Main menu

Pages

How one paper just blew up Bitcoin's claim to anonymity

 How one paper just blew up Bitcoin's claim to anonymity


Researchers say that all individuals dealing in Bitcoin are within six degrees or less of separation from a core group.

It has been the totem of the cryptocurrency community that the digital addresses of bitcoin and other wallets protect the identity of those who use them to buy and sell. 

A new paper, released this week by researchers at Baylor College of Medicine and Rice University, shattered the supposed anonymity. Under the title "collaboration between an anonymous group, Bitcoin protected during decentralization failures", the paper is now published on the researchers ' server.

Lead researcher Alyssa Blackburn of Baylor and rice, along with colleagues Christophe Huber, Yossi Eliaz, Mohammed Shamim, David Wise, Gotham Seshadri, Kevin Kim, sheng hang, and Erez Lieberman Aiden, used a technique called "address linking" to study bitcoin transactions in the first two years of its existence: January from 2009 to February from 2011.

Discover the main one is that in these first two years, " has been used most bitcoin by sixty-four only agents [collectively] represent the combined 2,676,800 (PV: billion 84 million)."They are referring to the process of minting new coins by solving computer challenges.

That number-64 people in total are" 1,000 times smaller than previous estimates of the size of the early Bitcoin community (75,000), " they note. 

These 64 people include some notable figures who have already become legends, such as Ross Ulbricht, known for the Dread Pirate Roberts handle. Ulbricht is the founder of Silk Road, a black-market operation that used bitcoin for illegal means until it was shut down by the FBI. 

For Blackburn and his team, the point was to study the effects of people involved in Game Theory situations as unknown parties. Surprisingly, they found that early insiders like Ulbricht could exploit the relative scarcity of participants by undercutting Bitcoin to double their coin spending, but they didn't. They acted "altruistically" to maintain the integrity of the system.

This is interesting, but the most pressing discovery is that addresses can be tracked and identities revealed. 

To find out who was doing these early transactions, Blackburn and his team had to reverse engineer the whole premise of bitcoin and all cryptocurrencies: anonymity. 

As explained in the original Bitcoin white paper by Satoshi Nakamoto, privacy had to be maintained by two means: using the anonymous public key and creating new key pairs for each transaction.

The public can see that someone is sending an amount to another person without information linking the transaction to anyone. This is similar to the level of information issued by exchanges, where the time and volume of individual trades are announced, "tape", without specifying the parties. 

A new key pair must be used for each transaction to prevent them from associating with a co-owner. Some linkage is still inevitable with multi-input transactions, which reveal that the same owner owns their input. The risk is that if the owner of the key is revealed, the binding can reveal other transactions belonging to the same owner.

Blackburn and his team had to track these key pairs to uncover the parties to early bitcoin transactions. To do this, they developed what they called a new address binding scheme. 

The schema finds two patterns that indicate users: one is the presence of repeated bits of code, and the other is duplicate addresses of certain transactions. These techniques exploit how bitcoin mining software generates strings, which are used as part of Bitcoin's cryptographic protection against counterfeiting. In fact, there are extensive bindings between seemingly meaningless strings associated with a single user. They also exploit insecure user behaviors, such as using multiple addresses to pay for a single transaction, making it possible to link addresses based on transaction activity.

The consequences, they write, are that it is possible to "follow the money" to expose any identity by following a chain of links in a graph of addresses, starting with a known identity.

"In this approach, the identity of a target Bitcoin address can be verified by identifying a short transaction path that links it to an identifiable address and then using off-chain data sources (ranging from public data to subpoenas) to walk along the path, determining who-push-WHO to deselect addresses until the target address is identified," writes Blackburn and the team.

Furthermore, they assume that "many cryptocurrencies may be vulnerable to money-following attacks."

Blackburn told The New York Times's Siobhan Roberts: "when you encrypt private data and make it public, you can't assume it's going to be private forever."

As the team concludes in the report, "drip-drip, information leakage erodes previously impenetrable blocks, creating a new landscape of socio-economic data."

Comments