门罗币匿名及追踪技术综述

doi:10.11772/j.issn.1001-9081.2021020296

《计算机应用》唯一官方网站 ›› 2022, Vol. 42 ›› Issue (1): 148-156.DOI: 10.11772/j.issn.1001-9081.2021020296

所属专题：网络空间安全；综述

门罗币匿名及追踪技术综述

林定康(), 颜嘉麒, 巴楠登, 符朕皓, 姜皓晨

南京大学信息管理学院，南京 210023

收稿日期:2021-03-01 修回日期:2021-04-15 接受日期:2021-04-16 发布日期:2021-04-29 出版日期:2022-01-10
通讯作者: 林定康
作者简介:林定康（2001—），男，湖北十堰人，主要研究方向：区块链、数字货币
颜嘉麒（1983—），男，福建泉州人，副教授，博士，CCF会员，主要研究方向：区块链、信息系统、数据分析、情报学；巴·楠登（1999—），女，新疆乌鲁木齐人，主要研究方向：区块链、环签名、匿名数字货币
符朕皓（2001—），男，河南信阳人，主要研究方向：区块链、信息系统
姜皓晨（2001—），男，江苏泰州人，主要研究方向：信息系统、区块链、零知识证明。
基金资助:
江苏“333高层次人才培养工程”科研项目(BRA2020276);南京大学2021年双创大数据与理论研究双创项目

Survey of anonymity and tracking technology in Monero

Dingkang LIN(), Jiaqi YAN, Nandeng BA, Zhenhao FU, Haochen JIANG

School of Information Management，Nanjing University，Nanjing Jiangsu 210023，China

Received:2021-03-01 Revised:2021-04-15 Accepted:2021-04-16 Online:2021-04-29 Published:2022-01-10
Contact: Dingkang LIN
About author:LIN Dingkang， born in 2001. His research interests include blockchain， digital currency.
YAN Jiaqi， born in 1983， Ph. D.， associate professor. His research interests include blockchain， information system， data analysis， information science.
BA Nandeng， born in 1999. Her research interests include blockchain， ring signature， anonymous digital currency.
FU Zhenhao， born in 2001. His research interests include blockchain， information system.
JIANG Haochen， born in 2001. His research interests include information system， blockchain， zero-knowledge proof.
Supported by:
“333 High-Level Talent Training Engineering” Science Research Project of Jiangsu(BRA2020276);Nanjing University 2021 Innovation and Entrepreneurship Big Data and Theoretical Research Innovation and Entrepreneurship Project

摘要/Abstract

摘要：

虚拟数字货币为恐怖分子融资、洗钱、毒品交易等犯罪活动提供了温床，而门罗币作为新兴数字货币的代表，具有公认的高匿名性。针对利用门罗币匿名性犯罪的问题，从技术角度探索门罗币匿名技术及其追踪技术，综述近年来的研究进展，从而为有效应对基于区块链技术的犯罪提供技术支持。具体来说，总结了门罗币匿名技术的演进，并梳理了学术界关于门罗币匿名技术的追溯对策。首先，在匿名技术中，介绍了环签名、保证不可链接性（一次性公钥）、保证不可追溯性、提高匿名性的重要版本升级等。然后，在追踪技术中，介绍了0-mixin攻击、输出合并攻击、最新猜测攻击、封闭集攻击、泛洪攻击、恶意远程节点攻击、钱包环攻击等攻击方法。最后，基于对匿名技术和追溯对策的分析，得出了四点结论：门罗币的匿名技术和追踪技术的发展相互促进；RingCT的应用是一把双刃剑，既使得从币值出发的被动攻击方法失效，也使得主动攻击方法更加容易奏效；输出合并攻击和0-mixin攻击具有互补作用；门罗币的系统安全链条仍待理顺。

关键词: 区块链, 门罗币, 数字货币, 追踪技术, 匿名技术, 文献综述, 环签名

Abstract:

