Privacy in Bitcoin On the Effectiveness of Clustering Jonas Nick - - PowerPoint PPT Presentation

privacy in bitcoin
SMART_READER_LITE
LIVE PREVIEW

Privacy in Bitcoin On the Effectiveness of Clustering Jonas Nick - - PowerPoint PPT Presentation

Mar 11, 2024 237 likes •1.22k views

Bitcoin Clustering P2P wallet leak Analysis Conclusion Privacy in Bitcoin On the Effectiveness of Clustering Jonas Nick March 15, 2016 Privacy in Bitcoin Jonas Nick 1/34 Bitcoin Clustering P2P wallet leak Analysis Conclusion Privacy

slide-1
SLIDE 1

Bitcoin Clustering P2P wallet leak Analysis Conclusion

Privacy in Bitcoin

On the Effectiveness of Clustering Jonas Nick March 15, 2016

Privacy in Bitcoin Jonas Nick 1/34

slide-2
SLIDE 2

Bitcoin Clustering P2P wallet leak Analysis Conclusion

Privacy

Privacy in Bitcoin Jonas Nick 2/34

slide-3
SLIDE 3

Bitcoin Clustering P2P wallet leak Analysis Conclusion

Privacy

◮ Anonymity ◮ ”Silkroad, anonymous market” - Bitcoin drug

market

Privacy in Bitcoin Jonas Nick 2/34

slide-4
SLIDE 4

Bitcoin Clustering P2P wallet leak Analysis Conclusion

Privacy

◮ Anonymity ◮ ”Silkroad, anonymous market” - Bitcoin drug

market

◮ ”... the major advantage they [Bitcoin] are

providing is anonymity.”

  • NY’s Department of financial services

Privacy in Bitcoin Jonas Nick 2/34

slide-5
SLIDE 5

Bitcoin Clustering P2P wallet leak Analysis Conclusion

Privacy

◮ Anonymity ◮ ”Silkroad, anonymous market” - Bitcoin drug

market

◮ ”... the major advantage they [Bitcoin] are

providing is anonymity.”

  • NY’s Department of financial services

◮ ”... usually not very anonymous.” - Bitcoin wiki Privacy in Bitcoin Jonas Nick 2/34

slide-6
SLIDE 6

Bitcoin Clustering P2P wallet leak Analysis Conclusion

Privacy

◮ Anonymity ◮ ”Silkroad, anonymous market” - Bitcoin drug

market

◮ ”... the major advantage they [Bitcoin] are

providing is anonymity.”

  • NY’s Department of financial services

◮ ”... usually not very anonymous.” - Bitcoin wiki Privacy in Bitcoin Jonas Nick 2/34

slide-7
SLIDE 7

Bitcoin Clustering P2P wallet leak Analysis Conclusion

Privacy

◮ Why? ◮ Privacy and fungibility essential characteristics of

money.

◮ What? ◮ Anonymity + Selective Transparency Privacy in Bitcoin Jonas Nick 3/34

slide-8
SLIDE 8

Bitcoin Clustering P2P wallet leak Analysis Conclusion

Privacy

◮ Why? ◮ Privacy and fungibility essential characteristics of

money.

◮ What? ◮ Anonymity + Selective Transparency ◮ Good news: That’s possible Privacy in Bitcoin Jonas Nick 3/34

slide-9
SLIDE 9

Bitcoin Clustering P2P wallet leak Analysis Conclusion

Privacy

◮ Why? ◮ Privacy and fungibility essential characteristics of

money.

