Blockchains are decentralized and immutable databases that are shared among the nodes of the network. Although blockchains have attracted a great scale of attention in the recent years by disrupting the traditional financial systems, the transaction privacy is still a challenging issue that needs to be addressed and analyzed. We propose a Private Token Transfer System (PTTS) for the Ethereum public blockchain in the first part of this paper. For the proposed framework, zero-knowledge based protocol has been designed using Zokrates and integrated into our private token smart contract. With the help of web user interface designed, the end users can interact with the smart contract without any third-party setup. In the second part of the paper, we provide security and privacy analysis including the replay attack and the balance range privacy attack which has been modeled as a network flow problem. It is shown that in case some balance ranges are deliberately leaked out to particular organizations or adversarial entities, it is possible to extract meaningful information about the user balances by employing minimum cost flow network algorithms that have polynomial complexity. The experimental study reports the Ethereum gas consumption and proof generation times for the proposed framework. It also reports network solution times and goodness rates for a subset of addresses under the balance range privacy attack with respect to number of addresses, number of transactions and ratio of leaked transfer transaction amounts.

中文翻译：

---

PTTS：以太坊区块链上基于零知识证明的私有代币转账系统及其基于网络流的余额范围隐私攻击分析


区块链是在网络节点之间共享的去中心化且不可变的数据库。尽管近年来区块链通过颠覆传统金融系统吸引了广泛的关注，但交易隐私仍然是一个需要解决和分析的挑战性问题。在本文的第一部分，我们为以太坊公共区块链提出了一个私有代币转移系统 （PTTS）。对于拟议的框架，使用 Zokrates 设计了基于零知识的协议，并将其集成到我们的私有代币智能合约中。借助设计的 Web 用户界面，最终用户无需任何第三方设置即可与智能合约进行交互。在本文的第二部分，我们提供了安全和隐私分析，包括重放攻击和平衡范围隐私攻击，后者已被建模为网络流问题。结果表明，如果某些余额范围被故意泄露给特定组织或敌对实体，则可以通过采用具有多项式复杂性的最低成本流网络算法来提取有关用户余额的有意义信息。实验研究报告了所提议框架的以太坊 gas 消耗和证明生成时间。它还报告了余额范围隐私攻击下地址子集的网络解决方案时间和利用率，包括地址数量、交易数量和泄露转账交易金额的比率。