anonymisation; classification; compliance; crypto-asset; digital forensics; zero-knowledge proofs
Abstract :
[en] The role played by decentralised services in the obfuscation of crypto-asset transactions performed on transparent blockchains has increasingly captured the attention of regulators. This is exemplified by the headlines about the U.S. Treasury's sanctions on the Ethereum-based mixer Tornado Cash. Yet, despite the existing controversies on the use of mixers, the different functionalities of these information systems with an inherent dark side remain to be explored by the literature. So far, contributions primarily encompass technical works and studies that focus on the Bitcoin ecosystem. This paper puts forward a multi-layer taxonomy of the smart-contract-based-and, therefore, functionally richer family of mixers on Ethereum. Our proposed taxonomy is grounded on (1) a review of existing literature, (2) an analysis of mixers' project documentation, (3) their corresponding smart contracts, and (4) expert interviews. Our evaluation included the application of the taxonomy to two mixers - RAILGUN and zkBob. The taxonomy represents a valuable tool for law enforcement, regulators, and other stakeholders to explore critical properties affecting compliance and use of Ethereum-based mixers.
Research center :
Interdisciplinary Centre for Security, Reliability and Trust (SnT) > FINATRAX - Digital Financial Services and Cross-organizational Digital Transformations NCER-FT - FinTech National Centre of Excellence in Research [LU]
Disciplines :
Engineering, computing & technology: Multidisciplinary, general & others Computer science Management information systems
Author, co-author :
BARBEREAU, Tom Josua ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > FINATRAX
ERMOLAEV, Egor ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > FINATRAX
BRENNECKE, Martin ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > FINATRAX
HARTWICH, Eduard ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > FINATRAX
SEDLMEIR, Johannes ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > FINATRAX
External co-authors :
no
Language :
English
Title :
Beyond a Fistful of Tumblers: Toward a Taxonomy of Ethereum-based Mixers
Publication date :
10 December 2023
Event name :
Proceedings of the 44th International Conference on Information Systems (ICIS), Hyderabad, India
FNR - Fonds National de la Recherche [LU] FNR - Luxembourg National Research Fund [LU]
Funding number :
13342933; 14783405; 16326754
Funding text :
This research was funded by the Luxembourg National Research Fund (FNR) and PayPal PEARL (grant reference 13342933) as well as by the FNR in the FiReSPArX (grant reference 14783405) and PABLO (grant reference 16326754) projects. For the purpose of open access, the authors have applied a Creative CommonsAttribution 4.0 International (CC BY 4.0) license to any author accepted manuscript version arising from this submission.
Amiram, D., Jørgensen, B. N., and Rabetti, D. (2022). “Coins for bombs: The predictive ability of on-chain transfers for terrorist attacks,” Journal of Accounting Research (60:2), pp. 427–466. https://doi.org/10.1111/1475-679X.12430.
Andrews, J. (2020). Aztec: zkRollup Layer 2 + Privacy.
Bailey, K. D. (1994). Typologies and taxonomies: An introduction to classification techniques, SAGE.
Barbereau, T. and Bodó, B. (2023). “Beyond financial regulation of crypto-asset wallet software: In search of secondary liability,” Computer Security & Law Review (49). https://doi.org/10.1016/j.clsr.2023.105829.
Barbereau, T., Sedlmeir, J., Smethurst, R., Fridgen, G., and Rieger, A. (2022). “Tokenization and regulatory compliance for art and collectibles markets,” in Blockchains and the Token Economy, pp. 213–236. https://doi.org/10.1007/978-3-030-95108-5_8.
Barbereau, T., Smethurst, R., Papageorgiou, O., Sedlmeir, J., and Fridgen, G. (2023). “Decentralised finance’s timocratic governance: The distribution and exercise of tokenised voting rights,” Technology in Society (73). https://doi.org/10.1016/j.techsoc.2023.102251.
Béres, F., Seres, I. A., Benczúr, A. A., and Quintyne-Collins, M. (2021). “Blockchain is watching you: Profiling and de-anonymizing Ethereum users,” in IEEE International Conference on Decentralized Applications and Infrastructures, pp. 69–78. https://doi.org/10.1109/DAPPS52256.2021.00013.
