Cryptology ePrint Archive: Report 2019/455

FloodXMR: Low-cost transaction flooding attack with Monero’s bulletproof protocol

João Otávio Massari Chervinski and Diego Kreutz and Jiangshan Yu

Abstract: Monero is one of the first and most popular cryptocurrencies to address privacy issues of other crypto coins such as Bitcoin. Monero has a market capitalization of over one billion US dollars, and is ranked the 12th most valuable cryptocurrency on CoinMarketCap (17 April 2019). This digital coin provides different mechanisms to protect its users, such as decoy keys or mixins to obfuscate transaction inputs. However, in spite of the efforts to protect Monero’s users privacy, transaction tracing attacks are still feasible. Our contribution is twofold. First, we propose and evaluate a new traceability attack, called transaction flooding attack (FloodXMR). Second, we present an analysis of thecosts required for an attacker to conduct FloodXMR. We show how an attacker can take advantage of Monero’s Bulletproof protocol, which reduces transaction fees, to flood the network with his own transactions and, consequently, remove mixins from transaction inputs. Assuming an attack timeframe of 12 months, our findings show that an attacker can trace up to 47.63% of the transaction inputs at a cost of just 1,746.53 USD. Moreover, we show also that more than 90% of the inputs are affected by our tracing algorithm.

Category / Keywords: implementation / Monero, Privacy, Traceability, Attack

Date: received 4 May 2019

Contact author: joaootaviors at gmail com

Available format(s): PDF | BibTeX Citation

Version: 20190510:121017 (All versions of this report)

Short URL: ia.cr/2019/455


[ Cryptology ePrint archive ]