Saved in:
Bibliographic Details
Main Authors: Li, Chenyu, Liang, Xueping, Gong, Xiaorui, Zhang, Xiu
Format: Preprint
Published: 2025
Subjects:
Online Access:https://arxiv.org/abs/2507.01635
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866916822243082240
author Li, Chenyu
Liang, Xueping
Gong, Xiaorui
Zhang, Xiu
author_facet Li, Chenyu
Liang, Xueping
Gong, Xiaorui
Zhang, Xiu
contents While Ethereum's discovery protocols (Discv4/ Discv5) incorporate robust cryptographic designs to protect user privacy, real-world deployment reveals critical vulnerabilities when users deviate from security guidelines. In this paper, we design a system called EGNInfoLeaker. Our study is the first work that uncovers widespread public key reuse across Ethereum's peer-to-peer networks - a practice that fundamentally undermines the protocol's privacy guarantees. Through systematic analysis of 300 real-world network snapshots, we identify 83 users controlling 483 service nodes via public key reuse, enabling precise de-anonymization through IP correlation. Using evidence collected by EGNInfoLeaker, our Graph-Based Identity Association Algorithm links users to network entities and generates comprehensive user profiles. For User27, it exposes the public key, IP, network ID, location (country/region/city), and ISP/ORG details. The EGNInfoLeaker system demonstrates how such cryptographic misuse transforms theoretical anonymity into practical identity leakage, exposing users to surveillance and targeted attacks. These findings establish that protocol security depends not only on sound design but also on strict user compliance. Going forward, our detection framework provides a foundation for enhancing real-world privacy preservation in decentralized networks.
format Preprint
id arxiv_https___arxiv_org_abs_2507_01635
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle EGNInfoLeaker: Unveiling the Risks of Public Key Reuse and User Identity Leakage in Blockchain
Li, Chenyu
Liang, Xueping
Gong, Xiaorui
Zhang, Xiu
Cryptography and Security
While Ethereum's discovery protocols (Discv4/ Discv5) incorporate robust cryptographic designs to protect user privacy, real-world deployment reveals critical vulnerabilities when users deviate from security guidelines. In this paper, we design a system called EGNInfoLeaker. Our study is the first work that uncovers widespread public key reuse across Ethereum's peer-to-peer networks - a practice that fundamentally undermines the protocol's privacy guarantees. Through systematic analysis of 300 real-world network snapshots, we identify 83 users controlling 483 service nodes via public key reuse, enabling precise de-anonymization through IP correlation. Using evidence collected by EGNInfoLeaker, our Graph-Based Identity Association Algorithm links users to network entities and generates comprehensive user profiles. For User27, it exposes the public key, IP, network ID, location (country/region/city), and ISP/ORG details. The EGNInfoLeaker system demonstrates how such cryptographic misuse transforms theoretical anonymity into practical identity leakage, exposing users to surveillance and targeted attacks. These findings establish that protocol security depends not only on sound design but also on strict user compliance. Going forward, our detection framework provides a foundation for enhancing real-world privacy preservation in decentralized networks.
title EGNInfoLeaker: Unveiling the Risks of Public Key Reuse and User Identity Leakage in Blockchain
topic Cryptography and Security
url https://arxiv.org/abs/2507.01635