New Empirical Traceability Analysis of CryptoNote-Style Blockchains

  • Zuoxia Yu
  • Man Ho AuEmail author
  • Jiangshan Yu
  • Rupeng Yang
  • Qiuliang Xu
  • Wang Fat Lau
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11598)


The cascade effect attacks (PETS’ 18) on the untraceability of Monero are circumvented by two approaches. The first one is to increase the minimum ring size of each input, from 3 (version 0.9.0) to 7 in the latest update (version 0.12.0). The second approach is introducing the ring confidential transactions with enhanced privacy guarantee. However, so far, no formal analysis has been conducted on the level of anonymity provided by the new countermeasures in Monero. In addition, since Monero is only an example of leading CryptoNote-style blockchains, the actual privacy guarantee provided by other similar blockchains in the wild remains unknown.

In this paper, we propose a more sophisticated statistical analysis on CryptoNote-style cryptocurrencies. In particular, we introduce a new attack on the transaction untraceability called closed set attack. We prove that our attack is optimal assuming that no additional information is given. In other words, in terms of the result, \(\textit{closed set}\) attack is equivalent to brute-force attack, which exhausts all possible input choices and removes those that are impossible given the constraints imposed by the mixins of each transaction.

To verify the impact of our attack in reality, we conduct experiments on the top 3 CryptoNote-style cryptocurrencies, namely, Monero, Bytecoin and DigitalNote, according to their market capitalization. Since the computational cost of performing \(\textit{closed set}\) attack is prohibitively expensive, we propose an efficient algorithm, called clustering algorithm, to (approximately) implement our attack. By combining our clustering method with the cascade attack, we are able to identify the real coin being spent in \(70.52\%\) Monero inputs, \(74.25\%\) Bytecoin inputs, and in \(91.56\%\) DigitalNote inputs.

In addition, we provide a theoretical analysis on the identified \(\textit{closed set}\) attack, i.e., if every input in a CryptoNote-style blockchain has 3 mixins, and all mixins are sampled uniformly from all existing coins, the success rate of this attack is very small (about \(2^{-19}\)). Given that \(\textit{closed set}\) attack is equivalent to the best possible statistical attack, our findings provide two key insights. First, the current system configuration of Monero is secure against statistical attacks, as the minimum number of mixin is 6. Second, we identify a new factor in improving anonymity, that is, the number of unspent keys. Our analysis indicates that the number of mixins in an input does not need to be very large, if the percentage of unspent keys is high.



We appreciate the anonymous reviewers for their valuable suggestions. Part of this work was supported by the National Natural Science Foundation of China (Grant No. 61602396, U1636205, 61572294, 61632020), the MonashU-PolyU-Collinstar Capital Joint Lab on Blockchain and Cryptocurrency Technologies, from the Research Grants Council of Hong Kong (Grant No. 25206317), and the Fonds National de la Recherche Luxembourg (FNR) through PEARL grant FNR/P14/8149128.

Supplementary material


  1. 1.
    Cryptocurrencies market capacity. Accessed 16 Apr 2018
  2. 2.
    Monero source code. Accessed 30 Mar 2018
  3. 3.
    Sets of spent outputs. Accessed 26 Nov 2018
  4. 4.
    Goemans, M.: Lecture notes in chernoff bounds, and some applications, February 2015.
  5. 5.
    Kumar, A., Fischer, C., Tople, S., Saxena, P.: A traceability analysis of monero’s blockchain. In: Foley, S.N., Gollmann, D., Snekkenes, E. (eds.) ESORICS 2017. LNCS, vol. 10493, pp. 153–173. Springer, Cham (2017). Scholar
  6. 6.
    Liu, J.K., Susilo, W., Wong, D.S.: Ring signature with designated linkability. In: Yoshiura, H., Sakurai, K., Rannenberg, K., Murayama, Y., Kawamura, S. (eds.) IWSEC 2006. LNCS, vol. 4266, pp. 104–119. Springer, Heidelberg (2006). Scholar
  7. 7.
    Meiklejohn, S., et al.: A fistful of bitcoins: characterizing payments among men with no names. In: Proceedings of the 2013 Conference on Internet Measurement Conference, pp. 127–140. ACM (2013)Google Scholar
  8. 8.
    Miller, A., Möser, M., Lee, K., Narayanan, A.: An empirical analysis of linkability in the monero blockchain. arXiv preprint arXiv:1704.04299 (2017)
  9. 9.
    Möser, M., et al.: An empirical analysis of traceability in the monero blockchain. Proc. Priv. Enhancing Technol. 3, 143–163 (2018)CrossRefGoogle Scholar
  10. 10.
    Nakamoto, S.: Bitcoin: A peer-to-peer electronic cash system (2008)Google Scholar
  11. 11.
    Reid, F., Harrigan, M.: An analysis of anonymity in the bitcoin system. In: 2011 IEEE Third International Conference on Privacy, Security, Risk and Trust (PASSAT) and 2011 IEEE Third International Conference on Social Computing (SocialCom), pp. 1318–1326. IEEE (2011)Google Scholar
  12. 12.
    Rivest, R.L., Shamir, A., Tauman, Y.: How to leak a secret. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 552–565. Springer, Heidelberg (2001). Scholar
  13. 13.
    Ron, D., Shamir, A.: Quantitative analysis of the full bitcoin transaction graph. In: Sadeghi, A.-R. (ed.) FC 2013. LNCS, vol. 7859, pp. 6–24. Springer, Heidelberg (2013). Scholar
  14. 14.
    Van Saberhagen, N.: Cryptonote v 2.0 (2013)Google Scholar
  15. 15.
    Yu, J., Au, M.H., Esteves-Verissimo, P.: Re-thinking untraceability in the cryptonote-style blockchain. In: IEEE Computer Security Foundations Symposium (CSF) (2019). The sun tzu survival problemGoogle Scholar

Copyright information

© International Financial Cryptography Association 2019

Authors and Affiliations

  • Zuoxia Yu
    • 1
  • Man Ho Au
    • 1
    Email author
  • Jiangshan Yu
    • 2
  • Rupeng Yang
    • 1
    • 3
  • Qiuliang Xu
    • 4
  • Wang Fat Lau
    • 1
  1. 1.Department of ComputingThe Hong Kong Polytechnic UniversityHung HomHong Kong SAR
  2. 2.Monash UniversityMelbourneAustralia
  3. 3.School of Computer Science and TechnologyShandong UniversityJinanChina
  4. 4.School of SoftwareShandong UniversityJinanChina

Personalised recommendations