research-article

Deanonymisation of Clients in Bitcoin P2P Network

Authors:

Alex Biryukov,

Dmitry Khovratovich,

Ivan PustogarovAuthors Info & Claims

CCS '14: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security

Pages 15 - 29

https://doi.org/10.1145/2660267.2660379

Published: 03 November 2014 Publication History

Get Access

Abstract

Bitcoin is a digital currency which relies on a distributed set of miners to mint coins and on a peer-to-peer network to broadcast transactions. The identities of Bitcoin users are hidden behind pseudonyms (public keys) which are recommended to be changed frequently in order to increase transaction unlinkability.

We present an efficient method to deanonymize Bitcoin users, which allows to link user pseudonyms to the IP addresses where the transactions are generated. Our techniques work for the most common and the most challenging scenario when users are behind NATs or firewalls of their ISPs. They allow to link transactions of a user behind a NAT and to distinguish connections and transactions of different users behind the same NAT. We also show that a natural countermeasure of using Tor or other anonymity services can be cut-off by abusing anti-DoS countermeasures of the Bitcoin network. Our attacks require only a few machines and have been experimentally verified. The estimated success rate is between 11% and 60% depending on how stealthy an attacker wants to be. We propose several countermeasures to mitigate these new attacks.

References

[1]

Best VPN's using Bitcoin. https://bitcointalk.org?topic=247212.0, 2014.

Google Scholar

[2]

Bitcoin code project, v.0.8.6. https://github.com/bitcoin/bitcoin, 2014.

Google Scholar

[3]

Bitcoin Wiki. https://en.bitcoin.it/wiki/, 2014.

Google Scholar

[4]

Bitnodes. https://github.com/ayeowch/bitnodes, 2014.

Google Scholar

[5]

BlockChain.info. https://blockchain.info/charts, 2014.

Google Scholar

[6]

D. Chaum, A. Fiat, and M. Naor. Untraceable electronic cash. In Proceedings on Advances in Cryptology (CRYPTO'88). Springer, 1988.

Digital Library

Google Scholar

[7]

R. Dingledine, N. Mathewson, and P. F. Syverson. Tor: The second-generation onion router. In Usenix Security Symposium (USENIX'04), 2004.

Digital Library

Google Scholar

[8]

C. M. Grinstead and J. L. Snell. Introduction to Probability. American Mathematical Society, 1997.

Google Scholar

[9]

P. Koshy, D. Koshy, and P. McDaniel. An analysis of anonymity in bitcoin using P2P network traffic. In Proceedings of Financial Cryptography and Data Security (FC'14). Springer, 2014.

Crossref

Google Scholar

[10]

S. Lerner. New vulnerability: know your peer public addresses in 14 minutes. https://bitcointalk.org/?topic=135856, 2014.

Google Scholar

[11]

S. Meiklejohn, M. Pomarole, G. Jordan, K. Levchenko, D. McCoy, G. M. Voelker, and S. Savage. A fistful of bitcoins: Characterizing payments among men with no names. In Proceedings of Conference on Internet Measurement Conference (IMC'13). ACM, 2013.

Digital Library

Google Scholar

[12]

S. Nakamoto. Bitcoin: A peer-to-peer electronic cash system. 2009. http://www.bitcoin.org/bitcoin.pdf.

Google Scholar

[13]

OnionCat An Anonymous VPN-Adapter. https://www.onioncat.org/about-onioncat/, 2014.

Google Scholar

[14]

F. Reid and M. Harrigan. An analysis of anonymity in the bitcoin system. In Security and Privacy in Social Networks. Springer, 2013.

Crossref

Google Scholar

[15]

D. Ron and A. Shamir. Quantitative analysis of the full bitcoin transaction graph. In Financial Cryptography and Data Security (FC'13). Springer, 2013.

