Blockchain is Watching You: Profiling and Deanonymizing Ethereum Users

Ethereum is the largest public blockchain by usage. It applies an account-based model, which is inferior to Bitcoin's unspent transaction output model from a privacy perspective. As the account-based models for blockchains force address reuse, we show how transaction graphs and other quasi-identifiers of users such as time-of-day activity, transaction fees, and transaction graph analysis can be used to reveal some account owners. To the best of our knowledge, we are the first to propose and implement Ethereum user profiling techniques based on user quasi-identifiers. Due to the privacy shortcomings of the account-based model, recently several privacy-enhancing overlays have been deployed on Ethereum, such as non-custodial, trustless coin mixers and confidential transactions. We assess the strengths and weaknesses of the existing privacy-enhancing solutions and quantitatively assess the privacy guarantees of the Etherum blockchain and ENS. We identify several heuristics as well as profiling and deanonymization techniques against some popular and emerging privacy-enhancing tools.

[1]  Klaus Wehrle,et al.  CoinParty: Secure Multi-Party Mixing of Bitcoins , 2015, CODASPY.

[2]  Daniel Jackoway Wherefore Art Thou R 3579 X ? Anonymized Social Networks , Hidden Patterns , and Structural , 2014 .

[3]  Andrew Miller,et al.  Dandelion++: Lightweight Cryptocurrency Networking with Formal Anonymity Guarantees , 2018, SIGMETRICS.

[4]  Pramod Viswanath,et al.  Deanonymization in the Bitcoin P2P Network , 2017, NIPS.

[5]  Radu State,et al.  Automated Labeling of Unknown Contracts in Ethereum , 2017, 2017 26th International Conference on Computer Communication and Networks (ICCCN).

[6]  Daniel Davis Wood,et al.  ETHEREUM: A SECURE DECENTRALISED GENERALISED TRANSACTION LEDGER , 2014 .

[7]  J. Hanley,et al.  The meaning and use of the area under a receiver operating characteristic (ROC) curve. , 1982, Radiology.

[8]  James Payette,et al.  CHARACTERIZING THE ETHEREUM ADDRESS SPACE , 2017 .

[9]  Pedro Moreno-Sanchez,et al.  CoinShuffle: Practical Decentralized Coin Mixing for Bitcoin , 2014, ESORICS.

[10]  Friedhelm Victor,et al.  Measuring Ethereum-Based ERC20 Token Networks , 2019, Financial Cryptography.

[11]  Luke Valenta,et al.  Blindcoin: Blinded, Accountable Mixes for Bitcoin , 2015, Financial Cryptography Workshops.

[12]  Bart Preneel,et al.  Towards Measuring Anonymity , 2002, Privacy Enhancing Technologies.

[13]  Sarah Meiklejohn,et al.  Möbius: Trustless Tumbling for Transaction Privacy , 2018, IACR Cryptol. ePrint Arch..

[14]  Vitaly Shmatikov,et al.  Robust De-anonymization of Large Sparse Datasets , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[15]  Elaine Shi,et al.  Link prediction by de-anonymization: How We Won the Kaggle Social Network Challenge , 2011, The 2011 International Joint Conference on Neural Networks.

[16]  Steven Skiena,et al.  Walklets: Multiscale Graph Embeddings for Interpretable Network Classification , 2016, ArXiv.

[17]  Jian Pei,et al.  Asymmetric Transitivity Preserving Graph Embedding , 2016, KDD.

[18]  Ghassan O. Karame,et al.  Evaluating User Privacy in Bitcoin , 2013, Financial Cryptography.

[19]  Robin Klusman Deanonymisation in Ethereum Using Existing Methods for Bitcoin February 7 , 2018 , 2018 .

[20]  George Danezis,et al.  Towards an Information Theoretic Metric for Anonymity , 2002, Privacy Enhancing Technologies.

[21]  Alex Biryukov,et al.  Privacy Aspects and Subliminal Channels in Zcash , 2019, CCS.

[22]  Nicolas Christin,et al.  Traveling the silk road: a measurement analysis of a large anonymous online marketplace , 2012, WWW.

[23]  Mingzhe Wang,et al.  LINE: Large-scale Information Network Embedding , 2015, WWW.

[24]  Sarah Meiklejohn,et al.  An Empirical Analysis of Anonymity in Zcash , 2018, USENIX Security Symposium.

[25]  Alex Biryukov,et al.  Security and privacy of mobile wallet users in Bitcoin, Dash, Monero, and Zcash , 2019, Pervasive Mob. Comput..

[26]  Pramod Viswanath,et al.  Dandelion: Redesigning the Bitcoin Network for Anonymity , 2017, Proc. ACM Meas. Anal. Comput. Syst..

[27]  Alexander J. Smola,et al.  Distributed large-scale natural graph factorization , 2013, WWW.

[28]  Ethan Heilman,et al.  An Empirical Analysis of Traceability in the Monero Blockchain , 2017, Proc. Priv. Enhancing Technol..

[29]  Kenneth G. Paterson,et al.  Remote Side-Channel Attacks on Anonymous Transactions , 2020, IACR Cryptol. ePrint Arch..

