Home Explore Help
Sign In
bat9go
/
tutela-app
mirror of https://github.com/TutelaLabs/tutela-app
Watch 1
Star 0
Fork 0
Files Issues 0 Wiki
Branch: main
Branches Tags
tutela-app
/
whitepaper
/
7_analysis.tex

7_analysis.tex 4.1 KB
Permalink History Raw

12345678910111213141516171819202122232425262728293031323334353637383940 
  1. \section{Analysis}
    2. 

  2. \label{sec:analysis}
    3. 

  3. 

  4. We provide a brief quantitative analysis of the scale and efficacy of Tutela heuristics.
    5. 

  5. \begin{figure}[h!]
    6. 

  6. \includegraphics[width=\linewidth]{figures/dar_graph.png}
    7. 

  7. \caption{10k subgraph of 26M graph created via deposit address reuse. Contains EOA (green), deposits (blue), and exchanges (red).}
    8. 

  8. \label{fig:dargraph}
    9. 

  9. \end{figure}
    10. 

  10. \subsection{Ethereum Heuristics}
    11. 

  11. 

  12. Using DAR, we found 26M EOA addresses, resulting in 2.5M clusters of Ethereum addresses. The average cluster size contains 4.3 ($\pm$ 8.6) EOA addresses; the largest cluster contains 2.1k EOA addresses. Figure~\ref{fig:dargraph} shows a visualization of 10,000 random nodes from the DAR graph. In particular, we observe interesting structure with many small clusters scattered uniformly, balanced by several large clusters in the perimeter.
    13. 

  13. 

  14. Next, we can measure the quality of the DAR clusters using a held out ``test set'' of known clustered addresses. We obtain such a set from \cite{beres2021blockchain} where 1,028 clusters of addresses (average size of 4.0 $\pm$ 3.6 EOA addresses per cluster) are derived from ENS names. We find a recall of 39.4\% using DAR. While there is room for improvement, we are cautiously optimistic that DAR is able to recover a nontrivial number without any knowledge of ENS names. This provides evidence for the generality of DAR clusters.
    15. 

  15. 

  16. \begin{figure}[h!]
    17. 

  17. \includegraphics[width=\linewidth]{figures/diff2vec_sample}
    18. 

  18. \caption{100k random subset of 131M embedding of Ethereum addresses projected from to 3D using PCA.}
    19. 

  19. \label{fig:diff2vecgraph}
    20. 

  20. \end{figure}
    21. 

  21. Using Node, we found 131M clusters of Ethereum addresses, with each cluster having exactly 9 members by design (10 including itself). Figure~\ref{fig:diff2vecgraph} shows a visualization of 100,000 random embeddings of Ethereum addresses from the NODE set, where embeddings are projected down to two dimensions using PCA (trained on a subset of 1M address embeddings). The color in Figure~\ref{fig:diff2vecgraph} shows the density, estimated using a Gaussian kernel, where a lighter (yellow) color represents higher density. That is, the figure shows a non-hollow ball of address embeddings. For any query address, Tutela returns the closest neighbors from the point cloud. Again, we access quality using the held-out known clusters, finding a recall of 37.8\% with NODE, two percent lower than DAR. However, as shown in Figure~\ref{fig:ensrecall}, when DAR and NODE are used in combination, the recall increases 7\% to 44.8\%, indicating that DAR and NODE find clusters of different ``types''. In Tutela, searching an address will return both clusters types.
    22. 

  22. % More analysis on NODE embedding quality will be conducted in future work.
    23. 

  23. 

  24. \begin{figure}[h!]
    25. 

  25. \includegraphics[width=\linewidth]{figures/ens_recall.pdf}
    26. 

  26. \caption{Plot of the recall of held-out address clusters through ENS reveals using deposit address reuse (DAR), diff2vec (NODE), and the combination of both (BOTH). A higher recall represents a better heuristic.}
    27. 

  27. \label{fig:ensrecall}
    28. 

  28. \end{figure}
    29. 

  29. 

  30. \subsection{Tornado Cash Heuristics}
    31. 

  31. 

  32. Of the 97.3k Tornado Cash equal user deposits, we found 42.8k are potentially compromised: 18.6K from the address match reveal, 102 from the unique gas price reveal, 18.9K from the linked ETH address reveal, 16.2K from the multi-denomination reveal, and 358 from the TORN mining reveal (with overlap between reveals). Splitting this by pool, we find the anonymity set to be reduced by 37\% ($\pm$ 15\%) on average. Figure~\ref{fig:tcashgraph} shows the uncompromised anonymity sets by pool.
    33. 

  33. 

  34. We find that some of the pools could be heavily compromised (such as the cDAI and WBTC pools), whereas other pools are less effected (e.g. USDC). In summary, while many of the Tornado Cash heuristics are simple, they are quite powerful. These findings could help Tornado Cash developers and users alike, measure and understand the degree user privacy offered.
    35. 

  35. 

  36. \begin{figure}[h!]
    37. 

  37. \includegraphics[width=\linewidth]{figures/tornado_graph.png}
    38. 

  38. \caption{Plot of the percentage of compromised versus uncompromised (pink) deposits by pool. }
    39. 

  39. \label{fig:tcashgraph}
    40. 

  40. \end{figure}
    41.