[Update] Research explores how Zcash and other privacy coins can de-anonymize users, suggests defenses

[Update at 14:50 UTC]

Benjamin Winston, Director of Security at ECC, told CryptoSlate via a tweet the paper was simply a  “review” of existing material and proposes a new attack that is based on a “faulty understanding” of the Zcash protocol by the Hush team.

We reviewed this on May 6th and found it to be baseless. There's no code, no list of applicable transactions, just wild speculation that turns out to be wrong. Dressing it up as a paper just looks silly.

— Benjamin Winston (@industrybambam) May 13, 2020

In another tweet to the paper’s authors, Winston mentioned:

… Specifically it seems as though the attack relies on the protocol and software selecting Sapling outputs from the mempool, when in fact they can only be selected from existing blocks. Sapling outputs can only be referred to by an anchor after the transaction is mined. (2/2)

— Benjamin Winston (@industrybambam) May 11, 2020

[Original article follows]

Research by an independent group claims possible vulnerabilities in Zcash’s metadata, mainly due to certain procedures used by the protocol that blockchain attackers could potentially exploit. Others, such as Bitcoin forked coins and MimbleWimble-based currencies face similar threats. 

However, the research noted Zcash’s zk-snark protocol remains sound, and no critical threat to the blockchain can mathematically exist. Still, bad actors can potentially take advantage of the mechanism, specifically its consensus rules and the Transaction Format protocol to unearth information about and de-anonymize users. 

Leakage of metadata is fodder for attackers

Published on May 10, the research was conducted by the developers heading the privacy protocol Hush. The group explored various “metadata attacks” that could be targeted towards the Zcash protocol and other privacy-centric cryptocurrencies. They specifically detail an “ITM attack” and suggest a new protocol, their own, as a response to such potential threats. 

The research states that enough funds, “big time” attackers can analyze minute data and transaction outputs stemming from the Zcash protocol, creating a linkability loophole that could connect transactions with certain user behavior, which can then be tied to personal identities.

Attacking Zcash For Fun And Profithttps://t.co/90mnrtEMRZ

A new $HUSH project, 15 page whitepaper and newsletter about infosec and privacy in $ZEC Protocol world!

Subscribe here: https://t.co/RKdIKaCjnx

Happy Bitcoin Halving Day! pic.twitter.com/ecwzooLfNc

— Duke Leto (@dukeleto) May 11, 2020

Importantly, the average individual is not capable of such attacks. Conducting analysis of huge metadata is both technically complex and financially draining. However, bodies like the National Security Agency and other intelligence providers are, on paper, capable of conducting such attacks if they deem to. 

Various types of analysis can be conducted to attach transactional behavior with users. The paper lists metadata information based on time, value, dust attacks, and even fees as potentially identifying, which each following a different method and complexity.  

An excerpt from the site suggests:

“The number of shielded outputs in the average Zcash transaction is not enough to have strong privacy in light of new advances in blockchain analysis theory.”

The workings of a Zcash exploit

While a fully “shielded” transaction does not directly reveal user address, a large amount of metadata is leaked at the protocol level, which “is not rendered by block explorers nor well understood by the industry.” 

The researchers’ state exchanges and third-party wallets are most exposed to this kind of metadata, making de-anonymization an easy process. The research suggests such businesses must spend significantly to save user privacy and protect a blockchain. 

“Mining pools are a wealth of information,” notes the research. In theory, mining-pools that operate a pay-out process to single addresses are exposed to attackers joining the pool and “mine enough” to get a single payout. Such actors are now conversant with one of the addresses, and the exact amount being paid out in that transaction. This can then be traced to the user. 

To protect against such vulnerabilities and ensure total privacy, the research suggests using the “Sietch” protocol, which incidentally, is the framework that the paper’s authors are developing. 

These graphics illustrate the edge that our Sietch privacy enhancing protocol gives us. Over the coming days/weeks/months we will be releasing information about #privacy vulnerabilities that have been discovered in the #Zcash protocol, solved on the $HUSH chain. Stay tuned! pic.twitter.com/fZSHz0uDiz

— Hush (@MyHushTeam) May 10, 2020

Sietch suggests using a “non-determinism” approach towards shielding privacy, or in simple words, one that uses employs random outputs for data. In their view, attacks become impractical when test outcomes are no longer “deterministic.” 

The paper dives into specifics about Sietch, suggesting Zcash developers to produce a minimum of four “zaddrs” to make ITM attacks impractical. But more importantly, they appeal to Zcash users to not reveal transaction I.Ds and related information on social forums, if complete privacy is expected. 

Mentioned in this article

Zcash Electric Coin Company

Ad

CryptoSlate on Substack cryptoslate.substack.com

Essential crypto updates and analyses. Straight to your inbox, every day.

Join 75k subscribers

Ad

Latest Zcash Stories

ZCash jumps 15% after Grayscale seeks SEC nod for privacy ETF

Investments 2 months ago

The Privacy ETF's Index will allocate 10% of its funds to Privacy-Preserving Protocols via the Grayscale Zcash Trust (ZCSH)

OKX delisting triggers price fall for privacy coins Zcash and Monero

Exchanges 4 months ago

Observers suggested that the move might be part of the exchange's regulatory compliance efforts.

North Korean hackers move $3.2M from Gate.io 2018 hack

Crime 1 year ago

The majority of $234 million stolen in the attack was already laundered. The recent movements involved funds that were dormant for 4.5 years.

ZachXBT calls out Gate.io for keeping 2018 hack under wraps

Exchanges 1 year ago

On-chain sleuths ZachXBT and Austin @1A1zP1 investigated Gate.io's coverup of a hack that occurred in 2018 and called out Gate.io's CEO for self-promoting as a blockchain security steward.

You might also enjoy...

Facebook’s Libra sparks privacy concerns while Monero, Zcash, Zcoin and Grin surge

Privacy 5 years ago

Bittrex Adds Cardano, Zcash to US-Dollar Markets

Adoption 6 years ago

Introduction to Zcash (ZEC) – Zero-Knowledge Cryptography

Coin Intros 6 years ago

Latest Press Releases

View All

Covalent Achieves Rapid Token Buyback Growth, Surpassing $100K in Three Months

Chainwire 6 hours ago

BloFin Sponsors TOKEN2049 Dubai and Celebrates the SideEvent: WhalesNight AfterParty 2024

Chainwire 8 hours ago

Slothana Presale Hits $15M and Enters Final Stage Amid Growing Industry Interest

Chainwire 8 hours ago