◮ What? ◮ Anonymity + Selective Transparency ◮ Good news: That’s possible ◮ This talk: There’s a long road road ahead Privacy in Bitcoin Jonas Nick 3/34

slide-10
SLIDE 10

Bitcoin Clustering P2P wallet leak Analysis Conclusion

Privacy

◮ Bitcoin is pseudonymous ◮ entities (persons, companies, etc.) are

represented by public keys (≈ addresses)

◮ unbounded number of public keys per entity Privacy in Bitcoin Jonas Nick 4/34

slide-11
SLIDE 11

Bitcoin Clustering P2P wallet leak Analysis Conclusion

Privacy

◮ Bitcoin is pseudonymous ◮ entities (persons, companies, etc.) are

represented by public keys (≈ addresses)

◮ unbounded number of public keys per entity ◮ sender public keys, recipient public keys and

values of transactions are public

Privacy in Bitcoin Jonas Nick 4/34

slide-12
SLIDE 12

Bitcoin Clustering P2P wallet leak Analysis Conclusion

Privacy

◮ Bitcoin is pseudonymous ◮ entities (persons, companies, etc.) are

represented by public keys (≈ addresses)

◮ unbounded number of public keys per entity ◮ sender public keys, recipient public keys and

values of transactions are public

◮ unknown which public keys belong to an entity Privacy in Bitcoin Jonas Nick 4/34

slide-13
SLIDE 13

Bitcoin Clustering P2P wallet leak Analysis Conclusion

Privacy

◮ Bitcoin is pseudonymous ◮ entities (persons, companies, etc.) are

represented by public keys (≈ addresses)

◮ unbounded number of public keys per entity ◮ sender public keys, recipient public keys and

values of transactions are public

◮ unknown which public keys belong to an entity ◮ Clustering: Given public key, use blockchain to

find public keys owned by the same entity.

Privacy in Bitcoin Jonas Nick 4/34

slide-14
SLIDE 14

Bitcoin Clustering P2P wallet leak Analysis Conclusion

<Friedrich Nietzsche>: Glad that I could help - would be great if you pass me some bitcoin 1GsYQYsgf1zmwY8LAsgEMD

Privacy in Bitcoin Jonas Nick 5/34

slide-15
SLIDE 15

Bitcoin Clustering P2P wallet leak Analysis Conclusion

<Friedrich Nietzsche>: Glad that I could help - would be great if you pass me some bitcoin 1GsYQYsgf1zmwY8LAsgEMD

In blockchain:

1FgtvT2W45nZi9fr3jsVRt

1 bitcoin

− − − − → 1abcDogDating

Privacy in Bitcoin Jonas Nick 5/34

slide-16
SLIDE 16

Bitcoin Clustering P2P wallet leak Analysis Conclusion

<Friedrich Nietzsche>: Glad that I could help - would be great if you pass me some bitcoin 1GsYQYsgf1zmwY8LAsgEMD

In blockchain:

1FgtvT2W45nZi9fr3jsVRt

1 bitcoin

− − − − → 1abcDogDating

Clustering reveals both addresses are from same wallet

Privacy in Bitcoin Jonas Nick 5/34

slide-17
SLIDE 17

Bitcoin Clustering P2P wallet leak Analysis Conclusion

Transactions

◮ balance-based vs. UTXO model Privacy in Bitcoin Jonas Nick 6/34

slide-18
SLIDE 18

Bitcoin Clustering P2P wallet leak Analysis Conclusion

Transactions

◮ balance-based vs. UTXO model ◮ balance-based (f.e. Ethereum) ◮ Blockchain state

Alice 2 Bob

Privacy in Bitcoin Jonas Nick 6/34

slide-19
SLIDE 19

Bitcoin Clustering P2P wallet leak Analysis Conclusion

Transactions

◮ balance-based vs. UTXO model ◮ balance-based (f.e. Ethereum) ◮ Blockchain state

Alice 2 Bob

◮ Transaction: Alice

1 coin

− − − → Bob

Privacy in Bitcoin Jonas Nick 6/34

slide-20
SLIDE 20

Bitcoin Clustering P2P wallet leak Analysis Conclusion

Transactions

◮ balance-based vs. UTXO model ◮ balance-based (f.e. Ethereum) ◮ Blockchain state

