The Bitcoin Transaction Graph: Anonymity

Similar documents
Ensimag - 4MMSR Network Security Student Seminar. Bitcoin: A peer-to-peer Electronic Cash System Satoshi Nakamoto

Computer Security. 14. Blockchain & Bitcoin. Paul Krzyzanowski. Rutgers University. Spring 2019

Introduction to Bitcoin I

Chapter 13. Digital Cash. Information Security/System Security p. 570/626

Consensus & Blockchain

Elphyrecoin (ELPH) a Private, Untraceable, ASIC-Resistant CryptoCurrency Based on CryptoNote

Biomedical Security. Some Security News 10/5/2018. Erwin M. Bakker

University of Duisburg-Essen Bismarckstr Duisburg Germany HOW BITCOIN WORKS. Matthäus Wander. June 29, 2011

Smalltalk 3/30/15. The Mathematics of Bitcoin Brian Heinold

Biomedical Security. Cipher Block Chaining and Applications

ENEE 457: E-Cash and Bitcoin

BITCOIN PROTOCOL & CONSENSUS: A HIGH LEVEL OVERVIEW

Lecture 9. Anonymity in Cryptocurrencies

Anonymity vs. Privacy

TOPPERCASH TOPPERCASH WHITEPAPER REFORM THE BEST OF BLOCKCHAIN

INTRODUCTION WHY DAPS?

CS 4770: Cryptography. CS 6750: Cryptography and Communication Security. Alina Oprea Associate Professor, CCIS Northeastern University

Bitcoin, a decentralized and trustless protocol

Darkcoin: Peer to Peer Crypto Currency with Anonymous Blockchain Transactions and an Improved Proof of Work System

CS 4770: Cryptography. CS 6750: Cryptography and Communication Security. Alina Oprea Associate Professor, CCIS Northeastern University

Hawk: The Blockchain Model of Cryptography and Privacy-Preserving Smart Contracts. Yashar Dehkan Asl

The technical notes represented on the following pages are intended to describe and officially document the concepts behind NulleX Blockchain.

SpaceMint Overcoming Bitcoin s waste of energy

ICS 421 & ICS 690. Bitcoin & Blockchain. Assoc. Prof. Lipyeow Lim Information & Computer Sciences Department University of Hawai`i at Mānoa

Analyzing Bitcoin Security. Philippe Camacho

Bitcoin. Arni Par ov. December 17, 2013

BlockFin A Fork-Tolerant, Leaderless Consensus Protocol April

Security Analysis of Bitcoin. Dibyojyoti Mukherjee Jaswant Katragadda Yashwant Gazula

Key Security Issues for implementation of Digital Currency, including ITU-T SG17 activities

What is Bitcoin? How Bitcoin Works. Outline. Outline. Bitcoin. Problems with Centralization

I. Introduction. II. Security, Coinage and Attacks

Lecture 3. Introduction to Cryptocurrencies

Anupam Datta CMU. Fall 2015

BLOCKCHAIN Blockchains and Transactions Part II A Deeper Dive

CISC859: Topics in Advanced Networks & Distributed Computing: Network & Distributed System Security. A Brief Overview of Security & Privacy Issues

Proof-of-Stake Protocol v3.0

The security and insecurity of blockchains and smart contracts

Introduc)on to Bitcoin

GNU/Linux advanced administration

DEV. Deviant Coin, Innovative Anonymity. A PoS/Masternode cr yptocurrency developed with POS proof of stake.

Anupam Datta CMU. Spring 2017

Problem: Equivocation!

Decentralized prediction game platform, powered by public

Blockchain without Bitcoin. Muralidhar Gopinath October 19, 2017 University at Albany

Blockchain (a.k.a. the slowest, most fascinating database you ll ever see)

Whitepaper Rcoin Global

P2P BitCoin: Technical details

Jan Møller Co-founder, CTO Chainalysis

On the impact of propogation delay on mining rewards in Bitcoin. Xuan Wen 1. Abstract

Blockchain. CS 240: Computing Systems and Concurrency Lecture 20. Marco Canini

Biomedical and Healthcare Applications for Blockchain. Tiffany J. Callahan Computational Bioscience Program Hunter/Kahn Labs

NIX Platform whitepaper v1.0

What is Bitcoin? Consensus technology has the power to do for economics what the internet did for information - Dan Larimer

POLAR INTERNET SHARING, A CONNECTION OF CONSTELLATIONS

BYZANTINE CONSENSUS THROUGH BITCOIN S PROOF- OF-WORK

Mobilink-Network Partial List of Partners

Version 0.7. GoldCoin Patch Announcement. What is a 51% attack. The impossible made possible

Enigma v1.0. A private, secure and untraceable transaction system for CloakCoin. 18th February 2017

Practical Byzantine Fault Tolerance Consensus and A Simple Distributed Ledger Application Hao Xu Muyun Chen Xin Li

Realization and Addressing Analysis In Blockchain Bitcoin

As a 3rd generation currency, not only are transactions secured, private and fast, you actually get paid for holding DigitalPrice coins.