Virtual digital currency provides a breeding ground for terrorist financing， money laundering， drug trafficking and other criminal activities. As a representative emerging digital currency， Monero has a universally acknowledged high anonymity. Aiming at the problem of using Monroe anonymity to commit crimes， Monero anonymity technology and tracking technology were explored as well as the research progresses were reviewed in recent years， so as to provide technical supports for effectively tackling the crimes based on blockchain technology. In specific， the evolution of Monero anonymity technology was summarized， and the tracking strategies of Monero anonymity technology in academic circles were sorted out. Firstly， in the anonymity technologies， ring signature， guaranteed unlinkability （one-off public key）， guaranteed untraceability， and the important version upgrading for improving anonymity were introduced. Then， in tracking technologies， the attacks such as zero mixin attack， output merging attack， guess-newest attack， closed set attack， transaction flooding attack， tracing attacks from remote nodes and Monero ring attack were introduced. Finally， based on the analysis of anonymity technologies and tracking strategies， four conclusions were obtained： the development of anonymity technology and the development of tracking technology of Monero promote each other； the application of Ring Confidential Transactions （RingCT） is a two-edged sword， which makes the passive attack methods based on currency value ineffective， and also makes the active attack methods easier to succeed； output merging attack and zero mixin attack complement each other； Monero’s system security chain still needs to be sorted out.

Key words: blockchain, Monero, digital currency, tracking technology, anonymity technology, literature review, ring signature

中图分类号:

TP311.13

林定康, 颜嘉麒, 巴楠登, 符朕皓, 姜皓晨. 门罗币匿名及追踪技术综述[J]. 计算机应用, 2022, 42(1): 148-156.

Dingkang LIN, Jiaqi YAN, Nandeng BA, Zhenhao FU, Haochen JIANG. Survey of anonymity and tracking technology in Monero[J]. Journal of Computer Applications, 2022, 42(1): 148-156.

