SBA @ Financial Cryptography and Data Security 2026
Our colleague Nicholas Stifter, researcher and security analyst at SBA Research, presented his conference paper titled Reuse of Public Keys Across UTXO and Account-Based Cryptocurrencies at the Financial Cryptography and Data Security 2026 in St. Kitts.
In this work they reveal that cryptographic keys are being extensively reused across major blockchain networks (BTC, LTC, DOGE, ZEC, ETH, TRX) by identifying over 1.6M reused ECDSA secp256k1 keys. Hereby, they are the first to also identify and analyze key reuse across different ledger designs, spanning both UTXO and account-based models. Their findings have important implications for user privacy, security research, and wallet design. This work is a joint collaboration between SBA Research, the University of Vienna, and the Complexity Science Hub.
© Niklas Schnaubelt
Abstract
It is well known that reusing cryptocurrency addresses undermines privacy. This also applies if the same addresses are used in different cryptocurrencies. Nevertheless, cross-chain address reuse appears to be a recurring phenomenon, especially in EVM-based designs. Previous works performed either direct address matching, or basic format conversion, to identify such cases. However, seemingly incompatible address formats e.g., in Bitcoin and Ethereum, can also be derived from the same public keys, since they rely on the same cryptographic primitives.
In this paper, we therefore focus on the underlying public keys to discover reuse within, as well as across, different cryptocurrency networks, enabling us to also match incompatible address formats. Specifically, we analyze key reuse across Bitcoin, Ethereum, Litecoin, Dogecoin, Zcash and Tron. Our results reveal that cryptographic keys are extensively and actively reused across these networks, negatively impacting both privacy and security of their users. We are hence the first to expose and quantify cross-chain key reuse between UTXO and account-based cryptocurrencies. Moreover, we devise novel clustering methods across these different cryptocurrency networks that do not rely on heuristics and instead link entities by their knowledge of the underlying secret key.
Authors: Rainer Stütz, Nicholas Stifter, Melitta Dragaschnig, Bernhard Haslhofer, Aljosha Judmayer
About the Conference
Financial Cryptography and Data Security (FC) is a major international conference dedicated to research and discussion on securing financial and commercial systems. It focuses on information assurance in commercial contexts, covering all aspects of protecting transactions, digital assets, and operational infrastructures. While cryptography is an important component, submissions are not limited to purely cryptographic research; systems security and interdisciplinary work are strongly encouraged.
The conference welcomes both fundamental research and applied work addressing real-world deployments in commerce security. Its goal is to bring together cryptography and security researchers with economists, bankers, implementers, and policy-makers to encourage cross-disciplinary exchange. The program typically includes invited talks, academic presentations, technical demonstrations, panel discussions, and co-located workshops, fostering an interactive and collaborative atmosphere.