A research paper associated with the BlockSci blockchain analysis tool underscores the vulnerabilities of certain cryptocurrencies to analysis, including some theoretical attack vectors for Dash’s PrivateSend.
The paper, titled BlockSci: Design and applications of a blockchain analysis platform and written by Princeton University professors Harry Kalodner, Steven Goldfeder, Malte Möser, and Arvind Narayanan, and Johns Hopkins University professor Alishah Chator, covers applications for BlockSci, a new open-source blockchain analysis tool:
“There is a high level of interest in blockchain analysis among developers, researchers, and students, leading to an unmet need for effective analysis tools. While general-purpose in-memory graph databases exist, a tool customized to blockchain data can take advantage of its append-only nature as well as provide integrated high-performance routines for common tasks such as address linking. BlockSci has already been in use at Princeton as a research and educational tool. We hope it will be broadly useful, and plan to maintain it as open-source software.”
The paper includes findings on the traceability of blockchain currencies, particularly those based off of Bitcoin.
Cluster intersection attack can pose a threat to coin mixing
Of particular interest is a potential vulnerability posed to a coin mixing process of the kind employed by Dash by BlockSci’s analysis. This is carried out through analyzing inputs broken down by mixing and linking the cluster of inputs to reveal the true source:
“Due to the large number of inputs, no auxiliary information is necessary to carry out the cluster intersection attack on Dash. The adversary — anyone observing the public blockchain — can infer that all inputs to a PrivateSend must trace back to the same wallet cluster.”
According to this analysis, the higher the number of PrivateSend inputs in a given transaction, the better the chance of a successful attack:
“Figure 8 shows the success rate of the cluster intersection attack, showing a sharp increase in accuracy as the number of inputs increases. For transactions with 12 or more inputs (coincidentally, the median number of inputs of PrivateSend transactions on the blockchain), the attack is always accurate.”
According to Dash lead developer Udjinm6, there is validity to this theoretical attack vector.
“Yes, basically the more mixed inputs you put into one transaction the higher probability of linking back to original wallet, because when you create a transaction you announce/prove that you have control over all these inputs which is the key point for clustering.”
Typical PrivateSend transactions currently outside of the scope of the vulnerability
This attack vector, while useful for research purposes and of interest for potential future applications, is nonetheless experimental and not applicable in practice at the present time:
“In the above experimental setup, we started from a single premixing address holding Dash. In reality, users may obtain Dash in multiple installments and hold these coins in their wallet in a manner that is not easily linkable to each other. Relying on this is unwise for privacy, as it is a form of security through obscurity; nevertheless, it is a factor that will significantly hurt the accuracy of the attack in practice.”
Such an attack is therefore rendered inaccurate by typical wallet use by having a balance that was composed of multiple transactions. Additionally, the study found that analysis was not effective in attempting to de-anonymize previous transactions, saying that “Evaluating the attack on existing PrivateSend transactions is challenging.”
Udjinm6 echoes the lack of applicability of the attack to normal PrivateSend transactions, and welcomes outside research into potential future attack vectors and way that Dash’s privacy can be further fine-tuned:
“I agree that the case they chose to attack is attackable but it is hardly a real use case, more like an edge case. It’s cool that someone is looking for the way to attack PrivateSend though, I’m pretty happy with that. And yes, of course we are going to try to mitigate this kind of attack one way or another – or at least we could warn users that using 10+ inputs could be trackable via this method, especially if they have low number of rounds.”
Dash currently has a sizable bug bounty program in place to incentivize the discovery of vulnerabilities in the code, and improvements to PrivateSend, particularly in ease of use, are in the works for the upcoming Evolution release.