bitcoin and anonymity
play

Bitcoin and Anonymity Anonymity Basics How to de-anonymize Bitcoin - PDF document

Mar 17, 2024 •117 likes •524 views

Cryptocurrency Technologies Bitcoin and Anonymity Bitcoin and Anonymity Anonymity Basics How to de-anonymize Bitcoin Mixing Decentralized Mixing Zerocoin and Zerocash Tor and the Silk Road Bitcoin and Anonymity

  1. Cryptocurrency Technologies Bitcoin and Anonymity Bitcoin and Anonymity • Anonymity Basics • How to de-anonymize Bitcoin • Mixing • Decentralized Mixing • Zerocoin and Zerocash • Tor and the Silk Road Bitcoin and Anonymity • Anonymity Basics • How to de-anonymize Bitcoin • Mixing • Decentralized Mixing • Zerocoin and Zerocash • Tor and the Silk Road 1

  2. Cryptocurrency Technologies Bitcoin and Anonymity Some say Bitcoin provides Anonymity Others say it doesn’t 2

  3. Cryptocurrency Technologies Bitcoin and Anonymity Let’s get the Terminology straight • Literally: anonymous = “without a name” • Recall: Bitcoin addresses are public key hashes rather than real identities • Computer scientists call this pseudonymity Anonymity in Computer Science anonymity = pseudonymity + unlinkability Different interactions of the same user with the system should not be linkable to each other. 3

  4. Cryptocurrency Technologies Bitcoin and Anonymity Pseudonymity vs. Anonymity: Examples Reddit: pick a long-term pseudonym vs. 4Chan: make posts with no attribution at all Why care about Unlinkability? 1. Many Bitcoin services require real identity. 2. Linked profiles can be de-anonymized by a variety of side channels. 4

  5. Cryptocurrency Technologies Bitcoin and Anonymity Defining Unlinkability in Bitcoin Hard to link different addresses of the same user. Hard to link different transactions of the same user. Hard to link sender of a payment to its recipient. Quantifying Anonymity Observation: Complete unlinkability (among all addresses/ transactions) is hard! Vanilla Measure for “partial” Anonymity: Anonymity Set : The crowd that one attempts to “blend” into. Q: How to calculate anonymity set? • Define adversary model. • Reason carefully about what adversary knows, does not know, and cannot know. 5

  6. Cryptocurrency Technologies Bitcoin and Anonymity Why Worry about Anonymity? Observation: Block chain based currencies are totally, publicly, and permanently traceable Without anonymity, privacy in such currencies is much worse than traditional banking! So, what about Money Laundering?! Money Laundering is a legitimate worry. So, why is not more done about it?! “Cashing-Out” Problem: bottleneck is with moving large flows into and out of Bitcoin. Not unique to Bitcoin! Improving Anonymity does not solve cashing-out problem. 6

  7. Cryptocurrency Technologies Bitcoin and Anonymity Can we keep only the good Uses? Observation: Uses that are very different morally are pretty much the same technologically. This is a common problem in computer security and privacy. Similar Dilemma: Anonymous communication Used by: network – Normal people – Journalists & activists Sender and receiver of – Law enforcement message are unlinkable – Malware – Child pornographers ? Coming to you courtesy of the U.S. Government: ? ? – U.S. State Dept. – ONR – others . . . 7

  8. Cryptocurrency Technologies Bitcoin and Anonymity Anonymous e-Cash: History Proposed by David Chaum in 1982 Crypto magic! Based on Blind Signatures : Two-party protocol to create digital signature without signer knowing what she signs. Under the Hood: Blind Signatures with RSA Recall: Blind RSA Signature: • public key (e, N) • private key (d, N) • pick random blinding factor r • N is public modulus (detail: gcd(r, N) = 1 ) • compute • plaintext m m’ = mr e (mod N) • cyphertext c • signing authority signs m’ Encryption: s’ = (m’) d (mod N) c = m e (mod N) • extract signature: Decryption/signing s = s’ * r -1 (mod N) m = c d (mod N) • why?! s = s’*r -1 = (m’) d r -1 = m d r ed r -1 = m d rr -1 = m d (mod N) 8

  9. Cryptocurrency Technologies Bitcoin and Anonymity Anonymous e-Cash via Blind Signatures User Balance Spent coins Withdraw anonymous coin … … … {317038628684424} 10 9 31703862… Deposit coin # 317038628684424 … … {317038628684424} 5 6 OK Bank cannot link the two users Anonymity & Decentralization Q: How to “de-scroogify” e-Cash? Interactive Protocols with bank are hard to decentralize. Decentralization often achieved via public traceability to enforce security – e.g., publicly post transactions to avoid double-spending. 9

