Some of the emerging methods for deanonymizing users of cryptocurrencies stem from mapping network traffic to unveil IP addresses and making connections between identities. Privacy concerns around network-layer tracking by government surveillance programs and other avenues for unveiling identities across the Internet have led to several important developments to preserve privacy.
The Tor Network and The Invisible Internet Project (I2P) are two of the leading overlay networks for users to protect their privacy over the public medium of the Internet. Other solutions include Mixnets, which are routing protocols using chained proxy servers to mix input messages.
In regards to cryptocurrencies, several privacy-oriented projects and upgrades to Bitcoin explicitly focus on enhancing protections at the network level.
Recent Revelations in Network Layer Attacks
Blockchain forensics methods for identifying users primarily focus on the protocol layer of analyzing a cryptocurrency’s transaction flow. For instance, Bitcoin is pseudonymous, meaning that it is not actually anonymous, and links can be made between user addresses (public keys) and transaction inputs/outputs.
Most anonymity technologies integrated with cryptocurrencies today (i.e., zk-SNARKS, bulletproofs, and Ring CTs) focus on obfuscating transaction details over public networks to decouple any ability to link transactions to an identity at the protocol level. RingCTs in Monero and zk-SNARKs in ZCash provide crucial mitigation against third-parties deanonymizing users, but they are also much more cumbersome than standard cryptographic transactions because they require proofs that are tacked on to each transaction.
However, both Monero and ZCash have recently integrated vital efficiency enhancements to these confidential transactions, with the recent bulletproof implementation in Monero and Sapling upgrade in ZCash.
While significant effort has focused on protocol-layer protections, publications mapping IP addresses through tracking transaction broadcast origins and subsequently making connections with identities (through public keys) have amplified concerns that protocol-layer solutions are not the only means needed to safeguard privacy.
When transactions in a public blockchain network — like Bitcoin — are broadcast from a node using the P2P network of TCP links, they use a gossip protocol (diffusion in Bitcoin) where the propagated transaction reaches a majority of the nodes very rapidly. Researchers have shown that by using supernodes connected to all of the network’s nodes, probabilistic inferences can be made about the origin of the transaction’s broadcast IP.
Successfully reducing the ability to make connections between IP addresses and public keys requires modifying the network stack to provide better protections against observers of transaction graphs. In Bitcoin, Dandelion++ is the proposed network-layer anonymity protection that is pegged for inclusion into the protocol in 2019.
However, Dandelion++ is not the only solution available, and other projects are working on implementing their own solutions.
Overlay and Mixnet Projects
Both Tor and I2P are anonymity-focused and volunteer overlay networks. They do not provide perfect privacy, as privacy is a constantly evolving battle, but make deanonymizing users through network traffic mapping significantly more challenging. I2P and Tor have been around for years, and use end-to-end encryption to send data packets through relays of volunteer nodes, masking the origin and destination of the communication.
Tor uses what is called ‘onion routing’ (Tor stands for “The Onion Router”) where each relay in the network is randomly selected and propagates the message to the next node without knowing the origin or destination. As such, third-parties who attempt to use a relay for peering would not know the source or final IP address of the message.
Some drawbacks of Tor are that when you are using Tor, it is easy to know that you are using Tor, and the U.S. government — along with the previously mentioned academic paper on Bitcoin — have demonstrated attacks that can cut off Tor functionality for targeted users. Interestingly, Tor originated from the United States Naval Research Laboratory and was further enhanced by DARPA to protect intelligence communications in the 1990s.
I2P works similarly to Tor but employs ‘garlic routing’ rather than onion routing. Garlic routing is an off-shoot of onion routing and aggregates encrypted messages together. I2P is used in a variety of services, including programs using BitTorrent.
Kovri — Monero’s C++ implementation of I2P — is Monero’s baked-in network-layer solution to provide better privacy protections for users. However, recent events concerning its development and the mention of Sekreta as a possible alternative have left the fate of Kovri unclear at this point. It is worth mentioning that most of Kovri’s initial implementation has been completed after years of research and development.
Sekreta consists of a ‘universal’ API along with a set of libraries and socket-based application server designed to improve on the shortcomings of other overlay network designs. Created to be more user-friendly, Sekreta also aims to be more robust in the case of compromised underlying systems than Tor or I2P.
Mixnets are another network-layer privacy solution that use chained proxy servers that take in specific inputs (messages), mix them, and send them back out in random order to their destination. This is another method to mitigate peering through end-to-end communication, and each message is encrypted using public-key encryption.
Mixnets were proposed by cryptography pioneer David Chaum in 1981 but fell behind in favor of overlay networks like Tor and I2P over the years. However, they have been making a resurgence, with the Binance-backed Nym project a prominent example.
Nym is an anonymous authentication protocol for unlinkable and publicly verifiable credentialing, which they note can be an anonymous replacement for Google and Facebook sign-ins. Nym uses the Sphinx packet format with a Mixnet to obfuscate message origins and recipients and even creates dummy messages to make analyzing network traffic patterns more challenging. Interestingly, they are building a cross-compatible wallet for Mimblewimble blockchain protocols, as well as potential integration with other privacy-oriented cryptocurrency wallets.
Nym may also open the door for decentralized VPNs, which would remove the third-parties that oversee VPN services.
Bitcoin’s Lightning Network (LN) also uses Sphinx as its format for its onion routing protocol. Other proposed optimizations for the LN include HORNET — a high-speed onion routing protocol — and giving LN users more control over their network routing of payments through source-routing.
BEAM — a full Mimblewimble implementation — recently launched, and Grin — another open-source Mimblewimble implementation — also is set to launch in the next few days. Integrating Nym with a novel transaction construction protocol like Mimblewimble has the potential to produce robust networks for anonymous transfers of value. Grin and BEAM incorporate Dandelion as a network-level privacy protection too.
Mixnets are also subject to their own vulnerabilities, however. Since mixers do not perfectly mix inputs and outputs, observers can use timing attacks creating gaps or artificial bursts to analyze patterns of incoming and outgoing messages through mixes.
Making Strides in Privacy
The persistent data scandals that have come to dominate mainstream headlines throughout the last several years have left a growing portion of the mainstream concerned about their privacy. With privacy at a premium, the initiatives to innovate overlay networks, mixnets, and cryptography within cryptocurrencies has provided a viable alternative for anonymously exchanging information and value.
Efforts to subvert privacy are continually evolving, and it is refreshing to see so many projects with a heavy emphasis on matching those adverse efforts. Protocol upgrades such as zk-SNARKs and bulletproofs present significant strides in cryptography and their combination with network-layer solutions like mixnets and overlay networks have crucial long-term implications for the broader notion of privacy.