Slashdot Mirror

← Back to Stories (view on slashdot.org)

Bitcoin Is Not Anonymous After All

Posted by samzenpus on from the pulling-back-the-curtain dept.

Taco Cowboy points out a new study that shows it is possible to figure out the IP address of someone who pays for transactions anonymously online using bitcoins. "The Bitcoin system is not managed by a central authority, but relies on a peer-to-peer network on the Internet. Anyone can join the network as a user or provide computing capacity to process the transactions. In the network, the user's identity is hidden behind a cryptographic pseudonym, which can be changed as often as is wanted. Transactions are signed with this pseudonym and broadcast to the public network to verify their authenticity and attribute the Bitcoins to the new owner. In their new study, researchers at the Laboratory of Algorithmics, Cryptology and Security of the University of Luxembourg have shown that Bitcoin does not protect user's IP address and that it can be linked to the user's transactions in real-time. To find this out, a hacker would need only a few computers and about €1500 per month for server and traffic costs. Moreover, the popular anonymization network "Tor" can do little to guarantee Bitcoin user's anonymity, since it can be blocked easily."

2 of 115 comments (clear)

  1. Every single transaction is broadcast to the world by Michael+Woodhams · · Score: 2, Informative

    And you can absolutely guarantee that the three letter agencies remember every one of them. They can look at who you've made transactions with and usually get a very good idea just from that who you are. I imagine they get more from fronts and hacked/infiltrated organizations. If they need more and you've ever transacted with a commercial entity within their jurisdiction, you are a National Security Letter or local equivalent away from being identified.

    This IP address thing is like discovering that the back door is unlocked and open when the front door is secured by a piece of string.

    --
    Quattuor res in hoc mundo sanctae sunt: libri, liberi, libertas et liberalitas.
  2. Re:The article is wrong. by TubeSteak · · Score: 5, Informative

    The IP you can trace a transaction back to is only the IP of the person that told you about the transaction.

    Try reading the paper.

    The crucial idea is that each client can be uniquely identied by a set of nodes he connects to (entry nodes). We show that this set can be learned at the time of connection and then used to identify the origin of a transaction.

    The crucial
    idea of our attack is to identify each client by an octet of
    outgoing connections it establishes. This octet of Bitcoin
    peers (entry nodes) serves as a unique identier of a client
    for the whole duration of a user session and will dierenti-
    ate even those users who share the same NAT IP address.
    We showed that most of these connections can be learned if
    the attacker maintains connections to a majority of Bitcoin
    servers. Then we show that the transaction propagation
    rules imply that the entry nodes will be among the rst
    that report the transaction to the attacker. As soon as the
    attacker receives the transaction from just 2-3 entry nodes
    he can with very high probability link the transaction to a
    specic client. Moreover a sequence of successfully mapped
    transactions can help the attacker to track dynamic changes
    in the entry node set, to keep the client identier fresh. The
    cost of the deanonymisation attack on the full Bitcoin net-
    work is under 1500 EUR.

    /all spelling mistakes are in the original text

    --
    [Fuck Beta]
    o0t!