BITCOIN AND BLOCKCHAIN FUNDAMENTALS

Anonymity and Privacy

a.a. 2019-2020
 2

Agenda

1 Recap: What is Bitcoin?

2 From Bitcoin to cryptocurrencies

3 Cryptocurrencies anonymity

4 The Darkweb

6 How to deanonymize a cryptocurrency?

7 Selected Readings
 3

1. Recap: What is Bitcoin?

 4

What is Bitcoin? A Peer-to-Peer Electronic Cash System

Peer-to-peer Electronic Cash system

§ Users directly interact with § Can be expressed in a § Users attribute value to
each other with no central discrete numerical form bitcoins due to their
authority or banks; scarcity
§ Created to be used in a
§ Transactions and the digital world § Each user can freely send
issuing of bitcoins is and receive transactions
carried out collectively by § It is not related to any
the network. physical assets
 5

Bitcoin: the history behind

Ecash (1982) Hashcash (1998) Bitcoin (2009)

Digital Signature Proof of Work Blockchain

Who is the owner of the How to create scarcity in How to create a

digital asset? the digital world? decentralized ecosystem?
 6

Which problems did Bitcoin solved?

Bitcoin allowed the creation of a totally

decentralized financial ecosystem without
any intermediaries.

It enabled the creation of a :

§ Reliable;
§ Secure; and
§ Censorship-resistant ecosystem

for transferring value in the (untrusted)

digital world.
 7

The Bitcoin blockchain

Block 1 Block 2 Block 3 (pending)
Genesis Block Block 1 contains Transaction 1-2-3 Block 2 contains Transaction 4-5-6
Transaction n. 1 (Confirmed) Transaction n. 4 (Confirmed) Transac
tion n. 7
(not con
firmed)
INPUT: New Coin Generation INPUT: Transaction 1 – Block 1 Transaction
OUTPUTS: 20.0 à Alice OUTPUTS: 15.0 à Bob; 5.0 à Alice n.8 (Not co
nfirmed)

Transaction n. 9 (NOT CONFIRMED)

Transaction n. 2 Transaction n. 5
INPUT: Transaction 4 – Block 2
Transaction n. 3 Transaction n. 6 OUTPUTS: 4.0 à Carl; 1.0 à Alice

Block 1 is already confirmed Block 2 is already confirmed Block 3 has not been
and validated and it stores the and validated and it stores the confirmed yet.
information of 3 transactions. information of 3 transactions.

Transaction 1 represents the Transaction 4 represents a 15 Transaction 7 refers to a

generation of 20 new coins coins transaction from Alice to transaction recorded in the
addressed to Alice. Bob. The transaction specifies previous block (Block 2).
the input recorded in the
previous block (Block 1).
 8

A Bitcoin transaction | An example

 9

Bitcoin infrastructure
…
Final user - Software

T ra
Blockchain

Transaction Transaction Transaction Transaction Transaction Transaction Transaction nsa

ctio
n
Transaction Transaction Transaction Transaction Transaction Transaction Transaction Transa
ction
Transaction Transaction Transaction Transaction Transaction Transaction Transaction

on
Transaction Transaction Transaction Transaction Transaction Transaction Transaction Transacti

Transaction Transaction Transaction Transaction Transaction Transaction Transaction Transaction

Miner 1 Miner 2 Miner 3 Miner 4 Miner 5

Network
 10

Blockchain: three technical pillars

Public key Distributed Decentralized

Cryptography Computation Consensus

§ The encryption § The computational § Nodes continuously

scheme applied to the power is shared record information in
protocol provides high among multiple blocks on the basis of
levels of transparency systems, which may the commonly shared
and security also be in different rules established by
locations the blockchain
protocol
 11

2. From bitcoin to cryptocurrencies

 12

Cryptocurrencies | Definition
Definition

§ Cryptocurrencies are any kind of electronic money exploiting

advanced cryptography and decentralized networks in order to
work.

§ Unlike fiat money, the issuance of cryptocurrencies is not regulated

by a central entity, but by their own blockchain protocol.

§ They can be considered as the original and first-proven

application of blockchain technologies.

