Paper 2023/341

On How Zero-Knowledge Proof Blockchain Mixers Improve, and Worsen User Privacy

Zhipeng Wang, Imperial College London
Stefanos Chaliasos, Imperial College London
Kaihua Qin, Imperial College London, UC Berkeley RDI
Liyi Zhou, Imperial College London, UC Berkeley RDI
Lifeng Gao, Imperial College London
Pascal Berrang, University of Birmingham
Benjamin Livshits, Imperial College London
Arthur Gervais, University College London, UC Berkeley RDI
Abstract

Zero-knowledge proof (ZKP) mixers are one of the most widely used blockchain privacy solutions, operating on top of smart contract-enabled blockchains. We find that ZKP mixers are tightly intertwined with the growing number of Decentralized Finance (DeFi) attacks and Blockchain Extractable Value (BEV) extractions. Through coin flow tracing, we discover that 205 blockchain attackers and 2,595 BEV extractors leverage mixers as their source of funds, while depositing a total attack revenue of 412.87M USD. Moreover, the US OFAC sanctions against the largest ZKP mixer, Tornado.Cash, have reduced the mixer’s daily deposits by more than 80%. Further, ZKP mixers advertise their level of privacy through a so-called anonymity set size, which similarly to $k$-anonymity allows a user to hide among a set of $k$ other users. Through empirical measurements, we, however, find that these anonymity set claims are mostly inaccurate. For the most popular mixers on Ethereum (ETH) and Binance Smart Chain (BSC), we show how to reduce the anonymity set size on average by 27.34% and 46.02% respectively. Our empirical evidence is also the first to suggest a differing privacy-predilection of users on ETH and BSC. State-of-the-art ZKP mixers are moreover interwoven with the DeFi ecosystem by offering anonymity mining (AM) incentives, i.e., users receive monetary rewards for mixing coins. However, contrary to the claims of related work, we find that AM does not necessarily improve the quality of a mixer’s anonymity set. Our findings indicate that AM attracts privacy-ignorant users, who then do not contribute to improving the privacy of other mixer users.

Metadata
Available format(s)
PDF
Category
Applications
Publication info
Preprint.
Keywords
PrivacyAnonymityBlockchainDeFiMixer
Contact author(s)
zhipeng wang20 @ imperial ac uk
History
2023-03-08: approved
2023-03-08: received
See all versions
Short URL
https://ia.cr/2023/341
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2023/341,
      author = {Zhipeng Wang and Stefanos Chaliasos and Kaihua Qin and Liyi Zhou and Lifeng Gao and Pascal Berrang and Benjamin Livshits and Arthur Gervais},
      title = {On How Zero-Knowledge Proof Blockchain Mixers Improve, and Worsen User Privacy},
      howpublished = {Cryptology {ePrint} Archive, Paper 2023/341},
      year = {2023},
      url = {https://eprint.iacr.org/2023/341}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.