|
|
@ -608,6 +608,12 @@ Similarly for mining pools which support paying out to \zaddr, an attacker can j |
|
|
|
single payout. They will now know one of the zaddrs and the exact amount being paid out in that transaction. Mining |
|
|
|
pools are a wealth of information to de-anonymize \zaddrs and must be very careful to not leak useful metadata. |
|
|
|
|
|
|
|
We would like to mention \cite{LuckPool} as an example of Best Practices by a mining pool that supports \zaddrs, |
|
|
|
they do not list any \zaddr publicly and do not allow searching by \zaddr and do not show which \zaddrs are being |
|
|
|
paid out. The Hush community also reached out to Pirate mining pools long ago and many of them removed public metadata |
|
|
|
about \zaddr miners when their were told the privacy implications. All mining pools which can pay out to \zaddrs |
|
|
|
should follow these guidelines. All public data about \zaddrs can be fed into ITM and Metaverse attacks. |
|
|
|
|
|
|
|
\nsubsection{Timing Analysis} |
|
|
|
|
|
|
|
This analysis uses the heuristic that transactions that are close together are likely to be related, or |
|
|
|