MoneroResearch.info

WIKINDX Resources

Tram`er, F., Boneh, D., & Paterson, K. 2020, Remote Side-Channel attacks on anonymous transactions. Paper presented at 29th USENIX security symposium (USENIX security 20). 
Added by: Jack (1/8/23, 3:30 AM)   Last edited by: Jack (1/20/23, 6:29 PM)
Resource type: Proceedings Article
BibTeX citation key: Tramer2020
View all bibliographic details
Categories: Monero-focused
Creators: Boneh, Paterson, Tram`er
Collection: 29th USENIX security symposium (USENIX security 20)
Views: 88/1491
Attachments   Remote Side-Channel Attacks on Anonymous Transactions.pdf [34/553] URLs   https://crypto.sta ... /timings/paper.pdf
Abstract
Privacy-focused crypto-currencies, such as Zcash or Monero, aim to provide strong crypto- graphic guarantees for transaction confidentiality and unlinkability. In this paper, we describe side-channel attacks that let remote adversaries bypass these protections. We present a general class of timing side-channel and traffic-analysis attacks on receiver privacy. These attacks enable an active remote adversary to identify the (secret) payee of any transaction in Zcash or Monero. The attacks violate the privacy goals of these crypto- currencies by exploiting side-channel information leaked by the implementation of different system components. Specifically, we show that a remote party can link all transactions that send funds to a user, by measuring the response time of that user’s P2P node to certain requests. The timing differences are large enough that the attacks can be mounted remotely over a WAN. We responsibly disclosed the issues to the affected projects, and they have patched the vulnerabilities. We further study the impact of timing side-channels on the zero-knowledge proof systems used in these crypto-currencies. We observe that in Zcash’s implementation, the time to gener- ate a zero-knowledge proof depends on secret transaction data, and in particular on the amount of transacted funds. Hence, an adversary capable of measuring proof generation time could break transaction confidentiality, despite the proof system’s zero-knowledge property. Our attacks highlight the dangers of side-channel leakage in anonymous crypto-currencies, and the need to systematically protect them against such attacks.
Added by: Jack  Last edited by: Jack
Notes
This 2020 USENIX paper exploited temporal side-channel information in the Monero and Zcash P2P networks.
Added by: Jack  Last edited by: Jack
WIKINDX 6.5.0 | Total resources: 206 | Username: -- | Bibliography: WIKINDX Master Bibliography | Style: American Psychological Association (APA)