Google Scholar

Cited By

View all

Luo XXue KXu ZAi MHong JZhang XSun QLu J(2025)EtherCloak: Enabling Multi-Level and Customized Privacy on Account-Model BlockchainsIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2024.341861722:1(771-786)Online publication date: Jan-2025
https://doi.org/10.1109/TDSC.2024.3418617
Hou RYu HSun Y(2025)Selfied: Sybil defense in permissionless blockchains via in-protocol bandwidth consumptionComputer Networks10.1016/j.comnet.2024.110890256(110890)Online publication date: Jan-2025
https://doi.org/10.1016/j.comnet.2024.110890
Zhao ZWang JYang MWang H(2025)An Efficient Bitcoin Network Topology Discovery Algorithm for Dynamic DisplayBlockchain: Research and Applications10.1016/j.bcra.2024.100260(100260)Online publication date: Jan-2025
https://doi.org/10.1016/j.bcra.2024.100260
Show More Cited By

Index Terms

Deanonymisation of Clients in Bitcoin P2P Network
1. Applied computing
  1. Electronic commerce
    1. Digital cash
2. Security and privacy
  1. Network security

Recommendations

Bitcoin over Tor isn't a Good Idea
SP '15: Proceedings of the 2015 IEEE Symposium on Security and Privacy

Bit coin is a decentralized P2P digital currency in which coins are generated by a distributed set of miners and transactions are broadcasted via a peer-to-peer network. While Bit coin provides some level of anonymity (or rather pseudonymity) by ...
Traversing Bitcoin's P2P network: insights into the structure of a decentralised currency

Lots of existing work addresses the analysis of Bitcoin's publicly available transaction graph. There are evaluations of the user's anonymity and privacy, but no proper measurements of the underlying network. This paper presents novel insights about ...
A potential HTTP-based application-level attack against Tor

Tor has become one of the most popular overlay networks for anonymizing TCP traffic, however, the anonymity of Tor clients is threatened by various attacks exploiting traffic analysis or Tor's design features. Although considerable effort has been made ...

Reviews

Reviewer: Subhankar Ray

Detailed descriptions of some parts of the bitcoin code that are not documented well are contained in this paper. Those trying to understand how the bitcoin code works should read this paper to start their journey. However, I am concerned about the knowledge and "hacking" techniques described in the paper for deanonymization of clients. Because core developers are changing the code regularly and can make this paper obsolete quickly, even elegant stochastic processes to measure different limits and bounds may produce different results as the code base is changing. At the same time, I understand that the authors' goal is to make this paper obsolete as quickly as possible for the safety and security of bitcoin. This is a novel approach to deanonymize clients while they are behind firewalls or network address translation (NAT). This technique will be useful in other networks and applications. The attack also needs a limited amount of resources, and will also work if "bitcoin encrypts the connection." The techniques and probing used in this paper relate to the usage of the GETADDR, ADDR, and INVENTORY messages and that of the time stamps by the bitcoin protocol. The deanonymization process described in the paper has four steps. In step 1, it gets the list of bitcoin servers. In step 2, it composes the nodes it wants to deanonymize. In step 3, it maps clients to their entry nodes using some knowledge about the topology of the network. In step 4, transactions are mapped to entry nodes running in parallel to steps 1 to 3. This paper also describes "how to decrease block mining difficulty by creating an alternative blockchain." The attack described in the paper prohibits bitcoin servers from accepting connections via Tor or other similar services (section 3). This is not very practical, and parties looking to stay anonymous may stop using the system until they have access to such a service. Interestingly, once such a service is available, the proposed attack may not be able to deanonymize clients who are not using Tor or other similar services. Nevertheless, this paper is a good contribution toward making the bitcoin network more secure. Online Computing Reviews Service

Access critical reviews of Computing literature here

Become a reviewer for Computing Reviews.

