Post on 12-Apr-2017
Coins’ Anonymity2015/06/09 Mai-Hsuan Chiaj84255801912@gmail.com
r03922099@ntu.edu.tw
Abstract
● Is Bitcoin Anonymous?● Solutions● Projects
○ Dash○ CryptoNote
Is Bitcoin Anonymous?
Is Bitcoin Anonymous?
Yes!! Due to the fact that addresses are segregated from ids.
Is Bitcoin Anonymous?
Yes!! Due to the fact that addresses are segregated from ids.
No, because …
Is Bitcoin Anonymous?
● Transaction Linkage○ 可以從一個交易關聯到另外一個交易
Is Bitcoin Anonymous?
● Transaction Linkage○ Forward Change Linking
Is Bitcoin Anonymous?
● Transaction Linkage○ Through Change Linking
Is Bitcoin Anonymous?
● Fingerprinting○ 透過timestamp, 交易金額, …,猜出可能的交易
Is Bitcoin Anonymous?
● Fingerprinting○ 透過timestamp, 交易金額, …,猜出可能的交易
Alice, I will give you 1.5 btc tomorrow!
OK, Thank you <3
Is Bitcoin Anonymous?
● Fingerprinting○ 透過timestamp, 交易金額, …,猜出可能的交易
Alice, I will give you 1.5 btc tomorrow!
OK, Thank you <3
Is Bitcoin Anonymous?
● Mantissa Attack○ 利用金額的尾數分析金錢流向
Is Bitcoin Anonymous?
● Mantissa Attack○ 利用金額的尾數分析金錢流向
Solutions
● CoinJoin● Ring Signature● Teleport, Coin shuffle, ...
Solutions
● CoinJoin : 混合coins
Solutions
● CoinJoin : 混合coins
Solutions
● CoinJoin○ Dark Wallet : a Bitcoin wallet client○ Dash ( Darkcoin )
Solutions
● Ring Signature
Solutions
● Ring Signature○ 只知道簽章是由團體的其中一個人簽的,但不知道是
哪個人
Solutions
● Ring Signature○ CryptoNote ( implemented by Bytecoin, Monero,...)
Projects
● Dark Wallet● Dash● CryptoNote● Tor
Projects
● Dark Wallet○ A Bitcoin wallet client, 提供dark wallet users使用
CoinJoin一起作交易
● Dash○ Altcoin○ POW x11 hash algorithm○ InstantTx○ DarkSend using CoinJoin
● DarkSend ○ DarkSend pool ○ Master node○ Collatoral transactions and payment nodesDarkSend pool
● 每個池只收一種面額● 面額有0.1, 1, 10, 100, …● 每次mixing金額不超過1000DASH。● mixing一次稱為 1 session
● DarkSend ○ DarkSend pool○ Master node○ Collatoral transactions and payment nodesMaster nodes
● 負責建造coinjoin tx並broadcast。● 若Master Node掛了則由pool其他人遞補。
● DarkSend ○ DarkSend pool○ Master node○ Collatoral transactions and payment nodesPayment nodes
● 加入mixing的users必須繳交押金● payment node負責監看darksend pool● 若有人搞鬼就吃掉他的押金● 通常為一個pool的管理者
● DarkSend ○ 優點○ 缺點
● DarkSend ○ 優點
○ 缺點 : masternode可能偷看coinjoin過程,並告訴其他
人哪個input對到哪個output
● CryptoNote○ Technology that allows the creation of completely
anonymous egalitarian cryptocurrencies○ Egalitarian PoW○ Adaptive limits
■ Difficulty adjusted every block■ Dynamic Max block size
○ Ring Signature
● Ordinary signature
● Ring signature
● Untraceable Transactions
● Linkable tx
● Unlinkable tx
one-time keypairs● Sender要送錢給Receiver時,會先建一個新的one-time
pubkey,並將錢送到這個one-time pubkey,而只有receiver能取得對應的one-time privkey
● One-time pubkey由random data與receiver address產生● *One-time privkey由random data與receiver privkey產生
(這裡怪怪der,要查清楚)● 因此CryptoNote沒有reuse address的問題,因為每次都
會生一個新的unique one-time pubkey。● receiver想花錢時,會生出對應的one-time privkey即可花
錢
one-time keys
one-time keys● For example,1. B在網路中跟大家說他的address為b_addr2. A想送錢給B, 因此拿b_addr和臨時產生的random data造
出了one-time pubkey3. 當哪天B想花錢時,生出對應的one-time privkey去花錢4. 網路上的旁觀者都看不出來哪些tx是給B的(因為output目
的地都是unique one-time pubkey)5. 但B能透過監看網路上的tx,並一一去try看看這筆tx是不
是給自己的,從而知道自己到底有哪些錢
*Prevention from double spending● 既然沒人知道哪個output是哪個人的(除了擁有該output的人以外),要
如何讓spender證明自己是output的主人或如何防止double spending呢?
● 將one-time privkey拿去hash,生出key image,並附在input。● 所有的users會紀錄所有看到的key image,因此,若發現重複的
key image表示有double spend,予以reject。
one-time ring signatures operations● SIG (sign)
○ input : message, other pubkeys, (mypubkey, myprivkey) ○ output : a signature, all pubkeys
● VER (verify)○ input : message, all pubkeys, signature○ output : true or false
● ...
● CryptoNote○ 優點 : 匿名性保障○ 缺點
● CryptoNote○ 優點○ 缺點 : blockchain size過大
e.g. Bitcoin v.s. MoneroElapsed time Blockchain size # of transactions
Bitcoin 5 years 20GB 43,000,000
Monero 3 months 2 GB 170,000
Reference
https://cryptonote.org/inside/https://cryptonote.org/whitepaper.pdfTeleport: anonymity through off-blockchain transaction information transferhttps://www.dashpay.io/wp-content/uploads/2014/09/DarkcoinWhitepaper.pdfhttps://www.dashpay.io/wp-content/uploads/2015/04/Dash-WhitepaperV1.pdf