[30]  Pierangela Samarati,et al.  Protecting privacy when disclosing information: k-anonymity and its enforcement through generalization and suppression , 1998 .

[31]  Emin Gün Sirer,et al.  Decentralization in Bitcoin and Ethereum Networks , 2018, Financial Cryptography.

[32]  Friedhelm Victor,et al.  Address Clustering Heuristics for Ethereum , 2020, Financial Cryptography.

[33]  Mikhail Belkin,et al.  Laplacian Eigenmaps and Spectral Techniques for Embedding and Clustering , 2001, NIPS.

[34]  Alan Mislove,et al.  Analyzing Ethereum's Contract Topology , 2018, Internet Measurement Conference.

[35]  Diego Kreutz,et al.  FloodXMR: Low-cost transaction flooding attack with Monero's bulletproof protocol , 2019, IACR Cryptol. ePrint Arch..

[36]  Sam M. Werner,et al.  Step on the Gas? A Better Approach for Recommending the Ethereum Gas Price , 2020, MARBLE.

[37]  Andrew Miller,et al.  Measuring Ethereum Network Peers , 2018, Internet Measurement Conference.

[38]  Jure Leskovec,et al.  node2vec: Scalable Feature Learning for Networks , 2016, KDD.

[39]  Yaqiong Qiao,et al.  De-Anonymizing Social Networks With Random Forest Classifier , 2018, IEEE Access.

[40]  Jeffrey Dean,et al.  Distributed Representations of Words and Phrases and their Compositionality , 2013, NIPS.

[41]  Qiongkai Xu,et al.  GraRep: Learning Graph Representations with Global Structural Information , 2015, CIKM.

[42]  Rik Sarkar,et al.  Karate Club: An API Oriented Open-Source Python Framework for Unsupervised Learning on Graphs , 2020, CIKM.

[43]  S A R A H M E I K L E J O H N,et al.  A Fistful of Bitcoins Characterizing Payments Among Men with No Names , 2013 .

[44]  Pramod Viswanath,et al.  Anonymity Properties of the Bitcoin P2P Network , 2017, ArXiv.

[45]  Chris Buckland,et al.  MixEth: efficient, trustless coin mixing service for Ethereum , 2019, IACR Cryptol. ePrint Arch..

[46]  Dan Boneh,et al.  Zether: Towards Privacy in a Smart Contract World , 2020, IACR Cryptol. ePrint Arch..

[47]  Cédric Févotte,et al.  Alternating direction method of multipliers for non-negative matrix factorization with the beta-divergence , 2014, 2014 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP).

[48]  Rik Sarkar,et al.  Fast Sequence-Based Embedding with Diffusion Graphs , 2018, ArXiv.

[49]  Satoshi Nakamoto Bitcoin : A Peer-to-Peer Electronic Cash System , 2009 .

[50]  Omer Shlomovits,et al.  ShareLock: Mixing for Cryptocurrencies from Multiparty ECDSA , 2019, IACR Cryptol. ePrint Arch..

[51]  Jeremy Clark,et al.  Mixcoin: Anonymity for Bitcoin with Accountable Mixes , 2014, Financial Cryptography.

[52]  Steven Skiena,et al.  DeepWalk: online learning of social representations , 2014, KDD.

[53]  Paolo Rosso,et al.  NodeSketch: Highly-Efficient Graph Embeddings via Recursive Sketching , 2019, KDD.

[54]  Arvind Narayanan,et al.  When the cookie meets the blockchain: Privacy risks of web payments via cryptocurrencies , 2017, Proc. Priv. Enhancing Technol..

[55]  Jens Groth,et al.  On the Size of Pairing-Based Non-interactive Arguments , 2016, EUROCRYPT.

[56]  Huan Liu,et al.  Multi-Level Network Embedding with Boosted Low-Rank Matrix Approximation , 2018, 2019 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining (ASONAM).

[57]  Jian Li,et al.  Network Embedding as Matrix Factorization: Unifying DeepWalk, LINE, PTE, and node2vec , 2017, WSDM.

[58]  Shlomi Linoy,et al.  Exploring Ethereum’s Blockchain Anonymity Using Smart Contract Code Attribution , 2019, 2019 15th International Conference on Network and Service Management (CNSM).

[59]  Cynthia Dwork,et al.  Wherefore art thou r3579x?: anonymized social networks, hidden patterns, and structural steganography , 2007, WWW '07.

[60]  Ethan Heilman,et al.  TumbleBit: An Untrusted Bitcoin-Compatible Anonymous Payment Hub , 2017, NDSS.

[61]  Jure Leskovec,et al.  Learning Structural Node Embeddings via Diffusion Wavelets , 2017, KDD.

[62]  Florian Tramèr,et al.  PING and REJECT: The Impact of Side-Channels on Zcash Privacy , 2019 .

[63]  Ryan A. Rossi,et al.  Learning Role-based Graph Embeddings , 2018, ArXiv.

[64]  Siddharth Srivastava,et al.  Anonymizing Social Networks , 2007 .