Comments

Information & Contributors

Information

Published In

CCS '14: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security

November 2014

1592 pages

ISBN:9781450329576

DOI:10.1145/2660267

General Chair:
Gail-Joon Ahn
Arizona State University, USA
,
Program Chairs:
Moti Yung
Google -- Columbia University, USA
,
Ninghui Li
Purdue University, USA

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 03 November 2014

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CCS'14

Sponsor:

SIGSAC

CCS'14: 2014 ACM SIGSAC Conference on Computer and Communications Security

November 3 - 7, 2014

Arizona, Scottsdale, USA

Acceptance Rates

CCS '14 Paper Acceptance Rate 114 of 585 submissions, 19%;

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

380
Total Citations
View Citations
3,238
Total Downloads

Downloads (Last 12 months)140
Downloads (Last 6 weeks)18

Reflects downloads up to 16 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Luo XXue KXu ZAi MHong JZhang XSun QLu J(2025)EtherCloak: Enabling Multi-Level and Customized Privacy on Account-Model BlockchainsIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2024.341861722:1(771-786)Online publication date: Jan-2025
https://doi.org/10.1109/TDSC.2024.3418617
Hou RYu HSun Y(2025)Selfied: Sybil defense in permissionless blockchains via in-protocol bandwidth consumptionComputer Networks10.1016/j.comnet.2024.110890256(110890)Online publication date: Jan-2025
https://doi.org/10.1016/j.comnet.2024.110890
Zhao ZWang JYang MWang H(2025)An Efficient Bitcoin Network Topology Discovery Algorithm for Dynamic DisplayBlockchain: Research and Applications10.1016/j.bcra.2024.100260(100260)Online publication date: Jan-2025
https://doi.org/10.1016/j.bcra.2024.100260
Naganna KH. N(2024)Block Chain in Finance Crisis of a Country Engaged in WarInnovations in Blockchain-Powered Intelligence and Cognitive Internet of Things (CIoT)10.4018/979-8-3693-2157-7.ch009(279-300)Online publication date: 29-Nov-2024
https://doi.org/10.4018/979-8-3693-2157-7.ch009
Liang WLiu YYang CXie SLi KSusilo W(2024)On Identity, Transaction, and Smart Contract Privacy on Permissioned and Permissionless Blockchain: A Comprehensive SurveyACM Computing Surveys10.1145/367616456:12(1-35)Online publication date: 29-Jun-2024
https://dl.acm.org/doi/10.1145/3676164
Zou YFan WMa Z(2024)Unveiling Vulnerabilities in Bitcoin's Misbehavior-Score Mechanism: Attack and DefenseProceedings of the 19th International Conference on Availability, Reliability and Security10.1145/3664476.3664509(1-12)Online publication date: 30-Jul-2024
https://dl.acm.org/doi/10.1145/3664476.3664509
Shi RGe YLan LPeng ZLin SLi LChua TNgo CKumar RLauw HKa-Wei Lee R(2024)Deanonymizing Transactions Originating from Monero Tor Hidden Service NodesCompanion Proceedings of the ACM Web Conference 202410.1145/3589335.3651487(678-681)Online publication date: 13-May-2024
https://dl.acm.org/doi/10.1145/3589335.3651487
Wang HYang ZLi MZhang XHu YHu D(2024)CoSIS: A Secure, Scalability, Decentralized Blockchain via Complexity TheoryIEEE Transactions on Network and Service Management10.1109/TNSM.2024.344957521:6(6204-6217)Online publication date: Dec-2024
https://doi.org/10.1109/TNSM.2024.3449575
Tong FZhou YWang KCheng GNiu JHe S(2024)A Privacy-Preserving Incentive Mechanism for Mobile Crowdsensing Based on BlockchainIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2024.336865521:6(5071-5085)Online publication date: Nov-2024
https://doi.org/10.1109/TDSC.2024.3368655
Lian BCui JChen HZhao XWang FChen KMa M(2024)Trusted Location Sharing on Enhanced Privacy-Protection IoT Without Trusted CenterIEEE Internet of Things Journal10.1109/JIOT.2023.333633711:7(12331-12345)Online publication date: 1-Apr-2024
https://doi.org/10.1109/JIOT.2023.3336337
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

Bitcoin over Tor isn't a Good Idea

Traversing Bitcoin's P2P network: insights into the structure of a decentralised currency

A potential HTTP-based application-level attack against Tor

Reviews

Access critical reviews of Computing literature here