Blockchains & Cryptocurrencies (CS 5833) - Anonymity and Bitcoin

These flashcards cover key vocabulary related to anonymity in Bitcoin and the concepts of pseudonymity, unlinkability, and privacy techniques in cryptocurrencies.

Anonymity

The state of being not identifiable within a set of subjects, often referred to as 'without a name'.

Pseudonymity

A situation in which a user's identity is not completely hidden; rather, it is represented by a pseudonym that does not directly link back to their real identity.

Unlinkability

The property that different interactions of a user with a system cannot be traced back to the user’s real identity.

Anonymity set

The group of multiple users that a transaction appears to be indistinguishable from, complicating the ability to trace it back to a specific individual.

Taint Analysis

A method of analyzing Bitcoin transactions where a high 'taint' score is given to pairs of addresses based on the traceability of Bitcoins sent between them.

Blind signature

A cryptographic method that allows one party to sign a document without knowing its content, used in David Chaum's anonymous e-cash system.

Mixing

A technique used to enhance privacy in cryptocurrencies by blending multiple transactions together so that their origins are obscured.

CoinJoin

A method for combining multiple Bitcoin payments from different senders into a single transaction to improve privacy.

Zero-knowledge proofs

Cryptographic techniques that allow one party to prove to another that they know a value (e.g., a secret), without revealing any information about it.

Zerocoin

A privacy protocol built on Bitcoin that allows users to make anonymous transactions using cryptographic proofs.

Zerocash

An extension of the Zerocoin protocol that aims to facilitate private transactions without a basecoin.

Pseudonymity vs. true anonymity

• Pseudonymity: A state where users can operate under a pseudonym instead of their real identity, allowing some traceability if the pseudonym is linked to real-life actions.
• True anonymity: Users are completely unidentifiable and their actions cannot be traced back to any real identity, providing complete privacy.

Need for unlinkability to protect privacy

• Unlinkability: A critical requirement in privacy protocols that ensures transactions cannot be linked by an observer.
• Importance: Prevents third parties from correlating different transactions or identities, which is essential for maintaining user confidentiality and privacy.

Address‑clustering heuristics

• Techniques for analyzing and clustering cryptocurrency addresses based on spending behaviors.
• Helps in determining which addresses likely belong to the same user by examining transaction patterns.

Shared‑spending

• A heuristic method where multiple outputs being spent together in a transaction are assumed to be controlled by the same user.
• This can lead to privacy breaches by linking different addresses.

Change‑output identification

• The process of recognizing outputs of a cryptocurrency transaction that represent 'change', which is returned to the original spender.
• Identifying these can facilitate clustering of addresses used in transactions.

Idioms of use

• Behavioral patterns of users in cryptocurrency transactions that may indicate which services they use or how they conduct transactions.
• Important for understanding typical transaction flows and enhancing address clustering.

Network‑layer deanonymization

• Techniques that analyze network traffic to identify or deanonymize users in anonymous networks, like Tor.
• Includes methods such as monitoring entry and exit nodes to exploit timing and traffic patterns.

First‑spreader

• A concept in network analysis referring to the first participant who disseminates information within a network.
• Identifying this node can potentially reveal its identity and the origin of anonymous transactions.

Tor mitigation

• Strategies employed by adversaries to reduce the effectiveness of Tor in providing anonymity.
• May involve traffic analysis to correlate user activities across the network.

Mixing techniques

• Methods designed to enhance the privacy of cryptocurrency transactions by obfuscating the links between inputs and outputs.
• Aimed at preventing tracing of funds on the blockchain.

Centralized mixers

• Services that consolidate multiple cryptocurrency transactions, facilitating mixing by a single entity to obscure individual transaction details.
• Run the risk of trust issues if the operator behaves maliciously.

Mixcoin design principles

• Foundational guidelines for creating cryptocurrencies that incorporate mixing techniques.
• Focus on achieving privacy, security, and usability in transaction processing.

CoinJoin protocol

• A method that allows multiple users to combine their transactions into a single transaction to enhance anonymity.
• By merging inputs, it becomes difficult for external observers to trace funds.

Decentralized 'blame' handling

• Mechanisms in decentralized mixing services that distribute responsibility for transaction privacy.
• Mitigates the risk of a single party being blamed for privacy failures, enhancing trust in the system.

Protocol‑level schemes

• Techniques implemented within the underlying protocol of a cryptocurrency designed to enhance anonymity and privacy.
• Addresses fundamental issues in how transactions are constructed and validated.

Zerocoin mint/spend workflow

• The operational process whereby users create (mint) and later spend Zerocoins.
• Involves cryptographic techniques to ensure user anonymity during these transactions.

Trusted‑setup caveat

• The potential risk associated with the initial setup of privacy protocols like Zerocoin, as users must trust that the setup occurred without flaws.
• If compromised, this can lead to privacy vulnerabilities.

Zerocash full‑balance anonymity

• A feature of the Zerocash protocol that guarantees complete anonymity in transactions, not only concealing the sender and recipient but also the transaction amount.
• Allows users to maintain total privacy regarding their financial activities.

Why Bitcoin Needs Unlinkability

Bitcoin’s public ledger allows anyone to trace transactions. Without unlinkability, even pseudonymous addresses can be linked together and back to a user via heuristics or external data, compromising privacy.

