Privacy Aspects and Subliminal Channels in Zcash

Biryukov, Alex; Feher, Daniel; Vitto, Giuseppe

doi:10.1145/3319535.3345663

Reference : Privacy Aspects and Subliminal Channels in Zcash


	Document type :	Scientific congresses, symposiums and conference proceedings : Paper published in a book
	Discipline(s) :	Engineering, computing & technology : Computer science
	Focus Areas :	Security, Reliability and Trust
	To cite this reference:	http://hdl.handle.net/10993/41278

Title :	Privacy Aspects and Subliminal Channels in Zcash
Language :	English
Author, co-author :	Biryukov, Alex [University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC) > ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)]
	Feher, Daniel [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > > ; University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC)]
	Vitto, Giuseppe [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
Publication date :	Nov-2019
Main document title :	Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Securit
Peer reviewed :	Yes
Audience :	International
Event name :	ACM SIGSAC Conference on Computer and Communications Security
Event date :	November 2019
Event place (city) :	London
Event country :	UK
Keywords :	[en] privacy ; blockchain ; Zcash ; zk-SNARK ; subliminal channel
Abstract :	[en] In this paper we analyze two privacy and security issues for the privacy-oriented cryptocurrency Zcash. First we study shielded transactions and show ways to fingerprint user transactions, including active attacks.We introduce two new attacks which we call Danaan-gift attack and Dust attack. Following the recent Sapling update of Zcash protocol we study the interaction between the new and the old zk-SNARK protocols and the effects of their interaction on transaction privacy. In the second part of the paper we check for the presence of subliminal channels in the zk-SNARK protocol and in Pedersen Commitments. We show presence of efficient 70-bit channels which could be used for tagging of shielded transactions which would allow the attacker (malicious transaction verifier) to link transactions issued by a maliciously modified zk-SNARK prover, while would be indistinguishable from regular transactions for the honest verifier/user. We discuss countermeasures against both of these privacy issues.
Funders :	Fonds National de la Recherche - FnR
Name of the research project :	FinCrypt R-AGR-3328
Target :	Researchers ; Professionals ; Students ; General public
Permalink :	http://hdl.handle.net/10993/41278
DOI :	10.1145/3319535.3345663
Other URL :	https://www.cryptolux.org/index.php/Cryptocurrency_FinTech
FnR project :	FnR ; FNR11684537 > Alex Biryukov > FinCrypt > Security, Scalability, and Privacy in Blockchain Applications and Smart Contracts > 01/08/2018 > 31/07/2021 > 2017

File(s) associated to this reference

Fulltext file(s):

	File	Commentary	Version	Size	Access
Open access	Post_sapling_ZC_paper.pdf		Author postprint	995.79 kB	View/Open

Additional material(s):

	File	Commentary	Size	Access
Open access	Post_sapling_slides.pdf	Slides of the presentation	3.21 MB	View/Open

All documents in ORBi^lu are protected by a user license.

University of Luxembourg Library | Feedback | Legal notices