Cryptocurrencies for Investigators

OpenbankIT: a banking platform for e- money management based on blockchain technology

From One to Many: Synced Hash-Based Signatures

CCP: Conflicts Check Protocol for Bitcoin Block Security 1

A Review on Blockchain Application for Decentralized Decision of Ownership of IoT Devices

Bitcoin (Part I) Ken Calvert Keeping Current Seminar 22 January Keeping Current 1

Bitcoin, Security for Cloud & Big Data

Privacy Enhancing Technologies CSE 701 Fall 2017

DAVID ANDREWS, FOUNDER RYATTA BLOCKCHAIN FOUNDATIONS

CSE 5852, Modern Cryptography: Foundations Fall Lecture 26. pk = (p,g,g x ) y. (p,g,g x ) xr + y Check g xr +y =(g x ) r.

LEOcoin Private Chat wallet FAQ V 1

Reliability, distributed consensus and blockchain COSC412

SCP: A Computationally Scalable Byzantine Consensus Protocol for Blockchains

Payment systems. Tuomas Aura CSE-C3400 Information security. Aalto University, autumn 2014

SOME OF THE PROBLEMS IN BLOCKCHAIN TODAY

What is Proof of Work?

Bitcoin Transaction Fee Estimation Using Mempool State and Linear Perceptron Machine Learning Algorithm

Technology for Bitcoin

Mobilink-Network Partial List of Partners

Blockchain for Enterprise: A Security & Privacy Perspective through Hyperledger/fabric

ILCOIN White Paper. In ILCOIN We Trust ILCOIN

Token White Paper. Global marketplace based on Block chain for small-scale business I ver P a g e

Digital Currencies: Algorithms and Protocols

Key concepts of blockchain

Introduction to Cryptocurrency Ecosystem. By Raj Thimmiah

Upgrading Bitcoin: Segregated Witness. Dr. Johnson Lau Bitcoin Core Contributor Co-author of Segregated Witness BIPs March-2016

Anonymity in Bitcoin. Presenter: Muhammad Anas Imtiaz

Distributed Ledger With Secure Data Deletion

Privacy based Public Key Infrastructure (PKI) using Smart Contract in Blockchain Technology

Matt Howard and Ajay Patel CIS 556: Cryptography University of Pennsylvania Fall DriveCoin: A Proof of Space Cryptocurrency

Bitcoin and Blockchain

A Gentle Introduction To Bitcoin Mining

ECC: Peer-to-Peer Electronic Cash with Trustless Network Services

Marker addresses: Adding identification information to Bitcoin transactions to leverage existing trust relationships

Technical Analysis of Established Blockchain Systems

Bitcoin. CS6450: Distributed Systems Lecture 20 Ryan Stutsman

EECS 498 Introduction to Distributed Systems

ETHEREUM META. Whitepaper 2018/2019. A decentralized token with privacy features. Ethereum Meta team

Blockchain Frameworks

Transcription:

The Bitcoin Transaction Graph: Anonymity Marc Santamaría Ortega Master's Degree in Security of the Information and Communication Technologies (MISTIC) Universitat Oberta de Catalunya (UOC) Supervisor: PhD Student Cristina Pérez-Solà (UAB) June 21, 2013

Introduction First digital currency that relies on cryptography Most widely used Decentralized, no need of central banks Peer-to-peer, all users are equals No inflation Prevents double-spending 2

Overview Bitcoin Description Concepts: Blockchain, Blocks and Transactions Anonymity Analysis Previous works Aggregation of addresses Suppositions Linking methods Conclusions 3

Bitcoin Description 4

Blockchain The Blockchain consists on a chain of blocks. Modifying one block means recomputing all subsequent blocks. Bitcoins are generated when creating a block. The Blockchain is public. 5

Blocks A Bitcoin block contains the last Bitcoin transactions not recorded in the blockchain. It has a reference to the previous block. It contains a solution to a difficulty mathematical problem (proof-of-work). The proof-of-work difficulty determines the generation rate of blocks. 6

Transactions Bitcoin transactions represent payments between users. Three types of transactions: to an IP address, to a Bitcoin address and generation of new Bitcoins. Transactions reference previous transactions and specify the amount transferred. Inputs present the information needed to spend bitcoins Outputs indicate the bitcoins spent and validation info. 7

