Verge - Reading Assignment

Read what Verge (XVG) has to say on privacy. Answer the questions and post your answers below:

https://vergecurrency.com/key-tech/

  1. What two pieces of information are shielded on Verge?
  2. What information is NOT shielded on Verge?
  3. Suppose Alice sends 15 XVG to Bob, and Alice’s and Bob’s ‘Master Public Keys’ are publicly known. Describe how an attacker could link Bob and Alice together, even using the privacy features mentioned above.
  1. The IP address, as TOR is implemented in their wallets, and addresses through Dual-key Stealth addresses.
  2. The amount of transactions. It is also open source, so code is not shielded too.
  3. Probably by analyzing network transactions and trying to “track” them by comparing spent amounts and new UTXOs. Using Dual-Key Stealth Addressing it would be possible for Alice to send the 15XVG to a one-time destinations addresses for Bob, from which he could then take the money and transfer them on his “personal” account or use them for other transactions. However, for a thorough observer it could be possible to check for transfers from such one-time address and identify where the XVGs are being transferred. If the receiver’s Public Key is Bob’s, then he must be the receiver.
1 Like

1.TOR is implemented in the wallet and TOR hides both parties true IP addresses. The other piece is a combination of dual-key stealth addresses and RingCT (Ring Signatures and confidential transactions) to preserve the anonymity of both the sending and receiving parties adresses.

  1. You can see the amount in the transactions. https://verge-blockchain.info/address/DPiYDxyS4Rgv4u2o7fXWnW4pXY6PTjvdTv

  2. They could be linked by analyzing transactions.

1 Like
  1. What two pieces of information are shielded on Verge?

    Verge integrates Tor in all of their wallets, thereby eliminating any single point at which the communicating peers can be determined through network surveillance that relies upon knowing its source and destination.

    Dual-Key Stealth Addressing allows senders to create an unlimited number of one-time destinations addresses on behalf of the recipient without any interaction between the parties. Stealth addresses are a method by which additional obfuscation can be implemented to further protect the receiving party when transacting with Verge.

  2. What information is NOT shielded on Verge?

    You can see the amount in the transactions

  3. Suppose Alice sends 15 XVG to Bob, and Alice’s and Bob’s ‘Master Public Keys’ are publicly known. Describe how an attacker could link Bob and Alice together, even using the privacy features mentioned above.

    They can be linked by analyzing transactions completed on the network.

1 Like
  1. Sender’s IP address and recipient’s address.
  2. the amount, I guess. Not sure, however.
  3. In this case, they could track the amount and link sender and recipient.
1 Like

Stealth addresses = recipient ID
IP address = location/identity of sender

So, still known is:

  1. Amount of the tx is visible for sender and receiver
  2. On-chain linkable info about sender is visible
  1. The IP address (TOR is implemented in their wallets) and addresses through Dual-key Stealth addresses and RingCT.
  2. The amount of transactions is not shielded.
  3. They can be linked by analyzing transactions completed on the network.
1 Like
  1. IP and receivers address
  2. sender address and values
  3. If they use the 4.1 dual-key-stealth-protocol it is not that easy because we would not have a way to calculate the Bob ‘stealth receiving’ address. Even if we try to monitor Alice address in a public explorer for the timeinstant that she spends the 15 XVG, not being able finding the destination address of Bob we can not link both. Only if Bob gave us the ‘secret-scan-key’ “s” that we would be able to calculate the Bob receiving-stealth-address using also the shared-secret-“c” that would be visible in Alice transaction-data at the blockchain/explorer, and only this way we could confirm the payment would be to Bob.
    So we would see a destination address in Alice transaction-data of the 15 XVG, and we could also probably read the ‘shared-secret-c’ at the public tx-data but we would NOT be able to prove that the destination address would belong to Bob’s wallet.
1 Like
  1. The IP address as TOR is implemented in their wallets and addresses through Dual-key Stealth addresses and RingCT.
  2. The amount of tx, it is open source so not shielded.
  3. They could be linked by analyzing transactions.
1 Like
  1. What two pieces of information are shielded on Verge?
    IP address, recipient address

  2. What information is NOT shielded on Verge?
    sender, amount of transaction

  3. Suppose Alice sends 15 XVG to Bob, and Alice’s and Bob’s ‘Master Public Keys’ are publicly known. Describe how an attacker could link Bob and Alice together, even using the privacy features mentioned above.
    The attacker could track down where Bob’s 15 XVG is sent and later link the address to the identity.

