Virtual money and userís identity
Bitcoin is the new money: minted and exchanged on the Internet. Faster and cheaper than a bank, the service is attracting attention from all over the world. But a big question remains: are the transactions really anonymous?
Several research groups worldwide have shown that it is possible to find out which transactions belong together, even if the client uses different pseudonyms. However it was not clear if it is also possible to reveal the IP address behind each transaction. This has changed: researchers at the University of Luxembourg have now demonstrated how this is feasible with only a few computers and about Ä1,500.
ďItís hard to predict the future, but some people think that Bitcoin could do to finance what the Internet did to communicationsĒ, says Prof. Alex Biryukov, who leads digital currency research at the University. ďSo I think especially for Luxembourg it is important to watch what happens with BitcoinĒ.
The Bitcoin system is not managed by a central authority, but relies on a peer-to-peer network on the Internet. Anyone can join the network as a user or provide computing capacity to process the transactions. In the network, the userís identity is hidden behind a cryptographic pseudonym, which can be changed as often as is wanted. Transactions are signed with this pseudonym and broadcast to the public network to verify their authenticity and attribute the Bitcoins to the new owner.††††
In their new study, researchers at the Laboratory of Algorithmics, Cryptology and Security of the University of Luxembourg have shown that Bitcoin does not protect userís IP address and that it can be linked to the userís transactions in real-time. To find this out, a hacker would need only a few computers and about Ä1,500 per month for server and traffic costs. Moreover, the popular anonymization network ďTorĒ can do little to guarantee Bitcoin userís anonymity, since it can be blocked easily.
The basic idea behind these findings is that Bitcoin entry nodes, to which the userís computer connects in order to make a transaction, form a unique identifier for the duration of userís session. This unique pattern can be linked to a userís IP address. Moreover, transactions made during one session, even those made via unrelated pseudonyms, can be linked together. With this method, hackers can reveal up to 60% of the IP addresses behind the transactions made over the Bitcoin network.
ďThis Bitcoin network analysis combined with previous research on transaction flows shows that the level of anonymity in the Bitcoin network is quite lowĒ, explains Alex Biryukov. In the paper recently presented at the ACM Conference on Computer and Communications Security, the team also described how to prevent such an attack on userís privacy. Software patches written by the researchers are currently under discussion with the Bitcoin core developers.
- - -
This publication is available on ORBi lu : Deanonymisation of clients in Bitcoin P2P network.
This news content was configured by WebWire editorial staff. Linking is permitted.
News Release Distribution and Press Release Distribution Services Provided by WebWire.