§ Cryptocurrencies are almost always open-source algorithms, and

12
anyone can verify the correctness of their source code and propose
improvements for their inner-workings.
 13

Cryptocurrencies | PROs and cons

PROs CONs

ü No central authorities ✗ High level of volatility

ü Open access to everyone ✗ Lack of regulation
ü Non country-specific ✗ Both anonymity and lack of
ü High level of security anonymity might turn into a
ü Censorship resistant problem
ü Immediate settlement

PRO
13
 14

Cryptocurrencies | Possible Applications

Peer-to-Peer Remittance Cross-border

Transactions Systems payments

§ A Peer-to-Peer (P2P) § A remittance is a § Cross-border

system allows transfer of money by a payment refers to
customers to foreign worker to an transactions involving
transfer funds from individual in their settlement institutions
their account to home country operating in at least
another individual's two countries.
account
14
§ Example: Bitcoin § Example: Abra § Example: Ripple
 15

Cryptocurrencies | Ecosystem
Cryptocurrencies Protocols

Exchanges

Mining providers

Wallet
 16

3. Cryptocurrencies anonymity
 17

Main privacy gaps in current cryptocurrencies

When a user makes a transaction in a blockchain – for example, to make a payment – payment
Discovering and
details must be revealed. A blockchain address contains all the transactions ever made by that user
linking addresses which can be freely analyze through a blockchain explorer.

It could be possible to associate the real identity to a specific blockchain address. To do that, it is
Discovering user
required to exploit off-network information. In particular, the main identity sources could be (i)
identities donation websites (ii) specialized forums (iii) cryptocurrencies exchanges.

This challenge comes as direct consequence of a key component of every permissionless

Discovering IP blockchain protocols: a Peer-to-Peer (P2P) network infrastructure. There are three main techniques
addresses used to discover IP address in a bitcoin-like network (i) using external information (ii) using network
data (iii) setting address cookie.

This challenge relates to obtaining access to other types of data from blockchain analysis such as
Getting transaction geolocation, data transfer, transfer amount and smart contract details. One of the most interesting
information and advanced tools that can be developed on a blockchain is the so called “smart-contract”.
 18

Cryptocurrencies | Anonimity
Anonymous Cryptocurrencies

Anonymous Wallets

Anonymous Wallet

Anonymous Exchanges

Anonymity Services

18
 19

Anonymous cryptocurrencies – Zcash | Definition

19

“Zcash is a privacy-protecting, digital currency built on strong science. With

Zcash, you control what information you share. Think of Bitcoin as an http for
money, in which case Zcash would be https, a secure transport layer”
 20

Anonymous cryptocurrencies – Zcash | Main Features

Efficient and usable
Zcash is a fast and reliable, inexpensive means to send money or digitally purchase goods
and services. It is supported by top exchanges and wallets.

Audit- and regulation-friendly

Private addresses and transactions can be disclosed by Zcash users for information
sharing, third-party audits or to comply with regulatory requirements.

Attack-resistant
Zcash is decentralized and maintained by a wide network of people and machines,
instead of a centralized entity, like a bank or government. There is no central database to be
hacked and no single point of failure. There is no authority that can shut it down or prevent
its use.
Private
Privacy is built into the core of Zcash, allowing people to send and receive Zcash without
disclosing the sender, receiver or the amount transacted. Privacy allows good people to
transact safely over digital mediums. Transparent addresses and transactions are also
available.
 21

anonymous cryptocurrencies – Zcash | How does it work?

Two possible transactions Example

Mint Transactions

A mint transaction allows a user to send regular

transactions. As for Bitcoin, the transaction are
checked using SHA256.

Pour Transactions

A pour transaction allows a user to make a

private payment (no balance, no amount, no
address). These transactions are confirmed
through zk-SNARK systems, which are zero-
knowledge proofs that are particularly short and
easy to verify.
 22

Anonymous Cryptocurrencies – Monero | Definition

22

“Monero is cash for a connected world. It’s fast, private, and secure.
With Monero, you are your own bank. You can spend safely, knowing that others
cannot see your balances or track your activity.”
 23

Anonymous cryptocurrencies – Monero | main Features

Secure
Monero is a decentralized cryptocurrency, meaning it is secure digital cash operated by a
network of users. Transactions are confirmed by distributed consensus and then
immutably recorded on the blockchain. Third-parties do not need to be trusted to keep your
Monero safe.
Private
Monero uses ring signatures, ring confidential transactions, and stealth addresses to
obfuscate the origins, amounts, and destinations of all transactions. Monero provides all the
benefits of a decentralized cryptocurrency, without any of the typical privacy concessions.

