It is well known that reusing cryptocurrency addresses undermines privacy. This also applies if the same addresses are used in different cryptocurrencies. Nevertheless, cross-chain address reuse appears to be a recurring phenomenon, especially in EVM-based designs. Previous works performed either direct address matching, or basic format conversion, to identify such cases. However, seemingly incompatible address formats e.g., in Bitcoin and Ethereum, can also be derived from the same public keys, since they rely on the same cryptographic primitives. In this paper, we therefore focus on the underlying public keys to discover reuse within, as well as across, different cryptocurrency networks, enabling us to also match incompatible address formats. Specifically, we analyze key reuse across Bitcoin, Ethereum, Litecoin, Dogecoin, Zcash and Tron. Our results reveal that cryptographic keys are extensively and actively reused across these networks, negatively impacting both privacy and security of their users. We are hence the first to expose and quantify cross-chain key reuse between UTXO and account-based cryptocurrencies. Moreover, we devise novel clustering methods across these different cryptocurrency networks that do not rely on heuristics and instead link entities by their knowledge of the underlying secret key.
翻译:众所周知,加密货币地址的复用会损害隐私性。若同一地址在不同加密货币中被使用,同样会产生此问题。尽管如此,跨链地址复用现象仍反复出现,尤其在基于EVM的设计中。先前的研究或通过直接地址匹配,或通过基础格式转换来识别此类情况。然而,由于依赖相同的密码学原语,即使表面不兼容的地址格式(例如比特币与以太坊中的地址)也可能源自相同的公钥。因此,本文聚焦于底层公钥,以发现同一加密货币网络内及不同网络间的密钥复用现象,从而实现对不兼容地址格式的匹配。具体而言,我们分析了比特币、以太坊、莱特币、狗狗币、Zcash和波场之间的密钥复用情况。研究结果表明,密码学密钥在这些网络中广泛且活跃地被复用,对其用户的隐私与安全均产生了负面影响。由此,我们首次揭示并量化了UTXO与账户型加密货币之间的跨链密钥复用现象。此外,我们设计了跨这些不同加密货币网络的新型聚类方法,该方法不依赖启发式规则,而是通过实体对底层私钥的持有关系进行关联。