Search papers, labs, and topics across Lattice.
This paper reveals a critical vulnerability in Monero's use of the Tor network, where transactions from Monero Tor nodes are exclusively routed through two outgoing proxy nodes, allowing adversaries to deanonymize the source of these transactions. The authors introduce a novel framework called ProxyMark, which operates in three stages: identifying node roles, pinpointing originated transactions, and deanonymizing node locations. Empirical tests conducted on the live Tor network and Monero's mainnet and testnet validate ProxyMark's effectiveness in deanonymizing transactions, highlighting significant privacy concerns for users of Monero over Tor.
Monero's reliance on Tor may be its Achilles' heel, as a new framework can deanonymize transactions with alarming accuracy.
Monero is a privacy-focused cryptocurrency that deploys the Dandelion++ protocol and incorporates anonymity networks (such as Tor and I2P) to prevent malicious attackers from linking transactions with their source IPs. In this paper, we demonstrate that Monero's integration of the Tor network introduces a fundamental vulnerability: a Monero Tor node's originated transactions are exclusively forwarded to two outgoing Tor hidden service nodes (proxy nodes) prior to clearnet propagation, enabling an adversary to capture originated transactions by occupying the target node's outgoing connections. Based on this observation, we propose \textit{ProxyMark}, a three-stage deanonymization framework for the Monero Tor network, comprising node role identification, originated transaction identification, and node location deanonymization. Through experiments on the live Tor network, Monero mainnet, and testnet, we empirically demonstrate the effectiveness of \textit{ProxyMark} in successfully deanonymizing transactions originating from Monero nodes over Tor.