Untraceable
Sending and receiving addresses as well as transacted amounts are obfuscated by
default. Transactions on the Monero blockchain cannot be linked to a particular user or
real-world identity.

Fungible
Monero is fungible due to the nature of the currency which provides no way to link
transactions together nor trace the history of any particular XMR. 1 XMR is functionally
identical to any other 1 XMR.
 24

Anonymous cryptocurrencies – Monero | Example

43EH3omZS
UYCmJYskC
Send the Monero to that Ux2tV5oB5tL
Vrp58AeMYLr
Generate a bran new one-
specific address Fhcz2umUVQ time destination address
HiHu62nG5C
Sender S3mvcfgKHC
3fPtq6DHkEb Receiver
MjqvCAZJW5
nw9E

The transaction is recorded

Check his Monero funds
containing a “Stealth Address”

Scan the Monero blockchain

with a “secret view key”
 25

Anonymous cryptocurrencies – Monero | How?

1 2 3

Ring Signatures Stealth Addresses Ring Confidential Transactions

§ Ring Signatures are digital § A stealth address § The sender can reveal just
signatures where several prevents recipient’s funds being enough information for the
signers sign a transaction linked with their wallet. miners to confirm the transaction
§ The sender generates a one-time § The recipient gets their funds without disclosing publicly the
spend key and the recipient is through their wallets private view total amount spent. (Known as a
the only party that can detect key which scans the blockchain. “commit”).
and spend the money based on Once detected and retrieved by the § The network encrypts the
that key. wallet, a single-use private key is amount of each output and
§ No outside observer can match created corresponding with includes it in the transaction.
signers in the ring ensuring that senders public key.
transaction outputs are § The recipient can spend those
untraceable. funds using their private spend
§ A ring signature uses your account key. This occurs without the sender
keys and selected public keys or recipient wallets, nor the amount
from the blockchain to form a transacted publicly linked.
“ring” of possible signers
 26

Anonymous wallet – Samourai Bitcoin wallet | Definition

26

“We are privacy activists who have dedicated our lives to creating the software
that Silicon Valley will never build, the regulators will never allow, and the VC's will
never invest in. We build the software that Bitcoin deserves.”
 27

Anonymous wallet – Samourai Bitcoin wallet |Features

Private
§ Thwart blockchain based surveillance and censorship - it is possible to circumvent
financial surveillance with the most advanced privacy enhancing technologies on the
market.

Censorship-resistant
§ Be your own Swiss Bank – Samourai Wallet is a fully non custodial software and it
ensures consumers are always in control of their private keys. No email address, no ID
checks, and no hassle. Just install and go.

Offline
§ Take it anywhere, even offline – With this wallet a consumer could bypass data network
restrictions with offline sending. It is possible to roll offline storage wallets with any spare
mobile phone.
 28

Anonymous wallet – Samourai Bitcoin Wallet | How?

Samourai Anonimity Tools Bitcoin Address Clustering

• STONEWALL creates special transactions It is a process that attempts to de-anonymize

that provide strong statistical doubt as to the bitcoin users via discovering all addresses
link between sender and recipient. generated by a single user, via means of
analysis of information derived from the
• OXT Analysis Platform to allow you to blockchain (1). Main techniques used:
review the estimated impact on your privacy § Multi-input Heuristic : This heuristic uses
before you even send your transaction.

• PayNym to allow users to use BIP47

VS the fact that wallets are usually solely
responsible for creating transactions
§ Shadow Heuristic: This heuristic exploits
Reusable Payment Addresses – not sharing how most wallets handle change
§ Consumer Heuristic: This cluster analysis
• Ricochet tool to (eventually) add extra hops
focus on consumer wallets (characterised by
of history to every transaction.
allowing bitcoin to a single address)
§ Optimal Change Heuristic: This heuristic is
based on the assumption that wallet
software does not spend unnecessary
outputs
 29

Anonymous Exchange – BISQ | Definition

29

“Bisq’s mission is to provide a secure, private and censorship-resistant way of

exchanging bitcoin for national currencies and other cryptocurrencies over the
internet.”
 30

Anonymous Exchange – BISQ | Main features

Secure

§ Bisq is entirely non-custodial; users stay in control of fiat and cryptocurrency funds.
§ Trades include security deposits from buyer and seller to prevent fraud.
§ Trading funds and security deposits are locked in a 2-of-3 multisig escrow.

