Bitcoin and anonymity
Bitcoin calls itself the new money and says it can be minted and exchanged on the Internet, faster and cheaper than a bank.
It’s gotten a lot of attention but how anonymous is it? Not very, if you have computers and about $1,500.
Several groups worldwide have shown that it is possible to find out which transactions belong together, even if the client uses different pseudonyms but it has only recently become clear that it is also possible to reveal the IP address behind each transaction.
The Bitcoin system is not managed by a central authority, but relies on a peer-to-peer network on the Internet. Anyone can join the network as a user or provide computing capacity to process the transactions. In the network, the user’s identity is hidden behind a cryptographic pseudonym, which can be changed as often as is wanted.
Transactions are signed with this pseudonym and broadcast to the public network to verify their authenticity and attribute the Bitcoins to the new owner.
In their new analysis, researchers at the Laboratory of Algorithmics, Cryptology and Security of the University of Luxembourg have shown that Bitcoin does not protect user’s IP address and that it can be linked to the user’s transactions in real-time. To find this out, a hacker would need only a few computers and about €1500 per month for server and traffic costs. Moreover, the popular anonymization network “Tor” can do little to guarantee Bitcoin user’s anonymity, since it can be blocked easily.
The basic idea behind these findings is that Bitcoin entry nodes, to which the user’s computer connects in order to make a transaction, form a unique identifier for the duration of user’s session. This unique pattern can be linked to a user’s IP address. Moreover, transactions made during one session, even those made via unrelated pseudonyms, can be linked together.
With this method, hackers can reveal up to 60 percent of the IP addresses behind the transactions made over the Bitcoin network.
“This Bitcoin network analysis combined with previous research on transaction flows shows that the level of anonymity in the Bitcoin network is quite low”, explains Prof. Alex Biryukov of the
University of Luxembourg.
In the paper recently presented at the ACM Conference on Computer and Communications Security,
Biryukov
and colleagues also described how to prevent such an attack on user’s privacy. Software patches written by the researchers are currently under discussion with the Bitcoin core developers.