# Ethereum Access Privacy --- ## Motivation - Ethereum is only pseudononymous. - Recent arrival of (on-chain) privacy solutions aiming to tackle this aspect - None of them hide the link between network-level identities (e.g. IP addresses) with on-chain identities (e.g. accounts) - Despite the gains at the on-chain layer, users can be trivially de-anonymized at the network-level which in turn can lead to de-anonymization at the on-chain layer. --- ## What we'll cover - A high-level overview of the Ethereum p2p network - How users publish transactions to the Ethereum - How users query for relevant transactions from the Ethereum blockchain - Issues from a privacy perspective --- ## What this talk is not about - On-chain privacy techniques --- ## Overview of the Ethereum p2p network  --- ## Overview of the Ethereum p2p network (Cont'd) - Uses devp2p to find, connect to and send messages to nodes in the network --- ## Overview of the Ethereum p2p network (Cont'd) - Devp2p consists of several protocols: - RLPx - Node Discovery Protocol (Discv4) - Ethereum Wire Protocol - Light Ethereum Subprotocol (LES) --- ## Publishing To Ethereum  --- ## Publishing To Ethereum (Cont'd) - Users publish transactions to devp2p nodes by means of gossip - Privacy Issues: - Not traffic analysis resistant (both passive and active) --- ## Publishing To Ethereum (Cont'd) ### Current Solutions - Tor and I2P networks have been proposed as solutions - https://arxiv.org/abs/1410.6079 --- ## Publishing To Ethereum (Cont'd) ### Current Solutions (Cont'd) - Dandelion++ takes advantage of gossiping nature of transaction propagation. - https://arxiv.org/abs/1805.11060 - Blinder: MPC-based protocol for anonymous committed broadcast - https://eprint.iacr.org/2020/248.pdf --- ## Fetching From Ethereum  --- ## Fetching From Ethereum (Cont'd) - Transactions are fetched through a variety of syncing protocols - LES - Fast Sync - Beam Sync - etc. --- ## Fetching From Ethereum (Cont'd) - Privacy issues: - Can easily determine who is doing a query - Can easily determine what is being queried for - Both of these combine, gives an adversary an idea of what transactions and extra info might belong to a particular wallet. --- ## Fetching From Ethereum (Cont'd) ### Current Solutions - Mainly academic - Shlomi et al (2019) propose a way to store and query Ethereum data privately - Not directly applicable to light clients - Tor doesn't really help in this case - Only hides **who** is doing a query, not the actual contents of the query --- ## Fetching From Ethereum (Cont'd) ### Current Solutions - Other work includes [sinkhole-rs](https://github.com/hashmatter/sinkhole-rs), although not yet applicable to fetching queries privately --- ## Current Work  --- ## Current Work (Cont'd) - Meson: A mixnet for cryptocurrency transactions - Currently supports ETH forks and testnets, and Binance Chain - Current work focuses on developer/devops tooling and a decentralized PKI authority system - More info: https://github.com/hashcloak/Meson --- ## Current Work (Cont'd) - Baryon: A library for IT-PIR protocols - Still a work-in-progress. No working code - Aims to provide developers with the means to efficiently query databases privately - More info: https://github.com/hashcloak/go-baryon --- ## Open Research Questions - How to better leverage ad-hoc and gossip structure of blockchain-based networks for privacy? - The construction of PIR protocols that take into account the dynamic nature of blockchain networks. --- ## Conclusion - Full stack privacy on an already public blockchain is hard - Developing appropriate methods for privately publishing and querying Ethereum is an ongoing problem --- # 謝謝/Questions? - Twitter: @badcryptobitch - Email: mikerah@hashcloak.com - Checkout this cool list I made: https://github.com/Mikerah/awesome-privacy-on-blockchains