Alice 2 Bob

◮ Transaction: Alice

1 coin

− − − → Bob

◮ new Blockchain state

Alice 1 Bob 1

Privacy in Bitcoin Jonas Nick 6/34

slide-21
SLIDE 21

Bitcoin Clustering P2P wallet leak Analysis Conclusion

Transactions

◮ UTXOs (Unspent Transaction Outputs) ◮ Bitcoin’s model

A1 1 A2 1

◮ Balance implicit ◮ Cash analogy

slide-22
SLIDE 22

Bitcoin Clustering P2P wallet leak Analysis Conclusion

Transactions

◮ UTXOs (Unspent Transaction Outputs) ◮ Bitcoin’s model

A1 1 A2 1 B1 1 A1 1

◮ Balance implicit ◮ Cash analogy Privacy in Bitcoin Jonas Nick 7/34

slide-23
SLIDE 23

Bitcoin Clustering P2P wallet leak Analysis Conclusion

Transactions

Privacy in Bitcoin Jonas Nick 8/34

slide-24
SLIDE 24

Bitcoin Clustering P2P wallet leak Analysis Conclusion

Transactions

  • U1 1
  • ◮ user U, merchant M

◮ spend tx outputs

(value and recipient)

slide-25
SLIDE 25

Bitcoin Clustering P2P wallet leak Analysis Conclusion

Transactions

  • U1 1
  • M1 .5

◮ user U, merchant M ◮ spend tx outputs

(value and recipient)

slide-26
SLIDE 26

Bitcoin Clustering P2P wallet leak Analysis Conclusion

Transactions

  • U1 1
  • M1 .5

◮ user U, merchant M ◮ spend tx outputs

(value and recipient)

slide-27
SLIDE 27

Bitcoin Clustering P2P wallet leak Analysis Conclusion

Transactions

  • U1 1
  • M1 .5

U1 1

◮ user U, merchant M ◮ spend tx outputs

(value and recipient)

◮ inputs

slide-28
SLIDE 28

Bitcoin Clustering P2P wallet leak Analysis Conclusion

Transactions

  • U1 1
  • M1 .5

U1 1 U2 .5

◮ user U, merchant M ◮ spend tx outputs

(value and recipient)

◮ inputs ◮ change

slide-29
SLIDE 29

Bitcoin Clustering P2P wallet leak Analysis Conclusion

Transactions

  • U1 1
  • M1 .5

U1 1 U2 .5 M2 .6 U4 .4

◮ user U, merchant M ◮ spend tx outputs

(value and recipient)

◮ inputs ◮ change

slide-30
SLIDE 30

Bitcoin Clustering P2P wallet leak Analysis Conclusion

Transactions

  • U1 1
  • M1 .5

U1 1 U2 .5 M2 .6 U4 .4

  • U3 .5

◮ user U, merchant M ◮ spend tx outputs

(value and recipient)

◮ inputs ◮ change

slide-31
SLIDE 31

Bitcoin Clustering P2P wallet leak Analysis Conclusion

Transactions

  • U1 1
  • M1 .5

U1 1 U2 .5 M2 .6 U4 .4

  • U3 .5

U2 .5 U3 .5

◮ user U, merchant M ◮ spend tx outputs

(value and recipient)

◮ inputs ◮ change ◮ multi-input tx Privacy in Bitcoin Jonas Nick 8/34

slide-32
SLIDE 32

Bitcoin Clustering P2P wallet leak Analysis Conclusion

Transactions

  • U1 1
  • M1 .5

U1 1 U2 .5 M2 .6 U4 .4

  • U3 .5

U2 .5 U3 .5

◮ user U, merchant M ◮ spend tx outputs

(value and recipient)

◮ inputs ◮ change ◮ multi-input tx ◮ pay-to-pubkey-hash Privacy in Bitcoin Jonas Nick 8/34

slide-33
SLIDE 33

Bitcoin Clustering P2P wallet leak Analysis Conclusion

Questions?