  10. Cryptocurrency Technologies Bitcoin and Anonymity Bitcoin and Anonymity • Anonymity Basics • How to de-anonymize Bitcoin • Mixing • Decentralized Mixing • Zerocoin and Zerocash • Tor and the Silk Road Example: Wikileaks 10

  11. Cryptocurrency Technologies Bitcoin and Anonymity Example: Wikileaks Recall: It is easy to generate new Addresses! So, always receive at a fresh address. � It’s easy! Q: Are the transactions now unlinkable? 11

  12. Cryptocurrency Technologies Bitcoin and Anonymity Alice buys a Tea Pot 5 8 3 Single transaction 6 Observation: Shared spending is evidence joined control. Observation: Addresses can be linked transitively. Clustering of Addresses An Analysis of Anonymity in the Bitcoin System F. Reid and M. Harrigan PASSAT 2011 12

  13. Cryptocurrency Technologies Bitcoin and Anonymity Change Addresses 5 8.5 3 6 .5 Observation: One of the outputs (change) jointly controlled with the inputs. Which address is change? “Idioms of Use” Idioms of Use : Idiosyncratic features of wallet software Examples: – each address is used only once as change – bug: change is first output of transaction – etc. 13

  14. Cryptocurrency Technologies Bitcoin and Anonymity Shared Spending + Idioms of Use A Fistful of Bitcoins: Characterizing Payments Among Men with No Names S. Meiklejohn et al. IMC 2013 Tagging Service Providers: transact! A Fistful of Bitcoins: 344 transactions Characterizing • Mining pools Payments Among Men • Wallet services with No Names • Exchanges • Vendors S. Meiklejohn et al. • Gambling sites IMC 2013 14

  15. Cryptocurrency Technologies Bitcoin and Anonymity Shared Spending + Idioms of Use A Fistful of Bitcoins: Characterizing Payments Among Men with No Names S. Meiklejohn et al. IMC 2013 From Services to Users High centralization in service providers – Service providers are identifiable – Most flows pass through one of these — in a traceable way Addresses often posted in forums – Address – identity link becomes traceable 15

  16. Cryptocurrency Technologies Bitcoin and Anonymity Network-layer De-anonymization “The first node to inform you of a transaction is probably the source of it” Dan Kaminsky Black Hat 2011 talk Solution: use Tor Caveat: Tor is intended for low-latency activities such as web browsing. Mix nets might provide better anonymity BUT Tor is what’s deployed and works 16

  17. Cryptocurrency Technologies Bitcoin and Anonymity Bitcoin and Anonymity • Anonymity Basics • How to de-anonymize Bitcoin • Mixing • Decentralized Mixing • Zerocoin and Zerocash • Tor and the Silk Road To protect Anonymity, use an Intermediary 17

  18. Cryptocurrency Technologies Bitcoin and Anonymity To protect Anonymity, use an Intermediary Online wallets do this Do they provide anonymity?! Dedicated Mixing Services • Promise not to keep records • Don’t ask for your identity 18

  19. Cryptocurrency Technologies Bitcoin and Anonymity Back to Online Wallets • Reputable, often regulated, businesses • Typically require identity, keep records ➔ no anonymity w.r.t. wallet service • Users trust them with their bitcoins ➔ keep them for longer ➔ bigger anonymity set w.r.t. everyone else For the Rest of this Topic . . . . . . we assume a user for whom the trust requirements and anonymity properties of online wallets are unacceptable. 19

  20. Cryptocurrency Technologies Bitcoin and Anonymity Principles for Mixing Services 1. Use a series of mixes Mixcoin: Anonymity for Bitcoin with accountable Mixes should implement a mixes standard API to make this easy J. Bonneau et al. Financial Cryptography 2014 Series of Mixes Mix 1 Mix 2 Mix 3 20

  21. Cryptocurrency Technologies Bitcoin and Anonymity Principles for Mixing Services 2. Uniform transactions Mixcoin: Anonymity for Bitcoin with accountable In particular: all mix mixes transactions must have the same value! J. Bonneau et al. Financial Cryptography “Chunk size” 2014 Principles for Mixing Services 3. Client side must be Mixcoin: Anonymity for automated Bitcoin with accountable mixes Desktop wallet software J. Bonneau et al. Financial Cryptography 2014 21