1 Like

1- The receiver and the IP adress.

2- The amount.

3- The attacker could analyse the teansactio s on the blockchain.

1 Like
  1. What two pieces of information are shielded on Verge?
    • IP address with Tor wallets
    • Stealth addresses, shielding the recipient.
  2. What information is NOT shielded on Verge?
    • Sender
    • Amount
  3. Suppose Alice sends 15 XVG to Bob, and Alice’s and Bob’s ‘Master Public Keys’ are publicly known. Describe how an attacker could link Bob and Alice together, even using the privacy features mentioned above.
    • By the timing of receiver receiving the sent transaction and the amount of transacted funds.
1 Like
What two pieces of information are shielded on Verge?
  • IP of sender using TOR
  • Receiver using stealth addresses
What information is NOT shielded on Verge?
  • Links between inputs and outputs
  • It also never mentioned amounts being shielded
Suppose Alice sends 15 XVG to Bob, and Alice’s and Bob’s ‘Master Public Keys’ are publicly known. Describe how an attacker could link Bob and Alice together, even using the privacy features mentioned above.

The protocol makes no attempt to mask the links between inputs and outputs. If it’s possible to find TXOs belonging to a specific master public key then it becomes trivial, but if I understand the stealth address lesson correctly, this is only possible if you know the shared secret. If the inputs to Alice’s transaction are also from a stealth address we don’t know that it belongs to Alice either.

  • We do know the amount, so the anonymity set is the number of UTXOs with amount 15 around the time it was sent
  • If a 15 VERGE UTXO is spent shortly after then there’s a probability it was used by Bob and sent by Alice
  • If the transaction volume is low then the anonymity sets may be trivially small, but it gets harder as volumes increase
1 Like
  • What two pieces of information are shielded on Verge?
    IP. (using TOR) and addresses (using stealth addresses)

  • What information is NOT shielded on Verge?
    The amount.

  • Suppose Alice sends 15 XVG to Bob, and Alice’s and Bob’s ‘Master Public Keys’ are publicly known. Describe how an attacker could link Bob and Alice together, even using the privacy features mentioned above.
    The attacker links the amount spent by Alice to the amount received by Bob.

1 Like

1. What two pieces of information are shielded on Verge?
The two pieces of information that are shielded by Verge are IP addresses (through Tor-wallet integration) and a transaction’s recipient’s wallet address (through dual-key stealth addressing).

2. What information is NOT shielded on Verge?
Transaction amounts are not shielded on Verge.

3. Suppose Alice sends 15 XVG to Bob, and Alice’s and Bob’s ‘Master Public Keys’ are publicly known. Describe how an attacker could link Bob and Alice together, even using the privacy features mentioned above.
An attacker could link Bob and Alice together through the transaction amount. Though dual-key stealth addressing allows for users to shield where UTXO’s are being sent, an attacker could link these addresses by looking at the time between one UTXO of 15 XVG and one input of 15XVG on the explorer. Stealth addressing is also optional which leads to more potential vulnerabilities.

1 Like

1, the ip adress (use of TOR) and the adress through dual key stealth adress
2. the amount of the transaction
3.probably by trying to link spent amount and new utxo

1 Like
  1. What two pieces of information are shielded on Verge?
    IP address and receiver address.

  2. What information is NOT shielded on Verge?
    Sender address and amount.

  3. Suppose Alice sends 15 XVG to Bob, and Alice’s and Bob’s ‘Master Public Keys’ are publicly known. Describe how an attacker could link Bob and Alice together, even using the privacy features mentioned above.
    Maybe with timing and TX amount analysis.

1 Like

Q1: IP address and the use of stealth addresses.

Q2: TX amount

Q3

1 Like

Q3: The TX amount would be the last piece of info needed to link Alice and Bob

1 Like
  1. The IP address, as TOR is implemented in their wallets, and addresses through Dual-key Stealth addresses.

  2. The amount of transactions.

  3. They can be linked by analyzing transactions completed on the network.

1 Like