Private
§ Every Bisq application is a Tor hidden service
§ Using Bisq requires no registration or centralized identity verification
§ Bisq has no central servers or databases to record data
§ Data is encrypted such that trade details are readable only by counterparties

Censorship-resistant

§ Bisq’s network is a fully distributed P2P network, and thus difficult to shut down
§ Bisq’s network is built on top of Tor, and thus inherits Tor’s own censorship resistance
§ Bisq is code, not a company; it is not incorporated, and it cannot be disincorporated
 31

Anonymous Exchange – BISQ | How does it work?

Download
and Run it
 32

Anonymous Exchange – BISQ | How does it work?

1 2

Download Bank
and Run it transfer
 33

Anonymous Exchange – BISQ | How does it work?

1 2 3

Download Bank Browse

and Run it transfer offers
 34

Anonymous Exchange – BISQ | How does it work?

1 2 3 4

Download Bank Browse Take an

and Run it transfer offers offer
 35

Anonymous Exchange – BISQ | How does it work?

1 2 3 4 5

Download Bank Browse Take an Send USD

and Run it transfer offers offer to receiver
 36

Anonymous Exchange – BISQ | How does it work?

1 2 3 4 5 6

Download Bank Browse Take an Send USD Receive

and Run it transfer offers offer to receiver the Bitcoin
 37

Anonimity services – mixers | Bestmixer

37

“BestMixer.io defends against blockchain analyses by sending coins to your wallet

which are composed of incredibly small bits of coins from different sources, thus
scrambling your coins' origins forever and giving you the absolute anonymity and
freedom you deserve.”
 38

Anonimity services – Mixers | Bestmixer – How does it work?

Costumers Reserve Costumers

A A

B B

C C

When a customer send coins to BestMixer.io, they are entered into a pool of coins along with those of other depositors. A mixing
engine then tumbles the received coins along with the others in the pool. The coins customers will receive as a result are made
up of bits from many different sources, thereby scrambling their origins and making them untraceable
 39

Anonimity services – Mixers | Bestmixer – How does it work?

Chose a
cryptocurrency
 40

Anonimity services – Mixers | Bestmixer – How does it work?

1 2

Chose a Specify address

cryptocurrency and strength
 41

Anonimity services – Mixers | Bestmixer – How does it work?

1 2 3

Chose a Specify address Receive mixed

cryptocurrency and strength coins
 42

Anonimity services – Coinjoin | Darkwallet

“Darkwallet is a bitcoin wallet designed to make bitcoin use completely private.”

 43

Anonimity services – Coinjoin |How does it work?

2BTC

One single tx of 3BTC

1BTC

1 2 3
§ Silk Road will receive 1
§ Bob is buying weed on § Dark Wallet will combine
BTC from an anonymous
Silk Road for 2 BTC their transactions so that
address
§ Alice is buying Alpaca the blockchain records
§ Grass Hill Alpacas will
socks on Grass Hill only a single movement
receive 1 BTC from an
Alpacas for 1 BTC of funds
anonymous address
 44

4. The Darkweb
 45

The web taxonomy: surface web, deep web and dark web

Google
The Surface Web is anything that can
Surface
Wikipedia 4% be indexed by a typical search engine
Web like Google, Bing or Yahoo.
Yahoo

Legal
Documents
The Deep Web is anything that a
Financial Deep search engine can’t find such as legal
Records 90% Web documents, financial records, private
information.
Government
Resources
45
Drug
Trafficking
The Dark Web is classified as a small
Gun Dark portion of the Deep Web that has been
Merchants 6% Web intentionally hidden and is inaccessible
through standard web browsers.
Child-
pornography
 46

How to surf on the dark web?

1. Download and
Run a VPN
 47

How to surf on the dark web?

1. Download and Download and

Run a VPN Run TOR
 48

How to surf on the dark web?

1. Download and Download and Find a .onion

Run a VPN Run TOR addresses finder
 49

Why do we need to use Tor?

