|
|
|
|
|
|
by ianmiers
3219 days ago
|
|
|
I'm not sure I follow on the "your privacy can be defeated by people upstream or downstream of you." In ZCash, your transaction is completly indistinguishable from the other shielded transactions. The only thing the person you are paying learns is they were paid e.g. $10 by a shielded TX user. So they learn nearly nothing from upstream, and know nearly nothing to share downstream. In particular, this seems to completely negate the attack described in this paper. (Which coinjoin does not). The limitation for ZCash is that shielded tx's are only 1/5th of the total number of TXs by volume, so your anonymity set is not as large as it could be.
But it's likely considerably larger than the anonymity you get by mixing < 10 TX's and then doing this repeatedly both because of intersection attacks (which the attack here is) and because of the impossibility of correctly sampling the TXs to mix with. |
|
|
You could identify a dozen or a hundred different features about a transaction or the transaction graph, then run standard machine learning tools to find clusters of usage patterns. You could then probabilistically infer connections between upstream and downstream usage patterns that implicate you.
I'm not arguing against the cryptography of zcash, which is solid as far as I'm aware. But while it does such a thorough job of bolting the front door, the window is left wide open.