  22. Cryptocurrency Technologies Bitcoin and Anonymity Principles for Mixing Services 4. Fees must be all-or-nothing Mixcoin: Anonymity for Bitcoin with accountable Probabilistic fees: mixes 0.1% mixing fee = mix will swallow chunk J. Bonneau et al. Financial Cryptography with 0.1% chance 2014 Current mixes follow none of these principles Currently no dedicated Mix Caution: Mixing services may themselves be operating with anonymity. As such, if the mixing output fails to be delivered or access to funds is denied there is no recourse. Use at your own discretion. — Bitcoin Wiki 22

  23. Cryptocurrency Technologies Bitcoin and Anonymity Bitcoin and Anonymity • Anonymity Basics • How to de-anonymize Bitcoin • Mixing • Decentralized Mixing • Zerocoin and Zerocash • Tor and the Silk Road Decentralized Mixing • Eliminate mixing services • Replace them with peer-to-peer mixing protocol Advantages – No bootstrapping problem – Theft impossible – Possibly better anonymity – More philosophically aligned with Bitcoin 23

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Anonymity in Bitcoin Tumbler/Mixer Oct 9, 2019 Anonymity and Pseudonymity anonymous =

Anonymity in Bitcoin Tumbler/Mixer Oct 9, 2019 Anonymity and Pseudonymity anonymous =

Anonymity in Bitcoin Tumbler/Mixer Oct 9, 2019 Anonymity and Pseudonymity anonymous = Nameless, unidentifiable pseudonymous = Fake name, still traceable Tracing Bitcoin transactions Normal redeem script: Provide public key pk and proof

438 views • 33 slides
Privacy-Enhancing Overlays in Bitcoin Sarah Meiklejohn (University College London) Claudio

Privacy-Enhancing Overlays in Bitcoin Sarah Meiklejohn (University College London) Claudio

Privacy-Enhancing Overlays in Bitcoin Sarah Meiklejohn (University College London) Claudio Orlandi (Aarhus University) 1 Anonymity in Bitcoin 2 Anonymity in Bitcoin 2 Anonymity in Bitcoin 2 Anonymity in Bitcoin 2 Anonymity in Bitcoin

1.23k views • 90 slides
Anonymity in Cryptocurrencies Foteini Baldimtsi Bitcoin Anonymity? Satoshi Nakamoto, 2008

Anonymity in Cryptocurrencies Foteini Baldimtsi Bitcoin Anonymity? Satoshi Nakamoto, 2008

Anonymity in Cryptocurrencies Foteini Baldimtsi Bitcoin Anonymity? Satoshi Nakamoto, 2008 Bitcoin is only pseudonymous Public Key Address 133GT5661q8RuSKrrv8q2Pb4RwS 146KL5461d8KuSPxvv8q2Nd6K2q Posted on the ... Blockchain Alice

821 views • 40 slides
Anonymity in the Bitcoin Peer-to-Peer Network Shaileshh Bojja Venkatakrishnan, Giulia Fanti,

Anonymity in the Bitcoin Peer-to-Peer Network Shaileshh Bojja Venkatakrishnan, Giulia Fanti,

Anonymity in the Bitcoin Peer-to-Peer Network Shaileshh Bojja Venkatakrishnan, Giulia Fanti, Pramod Viswanath Untraceable Bitcoin https://www.youtube.com/watch?v=k8LqlMzEe-I This is false. Blockchain sd93fjj2 Bitcoin Primer

284 views • 26 slides
Anonymity in the Bitcoin Peer-to-Peer Network Shaileshh Bojja Venkatakrishnan, Giulia Fanti,

Anonymity in the Bitcoin Peer-to-Peer Network Shaileshh Bojja Venkatakrishnan, Giulia Fanti,

Anonymity in the Bitcoin Peer-to-Peer Network Shaileshh Bojja Venkatakrishnan, Giulia Fanti, Andrew Miller, Pramod Viswanath Why do People Use Cryptocurrencies? Technical Properties/ Currency Stability Investment Ideology Untraceable

692 views • 58 slides
Blockchain Intelligence and Anonymity Dr. Adam Joyce Agenda Who we are Bitcoin + Financial

Blockchain Intelligence and Anonymity Dr. Adam Joyce Agenda Who we are Bitcoin + Financial

Blockchain Intelligence and Anonymity Dr. Adam Joyce Agenda Who we are Bitcoin + Financial compliance What and who are the entities? How are entities interacting? 2 Who we are Elliptic is (now) a blockchain intelligence company. We work

699 views • 36 slides
Introduc)on to Bitcoin CONTENTS What is Bitcoin Who created it? Who prints it? How does Bitcoin

Introduc)on to Bitcoin CONTENTS What is Bitcoin Who created it? Who prints it? How does Bitcoin

Introduc)on to Bitcoin CONTENTS What is Bitcoin Who created it? Who prints it? How does Bitcoin work? The characteris5cs of Bitcoin WHAT IS BITCOIN Bitcoin is a form of digital currency, created and held electronically. No one controls it.

