

View Table of Contents