Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Towards Measuring the Traceability of Cryptocurrencies

Domokos Miklós Kelen, István András Seres

TL;DR

The paper tackles the challenge of quantifying cryptocurrency traceability and privacy in a rigorous, quantitative way. It proposes an absorbing Markov chain framework combined with Shannon entropy to measure untraceability on transaction graphs, applicable to both UTXO- and account-based models, including shielded pools. The authors define a flexible, computationally scalable metric U_{S,G,A}(v) based on absorbing probabilities, and validate it through stationary and temporal evaluations across Bitcoin, Zcash, Ethereum, and ERC-20 tokens, revealing distinct mixing characteristics and the impact of privacy tooling. The work offers a practical tool for researchers and practitioners to assess and compare privacy properties, informs privacy-focused design decisions, and highlights how features like shielded pools and transaction structure influence fungibility and traceability.

Abstract

Cryptocurrencies aim to replicate physical cash in the digital realm while removing centralized and trusted intermediaries. Decentralization is achieved by the blockchain, a permanent public ledger that contains a record of every transaction. The public ledger ensures transparency, which enables public verifiability but harms untraceability, fungibility, and anonymity. In the last decade, cryptocurrencies attracted millions of users, with their total market cap reaching approximately three trillion USD at its peak. However, their anonymity guarantees are poorly understood and plagued by widespread misbeliefs. Indeed, previous notions of privacy, anonymity, and traceability for cryptocurrencies are either non-quantitative or inapplicable, e.g., computationally hard to measure. In this work, we put forward a formal framework to measure the (un)traceability and anonymity of cryptocurrencies, allowing us to quantitatively reason about the mixing characteristics of cryptocurrencies and the privacy-enhancing technologies built on top of them. Our methods apply absorbing Markov chains combined with Shannon entropy. To the best of our knowledge, our work provides the first practical, efficient, and probabilistic measure to assess the traceability of cryptocurrencies quantitatively, which also generalizes to entire cryptocurrency transaction graphs. We implement and extensively evaluate our proposed traceability measure on several cryptocurrency transaction graphs. Among other quantitative results, we find that in the studied one-week interval, the Bitcoin blockchain, on average, provided comparable but quantifiably more natural mixing than the Ethereum blockchain.

Towards Measuring the Traceability of Cryptocurrencies

TL;DR

The paper tackles the challenge of quantifying cryptocurrency traceability and privacy in a rigorous, quantitative way. It proposes an absorbing Markov chain framework combined with Shannon entropy to measure untraceability on transaction graphs, applicable to both UTXO- and account-based models, including shielded pools. The authors define a flexible, computationally scalable metric U_{S,G,A}(v) based on absorbing probabilities, and validate it through stationary and temporal evaluations across Bitcoin, Zcash, Ethereum, and ERC-20 tokens, revealing distinct mixing characteristics and the impact of privacy tooling. The work offers a practical tool for researchers and practitioners to assess and compare privacy properties, informs privacy-focused design decisions, and highlights how features like shielded pools and transaction structure influence fungibility and traceability.

Abstract

Cryptocurrencies aim to replicate physical cash in the digital realm while removing centralized and trusted intermediaries. Decentralization is achieved by the blockchain, a permanent public ledger that contains a record of every transaction. The public ledger ensures transparency, which enables public verifiability but harms untraceability, fungibility, and anonymity. In the last decade, cryptocurrencies attracted millions of users, with their total market cap reaching approximately three trillion USD at its peak. However, their anonymity guarantees are poorly understood and plagued by widespread misbeliefs. Indeed, previous notions of privacy, anonymity, and traceability for cryptocurrencies are either non-quantitative or inapplicable, e.g., computationally hard to measure. In this work, we put forward a formal framework to measure the (un)traceability and anonymity of cryptocurrencies, allowing us to quantitatively reason about the mixing characteristics of cryptocurrencies and the privacy-enhancing technologies built on top of them. Our methods apply absorbing Markov chains combined with Shannon entropy. To the best of our knowledge, our work provides the first practical, efficient, and probabilistic measure to assess the traceability of cryptocurrencies quantitatively, which also generalizes to entire cryptocurrency transaction graphs. We implement and extensively evaluate our proposed traceability measure on several cryptocurrency transaction graphs. Among other quantitative results, we find that in the studied one-week interval, the Bitcoin blockchain, on average, provided comparable but quantifiably more natural mixing than the Ethereum blockchain.
Paper Structure (39 sections, 1 theorem, 10 equations, 11 figures, 3 tables)

This paper contains 39 sections, 1 theorem, 10 equations, 11 figures, 3 tables.

Table of Contents

  1. Untraceability
  2. System Model
  3. Transaction Graph Model
  4. Desiderata
  5. Tracing Money Backwards
  6. Other policies
  7. Defining untraceability
  8. Computational considerations
  9. Markov Chain Convergence
  10. Graph Representation of Cryptocurrency Transactions
  11. Cryptocurrencies with the UTXO-model
  12. Account-based Cryptocurrencies
  13. Modeling shielded pools
  14. Temporality of Transactions
  15. Stationary transaction graphs.
  16. ...and 24 more sections

Key Result

theorem 1

In a Markov chain defined as in sec:model, a random walk starting from a sink of the transaction graph $G$ and progressing with transition probabilities defined by the transition matrix $P$ of eq:transmatrixdef ends up being absorbed in an absorber node $v'\in V'$ with probability 1.

Figures (11)

  • Figure 1: Illustrating the requirement of "tamper resistance" for our proposed metric, see \ref{['sec:desiderata']}. Intuitively, the traceability metric for $v_1$ and $v_{11}$ should be the same since no third-party coins are mixed into $v_1$.
  • Figure 2: Transition probabilities in the Markov chain.
  • Figure 3: A simple example summarizing our method to obtain an untraceability score on a transaction graph $G$. Red nodes are sources, blue nodes are sinks. While outputs of transactions cannot be sources in a regular UTXO-based graph, the initial balance of node $n_4$ is possible when merging different UTXOs belonging to the same public key. We add an auxiliary absorber node in the corresponding Markov chain for each source in $G$, i.e., each node with an initial balance. The transition matrix of the Markov chain is split into $\mathbf{Q}$ and $\mathbf{R}$ as described in \ref{['eq:markov_normalform']} to calculate the absorbing probabilities $\mathbf{B}=(\mathbf{I}-\mathbf{Q})^{-1}\mathbf{R}$. The untraceability score is defined as the Shannon entropy of the distribution of the absorbing probabilities for each sink in the original transaction graph $G$.
  • Figure 4: An illustrative example calculation of untraceability where the transaction graph $G$ includes a directed cycle. Note that directed cycles in transaction graphs are only possible in the account-based model or, alternatively, in a UTXO-based model if one is able to merge multiple UTXOs corresponding to the same public key.
  • Figure 5: Temporality of transactions. Four transactions, two incoming and two outgoing target the same address $a$. Transactions are created in the order $tx_1,tx_2,tx_3,tx_4$. Weights on the edges represent the amount of the cryptocurrency transferred in the transactions. The stationary and temporal way of representing them as a transaction graph is presented, with transition probability matrices also included in the figure. The stationary transaction graph disregards temporality information, while the temporal transaction graph incorporates it. Note, as a result, the $tx_3\rightarrow tx_2$ path is blocked for a random walk in the temporal graph.
  • ...and 6 more figures

Theorems & Definitions (2)

  • Definition 1: Untraceability score
  • theorem 1