Privacy in Bitcoin On the Effectiveness of Clustering Jonas Nick - PowerPoint PPT Presentation

Bitcoin Clustering P2P wallet leak Analysis Conclusion Privacy in Bitcoin On the Effectiveness of Clustering Jonas Nick March 15, 2016 Privacy in Bitcoin Jonas Nick 1/34

Bitcoin Clustering P2P wallet leak Analysis Conclusion Privacy Privacy in Bitcoin Jonas Nick 2/34

Bitcoin Clustering P2P wallet leak Analysis Conclusion Privacy ◮ Anonymity ◮ ”Silkroad, anonymous market” - Bitcoin drug market Privacy in Bitcoin Jonas Nick 2/34

Bitcoin Clustering P2P wallet leak Analysis Conclusion Privacy ◮ Anonymity ◮ ”Silkroad, anonymous market” - Bitcoin drug market ◮ ”... the major advantage they [Bitcoin] are providing is anonymity.” - NY’s Department of financial services Privacy in Bitcoin Jonas Nick 2/34

Bitcoin Clustering P2P wallet leak Analysis Conclusion Privacy ◮ Anonymity ◮ ”Silkroad, anonymous market” - Bitcoin drug market ◮ ”... the major advantage they [Bitcoin] are providing is anonymity.” - NY’s Department of financial services ◮ ”... usually not very anonymous.” - Bitcoin wiki Privacy in Bitcoin Jonas Nick 2/34

Bitcoin Clustering P2P wallet leak Analysis Conclusion Privacy ◮ Anonymity ◮ ”Silkroad, anonymous market” - Bitcoin drug market ◮ ”... the major advantage they [Bitcoin] are providing is anonymity.” - NY’s Department of financial services ◮ ”... usually not very anonymous.” - Bitcoin wiki Privacy in Bitcoin Jonas Nick 2/34

Bitcoin Clustering P2P wallet leak Analysis Conclusion Privacy ◮ Why? ◮ Privacy and fungibility essential characteristics of money. ◮ What? ◮ Anonymity + Selective Transparency Privacy in Bitcoin Jonas Nick 3/34

Bitcoin Clustering P2P wallet leak Analysis Conclusion Privacy ◮ Why? ◮ Privacy and fungibility essential characteristics of money. ◮ What? ◮ Anonymity + Selective Transparency ◮ Good news: That’s possible Privacy in Bitcoin Jonas Nick 3/34

Bitcoin Clustering P2P wallet leak Analysis Conclusion Privacy ◮ Why? ◮ Privacy and fungibility essential characteristics of money. ◮ What? ◮ Anonymity + Selective Transparency ◮ Good news: That’s possible ◮ This talk: There’s a long road road ahead Privacy in Bitcoin Jonas Nick 3/34

Bitcoin Clustering P2P wallet leak Analysis Conclusion Privacy ◮ Bitcoin is pseudonymous ◮ entities (persons, companies, etc.) are represented by public keys ( ≈ addresses ) ◮ unbounded number of public keys per entity Privacy in Bitcoin Jonas Nick 4/34

Bitcoin Clustering P2P wallet leak Analysis Conclusion Privacy ◮ Bitcoin is pseudonymous ◮ entities (persons, companies, etc.) are represented by public keys ( ≈ addresses ) ◮ unbounded number of public keys per entity ◮ sender public keys, recipient public keys and values of transactions are public Privacy in Bitcoin Jonas Nick 4/34

Bitcoin Clustering P2P wallet leak Analysis Conclusion Privacy ◮ Bitcoin is pseudonymous ◮ entities (persons, companies, etc.) are represented by public keys ( ≈ addresses ) ◮ unbounded number of public keys per entity ◮ sender public keys, recipient public keys and values of transactions are public ◮ unknown which public keys belong to an entity Privacy in Bitcoin Jonas Nick 4/34