Privacy in Bitcoin Jonas Nick 9/34

slide-34
SLIDE 34

Bitcoin Clustering P2P wallet leak Analysis Conclusion

Clustering Strategies

◮ Given pubkey, use blockchain to find pubkeys

  • f the same wallet

◮ make assumptions about wallet behavior ◮ heuristics Privacy in Bitcoin Jonas Nick 10/34

slide-35
SLIDE 35

Bitcoin Clustering P2P wallet leak Analysis Conclusion

Multi-input heuristic

All inputs of a transaction belong to the same wallet.

Privacy in Bitcoin Jonas Nick 11/34

slide-36
SLIDE 36

Bitcoin Clustering P2P wallet leak Analysis Conclusion

Multi-input heuristic

All inputs of a transaction belong to the same wallet. M1 .5 U2 .5 M2 .6 U4 .4

  • U3 .5

U2 .5 U3 .5 M1 .5 U2 .5 U2 .5

Privacy in Bitcoin Jonas Nick 11/34

slide-37
SLIDE 37

Bitcoin Clustering P2P wallet leak Analysis Conclusion

Multi-input heuristic

All inputs of a transaction belong to the same wallet. M1 .5 U2 .5 M2 .6 U4 .4

  • U3 .5

U2 .5 U3 .5 M1 .5 U2 .5 U2 .5 U3 .5

Privacy in Bitcoin Jonas Nick 11/34

slide-38
SLIDE 38

Bitcoin Clustering P2P wallet leak Analysis Conclusion

Shadow change heuristic

Change pubkeys have never been seen before in the blockchain.

Privacy in Bitcoin Jonas Nick 12/34

slide-39
SLIDE 39

Bitcoin Clustering P2P wallet leak Analysis Conclusion

Shadow change heuristic

Change pubkeys have never been seen before in the blockchain.

  • M1 1
slide-40
SLIDE 40

Bitcoin Clustering P2P wallet leak Analysis Conclusion

Shadow change heuristic

Change pubkeys have never been seen before in the blockchain.

  • M1 1
  • U1 1
  • M1 .5

U1 1 U2 .5

slide-41
SLIDE 41

Bitcoin Clustering P2P wallet leak Analysis Conclusion

Shadow change heuristic

Change pubkeys have never been seen before in the blockchain.

  • M1 1
  • U1 1
  • M1 .5

U1 1 U2 .5

  • U1 1
slide-42
SLIDE 42

Bitcoin Clustering P2P wallet leak Analysis Conclusion

Shadow change heuristic

Change pubkeys have never been seen before in the blockchain.

  • M1 1
  • U1 1
  • M1 .5

U1 1 U2 .5

  • U1 1
  • M1 .5

U1 1 U2 .5 U2 .5

Privacy in Bitcoin Jonas Nick 12/34

slide-43
SLIDE 43

Bitcoin Clustering P2P wallet leak Analysis Conclusion

Consumer change heuristic

Transactions from consumer wallets have two or less

  • utputs.

