Página inicial Explorar Ajuda
Entrar
bat9go
/
tutela-app
mirror de https://github.com/TutelaLabs/tutela-app
Observar 1
Favorito 0
Fork 0
Arquivos Issues 0 Wiki
Branch: flow
Branches Tags
tutela-app
/
whitepaper
/
2_preliminaries.tex

2_preliminaries.tex 4.2 KB
Link permanente Histórico Raw

123456789101112131415161718192021222324 
  1. \section{Preliminaries} \label{sec:preliminaries}
    2. 

  2. In this section, we provide some background on Ethereum and its account model. For a deeper dive into Ethereum, we refer the reader to~\cite{antonopoulos2018mastering}. Moreover, we briefly describe the high-level workings of Tornado Cash.
    3. 

  3. 

  4. \subsection{Ethereum and the Account Model}
    5. 

  5. Ethereum is the second-largest cryptocurrency platform in terms of market capitalization.\footnote{For more details, see: \url{https://coinmarketcap.com/currencies/ethereum}.} However, it is the largest smart contract platform, and it is also the most used public blockchain concerning settled transactions per second. Therefore, it is imperative to understand better and assess the privacy guarantees of Ethereum quantitatively.
    6. 

  6. 

  7. Ethereum employs the \textit{account model}. There are two types of accounts: externally owned accounts (EOA) and contract accounts. EOAs are controlled by users via a cryptographic key-pair (a private and a public key) owned by them. The private key of the EOA enables users to send transactions from that account, while the public key is used to derive an address for the EOA (the hash of the public key is its address). On the other hand, contract accounts are controlled by contract code. The contract account's address is the hash of their contract code. Accounts are referred to by their addresses (a pseudonym). Contract accounts cannot initiate transactions. However, EOAs can send transactions to contract accounts that can run the code of the contract account. In the following, we will use the words accounts and addresses interchangeably. 
    8. 

  8. 

  9. % mw: took out bc we don't really use this
    10. 

  10. % All accounts have the following fields:
    11. 

  11. % \begin{itemize}
    12. 

  12. %     \item \textbf{Balance:} it denotes the amount of ether (the native currency of the Ethereum blockchain) the account owns.
    13. 

  13. %     \item \textbf{Nonce:} the number of confirmed transactions the account has sent. This field facilitates the prevention of replay attacks. For instance, the receiver of a transaction cannot drain the sender's balance by replaying transactions since transactions also sign off the nonce field of the sender's account.
    14. 

  14. %     \item \textbf{Storage:} it is a permanent data store for account contracts. This field is empty for EOAs.
    15. 

  15. %     \item \textbf{Code:} only contract accounts possess code, EOAs do not.
    16. 

  16. % \end{itemize}
    17. 

  17. 

  18. Ethereum's account model has several implications from a privacy point of view. First, the account model incentivizes the reuse of accounts across many transactions. Imagine the following scenario. Alice owns an EOA with address $\mathcal{A}$ and a balance of three ether. Alice wishes to buy a product from Bob for two ether. Alice sends a transaction worth two ether to Bob. After this purchase, $\mathcal{A}$ has a balance of one ether. Therefore, if Alice wants to spend her change, she necessarily needs to send a transaction \emph{again} from her account $\mathcal{A}$. Address reuse facilitates the profiling of rich transaction histories: complete financial history,  list of all counterparties, time-of-day activity, and more. Furthermore, account reuse implies that most users only own a handful of accounts. Finally, the accounts owned by the same user can effectively be clustered; see Section~\ref{sec:eth}. 
    19. 

  19. 

  20. \subsection{Preserving Privacy on Ethereum: Tornado Cash}
    21. 

  21. Users can break links with their transaction history using a so-called mixer contract. Tornado Cash (TC) is the most widely used, non-custodial mixer on Ethereum. TC works as follows. Users deposit equal amounts to a TC smart contract. After some time, users can withdraw their funds from the mixer contract to \emph{a freshly generated EOA} by providing a zero-knowledge proof that proves that the withdrawer user is one of the depositors. Therefore, the withdrawing EOA has enhanced its privacy since it has become indistinguishable among the depositor EOAs. Note that each TC contract applies a fixed denomination for the mixed funds. Otherwise, linking deposits to withdraws would be trivial.
    22. 

  22. 

  23. TC provides mixing contracts (sometimes we refer to them as (mixing) pools) for ether and several Ethereum-based tokens (e.g., DAI, USDC, wBTC, etc.) and many denominations (1, 10, 100, etc.).
    24. 

  24.