Researchers present method to ‘deanonymize’ Bitcoin users

Bitcoin is designed to ensure that transactions remain anonymous, but now three researchers with the University of Luxembourg have generated a method to expose users that has the potential to work more than half of the time.

In the paper, “Deanonymisation of Clients in Bitcoin P2P Network,” Alex Biryukov, Dmitry Khovratovich, and Ivan Pustogarov explain how they created a fairly inexpensive technique – 1,500 Euros, or nearly $1,850 – that has an estimated success rate that falls between 11 percent and 60 percent.

The idea is to link Bitcoin user pseudonyms, or public keys, to the IP addresses where transactions are generated.

“Our techniques work for the most common and the most challenging scenario when users are behind NATs or firewalls of their ISPs,” the researchers wrote in the paper, going on to add, “We also show that a natural countermeasure of using Tor or other anonymity services can be cut-off by abusing anti-DoS countermeasures of the Bitcoin network. Our attacks require only a few machines and have been experimentally verified.”

According to the paper, deanonymization involves a four-step process: getting the regularly refreshed list of servers, composing a list of Bitcoin clients for deanonymization, learning the entry nodes of the clients when they connect to the network, and listening to the servers and mapping transactions to entry nodes and then to clients.

“The success rate of the attack presented above depends on a number of parameters, among which the most important is the fraction of attacker's connections among all the connections of client's entry nodes,” the research paper indicates. “The fewer the number of connections of entry nodes are, the more connections the attacker can establish and the higher chance is to deanonymise the client.”

The researchers suggest preventing Tor blacklisting and blurring the connectivity fingerprint as possible countermeasures to deanonymization.

Recently, the cryptocurrency – one Bitcoin was worth about $380 on Wednesday – has become a target in other ways. The Bitcoin Foundation announced on Monday that attackers have been cloning and spoofing its website in order to steal Bitcoins from users.  

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.