Privacy in Bitcoin Jonas Nick 13/34

slide-44
SLIDE 44

Bitcoin Clustering P2P wallet leak Analysis Conclusion

Consumer change heuristic

Transactions from consumer wallets have two or less

  • utputs.
  • U1 1
  • E1 .5

U1 1 U2 .5 E2 .6 U4 .4

  • U3 .5

U2 .5 U3 .5

Privacy in Bitcoin Jonas Nick 13/34

slide-45
SLIDE 45

Bitcoin Clustering P2P wallet leak Analysis Conclusion

Consumer change heuristic

Transactions from consumer wallets have two or less

  • utputs.
  • U1 1
  • E1 .5

U1 1 U2 .5 E2 .6 U4 .4

  • U3 .5

U2 .5 U3 .5 E1 .5

  • Privacy in Bitcoin

Jonas Nick 13/34

slide-46
SLIDE 46

Bitcoin Clustering P2P wallet leak Analysis Conclusion

Consumer change heuristic

Transactions from consumer wallets have two or less

  • utputs.
  • U1 1
  • E1 .5

U1 1 U2 .5 E2 .6 U4 .4

  • U3 .5

U2 .5 U3 .5 E1 .5

  • U1 1
  • Privacy in Bitcoin

Jonas Nick 13/34

slide-47
SLIDE 47

Bitcoin Clustering P2P wallet leak Analysis Conclusion

Consumer change heuristic

Transactions from consumer wallets have two or less

  • utputs.
  • U1 1
  • E1 .5

U1 1 U2 .5 E2 .6 U4 .4

  • U3 .5

U2 .5 U3 .5 E1 .5

  • U1 1
  • U1 1

U2 .5

Privacy in Bitcoin Jonas Nick 13/34

slide-48
SLIDE 48

Bitcoin Clustering P2P wallet leak Analysis Conclusion

Optimal change heuristic

Wallets do not spend unnecessary outputs.

Privacy in Bitcoin Jonas Nick 14/34

slide-49
SLIDE 49

Bitcoin Clustering P2P wallet leak Analysis Conclusion

Optimal change heuristic

Wallets do not spend unnecessary outputs. M1 .5 U2 .5 M2 .6 U4 .4

  • U3 .5

U2 .5 U3 .5 U2 .5

Privacy in Bitcoin Jonas Nick 14/34

slide-50
SLIDE 50

Bitcoin Clustering P2P wallet leak Analysis Conclusion

Optimal change heuristic

Wallets do not spend unnecessary outputs. M1 .5 U2 .5 M2 .6 U4 .4

  • U3 .5

U2 .5 U3 .5 U2 .5 U4 .4

Privacy in Bitcoin Jonas Nick 14/34

slide-51
SLIDE 51

Bitcoin Clustering P2P wallet leak Analysis Conclusion

Optimal change heuristic

Wallets do not spend unnecessary outputs. M1 .5 U2 .5 M2 .6 U4 .4

  • U3 .5

U2 .5 U3 .5 U2 .5 U4 .4 If there is a unique output with a value smaller than any of the inputs, then this is the change.

Privacy in Bitcoin Jonas Nick 14/34

slide-52
SLIDE 52

Bitcoin Clustering P2P wallet leak Analysis Conclusion

Next steps

◮ How to quantify privacy on the blockchain? ◮ Requires data... Privacy in Bitcoin Jonas Nick 15/34

slide-53
SLIDE 53

Bitcoin Clustering P2P wallet leak Analysis Conclusion

P2P wallet leak

◮ simplified payment verification (SPV): light

wallets

Privacy in Bitcoin Jonas Nick 16/34

slide-54
SLIDE 54

Bitcoin Clustering P2P wallet leak Analysis Conclusion

P2P wallet leak

◮ simplified payment verification (SPV): light

wallets

◮ Some SPV wallets implement BIP37:

Connection Bloom filtering

◮ used for learning about new transactions

concerning the wallet

Privacy in Bitcoin Jonas Nick 16/34

slide-55
SLIDE 55

Bitcoin Clustering P2P wallet leak Analysis Conclusion

P2P wallet leak

◮ simplified payment verification (SPV): light

wallets

◮ Some SPV wallets implement BIP37:

Connection Bloom filtering

◮ used for learning about new transactions

concerning the wallet

◮ Examples: Android Bitcoin Wallet, MultiBit,

Breadwallet, etc.

Privacy in Bitcoin Jonas Nick 16/34

slide-56
SLIDE 56

Bitcoin Clustering P2P wallet leak Analysis Conclusion

P2P wallet leak

◮ simplified payment verification (SPV): light

wallets

◮ Some SPV wallets implement BIP37:

Connection Bloom filtering

◮ used for learning about new transactions

concerning the wallet

◮ Examples: Android Bitcoin Wallet, MultiBit,

Breadwallet, etc.

