Table of Contents
Fetching ...

Reuse of Public Keys Across UTXO and Account-Based Cryptocurrencies

Rainer Stütz, Nicholas Stifter, Melitta Dragaschnig, Bernhard Haslhofer, Aljosha Judmayer

TL;DR

This paper addresses the privacy and security risks of cross-chain key reuse by focusing on the underlying public keys used for signing in multiple cryptocurrencies. It analyzes six networks (BTC, ETH, LTC, DOGE, ZEC, TRX), extracts recovered public keys, and classifies reuse as active or passive, including cross-chain events between UTXO and account-based designs. The authors quantify extensive reuse (over $1.6$ million keys reused, with $1.43$ million actively reused) and demonstrate cross-chain clustering by transferring insights from UTXO to account-based systems, while validating results against ground truth. The work uncovers that exchanges, bridges, and mixers contribute substantially to key reuse, highlights privacy risks, and proposes non-heuristic clustering approaches along with countermeasures to mitigate cross-chain linkability across heterogeneous ledgers.

Abstract

It is well known that reusing cryptocurrency addresses undermines privacy. This also applies if the same addresses are used in different cryptocurrencies. Nevertheless, cross-chain address reuse appears to be a recurring phenomenon, especially in EVM-based designs. Previous works performed either direct address matching, or basic format conversion, to identify such cases. However, seemingly incompatible address formats e.g., in Bitcoin and Ethereum, can also be derived from the same public keys, since they rely on the same cryptographic primitives. In this paper, we therefore focus on the underlying public keys to discover reuse within, as well as across, different cryptocurrency networks, enabling us to also match incompatible address formats. Specifically, we analyze key reuse across Bitcoin, Ethereum, Litecoin, Dogecoin, Zcash and Tron. Our results reveal that cryptographic keys are extensively and actively reused across these networks, negatively impacting both privacy and security of their users. We are hence the first to expose and quantify cross-chain key reuse between UTXO and account-based cryptocurrencies. Moreover, we devise novel clustering methods across these different cryptocurrency networks that do not rely on heuristics and instead link entities by their knowledge of the underlying secret key.

Reuse of Public Keys Across UTXO and Account-Based Cryptocurrencies

TL;DR

This paper addresses the privacy and security risks of cross-chain key reuse by focusing on the underlying public keys used for signing in multiple cryptocurrencies. It analyzes six networks (BTC, ETH, LTC, DOGE, ZEC, TRX), extracts recovered public keys, and classifies reuse as active or passive, including cross-chain events between UTXO and account-based designs. The authors quantify extensive reuse (over million keys reused, with million actively reused) and demonstrate cross-chain clustering by transferring insights from UTXO to account-based systems, while validating results against ground truth. The work uncovers that exchanges, bridges, and mixers contribute substantially to key reuse, highlights privacy risks, and proposes non-heuristic clustering approaches along with countermeasures to mitigate cross-chain linkability across heterogeneous ledgers.

Abstract

It is well known that reusing cryptocurrency addresses undermines privacy. This also applies if the same addresses are used in different cryptocurrencies. Nevertheless, cross-chain address reuse appears to be a recurring phenomenon, especially in EVM-based designs. Previous works performed either direct address matching, or basic format conversion, to identify such cases. However, seemingly incompatible address formats e.g., in Bitcoin and Ethereum, can also be derived from the same public keys, since they rely on the same cryptographic primitives. In this paper, we therefore focus on the underlying public keys to discover reuse within, as well as across, different cryptocurrency networks, enabling us to also match incompatible address formats. Specifically, we analyze key reuse across Bitcoin, Ethereum, Litecoin, Dogecoin, Zcash and Tron. Our results reveal that cryptographic keys are extensively and actively reused across these networks, negatively impacting both privacy and security of their users. We are hence the first to expose and quantify cross-chain key reuse between UTXO and account-based cryptocurrencies. Moreover, we devise novel clustering methods across these different cryptocurrency networks that do not rely on heuristics and instead link entities by their knowledge of the underlying secret key.
Paper Structure (37 sections, 9 figures, 3 tables)

This paper contains 37 sections, 9 figures, 3 tables.

Figures (9)

  • Figure 1: Address formats of different cryptocurrencies can be derived from the same public key. Some formats may be converted into each other without knowledge of the underlying public key while others can not.
  • Figure 2: Cardinality of set intersections for active public key reuse across the considered currencies (Top 5 cardinalities per intersections size).
  • Figure 3: Quarterly counts of first UTXO internal active public key reuse events within Bitcoin (BTC) and Litecoin (LTC).
  • Figure 4: Quarterly counts of first active public cross-chain reuse events.
  • Figure 5: Example of clustering an account-based cryptocurrency such as Ethereum, based on multiple-input clustering in Bitcoin.
  • ...and 4 more figures

Theorems & Definitions (1)

  • definition thmcounterdefinition