Anonymity vs. Pseudonymity in Bitcoin

Pseudonymity in Bitcoin refers to using public key hashes instead of real names. True anonymity requires that actions can't be linked to each other or the user at all—something Bitcoin lacks without extra privacy layers.

Anonymity Set (Expanded Meaning)

A Bitcoin anonymity set represents all transactions a given one could plausibly be confused with. A larger set means higher privacy, as it becomes harder to identify the true sender or receiver.

Mixing vs. Mixer (Terminology)

“Mixing” is the act of obfuscating transaction trails, while a “mixer” is the entity or protocol performing this operation. The distinction is key in evaluating whether the system is centralized or decentralized.

Mixcoin Design Principles

Effective mixing services should: (1) use chained mixes; (2) enforce uniform transaction sizes; (3) automate mixing in wallet software; (4) use probabilistic fees. Most current services fail to meet these standards.

Risks of Centralized Mixers

Even if a mixer claims not to store logs, it may operate anonymously itself. Users risk theft, non-delivery, or exposure due to centralization, with little or no recourse if the service behaves maliciously.

CoinJoin and Peer Discovery Problem

In CoinJoin, users collaboratively form a joint transaction. However, finding trustworthy peers and protecting the mapping of inputs to outputs remains a challenge without exposing privacy.

Cryptographic “Blame” Protocol

Decentralized mixing tools like CoinShuffle introduce cryptographic blame systems to handle denial-of-service attacks, where misbehaving participants can be identified and excluded without breaking anonymity.

Merge Avoidance Heuristic

To improve privacy, senders may provide multiple output addresses, encouraging receivers to avoid merging inputs. This avoids patterns that can be exploited for address clustering.

Zerocoin Mint/Spend in Practice

Zerocoin uses a two-step process: minting coins with a commitment and then spending them using zero-knowledge proofs. This decouples the original transaction from the spend, ensuring unlinkability.

Zerocoin vs. Zerocash

Zerocash improves on Zerocoin by eliminating the need for a basecoin and hiding even the transaction value. However, it requires a trusted setup, which, if compromised, undermines the entire system.

Zerocash’s Trusted Setup Caveat

Zerocash’s cryptographic security depends on a secret generated during system setup. If this secret isn’t securely destroyed, the protocol’s privacy guarantees can be entirely broken.

Ethereum Physical Architecture

Refers to the global network of nodes running Ethereum clients composed of distributed hardware devices connected via the internet. Each node stores a copy of the blockchain and participates in transaction validation and consensus.

Ethereum Networking Architecture

Defines how Ethereum nodes discover and communicate with each other using peer to peer networking protocols. Includes mechanisms for data propagation synchronization and peer selection.

Execution Layer EL Responsibilities

The EL handles transaction execution smart contract operations via the EVM and maintaining the current state of the blockchain. It is responsible for interpreting and running the code deployed to Ethereum.

Consensus Layer CL Responsibilities

The CL ensures all nodes agree on the canonical blockchain history. It includes the consensus algorithm block proposal validation and finalization logic.

Ethereum Virtual Machine EVM

A runtime environment for smart contracts in Ethereum. It executes bytecode instructions and maintains Ethereum's state. The EVM is quasi Turing complete and requires gas to limit computation.

Gas in Ethereum

A fee mechanism used to prevent infinite loops in smart contracts and to compensate validators. Users must pay gas to run operations on the EVM with more complex computations requiring more gas.

P2P Peer Discovery in Ethereum

A process by which nodes find and connect to each other in a decentralized network using protocols like devp2p and Kademlia.

Bootstrap Nodes

Known Ethereum nodes hardcoded into client software that help new nodes join the network by providing initial peer addresses.

Kademlia Distributed Hash Table DHT

A peer to peer routing and lookup system used for efficient peer discovery in Ethereum. Nodes are organized in a tree structure and queried by XOR distance.

NAT Traversal and Hole Punching

Techniques used to allow nodes behind firewalls or NATs to connect with others in the network. Hole punching involves sending packets through NAT to establish a two way connection.

Peer to Peer Network P2P

A decentralized network structure where each node peer has equal authority and can both request and provide services without central coordination.

Ethereum Account Based Model

Unlike Bitcoin's UTXO model Ethereum maintains account balances and smart contract states directly within each account simplifying certain types of state interactions.

Smart Contracts

Self executing programs stored on the blockchain that run when triggered by transactions. They automate agreements and decentralized applications.

Distributed vs Decentralized Systems

Distributed systems spread computation across multiple nodes using message passing. Decentralized systems emphasize decision making without centralized control.

Three Axes of Decentralization

Ethereum systems can be decentralized in architecture physical node layout political control by individuals or groups and logical interface or data structure design.

Ethereum Trilemma

Blockchains must often choose two of three decentralization scalability and security. Layer 2 solutions aim to optimize this tradeoff.

Federated Systems

A type of distributed system where subunits retain local autonomy but collaborate toward common goals. Contrasts with unitary systems where components act as one.

Quasi Turing Completeness

Ethereum allows smart contracts to be Turing complete in theory but uses gas to ensure all computations eventually halt preventing infinite loops.