 50

Major services offered

50
 51

How is Bitcoin used in the darkweb? The escrow service

Buyer Marketplace Seller

1
§ Alice wants to buy a
good from Bob through
Silk Road
§ Alice needs to deposit
his bitcoin
51 in the Silk
Road “hot wallet. These
funds are held in
“escrow” by the
marketplace
 52

How is Bitcoin used in the darkweb? The escrow service

Buyer Marketplace Seller

1 2
§ The escrow system also
§ Alice wants to buy a
assists marketplace
good from Bob through
administrators in
Silk Road
mediating disputes
§ Alice needs to deposit
between buyers and
his bitcoin
52 in the Silk
sellers and minimizing
Road “hot wallet. These
scams in which money is
funds are held in
collected without the
“escrow” by the
intention of ever shipping
marketplace
any goods
 53

How is Bitcoin used in the darkweb? The escrow service

Buyer Marketplace Seller

Ok!

1 2 3
§ The escrow system also
§ Alice wants to buy a
assists marketplace § Funds are released when
good from Bob through
administrators in the vendor indicates the
Silk Road
mediating disputes goods have been sent. In
§ Alice needs to deposit
between buyers and some marketplaces, the
his bitcoin
53 in the Silk
sellers and minimizing funds are held until the
Road “hot wallet. These
scams in which money is buyer indicates that the
funds are held in
collected without the goods have been
“escrow” by the
intention of ever shipping received.
marketplace
any goods
 54

Bitcoin and the Darkweb – A perfect couple

+ =
An anonymous way of An anonymous, digital An anonymous way of
hosting and accessing method of payment purchasing illegal goods
illegal marketplaces

This issue is solved This problem is solved The combination of TOR for
through the use of The with a ”smart” use of covert communications and
Onion Router (TOR), cryptocurrencies. Bitcoin for covert payments
originally developed by the Bitcoin did for darkweb has led to the proliferation
US Navy. By routing the marketplaces what PayPal of darknet marketplaces.
message through several did for EBay—provide a
nodes, the TOR network reliable, scalable, and
obfuscates the path (and convenient payment
hence the IP address) of a mechanism.
message sent between two
clients.
 55

The role of Bitcoin in the darkweb – some facts

46% 49% 27mln 37mln $76bn

Bitcoin Bitcoin holdings Bitcoin market Total transactions Total value of

transactions associated with participants that conducted per illegal Bitcoin
associated with illegal activity use bitcoin year by illicit transactions
illegal
55 activity primarily for bitcoin users
illegal purposes
 56

How does the illegal activity vary through time?

100%

80%

60%

40%

20%

0%

2009 2011 2013 2015 2017

 57

How does the illegal activity vary through time?

100% Rise of many marketplace Market Explosion

80%

60%

40%

20%

0%

2009 2011 2013 2015 2017

 58

Darknet sites accepting bitcoin, current and past

Market Launch date End date Closure reason Days operational
Dream November 15, 2013 Operational >1,207
Outlaw December 29, 2013 May 16, 2017 Hacked 1234
Silk Road 1 January 31, 2011 October 2, 2013 Raided 975
Black Market Reloaded June 30, 2011 December 2, 2013 Hacked 886
AlphaBay December 22, 2014 July 4, 2017 Raided 925
Tochka January 30, 2015 Operational >766
Crypto Market / Diabolus February 14, 2015 Operational >751
Real Deal April 9, 2015 Operational >697
Darknet Heroes May 27, 2015 Operational >649
Agora December 3, 2013 September 6, 2015 Voluntary 642
Nucleus October 24, 2014 April 13, 2016 Scam 537
Middle Earth June 22, 2014 November 4, 2015 Scam 500
BlackBank February 5, 2014 May 18, 2015 Scam 467
Evolution January 14, 2014 March 14, 2015 Scam 424
Silk Road Reloaded January 13, 2015 February 27, 2016 Unknown 410
Anarchia May 7, 2015 May 9, 2016 Unknown 368
Silk Road 2 November 6, 2013 November 5, 2014 Raided 364
The Marketplace November 28, 2013 November 9, 2014 Voluntary 346
Blue Sky Market December 3, 2013 November 5, 2014 Raided 337
Abraxas December 13, 2014 November 5, 2015 Scam 327
Pandora October 21, 2013 August 19, 2014 Scam 302
BuyItNow April 30, 2013 February 17, 2014 Voluntary 293
TorBazaar January 26, 2014 November 5, 2014 Raided 283
Sheep February 28, 2013 November 29, 2013 Scam 274
Cloud-Nine February 11, 2014 November 5, 2014 Raided 267
Pirate Market November 29, 2013 August 15, 2014 Scam 259
East India Company April 28, 2015 January 1, 2016 Scam 248
Mr Nice Guy 2 February 21, 2015 October 14, 2015 Scam 235
Andromeda April 5, 2014 November 18, 2014 Scam 227
Topix 2 March 25, 2014 November 5, 2014 Voluntary 225
 59