Privacy in Bitcoin Jonas Nick 16/34

slide-57
SLIDE 57

Bitcoin Clustering P2P wallet leak Analysis Conclusion

Bloom Filter

Privacy in Bitcoin Jonas Nick 17/34

slide-58
SLIDE 58

Bitcoin Clustering P2P wallet leak Analysis Conclusion

Bloom Filter

◮ Purpose: efficiently testing if element is

contained in a set

Privacy in Bitcoin Jonas Nick 17/34

slide-59
SLIDE 59

Bitcoin Clustering P2P wallet leak Analysis Conclusion

Bloom Filter

◮ Purpose: efficiently testing if element is

contained in a set

◮ Operations: insert and query Privacy in Bitcoin Jonas Nick 17/34

slide-60
SLIDE 60

Bitcoin Clustering P2P wallet leak Analysis Conclusion

Bloom Filter

◮ Purpose: efficiently testing if element is

contained in a set

◮ Operations: insert and query ◮ False positive rate: Pr(query|not inserted) Privacy in Bitcoin Jonas Nick 17/34

slide-61
SLIDE 61

Bitcoin Clustering P2P wallet leak Analysis Conclusion

Bloom Filter

◮ Purpose: efficiently testing if element is

contained in a set

◮ Operations: insert and query ◮ False positive rate: Pr(query|not inserted) ◮ No false negatives Privacy in Bitcoin Jonas Nick 17/34

slide-62
SLIDE 62

Bitcoin Clustering P2P wallet leak Analysis Conclusion

Bloom Filter in Bitcoin

Privacy in Bitcoin Jonas Nick 18/34

slide-63
SLIDE 63

Bitcoin Clustering P2P wallet leak Analysis Conclusion

Bloom Filter in Bitcoin

◮ Filter has space and time advantage Privacy in Bitcoin Jonas Nick 19/34

slide-64
SLIDE 64

Bitcoin Clustering P2P wallet leak Analysis Conclusion

Bloom Filter in Bitcoin

◮ Filter has space and time advantage ◮ fp-rate: bandwidth/privacy trade-off Privacy in Bitcoin Jonas Nick 19/34

slide-65
SLIDE 65

Bitcoin Clustering P2P wallet leak Analysis Conclusion

Bloom Filter in Bitcoin

◮ Filter has space and time advantage ◮ fp-rate: bandwidth/privacy trade-off ◮ Most wallets: 8000 false positives Privacy in Bitcoin Jonas Nick 19/34

slide-66
SLIDE 66

Bitcoin Clustering P2P wallet leak Analysis Conclusion

Bloom Filter Vulnerability

◮ Idea: query both pubkey and hash(pubkey) ◮ then

Pr(query(pk and pkh)|not inserted(pk and pkh))

Privacy in Bitcoin Jonas Nick 20/34

slide-67
SLIDE 67

Bitcoin Clustering P2P wallet leak Analysis Conclusion

Bloom Filter Vulnerability

◮ Idea: query both pubkey and hash(pubkey) ◮ then

Pr(query(pk and pkh)|not inserted(pk and pkh))

◮ = fp-rate2 Privacy in Bitcoin Jonas Nick 20/34

slide-68
SLIDE 68

Bitcoin Clustering P2P wallet leak Analysis Conclusion

Bloom Filter Vulnerability

◮ Idea: query both pubkey and hash(pubkey) ◮ then

Pr(query(pk and pkh)|not inserted(pk and pkh))

◮ = fp-rate2 ◮ most wallets: 1 false positive Privacy in Bitcoin Jonas Nick 20/34

slide-69
SLIDE 69

Bitcoin Clustering P2P wallet leak Analysis Conclusion

Bloom Filter Vulnerability

◮ Idea: query both pubkey and hash(pubkey) ◮ then

Pr(query(pk and pkh)|not inserted(pk and pkh))

◮ = fp-rate2 ◮ most wallets: 1 false positive ◮ 20 crawlers collected 37,585 filters ◮ need to be picked up by seed nodes Privacy in Bitcoin Jonas Nick 20/34

slide-70
SLIDE 70

Bitcoin Clustering P2P wallet leak Analysis Conclusion

Results

Figure Distribution of the number of pubkeys in captured BIP37 wallets.