839 views • 17 slides
Mechanics of Bitcoin Bitcoin Transactions Bitcoin Scripts Applications of Bitcoin

Mechanics of Bitcoin Bitcoin Transactions Bitcoin Scripts Applications of Bitcoin

Cryptocurrency Technologies Mechanics of Bitcoin Mechanics of Bitcoin Bitcoin Transactions Bitcoin Scripts Applications of Bitcoin Scripts Bitcoin Blocks The Bitcoin Network Limitations and Improvements Mechanics of

695 views • 33 slides
Bitcoin Anonymity Mike Fleder Mike Kester Sudeep Pillai "Voodah"

Bitcoin Anonymity Mike Fleder Mike Kester Sudeep Pillai "Voodah"

Bitcoin Anonymity Mike Fleder Mike Kester Sudeep Pillai "Voodah" "darkskypoet" 1G6EQwiAfTVyTpK4j3XZ65CvonjDGrPsQ 1QEZohXPbh4ywbzPJATjMBDnSjJsZrZtQ1 Goal & Results Attacker Goal Tie real name to

331 views • 13 slides
Bitcoin vs. Bitcoin Cash: Coexistence or Downfall of Bitcoin Cash? Yujin Kwon* , Hyoungshick Kim

Bitcoin vs. Bitcoin Cash: Coexistence or Downfall of Bitcoin Cash? Yujin Kwon* , Hyoungshick Kim

Bitcoin vs. Bitcoin Cash: Coexistence or Downfall of Bitcoin Cash? Yujin Kwon* , Hyoungshick Kim , Jinwoo Shin*, Yongdae Kim* *KAIST, Sungkyunkwan University 1 Governance conflict The number of Bitcoin transaction per month Bad scala bility

731 views • 46 slides
Measures of Anonymity/Privacy: k-Anonymity, L-Diversity,

Measures of Anonymity/Privacy: k-Anonymity, L-Diversity,

Measures of Anonymity/Privacy: k-Anonymity, L-Diversity, t-Closeness CompSci 590.03 Instructor: Ashwin Machanavajjhala Lecture 4 : 590.03 Fall 12 1

647 views • 61 slides
but quite a lot is. Coordination among users can help with anonymity. Debajyoti Das 1 Sebastian

but quite a lot is. Coordination among users can help with anonymity. Debajyoti Das 1 Sebastian

Not all is lost for anonymity but quite a lot is. Coordination among users can help with anonymity. Debajyoti Das 1 Sebastian Meiser 2 Esfandiar Mohammadi 3 Aniket Kate 1 1 Purdue University 2 Visa Research 3 ETH Zurich 1 Sender Anonymity

551 views • 44 slides
Bitcoin as a Platform We have built Bitcoin. What can we build on top of it? Commitments

Bitcoin as a Platform We have built Bitcoin. What can we build on top of it? Commitments

Cryptocurrency Technologies Bitcoin as a Platform Bitcoin as a Platform We have built Bitcoin. What can we build on top of it? Commitments Token tracking Multiparty lotteries Public randomness Prediction markets A fine stew

714 views • 38 slides
CoinShuffle anonymity in the Block chain Jan-Willem Selij July 2, 2015 Jan-Willem Selij

CoinShuffle anonymity in the Block chain Jan-Willem Selij July 2, 2015 Jan-Willem Selij

CoinShuffle anonymity in the Block chain Jan-Willem Selij July 2, 2015 Jan-Willem Selij CoinShuffle anonymity in the Block chain July 2, 2015 1 / 28 Outline Bitcoin fundamentals 1 Anonymity 2 Mixing 3 CoinShuffle 4 CoinShuffle

649 views • 28 slides
Online Anonymity Andrew Lewman andrew@torproject.org June 8, 2010 What is anonymity? Anonymity

