Cryptology ePrint Archive: Report 2020/627

Attacking Zcash For Fun And Profit

Duke Leto and The Hush Developers

Abstract: This paper will outline, for the first time, exactly how the ITM Attack (a linkability attack against shielded transactions) works against Zcash Protocol and how Hush is the first cryptocoin with a defensive mitigation against it, called ”Sietch ”. Sietch is already running live in production and undergoing rounds of improvement from expert feedback. This is not an academic paper about pipedreams. It describes production code and networks. We begin with a literature review of all known metadata attack methods that can be used against Zcash Protocol blockchains. This includes their estimated attack costs and threat model. This paper then describes the ”ITM Attack” which is a specific instance of a new class of metadata attacks against blockchains which the author describes as Metaverse Metadata Attacks . The paper then explains Sietch in detail, which was a response to these new attacks. We hope this new knowledge and theory helps cryptocoins increase their defenses against very well-funded adversaries including nation states and chain analysis companies. A few other new privacy issues and metadata attacks against Zcash Protocol coins will also be enumerated for the first time publicly. The ideas in this paper apply to all cryptocoins which utilize transaction graphs, which is to say just about all known coins. Specifically, the Metaverse Metadata class of attacks is applicable to all Bitcoin source code forks (including Dash, Verge, Zerocoin and their forks), CryptoNote Protocol coins (Monero and friends) and MimbleWimble Protocol (Grin, Beam, etc) coins but these will not be addressed here other than a high-level description of how to apply these methods to those chains.

In privacy zdust we trust. If dust can attack us, dust can protect us. – Sietch Mottos

Category / Keywords: implementation / anonymity, information hiding, zero knowledge

Date: received 27 May 2020

Contact author: jaleto at gmail com

Available format(s): PDF | BibTeX Citation

Note: The implementation described in this paper has been running in production since 2019 on the Hush network.

Version: 20200603:093219 (All versions of this report)

Short URL: ia.cr/2020/627


[ Cryptology ePrint archive ]