MoneroResearch.info |
Resource type: Proceedings Article BibTeX citation key: Tramer2020 View all bibliographic details |
Categories: Monero-focused Creators: Boneh, Paterson, Tram`er Collection: 29th USENIX security symposium (USENIX security 20) |
Views: 89/2397
|
Attachments Remote Side-Channel Attacks on Anonymous Transactions.pdf [19/797] | URLs https://crypto.sta ... /timings/paper.pdf |
Abstract |
Privacy-focused crypto-currencies, such as Zcash or Monero, aim to provide strong crypto- graphic guarantees for transaction confidentiality and unlinkability. In this paper, we describe side-channel attacks that let remote adversaries bypass these protections. We present a general class of timing side-channel and traffic-analysis attacks on receiver privacy. These attacks enable an active remote adversary to identify the (secret) payee of any transaction in Zcash or Monero. The attacks violate the privacy goals of these crypto- currencies by exploiting side-channel information leaked by the implementation of different system components. Specifically, we show that a remote party can link all transactions that send funds to a user, by measuring the response time of that user’s P2P node to certain requests. The timing differences are large enough that the attacks can be mounted remotely over a WAN. We responsibly disclosed the issues to the affected projects, and they have patched the vulnerabilities. We further study the impact of timing side-channels on the zero-knowledge proof systems used in these crypto-currencies. We observe that in Zcash’s implementation, the time to gener- ate a zero-knowledge proof depends on secret transaction data, and in particular on the amount of transacted funds. Hence, an adversary capable of measuring proof generation time could break transaction confidentiality, despite the proof system’s zero-knowledge property. Our attacks highlight the dangers of side-channel leakage in anonymous crypto-currencies, and the need to systematically protect them against such attacks.
Added by: Jack Last edited by: Jack |
Notes |
This 2020 USENIX paper exploited temporal side-channel information in the Monero and Zcash P2P networks.
Added by: Jack Last edited by: Jack |