图/表 9

图 1 门罗币交易示意图

Fig. 1 Schematic diagram of Monero transaction

图 2 0-mixin攻击示意图

Fig. 2 Schematic diagram of zero mixin attack

图 3 输出合并攻击示意图

Fig. 3 Schematic diagram of output merging attack

图 4 最新猜测攻击示意图

Fig. 4 Schematic diagram of guess-newest attack

图 5 封闭集攻击示意图

Fig. 5 Schematic diagram of closed set attack

图 6 泛洪攻击示意图

Fig. 6 Schematic diagram of transaction flooding attack

图 7 门罗币客户端与远程节点运作方式示意图

Fig. 7 Schematic diagram of operation mode between Monroe client and remote node

图 8 恶意远程节点攻击示意图

Fig. 8 Schematic diagram of tracing attacks from remote nodes

图 9 钱包环攻击示意图

Fig. 9 Schematic diagram of Monero ring attack

参考文献 41

1	LUNTOVSKYY A， GUETTER D. Cryptographic technology blockchain and its applications［C］// Proceedings of the 2018 International Conference on Information and Telecommunication Technologies and Radio Electronics， LNEE560. Cham： Springer， 2019： 14-33.
2	REDDY E， MINNAAR A. Cryptocurrency： a tool and target for cybercrime［J］. Acta Criminologica： African Journal of Criminology， 2018， 31（3）： 71-92.
3	IRWIN A S M， URNER A B. Illicit Bitcoin transactions： challenges in getting to the who， what， when and where［J］. Journal of Money Laundering Control， 2018， 21（3）： 297-313. 10.1108/jmlc-07-2017-0031
4	IRWIN A S M， MI8LAD G. The use of crypto-currencies in funding violent jihad［J］. Journal of Money Laundering Control， 2016， 19（4）： 407-425.
5	乔晶花. 全球毒情新趋势与国际治理新挑战［J］. 现代世界警察， 2020（9）： 13-17.
	QIAO J H. Global drug abuse and its challenge to drug control［J］. Modern World Police， 2020（9）： 13-17.
6	RÜTH J， ZIMMERMANN T， WOLSING K， et al. Digging into browser-based crypto mining［C］// Proceedings of the 2018 Internet Measurement Conference. New York： ACM， 2018： 70-76. 10.1145/3278532.3278539
7	NAKAMOTO S. Bitcoin： a peer-to-peer electronic cash system［EB/OL］. ［2021-01-01］.. 10.2139/ssrn.3440802
8	HARRIGAN M， FRETTER C. The unreasonable effectiveness of address clustering［C］// Proceedings of the 2016 International IEEE Conferences on Ubiquitous Intelligence & Computing， Advanced and Trusted Computing， Scalable Computing and Communications， Cloud and Big Data Computing， Internet of People， and Smart World Congress. Piscataway： IEEE， 2016： 368-373. 10.1109/uic-atc-scalcom-cbdcom-iop-smartworld.2016.0071
9	van SABERHAGEN N. CryptoNote v2.0［EB/OL］. ［2021-01-01］..
10	DUFFIELD E， DIAZ D. Dash： a payments-focused cryptocurrency［EB/OL］. ［2021-01-01］..
11	SASSON E BEN， CHIESA A， GARMAN C， et al. Zerocash： decentralized anonymous payments from Bitcoin［C］// Proceedings of the 2014 IEEE Symposium on Security and Privacy. Piscataway： IEEE， 2014： 459-474. 10.1109/sp.2014.36
12	门罗币官网中文版［EB/OL］. ［2021-01-01］.. 10.1145/371920.372097
	— Chinese Version［EB/OL］. ［2021-01-01］.10.1145/371920.372097
13	WIJAYA D A， LIU J K， STEINFELD R， et al. On the unforkability of Monero［C］// Proceedings of the 2019 ACM Asia Conference on Computer and Communications Security. New York： ACM， 2019： 621-632. 10.1145/3321705.3329823
14	SINGH K， HEULOT N， HAMIDA E B. Towards anonymous， unlinkable， and confidential transactions in blockchain［C］// Proceedings of the 2018 IEEE International Conferences on Internet of Things， Green Computing and Communications， Cyber， Physical and Social Computing， Smart Data， Blockchain， Computer and Information Technology. Piscataway： IEEE， 2018： 1642-1649. 10.1109/cybermatics_2018.2018.00274
15	YU J S， AU M H A， ESTEVES-VERISSIMO P. Re-thinking untraceability in the CryptoNote-style blockchain［C］// Proceedings of the IEEE 32nd Computer Security Foundations Symposium. Piscataway： IEEE， 2019： 94-107. 10.1109/csf.2019.00014
16	LIU J K， AU M H， SUSILO W， et al. Linkable ring signature with unconditional anonymity［J］. IEEE Transactions on Knowledge and Data Engineering， 2014， 26（1）： 157-165. 10.1109/tkde.2013.17
17	RIVEST R L， SHAMIR A， TAUMAN Y. How to leak a secret［C］// Proceedings of the 2001 International Conference on Theory and Application of Cryptology and Information Security， LNCS2248. Berlin： Springer， 2001：552-565.
18	SILVERMAN J H. The Arithmetic of Elliptic Curves， GTM 106［M］. 2nd ed. New York： Springer， 2009：376-386. 10.1007/978-0-387-09494-6_3
19	SUN S F， AU M H， LIU J K， et al. RingCT 2.0： a compact accumulator-based （linkable ring signature） protocol for blockchain cryptocurrency Monero［C］// Proceedings of the 2017 European Symposium on Research in Computer Security， LNCS10493. Cham： Springer， 2017： 456-474.
