PTTS: Zero-Knowledge Proof-based Private Token Transfer System on Ethereum Blockchain and its Network Flow Based Balance Range Privacy Attack Analysis

TL;DR

This paper introduces PTTS, a privacy-preserving token transfer system on Ethereum using zero-knowledge proofs, and analyzes its security vulnerabilities, including a network flow-based balance privacy attack.

Contribution

The paper presents a novel zero-knowledge proof framework for private token transfers on Ethereum and models a new network flow-based attack to analyze privacy risks.

Findings

PTTS enables private token transfers with low gas costs.

Balance range leaks can be exploited to infer user balances.

The attack's effectiveness depends on the amount of leaked information.

Abstract

Blockchains are decentralized and immutable databases that are shared among the nodes of the network. Although blockchains have attracted a great scale of attention in the recent years by disrupting the traditional financial systems, the transaction privacy is still a challenging issue that needs to be addressed and analysed. We propose a Private Token Transfer System (PTTS) for the Ethereum public blockchain in the first part of this paper. For the proposed framework, zero-knowledge based protocol has been designed using Zokrates and integrated into our private token smart contract. With the help of web user interface designed, the end users can interact with the smart contract without any third-party setup. In the second part of the paper, we provide security and privacy analysis including the replay attack and the balance range privacy attack which has been modelled as a network flow problem. It is shown that in case some balance ranges are deliberately leaked out to particular organizations or adversial entities, it is possible to extract meaningful information about the user balances by employing minimum cost flow network algorithms that have polynomial complexity. The experimental study reports the Ethereum gas consumption and proof generation times for the proposed framework. It also reports network solution times and goodness rates for a subset of addresses under the balance range privacy attack with respect to number of addresses, number of transactions and ratio of leaked transfer transaction amounts.