Privacy in Bitcoin Jonas Nick 21/34

slide-71
SLIDE 71

Bitcoin Clustering P2P wallet leak Analysis Conclusion

Results

Figure Distribution of total received bitcoins for a subset of wallets.

Privacy in Bitcoin Jonas Nick 22/34

slide-72
SLIDE 72

Bitcoin Clustering P2P wallet leak Analysis Conclusion

Mitigation

◮ A general fix requires substantial modification

  • f the protocol and is not on the priority list.

Privacy in Bitcoin Jonas Nick 23/34

slide-73
SLIDE 73

Bitcoin Clustering P2P wallet leak Analysis Conclusion

Mitigation

◮ A general fix requires substantial modification

  • f the protocol and is not on the priority list.

◮ Alternatives ◮ a central server that learns all of the client’s

addresses

◮ full node Privacy in Bitcoin Jonas Nick 23/34

slide-74
SLIDE 74

Bitcoin Clustering P2P wallet leak Analysis Conclusion

Evaluate Clustering

◮ Collected filters allow to reconstruct all

pubkeys of a wallet

◮ Can apply clustering and evaluate clustering

performance using ”Ground truth”

Privacy in Bitcoin Jonas Nick 24/34

slide-75
SLIDE 75

Bitcoin Clustering P2P wallet leak Analysis Conclusion

Performance metric

◮ precision: Pr(in wallet|heuristic) ◮ recall: Pr(heuristic|in wallet) Privacy in Bitcoin Jonas Nick 25/34

slide-76
SLIDE 76

Bitcoin Clustering P2P wallet leak Analysis Conclusion

Performance metric

◮ precision: Pr(in wallet|heuristic) ◮ recall: Pr(heuristic|in wallet)

  • U1 1
  • M1 .5

U1 1 U2 .5 M2 .6 U4 .4

  • U3 .5

U2 .5 U3 .5 M1 .5 U1 1 U2 .5 U2 .5 U3 .5 precision: 1, recall: 2

4

Privacy in Bitcoin Jonas Nick 25/34

slide-77
SLIDE 77

Bitcoin Clustering P2P wallet leak Analysis Conclusion

Results

Heuristic mean recall 1/(wallet size) 66.27% Multi-input 68.59% Shadow 69.16% Consumer 69.26% Optimal 69.34% Best 70.94%

Privacy in Bitcoin Jonas Nick 26/34

slide-78
SLIDE 78

Bitcoin Clustering P2P wallet leak Analysis Conclusion Privacy in Bitcoin Jonas Nick 27/34

slide-79
SLIDE 79

Bitcoin Clustering P2P wallet leak Analysis Conclusion

Result

Privacy in Bitcoin Jonas Nick 28/34

slide-80
SLIDE 80

Bitcoin Clustering P2P wallet leak Analysis Conclusion

Conclusion

◮ captured pubkeys of 37, 000 wallets from the

Bitcoin network

Privacy in Bitcoin Jonas Nick 29/34

slide-81
SLIDE 81

Bitcoin Clustering P2P wallet leak Analysis Conclusion

Conclusion

◮ captured pubkeys of 37, 000 wallets from the

Bitcoin network

◮ introduced two new clustering strategies Privacy in Bitcoin Jonas Nick 29/34

slide-82
SLIDE 82

Bitcoin Clustering P2P wallet leak Analysis Conclusion

Conclusion

◮ captured pubkeys of 37, 000 wallets from the

Bitcoin network

◮ introduced two new clustering strategies ◮ evaluated performance of clustering using

ground truth

Privacy in Bitcoin Jonas Nick 29/34

slide-83
SLIDE 83

Bitcoin Clustering P2P wallet leak Analysis Conclusion

Conclusion

◮ captured pubkeys of 37, 000 wallets from the

Bitcoin network

◮ introduced two new clustering strategies ◮ evaluated performance of clustering using