20	LIU J K， WEI V K， WONG D C. Linkable spontaneous anonymous group signature for ad hoc groups［C］// Proceedings of the 2004 Australasian Conference on Information Security and Privacy， LNCS3108. Berlin： Springer， 2004： 325-335.
21	NOETHER S， NOETHER S. Monero is not that mysterious： MRL-0003［R/OL］. （2014-09-25）［2021-01-01］.. 10.1177/0003603x1405900303
22	The Monero Project. MiniNero： a Python reimplementation of the one-time ring signatures as found in Monero［CP/OL］. ［2021-01-01］.. 10.5373/jardcs/v12sp1/20201050
23	FUJISAKI E， SUZUKI K. Traceable ring signature［C］// Proceedings of the 2007 International Workshop on Public Key Cryptography， LNCS4450. Berlin： Springer， 2007： 181-200. 10.1007/978-3-540-71677-8_13
24	MERCER R. Privacy on the blockchain： unique ring signatures［R/OL］. （2016-12-25）［2021-01-01］..
25	NOETHER S. Ring signature confidential transactions for Monero［EB/OL］. （2015-12-17）［2021-01-01］.. 10.5195/ledger.2016.34
26	The Monero Project. Monero： triangular distribution to choose recent outputs more often for mixins［CP/OL］. ［2021-01-01］.. 10.1093/benz/9780199773787.article.b00124527
27	YU Z X， AU M H， YU J S， et al. New empirical traceability analysis of CryptoNote-style blockchains［C］// Proceedings of the 2019 International Conference on Financial Cryptography and Data Security， LNCS11598. Cham： Springer， 2019： 133-149.
28	NOETHER S， MACKENZIE A， The Monero Research Lab. Ring confidential transactions ［J］. Ledger， 2016， 1： No.34. 10.5195/ledger.2016.34
29	Official site of Monero. Moneropedia — RingCT［EB/OL］. ［2021-01-01］.. 10.1007/978-3-319-66399-9_25
30	KUMAR A， FISCHER C， TOPLE S， et al. A traceability analysis of Monero’s blockchain［C］// Proceedings of the 2017 European Symposium on Research in Computer Security， LNCS10493. Cham： Springer， 2017： 153-173.
31	MÖSER M， SOSKA K， HEILMAN E， et al. An empirical analysis of traceability in the Monero blockchain［J］. Proceedings on Privacy Enhancing Technologies， 2018， 2018（3）： 143-163. 10.1515/popets-2018-0025
32	YE C， OJUKWU C， HSU A， et al. Alt-coin traceability［EB/OL］. （2020-07-07）［2021-01-01］..
33	CHERVINSKI J A M， KREUTZ D， YU J S. FloodXMR： low-cost transaction flooding attack with Monero’s bulletproof protocol［EB/OL］. （2019-05-10）［2021-01-01］..
34	LEE K， MILLER A. Authenticated data structures for privacy-preserving Monero light clients［C］// Proceedings of the 2018 IEEE European Symposium on Security and Privacy Workshops. Piscataway： IEEE， 2018： 20-28. 10.1109/eurospw.2018.00010
35	CAO T， YU J S， DECOUCHANT J， et al. Exploring the Monero peer-to-peer network［C］// Proceedings of the 2020 International Conference on Financial Cryptography and Data Security， LNCS12059. Cham： Springer， 2020： 578-594.
36	HEILMAN E， KENDLER A， ZOHAR A， et al. Eclipse attacks on Bitcoin peer-to-peer network［C］// Proceedings of the 24th USENIX Security Symposium. Berkeley： USENIX Association， 2015： 129-144.
37	WIJAYA D A， LIU J， STEINFELD R， et al. Monero ring attack： recreating zero mixin transaction effect［C］// Proceedings of the 17th IEEE International Conference on Trust， Security and Privacy in Computing and Communications/ 12th IEEE International Conference on Big Data Science and Engineering. Piscataway： IEEE， 2018：1196-1201. 10.1109/trustcom/bigdatase.2018.00165
38	LIU Q Y， LIU Z， LONG Y， et al. Making Monero hard-to-trace and more efficient［C］// Proceedings of the 18th IEEE International Conference on Trust， Security and Privacy in Computing and Communications/13th IEEE International Conference on Big Data Science and Engineering. Piscataway： IEEE， 2019： 514-521. 10.1109/trustcom/bigdatase.2019.00075
39	WIJAYA D A， LIU J， STEINFELD R， et al. Anonymity reduction attacks to Monero［C］// Proceedings of the 2018 International Conference on Information Security and Cryptology， LNCS11449. Cham： Springer， 2019： 86-100.
40	HINTEREGGER A， HASLHOFER B. Short paper： an empirical analysis of Monero cross-chain traceability［C］// Proceedings of the 2019 International Conference on Financial Cryptography and Data Security， LNCS11598. Cham： Springer， 2019： 150-157.
41	BORGGREN N， KIM H Y， YAO L H， et al. Simulated blockchains for machine learning traceability and transaction values in the Monero network［EB/OL］. （2020-01-12）［2021-01-01］..

