Sunday, June 15, 2014

Hey Bitcoin Fanboys, Please Explain Bitcoin Anonymity to Me Again

From Coindesk:
A new study from the University of Luxembourg has found that an attacker with a couple of spare laptops and a $2,000 budget could deanonymise up to 60% of bitcoin clients on the network, tying bitcoin addresses to IP addresses. Perhaps even more disturbingly, such attacks could be taking place currently, an author of the study says.
From Cryptolux:
 The attack can reveal the public IP address of the user who generated a transaction as well as the entry nodes which connect the user's node to the rest of the Bitcoin network. The attack requires only a few machines that establish a certain number of connections by Bitcoin protocol and log the incoming traffic. In a concrete example, an attacker with a few GB of storage and no more than 50 connections to each Bitcoin server can disclose the sender's IP address in 11% of all transactions generated in the Bitcoin network. If the attacker allows a slight DoS of the network, he may achieve deanonymization rates up to 60%, which has been confirmed by the experiments in the Bitcoin test network. We estimate the cost of the attack on the full Bitcoin network to be under 1500 EUR per month.

Here’s how it works. When you perform a transaction on the bitcoin network, your bitcoin client typically joins the network by connecting to a set of eight servers. This initial set of connections are your entry nodes, and each user gets a unique set of entry nodes.

As your wallet sends bitcoin to complete a purchase to, say,, the entry nodes forward the transaction to the rest of the bitcoin network. The researchers’ insight was that identifying a set of entry nodes meant identifying a particular bitcoin client, and by extension, a user. This means a bitcoin client’s IP address could be grouped with the transactions it makes.

An attacker would therefore have to make multiple connections to bitcoin servers on the network. Once connected, the attacker would have to listen as clients made their initial connections to servers, potentially revealing a client’s IP address.

As transactions flow through the network, they would be correlated to a client’s entry nodes. If there’s a match, then the attacker would know a transaction originated from a particular client.
Bottom line: One more reason that Bitcoin is NOT a libertarian tool that defeats government monitoring. There may be ways around this by using public cafes but this just makes Bitcoin cumbersome and not something you would want to do on a daily basis. There may be some underground reasons to occasionally use Bitcoin, but it is not going to replace the dollar as far as anonymity goes.


(ht Joris De Donder)


  1. Privacy is always a cat and mouse game. Once an exploit is discovered a countermeasure is created. For most people, these things don't matter. The simple act of having an inflation resistant currency is enough for them. For those who seek higher levels of privacy additional steps are required.

    Another key point: Most money-laundering takes place in plain sight using the current financial system. It is fairly easy to get lost in the noise.

    1. >For most people, these things don't matter.
      The masses may say they care about anonymity but most take no steps to ensure it. In fact, it has been demonstrated that users will turn over significant information about themselves for a small reward (and maybe nothing at all), plus witness the use of Facebook, Twitter, social media. In the early Internet days, there were e-mail anonymizer services that could be used (some pay, some free), they were not much used, and most no longer exist.
      But the entities that can and will put the resources into these methods are govt. and law enforcement. Even if not that successful, one will now always need to be mindful that they are potentially being snooped upon, or since the blockchain is forever, could have transaction info dug up in the future.
      So appears it is becoming off the table that Bitcoin is an anonymous method to transact.

      >The simple act of having an inflation resistant currency is enough for them.

      As for inflation, I still wish to learn what it takes to change the Bitcoin protocol, apparently some sort of consensus. I fail to see why this cannot and will not be done at some point increasing the Bitcoin amount to be released? Further, just as happens with gold, commodities, loans, govt. debt., I fail to see why there will not be Bitcoin Rehypothecation, in effect massively expanding the universe.

  2. If you want to stay anon, paste your TXID from Armory on over a VPN (and maybe TOR).

    Done and Done.

  3. The technique is interesting, but correlating data the victim broadcasts willingly is not exactly an attack. It's like saying Anonymous alcoholics is a scam because participants disclose their first name when introducing themselves.

  4. As bad as that is, this article from over the weekend is by far a bigger problem (in my opinion).

  5. More comments from the peanut gallery. I would have though that Mr. Wenzel would have given up attacking bitcoin given that it is blatantly obvious that neither bitcoin nor virtual currencies are going to disappear anytime soon. But alas, Mr. Wenzel utterly fails to grasp one essential point about software design. No implementation is perfect. There are always bugs. It only becomes more robust over times as more people try it (like said researcher) and discover bugs or issues that need to be addressed. But the lovely thing about software, is that with a bit of time, all bugs can be addressed!!! That Mr. Wenzel fails to grasp this essential point, shows how useless his opinions about bitcoin are. What he also fails to see is that in the not too distant future, it's going to get exponentially more difficult for the government to monitor activity on the level that it does now. Everything that can be decentralised is being decentralised and absolutely everything is being encrypted. And if Mr. Wenzel knew anything about mathematics, he would realise that even the government with it's credit card that will blow up in the not too distant future, cannot buy enough computing power to break essentially unbreakable mathematical algorithms!