ground truth

◮ modern wallets: 70% recall Privacy in Bitcoin Jonas Nick 29/34

slide-84
SLIDE 84

Bitcoin Clustering P2P wallet leak Analysis Conclusion

Countermeasures for User

◮ keep your wallet up to date Privacy in Bitcoin Jonas Nick 30/34

slide-85
SLIDE 85

Bitcoin Clustering P2P wallet leak Analysis Conclusion

Countermeasures for User

◮ keep your wallet up to date ◮ do not use wallets with Bloom filtering Privacy in Bitcoin Jonas Nick 30/34

slide-86
SLIDE 86

Bitcoin Clustering P2P wallet leak Analysis Conclusion

Countermeasures for User

◮ keep your wallet up to date ◮ do not use wallets with Bloom filtering ◮ do not reuse addresses Privacy in Bitcoin Jonas Nick 30/34

slide-87
SLIDE 87

Bitcoin Clustering P2P wallet leak Analysis Conclusion

Countermeasures for User

◮ keep your wallet up to date ◮ do not use wallets with Bloom filtering ◮ do not reuse addresses ◮ other parties play a role Privacy in Bitcoin Jonas Nick 30/34

slide-88
SLIDE 88

Bitcoin Clustering P2P wallet leak Analysis Conclusion

Countermeasures for User

◮ keep your wallet up to date ◮ do not use wallets with Bloom filtering ◮ do not reuse addresses ◮ other parties play a role ◮ separate Privacy in Bitcoin Jonas Nick 30/34

slide-89
SLIDE 89

Bitcoin Clustering P2P wallet leak Analysis Conclusion

Countermeasures for User

◮ keep your wallet up to date ◮ do not use wallets with Bloom filtering ◮ do not reuse addresses ◮ other parties play a role ◮ separate ◮ openbitcoinprivacyproject.org Privacy in Bitcoin Jonas Nick 30/34

slide-90
SLIDE 90

Bitcoin Clustering P2P wallet leak Analysis Conclusion

Countermeasures for User

◮ keep your wallet up to date ◮ do not use wallets with Bloom filtering ◮ do not reuse addresses ◮ other parties play a role ◮ separate ◮ openbitcoinprivacyproject.org ◮ altcoins? Privacy in Bitcoin Jonas Nick 30/34

slide-91
SLIDE 91

Bitcoin Clustering P2P wallet leak Analysis Conclusion

Countermeasures for Developer

◮ coin selection Privacy in Bitcoin Jonas Nick 31/34

slide-92
SLIDE 92

Bitcoin Clustering P2P wallet leak Analysis Conclusion

Countermeasures for Developer

◮ coin selection ◮ coinjoin

  • +
  • Privacy in Bitcoin

Jonas Nick 31/34

slide-93
SLIDE 93

Bitcoin Clustering P2P wallet leak Analysis Conclusion

Countermeasures for User

◮ coinjoin

  • AI .5

AO .5 AO .5

  • AI .5

AI .5 AI .5

Privacy in Bitcoin Jonas Nick 32/34

slide-94
SLIDE 94

Bitcoin Clustering P2P wallet leak Analysis Conclusion

Countermeasures for User

◮ coinjoin

  • AI .5

AO .5 AO .5

  • AI .5

AI .5 AI .5

◮ trustless, but ◮ UI, exact protocol challenging ◮ Confidential transactions Privacy in Bitcoin Jonas Nick 32/34

slide-95
SLIDE 95

Bitcoin Clustering P2P wallet leak Analysis Conclusion

Countermeasures for User

◮ Joinmarket Privacy in Bitcoin Jonas Nick 33/34

slide-96
SLIDE 96

Bitcoin Clustering P2P wallet leak Analysis Conclusion

Q&A

◮ Questions? ◮ Contact ◮ nickler.ninja ◮ slides: nickler.ninja/slides/

2016-zurich-meetup.pdf

◮ thesis: nickler.ninja/papers/thesis.pdf ◮ jonas@blockstream.com Privacy in Bitcoin Jonas Nick 34/34