[1]	陈廷伟, 张嘉诚, 王俊陆. 面向联邦学习的随机验证区块链构建[J]. 《计算机应用》唯一官方网站, 2024, 44(9): 2770-2776.
[2]	孙晓玲, 王丹辉, 李姗姗. 基于区块链的动态密文排序检索方案[J]. 《计算机应用》唯一官方网站, 2024, 44(8): 2500-2505.
[3]	黄河, 金瑜. 基于投票和以太坊智能合约的云数据审计方案[J]. 《计算机应用》唯一官方网站, 2024, 44(7): 2093-2101.
[4]	李皎, 张秀山, 宁远航. 降低跨分片交易比例的区块链分片方法[J]. 《计算机应用》唯一官方网站, 2024, 44(6): 1889-1896.
[5]	陈美宏, 袁凌云, 夏桐. 基于主从多链的数据分类分级访问控制模型[J]. 《计算机应用》唯一官方网站, 2024, 44(4): 1148-1157.
[6]	赵莉朋, 郭兵. 基于BDLS的区块链共识改进算法[J]. 《计算机应用》唯一官方网站, 2024, 44(4): 1139-1147.
[7]	高改梅, 张瑾, 刘春霞, 党伟超, 白尚旺. 基于区块链与CP-ABE策略隐藏的众包测试任务隐私保护方案[J]. 《计算机应用》唯一官方网站, 2024, 44(3): 811-818.
[8]	马海峰, 李玉霞, 薛庆水, 杨家海, 高永福. 用于实现区块链隐私保护的属性基加密方案[J]. 《计算机应用》唯一官方网站, 2024, 44(2): 485-489.
[9]	王伊婷, 万武南, 张仕斌, 张金全, 秦智. 基于SM9算法的可链接环签名方案[J]. 《计算机应用》唯一官方网站, 2024, 44(12): 3709-3716.
[10]	刘德渊, 张金全, 张鑫, 万武南, 张仕斌, 秦智. 基于无证书签密的跨链身份认证方案[J]. 《计算机应用》唯一官方网站, 2024, 44(12): 3731-3740.
[11]	孙科硕, 高海英, 宋杨. 面向公有区块链上的私有区块链的多权威属性加密方案[J]. 《计算机应用》唯一官方网站, 2024, 44(12): 3699-3708.
[12]	方鹏, 赵凡, 王保全, 王轶, 蒋同海. 区块链3.0的发展、技术与应用[J]. 《计算机应用》唯一官方网站, 2024, 44(12): 3647-3657.
[13]	陈姿芊, 牛科迪, 姚中原, 斯雪明. 适用于物联网的区块链轻量化技术综述[J]. 《计算机应用》唯一官方网站, 2024, 44(12): 3688-3698.
[14]	高婷婷, 姚中原, 贾淼, 斯雪明. 链上链下一致性保护技术综述[J]. 《计算机应用》唯一官方网站, 2024, 44(12): 3658-3668.
[15]	贾淼, 姚中原, 祝卫华, 高婷婷, 斯雪明, 邓翔. 零知识证明赋能区块链的进展与展望[J]. 《计算机应用》唯一官方网站, 2024, 44(12): 3669-3677.

门罗币匿名及追踪技术综述

Survey of anonymity and tracking technology in Monero

RichHTML

PDF

可视化

摘要/Abstract

引用本文

使用本文

图/表 9

参考文献 41

相关文章 15

编辑推荐

Metrics