Verge - Reading Assignment

1. The sender and the receiver

2. The amount

3. The attacker could analyse the transaction (track the amount) and in doing so link the two parties.

It hides the IP address by utilizing Tor routing.

1. What two pieces of information are shielded on Verge?
   ip address and receiver address

2. What information is NOT shielded on Verge?
   amount

3. Suppose Alice sends 15 XVG to Bob, and Alice’s and Bob’s ‘Master Public Keys’ are publicly known. Describe how an attacker could link Bob and Alice together, even using the privacy features mentioned above.
   by analyzing the tx network

1. Verge integrates Tor in all of their wallets, thereby eliminating any single point at which the communicating peers can be determined through network surveillance that relies upon knowing its source and destination. Tor is an IP obfuscation service which enables anonymous communication across a layered circuit based network.

   Dual-Key Stealth Addressing allows senders to create an unlimited number of one-time destinations addresses on behalf of the recipient without any interaction between the parties. Stealth addresses are a method by which additional obfuscation can be implemented to further protect the receiving party when transacting with Verge. When multiple users send funds to a stealth address, rather than these transactions appearing on the blockchain as multiple payments to the same address, they instead appear as multiple payments going to different addresses.

2. the amount of the transaction

3. An attacker could link Bob and Alice together through the transaction amount.

1. The IP address is shielded by TOR and the receiving address is shielded by Dual-Key Stealth Addressing

2. The amount and sending address are not shielded

3. Bob and Alice could be linked by the amount

1.) What two pieces of information are shielded on Verge?
The IP address, Recipient address

2.) What information is NOT shielded on Verge?
Tx amounts are not shielded

3.) Suppose Alice sends 15 XVG to Bob, and Alice’s and Bob’s ‘Master Public Keys’ are publicly known. Describe how an attacker could link Bob and Alice together, even using the privacy features mentioned above.
They could be linked by analyzing the transactions

1. What two pieces of information are shielded on Verge?

The IP addresses (by integrating Tor into the wallets) and the Receiver’s address through stealth addresses

2. What information is NOT shielded on Verge?

The Sender’s address and tx amount

3. Suppose Alice sends 15 XVG to Bob, and Alice’s and Bob’s ‘Master Public Keys’ are publicly known. Describe how an attacker could link Bob and Alice together, even using the privacy features mentioned above.

The attacker could watch the address Alice sent to, and if they know Bob’s address, I suppose they could see when he constructs a tx that uses that UTXO as an input, thus linking Alice and Bob.

1. Sender’s IP address and recipient’s address.
2. the amount, I guess. Not sure, however.
3. In this case, they could track the amount and link sender and recipient.

Its the amount

1 IP address and reciever’s address
2 Tx amount and sender address
3 If the number of simultaneous transactions is small it might be possible to make a connection by timing.

1. sender IP (via TOR) and the receiver address (via Dual-Key Stealth Adresses)
2. tx amount
3. could be tracked via the tx amount and it’s timing

1. What two pieces of information are shielded on Verge?
   The IP addresses for the source and destination of the sender and receiver by implementing Tor (The Onion Router)
2. What information is NOT shielded on Verge?
   The amount.
3. Suppose Alice sends 15 XVG to Bob, and Alice’s and Bob’s ‘Master Public Keys’ are publicly known. Describe how an attacker could link Bob and Alice together, even using the privacy features mentioned above.
   By the amount and timing of the transaction

1. What two pieces of information are shielded on Verge?
   Sender’s IP address (TOR network) and recipient’s address (Dual-key Stealth address)

2. What information is NOT shielded on Verge?
   Transaction amounts are not shield on Verge.

3. Suppose Alice sends 15 XVG to Bob, and Alice’s and Bob’s ‘Master Public Keys’ are publicly known. Describe how an attacker could link Bob and Alice together, even using the privacy features mentioned above.
   Exploring timestamp in Tx (Tor network), check the same size of transactions or derive public keys from “Master’s Keys”. Stealth addressing is also optional feature which leads to more potential vulnerabilities.

1. IP Addresses are hidden along with Addresses (they use DUAL KEY Stealth addresses)

2.Amounts of transactions are not shielded as it is open source code (the smart contract section of the page)

3.You could link the transaction amounts and when they were initiated.

Being open source isn’t really the reason why they are not shielded. Most cryptocurrencies are open source including privacy coins, cryptography algorithms are also often open source (personally I would avoid those that aren’t). Its purely Verges design that doesn’t obscure them.

1. What two pieces of information are shielded on Verge?

The IP address (via The Onion Router) and receiver address (via Dual-Key Stealth Addressing)

2. What information is NOT shielded on Verge?

The amounts within the transactions.

3. Suppose Alice sends 15 XVG to Bob, and Alice’s and Bob’s ‘Master Public Keys’ are publicly known. Describe how an attacker could link Bob and Alice together, even using the privacy features mentioned above.

They can possibly reveal the sender of the transaction as only the receivers are shielded. Meaning the attacker can analyze Bob’s transaction’s for Alice’s sender address and vice versa. (Correct me if I’m wrong)

Both can be linked by analyzing the amount sent and received.

1. IP of sender using TOR - Receiver using stealth addresses.

2. Transaction amounts.

3. Through analyzing the network for transactions of the same size.

1. What two pieces of information are shielded on Verge?

Verge obfuscates transaction user identities and locations via integrated Tor IP obfuscation service and stealth addresses.

2. What information is NOT shielded on Verge?

Verge does not shield transaction amount details

3. Suppose Alice sends 15 XVG to Bob, and Alice’s and Bob’s ‘Master Public Keys’ are publicly known. Describe how an attacker could link Bob and Alice together, even using the privacy features mentioned above.

If we know transaction amount, we can analyze completed transactions on the Verge blockchain and find transaction where amount of 15 XVG was sent and received to link Alice’s and Bob’s derived public key used for this transaction. Of course, knowing exact time of transaction would help a lot.

1. What two pieces of information are shielded on Verge?

IP and receivers address

2. What information is NOT shielded on Verge?

sender address and values

3. Suppose Alice sends 15 XVG to Bob, and Alice’s and Bob’s ‘Master Public Keys’ are publicly known. Describe how an attacker could link Bob and Alice together, even using the privacy features mentioned above.

Dusting attack, track/link analysis of the transaction amount received and timing