Traceable Monero: Anonymous Cryptocurrency with Enhanced Accountability

Monero provides a high level of anonymity for both users and their transactions. However, many criminal activities might be committed with the protection of anonymity in cryptocurrency transactions. Thus, user accountability (or traceability) is also important in Monero transactions, which is unfortunately lacking in the current literature. In this paper, we fill this gap by introducing a new cryptocurrency named \textit{Traceable Monero} to balance the user anonymity and accountability. Our framework relies on a tracing authority, but is optimistic, in that it is only involved when investigations in certain transactions are required. We formalize the system model and security model of Traceable Monero. We present a detailed construction of Traceable Monero by overlaying Monero with two types of tracing mechanisms, tracing the one-time addresses with money flows and tracing the long-term addresses. We prove the security of Traceable Monero and implement a prototype of the system, which demonstrates that Traceable Monero incurs merely a very small overhead in generating and verifying a transaction compared to Monero transactions.

[1]  Mohsen Guizani,et al.  LRCoin: Leakage-Resilient Cryptocurrency Based on Bitcoin for Data Trading in IoT , 2018, IEEE Internet of Things Journal.

[2]  Peter P. Swire Financial Privacy and the Theory of High-Tech Government Surveillance , 1998 .

[3]  Shen Noether,et al.  Ring Confidential Transactions , 2016, Ledger.

[4]  Ueli Maurer,et al.  Digital Payment Systems With Passive Anonymity-Revoking Trustees , 1996, J. Comput. Secur..

[5]  George Danezis,et al.  Centrally Banked Cryptocurrencies , 2015, NDSS.

[6]  Yi Mu,et al.  Dynamic Universal Accumulators for DDH Groups and Their Application to Attribute-Based Anonymous Credential Systems , 2009, CT-RSA.

[7]  Fergal Reid,et al.  An Analysis of Anonymity in the Bitcoin System , 2011, PASSAT 2011.

[8]  Satoshi Nakamoto Bitcoin : A Peer-to-Peer Electronic Cash System , 2009 .

[9]  Yannan Li,et al.  Blockchain-Based Solutions to Security and Privacy Issues in the Internet of Things , 2018, IEEE Wireless Communications.

[10]  Joseph K. Liu,et al.  Linkable Spontaneous Anonymous Group Signature for Ad Hoc Groups (Extended Abstract) , 2004, ACISP.

[11]  J. Barceló User Privacy in the Public Bitcoin Blockchain , 2014 .

[12]  Fan Zhang,et al.  Solidus: Confidential Distributed Ledger Transactions via PVORM , 2017, CCS.

[13]  Jan Camenisch,et al.  Group signature schemes and payment systems based on the discrete logarithm problem , 1998 .

[14]  Mohsen Guizani,et al.  Assured Data Deletion With Fine-Grained Access Control for Fog-Based Industrial Applications , 2018, IEEE Transactions on Industrial Informatics.

[15]  Billy Bob Brumley Efficient Three-Term Simultaneous Elliptic Scalar Multiplication with Applications ? , 2006 .

[16]  Tsz Hon Yuen,et al.  RingCT 2.0: A Compact Accumulator-Based (Linkable Ring Signature) Protocol for Blockchain Cryptocurrency Monero , 2017, ESORICS.

[17]  Pedro Moreno-Sanchez,et al.  Listening to Whispers of Ripple: Linking Wallets and Deanonymizing Transactions in the Ripple Network , 2016, Proc. Priv. Enhancing Technol..

[18]  Xiaojiang Du,et al.  Efficient attribute-based encryption with attribute revocation for assured data deletion , 2018, Inf. Sci..

[19]  Mauro Conti,et al.  A Survey on Security and Privacy Issues of Bitcoin , 2017, IEEE Communications Surveys & Tutorials.

[20]  Eli Ben-Sasson,et al.  SNARKs for C: Verifying Program Executions Succinctly and in Zero Knowledge , 2013, CRYPTO.

[21]  Matthew Green,et al.  Accountable Privacy for Decentralized Anonymous Payments , 2016, Financial Cryptography.

[22]  Bo-Suk Yang,et al.  Attribute-Based Cloud Data Integrity Auditing for Secure Outsourced Storage , 2020, IEEE Transactions on Emerging Topics in Computing.

[23]  Taher El Gamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, IEEE Trans. Inf. Theory.

[24]  Nicolas van Saberhagen CryptoNote v 2.0 , 2013 .

[25]  Yong Yu,et al.  Identity-Based Remote Data Integrity Checking With Perfect Data Privacy Preserving for Cloud Storage , 2017, IEEE Transactions on Information Forensics and Security.

[26]  B.K. Yi,et al.  Digital signatures , 2006, IEEE Potentials.

[27]  Melissa Chase,et al.  On Signatures of Knowledge , 2006, CRYPTO.

[28]  Patrick D. McDaniel,et al.  An Analysis of Anonymity in Bitcoin Using P2P Network Traffic , 2014, Financial Cryptography.

[29]  Jan Camenisch,et al.  An efficient fair payment system , 1996, CCS '96.

[30]  Matthew Green,et al.  Zerocoin: Anonymous Distributed E-Cash from Bitcoin , 2013, 2013 IEEE Symposium on Security and Privacy.

[31]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[32]  Arvind Narayanan,et al.  Bitcoin and Cryptocurrency Technologies - A Comprehensive Introduction , 2016 .

[33]  Torben P. Pedersen Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing , 1991, CRYPTO.

[34]  Ethan Heilman,et al.  An Empirical Analysis of Traceability in the Monero Blockchain , 2017, Proc. Priv. Enhancing Technol..

[35]  Dongxi Liu,et al.  Toward Privacy and Regulation in Blockchain-Based Cryptocurrencies , 2019, IEEE Network.

[36]  Eli Ben-Sasson,et al.  Zerocash: Decentralized Anonymous Payments from Bitcoin , 2014, 2014 IEEE Symposium on Security and Privacy.