Linking Anonymous Transactions via Remote Side-Channel Attacks

crypto.stanford.edu/timings

"We describe remote side-channel attacks on receiver privacy in anonymous cryptocurrencies. Our attacks, which we validate on Zcash and Monero, enable a remote attacker to:

Identify the payee for any anonymous transaction being sent into the network.
Locate the machine (i.e., its IP address) that holds the private key that corresponds to an attacker-known public address.
Break unlinkability of a user's diversified addresses, by determining whether two attacker-known public payment addresses correspond to a same private key.

In addition, for Zcash, the vulnerabilities underlying our attacks can be abused to remotely corrupt and crash any Zcash node for which the attacker knows a payment address, as well as to set up a remote timing side-channel on an ECDH key exchange between a victim node's private key and an attacker's ephemeral public key. In principle, this side-channel can be used to fully recover the victim's private key, thereby completely breaking receiver anonymity.

Our attacks rely on differences in the way that a user's wallet processes a transaction, depending on whether the user is the transaction's payee. We show that these differences in wallet behavior affect the behavior of the P2P node that the wallet is connected to. In turn, a remote adversary can exploit various network and timing side-channels to observe these differences in the P2P node's behavior, and thereby infer the wallet's receipt of a transaction."


Found this on hackerone, guess this is the perfect place to share it.