Reuse of Public Keys Across UTXO and Account-Based Cryptocurrencies

TL;DR

This paper investigates the reuse of cryptographic public keys across multiple cryptocurrencies, revealing extensive cross-chain key reuse that compromises user privacy and security, and introduces new clustering methods to identify such reuse without heuristics.

Contribution

It is the first study to quantify and analyze cross-chain public key reuse between UTXO and account-based cryptocurrencies, proposing novel clustering techniques based on underlying secret keys.

Findings

Extensive reuse of cryptographic keys across multiple cryptocurrencies.

Cross-chain key reuse negatively impacts user privacy and security.

Novel clustering methods successfully link entities across different networks.

Abstract

It is well known that reusing cryptocurrency addresses undermines privacy. This also applies if the same addresses are used in different cryptocurrencies. Nevertheless, cross-chain address reuse appears to be a recurring phenomenon, especially in EVM-based designs. Previous works performed either direct address matching, or basic format conversion, to identify such cases. However, seemingly incompatible address formats e.g., in Bitcoin and Ethereum, can also be derived from the same public keys, since they rely on the same cryptographic primitives. In this paper, we therefore focus on the underlying public keys to discover reuse within, as well as across, different cryptocurrency networks, enabling us to also match incompatible address formats. Specifically, we analyze key reuse across Bitcoin, Ethereum, Litecoin, Dogecoin, Zcash and Tron. Our results reveal that cryptographic keys are extensively and actively reused across these networks, negatively impacting both privacy and security of their users. We are hence the first to expose and quantify cross-chain key reuse between UTXO and account-based cryptocurrencies. Moreover, we devise novel clustering methods across these different cryptocurrency networks that do not rely on heuristics and instead link entities by their knowledge of the underlying secret key.