Online Anonymity Andrew Lewman andrew@torproject.org June 8, 2010 What is anonymity? Anonymity

Online Anonymity Andrew Lewman andrew@torproject.org June 8, 2010 What is anonymity? Anonymity isnt cryptography Cryptography protects the contents in transit You still know who is talking to whom, how often, and how much data is

764 views • 54 slides
Information Propagation in the Bitcoin Network Christian Decker ETH Zurich Distributed

Information Propagation in the Bitcoin Network Christian Decker ETH Zurich Distributed

Information Propagation in the Bitcoin Network Christian Decker ETH Zurich Distributed Computing Group www.disco.ethz.ch What is Bitcoin? What is Bitcoin? + What is Bitcoin? = + Whats it worth? USD / Bitcoin exchange price 300

752 views • 48 slides
Privacy Attacks Practicum Privacy & Fairness in Data Science CS848 Fall 2019 2 Module 1:

Privacy Attacks Practicum Privacy & Fairness in Data Science CS848 Fall 2019 2 Module 1:

Privacy Attacks Practicum Privacy & Fairness in Data Science CS848 Fall 2019 2 Module 1: Intro to Privacy 1. Privacy Attacks Practicum 2. Differential Privacy 3. Basic Algorithms 4. Designing Complex Algorithms & Composition 3

677 views • 44 slides
Types la Milner Benjamin C. Pierce University of Pennsylvania April 2012 Type inference

Types la Milner Benjamin C. Pierce University of Pennsylvania April 2012 Type inference

Types are the leaven of computer programming: they make it digestible. - R. Milner Types la Milner Benjamin C. Pierce University of Pennsylvania April 2012 Type inference Abstract types Types la Milner Types for interaction

637 views • 42 slides
A Method to Compress and Anonymize Packet Traces Markus Peuhkuri 2001-11-02 Abstract Data

A Method to Compress and Anonymize Packet Traces Markus Peuhkuri 2001-11-02 Abstract Data

A Method to Compress and Anonymize Packet Traces Markus Peuhkuri 2001-11-02 Abstract Data volume and privacy issues are one of problems related to large-scale packet capture. Utilizing flow nature of

375 views • 3 slides
Prologue World Association for Medical Law 2019 Annual Congress Recently, many countries are

Prologue World Association for Medical Law 2019 Annual Congress Recently, many countries are

Prologue World Association for Medical Law 2019 Annual Congress Recently, many countries are trying to fully utilize medical records building up in hospitals and clinics. Japanese Effort to Utilize Medical Big Data: In April 2017, the Japanese

299 views • 8 slides
Detecting Hoaxes, Frauds and Deception in Writing Style Online Sadia Afroz, Michael Brennan and

Detecting Hoaxes, Frauds and Deception in Writing Style Online Sadia Afroz, Michael Brennan and

Detecting Hoaxes, Frauds and Deception in Writing Style Online Sadia Afroz, Michael Brennan and Rachel Greenstadt Privacy, Security and Automation Lab Drexel University What do we mean by deception? Let me give an example A Gay

906 views • 65 slides
Towards Constraint Logic Programming over Strings for Test Data Generation Sebastian Krings, J.

Towards Constraint Logic Programming over Strings for Test Data Generation Sebastian Krings, J.

Towards Constraint Logic Programming over Strings for Test Data Generation Sebastian Krings, J. Schmidt, P. Skowronek, J. Dunkelau, D. Ehmke Test Data vs. Privacy Software testing needs Personal data should has appropriate test data to be

212 views • 18 slides
Understanding Online Social Network Usage from a Network Perspective Fabian Schneider

Understanding Online Social Network Usage from a Network Perspective Fabian Schneider

Understanding Online Social Network Usage from a Network Perspective Fabian Schneider fabian@net.t-labs.tu-berlin.de Anja Feldmann Balachander Krishnamurthy Walter Willinger Work done while at AT&T LabsResearch

294 views • 26 slides
NASA SMD Dual-Anonymous Peer Review Virtual Community Town Hall March 3, 2020 Thomas Zurbuchen

NASA SMD Dual-Anonymous Peer Review Virtual Community Town Hall March 3, 2020 Thomas Zurbuchen

NASA SMD Dual-Anonymous Peer Review Virtual Community Town Hall March 3, 2020 Thomas Zurbuchen Michael New Daniel Evans Associate Administrator Deputy Associate Administrator for Research Program Scientist Science Mission Directorate, NASA

815 views • 44 slides

More recommend