What are the characteristics of illegal users?

For an illegal user that buys/sells illegal goods and services using bitcoin,
holding a large balance is costly due to (i) opportunity costs of capital,
Transacts more and (ii) risks associated with having holdings seized by authorities.
frequently

An illegal user predominantly uses bitcoin to buy and sell goods and
services, whereas some legal users also use bitcoin for investment (as a
Does smaller store of value) and speculation
sized transaction

Illegal users tend to have more counterparties in total, reflecting their

larger number of transactions, but tend to have a higher counterparty
concentration. This suggests that illegal users are more likely to
Has more repeatedly transact with a given counterparty.
counterparties
 60

5. HOW TO DEANONIMIZE A CRYPTOCURRENCY?

 61

Operation Onymous – December 2014

1.2 Million 27 websites

seized closed

§ $1,000,000 § Number of
in Bitcoin websites
§ $180,000 in operating in TOR
cash, gold, which have been
silver and closed (among
drugs which Silk Road,
Agora and
Evolution)
 62

How?
 63

Main required tools

Blockchain Explorer Wallet Explorer IP/Domain Explorer

§ Explore the Bitcoin blockchain § Search addresses, transactions § Analyse nearly every active
§ Check bitcoin addresses and and wallet ID domain and IP address on the
investigate if they have been § Investigate if a specific transaction Internet.
reported as scam. and/or wallet is linked with a public § Learn how this data can inform risk
§ View, monitor and search bitcoin exchange assessments, help profile
ownership and wallet balance by § Determine the entire addresses attackers, guide online fraud
name, bitcoin address, email linked with a specific wallet investigations, and map cyber
address, url or keyword. activity to attacker infrastructure.
§ Check a BTC address to find
connected websites or owner
profiles.

Link: https://bitcoinwhoswho.com Link: https://www.walletexplorer.com Link: https://www.domaintools.com

 64

Real case studies – Malicious addresses

§ Bitcoin Address: 18YDAf11psBJSavARQCwysE7E89zSEMfGG

§ Bitcoin Address: 15K9Zj1AU2hjT3ebZMtWqDsMv3fFxTNwpf

§ Bitcoin Address: 1GR7rJfntdcbfhKT1s33RDby4z5ex1ou4

§ Bitcoin Address: 12sRjvqFo8MeZVc2UE9C8JQxKqsASRN9G5

 65

6. Further readings
 66

Selected readings
§ Jonas David Nick, Data-Driven De-Anonymization in Bitcoin, 2015
https://www.research-collection.ethz.ch/bitstream/handle/20.500.11850/155286/eth-48205-
01.pdf?sequence=1&isAllowed=y

§ Sean Foley, Jonathan R. Karlsen, Talis J. Punins, Sex, Drugs, and Bitcoin: How Much Illegal Activity
Is Financed Through Cryptocurrencies?, 2018
https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3102645

§ Malte Moser et al., An Empirical Analysis of Traceability in the Monero Blockchain, 2017
https://arxiv.org/pdf/1704.04299/

§ Elli Andoulaki et al., Evaluating User Privacy in Bitcoin, 2013

https://link.springer.com/chapter/10.1007/978-3-642-39884-1_4

§ Martin Harrigan, Christoph Fretter, The Unreasonable Effectiveness of Address Clustering, 2016
https://ieeexplore.ieee.org/abstract/document/7816867
 67

“
The supreme art of war
is to subdue the enemy
without fighting.
”
Sun Tzu – The Art of War

67
 68

ip tools

68