One of the stated strengths of Bitcoin has, from the beginning, been its ability to provide anonymity and a sense of security on the same level that cash transactions do. When one spends and is paid in cash, the only real record of the transaction which ties the spender to the cash spent is in the spender’s possession and recording of a receipt. Bitcoin works in much the same way although a verifiable ledger called the Blockchain exists to keep the system in working order. That is, the Blockchain can be used to verify that X coins were received by Y address, and thus Y has the ability/right to spend X with Z.
All of this could be about to change thanks to some Cryptographic researchers in the tiny country of Luxembourg. In a recent paper entitled “Deanonymisation of Clients in Bitcoin P2P Network,” University of Luxembourg researchers Alex Biryukov, Dmitry Khovratovich, and Ivan Pustogarov outline a proven method of revoking the anonymous nature of Bitcoin activity.
All vulnerabilities described in this paper were reported to Bitcoin core developers. When possible we carried out experiments in the Bitcoin test network. To protect user privacy, we restricted from performing a full-scale deanonymization in the real network. However, gathering some statistics required us conducting experiments on the main network, which did not cause disruption or exposure of the main network.
It is the job of cryptographers to break ciphers, keep in mind, and where they cannot be broken, to weaken them in order to find ways to develop stronger things. Among other roles, that is.
One of the ways that many Bitcoin users protect themselves is by connecting via the Tor network. This is the same network, you may remember, which has been popularized by Silk Road and other illegal activities. And, to be fair, that is one of the main applications in this part of the world, to conduct illegal business. But in other parts of the world another, more understandable form of illegality is enabled by it: free access to information. Indeed, getting around the censorship and intellectual domination of totalitarian states is the protocol’s intended purpose and primary the primary intention of its developers.
Thus, when the researchers set out to break the anonymity of Bitcoin users and develop a methodology to identify its users, they had to figure out how to first separate said users from Tor.
To separate Tor from Bitcoin, we exploit the Bitcoin built-in DoS protection. Whenever a peer receives a sort of malformed message, it increases the penalty score of the IP address from which the message came (if a client uses Tor, then the message will obviously come from one of the Tor exit nodes). When this score exceeds 100, the sender’s IP is banned for 24 hours.
The user will then be forced connect without using Tor. A dedicated attacker would have to account for people who’d simply not connect otherwise, and would have to sort of just keep keeping the nodes knocked off until that user connected.
The paper then goes on to outline what is done once users are naked in connecting to the Bitcoin network. In a remarkably simple four-step process, these researchers undermine anonymity in transactions with an 11-to-60% success rate, depending on how you look at it.
We made several experiments and collected some statistics to estimate the success of the attack. In our experiments on the testnet we established 50 connections to each server, obtained 6 out of 8 entry nodes on average, and the 3-tuples were detected and linked to the client in 60% of transactions (Section 7). In the real network, where we can establish fewer connections on average, our pessimistic estimate is 11% (Section 8), i.e. we identify 11% of transactions.
All hope is not lost, though. In Section 6, the authors suggest two best practices for limiting if not eliminating the possibility of such attacks taking place in real life. One is to make it more expensive to do. To whit: “If we require 32 zero bits, then to separate a single peer from the Tor network would cost about 2 45 hash computations, which takes several days on a modern PC.” (6.1)
Supercomputers like those in the possession of most governments and other large organizations would obviously have less trouble with such a barrier, but regulatory compliance might soon require some identification ability anyhow. (One should keep in mind that for all we know this vulnerability has been known to bad actors all along, at every stage of Bitcoin’s rise and fall.)
The other measure they suggest is “blurring the connectivity fingerprint.” To achieve this blurring, a random delay after every transaction would be implemented, and this would make it much harder to determine the origin of a given transaction. It would, however, further delay transactions, something which most merchants and Bitcoiners would be thoroughly opposed to doing.
Do you feel this newly discovered vulnerability spells bad news for Bitcoin or do you think it will have little to no effect? How important is anonymity to you in the first place? Comment below!
Images from the National Security Agency and Shutterstock.