Anonymity 8

Concepts Personal information from users is not required. Bitcoins are only linked with the Bitcoin address they belong and the public-private key related to an address. Users can generate all the Bitcoin addresses they want. Wallets store the link between an address and it s user. Anonymity services like proxies or TOR can be used. All transactions are public, the origin can be traced. 9

Previous works Multi-input allows to relate Bitcoin addresses together. Off-network information can be linked to addresses. Transactions with two outputs, one is the payment and the other the change. The origin of a transaction can be determined. Zerocoin is a proposed anonymity extension. 10

Analysis Bitcoin clients do not allow to select the input address/es A previous output received has to be fully spent, if not, change is produced. ewallets, mixers or laundry services are discouraged. A protocol which provides more anonymity is needed. Zerocoin seems a good option but its computation is harder, and deployment could become an issue. 11

Aggregation of addresses 12

Aggregation Suppositions will be established to determine the aggregation methods. Objective: link addresses or obtain information of users. Each method will be analyzed and results obtained from the different aggregation methods will be compared. Anonymity of users and temporal correlations will also be studied. 13

Linking of inputs - Suppositions Linking of inputs mentioned in the Bitcoin definition. Previously explored, with a shorter blockchain. All the Bitcoin addresses appearing as an input in the same transaction can be related. It is always true. 14

Linking of inputs - Study Simple in appearance but computationally difficult. 31,4% of all transactions (4520210) have several inputs. Bash script developed for doing the aggregation. Out of 6865143 inputs analyzed (34,17%), 1985379 Bitcoin addresses have been obtained, resulting in 47366 identities. Around 42 addresses per user. 15

Linking of inputs - Charts 16

Linking of inputs - Charts 17

Linking of outputs - Suppositions In most transactions with two outputs one of them will be the change. It probably is the output with more decimals in its value: Prizes are in general rounded The smallest unit from most currencies is several magnitudes bigger than a Satoshi unit The lowest units are seldom used in most currencies 18

Linking of outputs - Study Best to center in transactions with two outputs. It is also computationally difficult. 89,98% of all transactions (13061821) have two outputs. Bash script developed for doing the aggregation. Out of 451639 transactions analyzed (3,45%), 626604 Bitcoin addresses have been obtained, resulting in 45083 identities. Around 14 addresses per user. 19

Linking of outputs - Charts 20

Linking of outputs - Charts 21

Linking of IPs - Suppositions Possible to obtain IP address of a transaction. First IP broadcasting a transaction is the responsible of the transaction. Most IP addresses are not static, but several transactions close in time could be related. Using anonymizing services difficults aggregation. 22

Linking of IPs - Study DB of transactions is not useful in this case. Download daily all the transactions made from a source like Blockchain which include the IP source. Between 40000 and 69000 transactions per day, with around 4000-5000 different IPs. IPs most used in June: 5.9.24.81(230450), 127.0.0.1(174559), 85.17.239.32(32167) and 199.48.164.36(17154). Around 1% of transactions are made using TOR or proxies. 23

Comparison of aggregation methods Aggregation of inputs is the most reliable. The rest of methods are based on assumptions. The aggregation of outputs defined also includes the linking of inputs. Aggregation of inputs more efficient due to previous ordering, aggregation of outputs more stable. 24

Anonymity of users To study anonymity, first, clients using anonymizing services like TOR, proxies,... should be found. Services used by Bitcoin clients could be monitored and external information obtained. For example using crawlers for forums like Bitcointalk, pastes like Bitbin or Pastebin,... Around 5400 Bitcoin addresses were obtained, only 2245 were valid, and assigned to 1248 forum users. 25

Anonymity of users Results from the crawlers should be revised to avoid addresses from online services. List of addresses from these services to mark matches. The scripts should be executed periodically with an automatic process, to have up-to-date information. This process could be extended to other services, correlating different sources will improve the final result. 26

Temporal correlations Determine the reliability of aggregation methods of inputs and outputs comparing them overtime. Transactions grouped monthly. Three groups: all transactions, transactions with several inputs and transactions with two outputs. Results obtained presented in three charts. 27

Temporal correlations - Charts 28

Temporal correlations - Charts 29

Temporal correlations - Charts 30

Conclusions 31

Conclusions Bitcoin is secure against malicious attacks or double spending but weak against anonymity analysis. Anonymity depends mainly on users: Proxies or TOR can be used to anonymize connections Mixers or laundry services for blurring the source of a transaction Using as less inputs as possible avoids input aggregation Using more than two outputs prevents output aggregation Not posting personal information in forums Bitcoin still has several challenges to overcome 32

Questions? msantamaria@uoc.edu https://github.com/asgarath/ 33

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback