Incognito and 'dusting attacks'

A dusting attack is when I send many very small UXTOs to your account, and then look for those UXTOs being sent together to find your account. https://www.binance.vision/security/what-is-a-dusting-attack

There is a conversation on Twitter about how all ZKP Privacy Coins, including Monero and Zcash, are vulnerable to ‘dusting attacks’. It’s a very smart discussion and includes @zooko, one of the leaders of Zcash. https://twitter.com/socrates1024/status/1225113062123954176

Is Incognito also vulnerable to dusting attacks?

1 Like

I think this issue can be solved in next version of privacy by ‘One Time Address - OTA’, When A send token to B, data is stored with B’ address and sender can not know who is real receiver. After that, B use these UTXO in the next tx, beacause incognito hide sender in tx, A can not know who is B, that use UTXO from A. sorry if i dont understand your question clearly

2 Likes

I am not completely sure I understand UTXO but is it only about showing a signature that relates to the user? Or is there more to it?

When it is just the signature, how much does it really reveal?
I assumed with the explorer not showing amounts or sender/receiver, and neither does script unless you have the readonly key of the account (as far as I know), there is not much to discover, other than how many transactions are done, maybe.

Incognito is vulnerable to dusting attacks. However, attackers have less chance than other public chains !!!

First, this kind of attack focuses on UTXO based ledger and the objective is deanonymized the owner of crypto-assets when they have more than one address to receive crypto-assets (eg., hierarchical deterministic wallets). In case the owner uses only one address for all transactions, the problem becomes trivial.

The attackers will have less chance than other public chains. The reason is for each transaction, some random existing UTXOs will be used to mix with the real UTXO. Thus, the attacker only can guess that some of their dusting UTXOs are used by someone. They cannot confirm 100% because maybe one of the dusting UTXOs is only a decoy input.

This kind of attack is easy to fix. Some suggestions for Incognito Chain:

  • Implement a mechanism to detect dusting attack transactions.
  • Don’t use dusting UTXOs, or only use one dusting UTXO per transaction (attackers cannot analyze or combine to deanonymize the owner)
  • Consider disabling “Defragment UTXOs with small value” feature. This action will let the world know who are you.
3 Likes

Most of Incognito transaction is privacy, there is no way for them to analyze the ledger user’s amount without knowing their read-only key, which is user’s kind of secret key.
So i think when they perform this kind of attack, and user move dusting fund they had no idea fund has been move. In this case, how can they link anything? Please feed back me if i’m wrong @hieutran
Only if they analyze network layer that’s they had a chance to exploit user data. But i think is is another story to talk about.

1 Like

Hi, lets me explain a little bit more about privacy technique.

  • First, to hide the sender, Incognito used Ring Signature to sign a transaction. That means the real input will be mixed with some other random inputs. Now, look at a transaction, they cannot know where is the real input.

  • Second, because Incognito uses UTXO based ledger. That means to transfer value y, for example, you may need more than one input such as x1, x2, x3 such that x1 + x2 + x3 >= y to transfer. In this case, your transaction will have 3 real inputs and some other random inputs.

Okay, now consider the attack scenario, the attacker will send a lot of dusting UTXO to some victims. For example, you receive UTXO: x1, x2, x3. Because these are dusting UTXO (small values), with the high chance they will be chosen in your transactions. On the other hand, the attacker can monitor the Incognito chain and easy to detect when his dusting UTXOs appeared on the blockchain. When he saw a transaction with input x1, x2, x3, he can guess and link that the public addresses corresponding to these inputs are belonging to one owner. Note that x1, x2, x3 are created by the attacker, he can track on them to analyze.

1 Like

@hieutran In team of privacy, i though that would be impossible for some one to track if an input is spent or not. So, incognito is privacy transaction but others still can track which input is spent and which is not?

This is an important condition that makes it possible. In simple terms, if you are presented with an encoded piece of text and have no idea what the text is about, you will have a hard time decoding it. If you created several texts and they were encoded afterward, you may have an easier job to find out how the encoding works. That is what I got from the explanation.

2 Likes