Wanted to cross-post, but the link seems to be posted already and modded away by probably automod. So a full quote. Maybe here someone will confirm it or give a technical refutation instead of "you do not know what you are talking about" and want to FUD.This post contains two different approaches on tracing privateSend to its originating address. The one that got this post started can be found later in the post as "Mixing cluster + metadata". The more serious one will directly follow. Despite getting some flak I followed it further and am 100% certain there is a high percentage certainty for the results of my parse, in the 90+% range. If there is a bounty for tracing privateSends I also formally apply for it with this post.I strongly recommend to stop using privateSend if all mixed funds have one originating address in your wallet!List of traceable privateSends with the described method applied.January 2018 (323 positive results, unfiltered): http://bit.ly/2LqlWWb all inputs anonymity sets have one address in common it is most likely the originating addressThe approach takes a privateSend with more than one inputs, checks all inputs for unique mixing rounds and then parses the complete 8 round mixing graph (16 rounds since the last update work too, they just take more computing time) for all possible ways these inputs could have taken. Then it makes a cut-set of all inputs and yields the result. False positives (results with more than one possible origin) are already excluded and get way less likely the more inputs a privateSend has.This approach WILL find your address, if all your mixed funds originated from one address and your privateSend has more than one input. No matter how often you mixed.Data from parsing around 15 days of privateSends yield a success rate of ~13%. One day of privateSend takes a bit more than one hour to parse before the update that enabled 16 rounds of mixing on a single machine. The results itself look without a doubt legit in the most cases. Or to explain it different: if your privateSend is traceable the way I describe and you did something shady this should be enough to knock on your door.To prove these results are legit this needs confirmation of other researchers or confirmations from people that made the specific transactions. I will generate a dataset for the whole 2018 up to 2019 where 16 rounds where introduced and dump the list of affected txids without the originating address. If you want to know if I found your address or want to help to verify this approach send me a message.Verification of this method can be done faster if someone gives me a few txids to check for the originating address, where the prerequisites mentioned above are fulfilled.Mixing cluster + metadataI will use dashradar.com as explorer since it also offers the "graph" utility to give a visualization of the links of specific transactions and addresses.First lets start with the privateSend that was used in this trace: PrivateSend transactionA successful trace of a privateSend means I can pinpoint the exact address or entity the funds in this privateSend came from. It is out of bound where the funds go from this privateSend or who exactly did the privateSend.So what usually makes tracing harder is the circumstance you usually do not know how many rounds the funds were mixed. Possible is 4 to 16 mixing rounds. A tool I developed checks specific privateSends up to a depth of 16 mixing rounds and gives out a list of addresses that can be the originating addresses. Currently this is the absolute upper bound, since there are ways to exclude addresses from this list. This won't matter here.To do what my tool does you can use the http://bit.ly/2VPrgGi and insert the privateSend transaction you want to analyze, in this case the tx with id: 2bec48c92496faed7d6136071ece0370f3f2b0084ed84d4eea10af5067c07b0aThen Ctrl + Left-click the input addresses and all input mixing rounds. You will end up with: http://bit.ly/2LCPUX9 what happened here is actually there is no possibility of more than a 4 round mixing for this specific privateSend. So the first privacy measure has been broken, we were able to identify the number of mixing rounds used: 4.In the next step open up the denomination transactions with ctrl + left-click, this will look like: http://bit.ly/2VJT2UO now have a set of all addresses the funds in this privateSend could have came from, those Dash addresses connected with a blue arrow to the denomination transactions. So the pool is quite small, 12 possible addresses in this case (opposing to 3*3*3*3=81 you would have if 3 unique participants would be guaranteed. But this won't work).A nice side effect of the graph is that you can actually see patterns. Those two big "bubbles" on the right belong to one entity. Those on the left actually belong together too and were generated by one entity, we will connect them now on the graph. For a better picture we will exclude the mixing process from the graph: http://bit.ly/2Ly8qQ2 see all 8 addresses originate from the same address ( Xc7bnmfxTsLtHPVwrX8kNy3d49hVdeErC3 )? It splitted ~400 DASH into parts of 50DASH and then started mixing these funds. In a second round of sending funds it splitted it into 10 DASH, but you will see these also arrive in the same address after being sent via privateSend.To actually proof these 8 addresses (and the one address in the end) are the originating address we will check the other privateSends that arrived in the output address of the originating privateSend: destination addresses transactionsYou will see it gets payments of 50 DASH (or x + y = 50). This also fits to the denomination transactions we identified. Since we know the sender uses 4 mixing rounds we check those privateSends for the set of addresses after 4 mixing rounds and then look if addresses reoccur. Pretty soon you will have excluded the 4 addresses in the initial privateSend anonymity set. This is where we actually identified the originating address, although it mixed the funds.Initial post for completenessSo while my initial goal was to develop a tool to calculate anonymity sets (it works, yay) I stumbled upon a recent privateSend which lets outsiders know it was mixed with the minimum default size of 4 rounds: 2bec48c92496faed7d6136071ece0370f3f2b0084ed84d4eea10af5067c07b0aFor visualization a screenshot of the mixing process (including the metadata connecting some of the denomination transactions and reducing it to one possible originating address): http://bit.ly/2Lbabm5 can see this specific privateSend can not reach other denomination transactions or mixing rounds (actually my tool stopped parsing after 4 rounds and I thought it had a bug, but there simply were no more mixing rounds). This alone led to 4 entities I could boil it down too.Bad luck/good luck here was the address that received this privateSend received even more in a short timeframe. Safe to assume these privateSends also used 4 rounds of mixing for a cross check of originating addresses of the other privateSends. There is a bit more metadata confirming the trace like the originating wallet Xc7bnmfxTsLtHPVwrX8kNy3d49hVdeErC3 sending out the amount that come in as privateSends in the receiving wallet: Xyxd7AaUKGZXJr1BcUxV1aCyds35PyVSqLWhat is the conclusion of this? There are several attack vectors for linking attempts (won't call it deanonymization, since it is still pseudonymous). What lead here to linking was in first place a closed mixing process giving out the number of mixing rounds and numerous privateSends to one address.I will search further for linkable transactions. Since a lot of the privateSends seem to have patterns, especially the big privateSends, it is very likely to find more. Until then: don't use privateSend default mixing rounds and try to generate privateSends with many inputs (more inputs = bigger chance to break out of a closed mixing cluster).-------------------If you want to tip this work send some love toDASH: XjZQcA5kNRiV81G85oGeUj6PeeMg47qrcMMonero: 49F7nLH6XcS8Nk3g8Y7NxtKqGw4nkKCuyamQK31owMFbF6xB8PD3PhWQYkfnq9wbi4AYYBoEYc1VXTYRQXgxVXKAJ5oMWnVBitcoinCash: qzy6f0dxjm66p3c6us8z68k2ejzv6up9cylgfsytfd
Submitted May 05, 2019 at 05:31PM
No comments:
Post a Comment