In a ring-signature-based anonymous cryptocurrency, signers of a transaction are hidden among a set of potential signers, called a ring, whose size is much smaller than the number of all users. The ring-membership relations specified by the sets of transactions thus induce bipartite transaction graphs, whose distribution is in turn induced by the ring sampler underlying the cryptocurrency. Since efficient graph analysis could be performed on transaction graphs to potentially deanonymise signers, it is crucial to understand the resistance of (the transaction graphs induced by) a ring sampler against graph analysis. Of particular interest is the class of partitioning ring samplers. Although previous works showed that they provide almost optimal local anonymity, their resistance against global, e.g. graph-based, attacks were unclear. In this work, we analyse transaction graphs induced by partitioning ring samplers. Specifically, we show (partly analytically and partly empirically) that, somewhat surprisingly, by setting the ring size to be at least logarithmic in the number of users, a graph-analysing adversary is no better than the one that performs random guessing in deanonymisation up to constant factor of 2.

翻译：在基于环签名的匿名加密货币中，交易的签名者隐藏在一组潜在签名者（称为环）中，该环的规模远小于所有用户的数量。由交易集合指定的环成员关系因此产生了二分交易图，其分布又由加密货币底层的环采样器所决定。由于高效的图分析可对交易图执行以潜在地去匿名化签名者，因此理解环采样器（所诱导的交易图）对抗图分析的能力至关重要。其中，划分环采样器类别尤为值得关注。尽管先前研究表明它们提供了近乎最优的局部匿名性，但其对抗全局（例如基于图的）攻击的抵抗能力尚不明确。在本工作中，我们分析了由划分环采样器诱导的交易图。具体而言，我们（部分通过解析推导、部分通过实验验证）表明，令人惊讶的是，通过将环大小设置为至少与用户数成对数关系，一个进行图分析的敌手在去匿名化中的表现，至多不会优于执行随机猜测的敌手，且性能差距不超过常数因子2。