Biryukov, A., Feher, D., and Vitto, G. (2019). “Privacy aspects and subliminal channels in zcash,” in Proceedings of the ACM SIGSAC Conference on Computer and Communications Security, pp. 1813–1830. https://doi.org/10.1145/3319535.3345663.
Biryukov, A., Khovratovich, D., and Pustogarov, I. (2014). “Deanonymisation of clients in Bitcoin P2P network,” in Proceedings of the ACM SIGSAC Conference on Computer and Communications Security, pp. 15–29. https://doi.org/10.1145/2660267.2660379.
Biryukov, A. and Tikhomirov, S. (2019). “Transaction clustering using network traffic analysis for Bitcoin and derived blockchains,” in IEEE Conference on Computer Communications Workshops, pp. 204–209. https://doi.org/10.1109/INFCOMW.2019.8845213.
Burleson, J., Korver, M., and Boneh, D. (2022). Privacy-protecting regulatory solutions using zero-knowledge proofs. a16z crypto.
Buterin, V. (2021). An incomplete guide to rollups.
Califf, C. B., Sarker, S., and Sarker, S. (2020). “The bright and dark sides of technostress: A mixed-methods study involving healthcare IT,” MIS Quarterly (44:2), pp. 809–856. https://doi.org/10.25300/MISQ/2020/14818.
Campbell-Verduyn, M. (2018). “Bitcoin, crypto-coins, and global anti-money laundering governance,” Crime, Law, and Social Change (69:2), pp. 283–305. https://doi.org/10.1007/s10611-017-9756-5.
Chainalysis (2023). The 2023 crypto crime report.
ChainShield and Slowmist (2023). Audit report by ChainShield and Slowmist. Cyclone.xyz.
Chan, T. K., Cheung, C. M., and Wong, R. Y. (2019). “Cyberbullying on social networking sites: The crime opportunity and affordance perspectives,” Journal of Management Information Systems (36:2), pp. 574–609. https://doi.org/10.1080/07421222.2019.1599500.
Cirkovic, M., Cachin, C., and Le, D. V. (2022). “Cryptographic primitives for on-chain tumbler designs,”
Cyclone Community (2023). Cyclone Protocol: Development.
D’Arcy, J., Gupta, A., Tarafdar, M., and Turel, O. (2014). “Reflecting on the “dark side” of information technology use,” Communications of the Association for Information Systems (35:1), pp. 109–118. https://doi.org/10.17705/1CAIS.03505.
Dhillon, G. (2016). “Money laundering and technology enabled crime: A cultural analysis,” in Proceedings of the 22nd Americas Conference on Information Systems, AIS.
Europol (2022). Seizing the opportunity: 5 recommendations for crypto assets-related crime and money laundering.
Feng, Q., He, D., Zeadally, S., Khan, M. K., and Kumar, N. (2019). “A survey on privacy protection in blockchain system,” Journal of Network and Computer Applications (126), pp. 45–58. https://doi.org/10.1016/j.jnca.2018.10.020.
FIOD (2022). “Arrest of suspected developer of Tornado Cash,” Nieuws.
Fröwis, M., Gottschalk, T., Haslhofer, B., Rückert, C., and Pesch, P. (2020). “Safeguarding the evidential value of forensic cryptocurrency investigations,” Forensic Science International: Digital Investigation (33). https://doi.org/10.1016/j.fsidi.2019.200902.
Garman, C., Green, M., and Miers, I. (2017). “Accountable privacy for decentralized anonymous payments,” in Financial Cryptography and Data Security: 20th International Conference, Springer, pp. 81–98. https://doi.org/10.1007/978-3-662-54970-4_5.
Ghesmati, S., Fdhila, W., and Weippl, E. (2022). “SoK: How private is Bitcoin? Classification and evaluation of Bitcoin privacy techniques,” in Proceedings of the 17th International Conference on Availability, Reliability and Security, ACM. https://doi.org/10.1145/3538969.3538971.
Goldreich, O. and Oren, Y. (1994). “Definitions and properties of zero-knowledge proof systems,” Journal of Cryptology (7:1). https://doi.org/10.1007/BF00195207.
Gregor, S. (2006). “The nature of theory in information systems,” MIS Quarterly, pp. 611–642. https://doi.org/10.2307/25148742.
Groce, A., Feist, J., Grieco, G., and Colburn, M. (2020). “What are the actual flaws in important smart contracts (and how can we find them)?,” in Financial Cryptography and Data Security: 24th International Conference, Springer, pp. 634–653. https://doi.org/10.1007/978-3-030-51280-4_34.
