privacy – Deanonymizing dust attack

To add to Raghav’s answer:

Practically, as a typical user, it can be difficult to deal with a dust attack. There is no way to stop or disallow the receiving of a transaction, so the user can only react to the attack after it has occurred. The good thing is, by taking the proper actions a user can easily and effectively mitigate against the attack. In a perfect world of well-informed users and good wallet software, the attack would be futile, and a waste of resources to attempt.

On the downside, the attack can be very effective if not mitigated. The more addresses a wallet has used in the past, the more damaging the attack can be, as an attacker stands to potentially link a great number of addresses all to one user, destroying anonymity.

As Raghav mentioned, some wallets allow the user to manually select UTXOs for spending, or to mark inputs as ‘unspendable dust’, but many wallets have no such option. In many cases, the UTXO selection is completely hidden from the end user, in an effort to make the wallet more simple to use.

If you receive some dust to one or more of your addresses, your wallet does not allow for manual UTXO selection, and you’d like to counter the attack, then you’ll need to import your seed phrase into some new wallet software that allows you to select UTXOs manually. If you’d like to continue using the original wallet software afterwards, you could follow this workflow:

  1. Receive dust attack transactions
  2. Do research to find a reputable wallet that allows for UTXO selection, and download that software onto a secure device
  3. Import the seed phrase from your dust-attacked wallet into the new wallet software, to recreate your dust-attacked wallet in the new wallet software
  4. Using your old wallet software, create a new wallet and copy the receiving address (this will be your new wallet, after you’ve completed all these steps)
  5. Use the new UTXO-selecting wallet software to send the non-dust UTXOs from your dust-attacked wallet, to your new wallet (created in step 4). As Gabriele mentioned in the comments, creating a single transaction to do this will be detrimental to your privacy (it will link all addresses in the wallet, via the common input ownership heuristic). A privacy-conscious user may thus choose to craft many transactions to transfer the funds to the new wallet (using a ~minimal number of UTXOs as input to each transaction).

Source link

Leave a Comment

Your email address will not be published.