Groß, J., Sedlmeir, J., Babel, M., Bechtel, A., and Schellinger, B. (2021). Designing a central bank digital currency with support for cash-like privacy. https://doi.org/10.2139/ssrn.3891121.
Grover, V. and Lyytinen, K. (2022). “The pursuit of innovative theory in the digital age,” Journal of Information Technology, pp. 45–59. https://doi.org/10.1177/02683962221077112.
Hartwich, E., Ollig, P., Fridgen, G., and Rieger, A. (2022). “Probably something: A multi-layer taxonomy of non-fungible tokens,” Internet Research. https://doi.org/10.1108/INTR-08-2022-0666.
Interpol (2020). “Combatting cyber-enabled financial crimes in the era of virtual asset and darknet service providers,” Global Complex for Innovation.
Komlo, C. and Goldberg, I. (2021). “FROST: Flexible round-optimized Schnorr threshold signatures,” in Selected Areas in Cryptography, pp. 34–65. https://doi.org/10.1007/978-3-030-81652-0_2.
Kruisbergen, E. W., Leukfeldt, E. R., Kleemans, E. R., and Roks, R. A. (2019). “Money talks money laundering choices of organized crime offenders in a digital age,” Journal of Crime and Justice (42:5), pp. 569–581. https://doi.org/10.1080/0735648X.2019.1692420.
Kundisch, D., Muntermann, J., Oberländer, A. M., Rau, D., Röglinger, M., Schoormann, T., and Szopinski, D. (2021). “An update for taxonomy designers: Methodological guidance from information systems research,” Business & Information Systems Engineering (64), pp. 421–439. https://doi.org/10.1007/s12599-021-00723-x.
Lacity, M., Carmel, E., Young, A. G., and Roth, T. (2023). “The quiet corner of Web3 that means business,” MIT Sloan Management Review (64:3).
Meiklejohn, S., Pomarole, M., Jordan, G., Levchenko, K., McCoy, D., Voelker, G. M., and Savage, S. (2013). “A fistful of Bitcoins: Characterizing payments among men with no names,” in Proceedings of the Internet Measurement Conference, ACM, pp. 127–140. https://doi.org/10.1145/2504730.2504747.
Mikalef, P., Conboy, K., Lundström, J. E., and Popovič, A. (2022). “Thinking responsibly about responsible AI and ‘the dark side’of AI,” European Journal of Information Systems (31:3), pp. 257–268. https://doi.org/10.1080/0960085X.2022.2026621.
Möser, M., Böhme, R., and Breuker, D. (2013). “An inquiry into money laundering tools in the Bitcoin ecosystem,” in APWG eCrime Researchers Summit, IEEE. https://doi.org/10.1109/eCRS.2013.6805780.
Myers, M. D. and Newman, M. (2007). “The qualitative interview in IS research: Examining the craft,” Information and Organization (17:1), pp. 2–26. https://doi.org/10.1016/j.infoandorg.2006.11.001.
Nadler, M. and Schär, F. (2023). “Tornado Cash and blockchain privacy: A primer for economists and policymakers,” Federal Reserve Bank of St. Louis Review (105:2), pp. 122–136. https://doi.org/10.20955/r.105.122-36.
Nance, K., Hay, B., and Bishop, M. (2009). “Digital forensics: Defining a research agenda,” in Proceedings of the 42nd Hawaii International Conference on System Sciences, ScholarSpace. https://doi.org/10.1109/HICSS.2009.160.
Nickerson, R. C., Varshney, U., and Muntermann, J. (2013). “A method for taxonomy development and its application in information systems,” European Journal of Information Systems (22:3), pp. 336–359. https://doi.org/10.1057/ejis.2012.26.
Pakki, J., Shoshitaishvili, Y., Wang, R., Bao, T., and Doupé, A. (2021). “Everything you ever wanted to know about Bitcoin mixers (but were afraid to ask),” in Financial Cryptography and Data Security: 25th International Conference, Springer, pp. 117–146. https://doi.org/10.1007/978-3-662-64322-8_6.
Pocher, N., Zichichi, M., Merizzi, F., Shafiq, M. Z., and Ferretti, S. (2023). “Detecting anomalous cryptocurrency transactions: An AML/CFT application of machine learning-based forensics,” Electronic Markets (33:1). https://doi.org/10.1007/s12525-023-00654-3.
Rathore, M. M., Chaurasia, S., and Shukla, D. (2022). “Mixers detection in Bitcoin network: A step towards detecting money laundering in crypto-currencies,” in IEEE International Conference on Big Data, pp. 5775–5782. https://doi.org/10.1109/BigData55660.2022.10020982.
Ruffing, T., Moreno-Sanchez, P., and Kate, A. (2014). “Coinshuffle: Practical decentralized coin mixing for Bitcoin,” in Proceedings of the 19th European Symposium on Research in Computer Security, Springer, pp. 345–364. https://doi.org/10.1007/978-3-319-11212-1_20.
Sánchez-Gómez, N., Torres-Valderrama, J., García-García, J. A., Gutiérrez, J. J., and Escalona, M. (2020). “Model-based software design and testing in blockchain smart contracts: A systematic literature review,” IEEE Access (8), pp. 164556–164569. https://doi.org/10.1109/ACCESS.2020.3021502.
Sarre, R., Lau, L. Y.-C., and Chang, L. Y. (2018). “Responding to cybercrime: Current trends,” Police Practice and Research (19:6), pp. 515–518. https://doi.org/10.1080/15614263.2018.1507888.
Schultze, U. and Avital, M. (2011). “Designing interviews to generate rich data for information systems research,” Information and Organization (21:1). https://doi.org/10.1016/j.infoandorg.2010.11.001.
Sedlmeir, J., Lautenschlager, J., Fridgen, G., and Urbach, N. (2022). “The transparency challenge of blockchain in organizations,” Electronic Markets (32), pp. 1779–1794. https://doi.org/10.1007/s12525-022-00536-0.
See, K. (2023). “The Satoshi laundromat: A review on the money laundering open door of Bitcoin mixers,” Journal of Financial Crime. https://doi.org/10.1108/JFC-11-2022-0269.
Shen, M. (2022). “Crypto mixer Tornado Cash says sanctions can’t apply to smart contracts,” Bloomberg.
Tarafdar, M., Gupta, A., and Turel, O. (2013). “The dark side of information technology use,” Information Systems Journal (23:3), pp. 269–275. https://doi.org/10.1111/isj.12015.
Trozze, A., Davies, T., and Kleinberg, B. (2023). “Of degens and defrauders: Using open-source investigative tools to investigate decentralized finance frauds and money laundering,” Forensic Science International: Digital Investigation (46). https://doi.org/10.1016/j.fsidi.2023.301575.
TyphoonCash (2021). Introducing Typhoon Cash – A new protocol for yield-capable private transactions.
U.S. Department of the Treasury (2022). U.S. Treasury sanctions notorious virtual currency mixer Tornado Cash.
U.S. Department of the Treasury (2023). Treasury designates Roman Semenov, co-founder of sanctioned virtual currency mixer Tornado Cash.
van Wegberg, R., Oerlemans, J.-J., and van Deventer, O. (2018). “Bitcoin money laundering: mixed results? An explorative study on money laundering of cybercrime proceeds using Bitcoin,” Journal of Financial Crime (45:2), pp. 419–435. https://doi.org/10.1108/JFC-11-2016-0067.
Wang, Z., Chaliasos, S., Qin, K., Zhou, L., Gao, L., Berrang, P., Livshits, B., and Gervais, A. (2022). “On how zero-knowledge proof blockchain mixers improve, and worsen user privacy,” in Proceedings of the ACM Web Conference, pp. 2022–2032. https://doi.org/10.1145/3543507.3583217.
Zhang, R., Xue, R., and Liu, L. (2019). “Security and privacy on blockchain,” ACM Computing Surveys (52:3). https://doi.org/10.1145/3316481.
Zheng, P., Zheng, Z., Wu, J., and Dai, H.-N. (2021). “On-chain and off-chain blockchain data collection,” in. Blockchain Intelligence: Methods, Applications and Challenges, pp. 15–39. https://doi.org/10.1007/978-981-16-0127-9_2.
Ziegler, C. and Welpe, I. M. (2022). “A taxonomy of decentralized autonomous organizations,” in Proceedings of the 43rd International Conference on Information Systems, AIS.