Bitcoin Clustering P2P wallet leak Analysis Conclusion Privacy ◮ Bitcoin is pseudonymous ◮ entities (persons, companies, etc.) are represented by public keys ( ≈ addresses ) ◮ unbounded number of public keys per entity ◮ sender public keys, recipient public keys and values of transactions are public ◮ unknown which public keys belong to an entity ◮ Clustering : Given public key, use blockchain to find public keys owned by the same entity. Privacy in Bitcoin Jonas Nick 4/34

Bitcoin Clustering P2P wallet leak Analysis Conclusion <Friedrich Nietzsche>: Glad that I could help - would be great if you pass me some bitcoin 1GsYQYsgf1zmwY8LAsgEMD Privacy in Bitcoin Jonas Nick 5/34

Bitcoin Clustering P2P wallet leak Analysis Conclusion <Friedrich Nietzsche>: Glad that I could help - would be great if you pass me some bitcoin 1GsYQYsgf1zmwY8LAsgEMD In blockchain: 1 bitcoin − − − − → 1abcDogDating 1FgtvT2W45nZi9fr3jsVRt Privacy in Bitcoin Jonas Nick 5/34

Bitcoin Clustering P2P wallet leak Analysis Conclusion <Friedrich Nietzsche>: Glad that I could help - would be great if you pass me some bitcoin 1GsYQYsgf1zmwY8LAsgEMD In blockchain: 1 bitcoin − − − − → 1abcDogDating 1FgtvT2W45nZi9fr3jsVRt Clustering reveals both addresses are from same wallet Privacy in Bitcoin Jonas Nick 5/34

Bitcoin Clustering P2P wallet leak Analysis Conclusion Transactions ◮ balance-based vs. UTXO model Privacy in Bitcoin Jonas Nick 6/34

Bitcoin Clustering P2P wallet leak Analysis Conclusion Transactions ◮ balance-based vs. UTXO model ◮ balance-based (f.e. Ethereum) ◮ Blockchain state Alice 2 Bob 0 Privacy in Bitcoin Jonas Nick 6/34

Bitcoin Clustering P2P wallet leak Analysis Conclusion Transactions ◮ balance-based vs. UTXO model ◮ balance-based (f.e. Ethereum) ◮ Blockchain state Alice 2 Bob 0 1 coin ◮ Transaction: Alice − − − → Bob Privacy in Bitcoin Jonas Nick 6/34

Bitcoin Clustering P2P wallet leak Analysis Conclusion Transactions ◮ balance-based vs. UTXO model ◮ balance-based (f.e. Ethereum) ◮ Blockchain state Alice 2 Bob 0 1 coin ◮ Transaction: Alice − − − → Bob ◮ new Blockchain state Alice 1 Bob 1 Privacy in Bitcoin Jonas Nick 6/34

Bitcoin Clustering P2P wallet leak Analysis Conclusion Transactions ◮ UTXOs (Unspent Transaction Outputs) ◮ Bitcoin’s model A 1 1 A 2 1 ◮ Balance implicit ◮ Cash analogy

Bitcoin Clustering P2P wallet leak Analysis Conclusion Transactions ◮ UTXOs (Unspent Transaction Outputs) ◮ Bitcoin’s model A 1 1 A 1 1 B 1 1 A 2 1 ◮ Balance implicit ◮ Cash analogy Privacy in Bitcoin Jonas Nick 7/34

Bitcoin Clustering P2P wallet leak Analysis Conclusion Transactions Privacy in Bitcoin Jonas Nick 8/34

Bitcoin Clustering P2P wallet leak Analysis Conclusion Transactions - U 1 1 - ◮ user U , merchant M ◮ spend tx outputs (value and recipient)

Bitcoin Clustering P2P wallet leak Analysis Conclusion Transactions - M 1 .5 U 1 1 - ◮ user U , merchant M ◮ spend tx outputs (value and recipient)

Bitcoin Clustering P2P wallet leak Analysis Conclusion Transactions - M 1 .5 U 1 1 - ◮ user U , merchant M ◮ spend tx outputs (value and recipient)

Bitcoin Clustering P2P wallet leak Analysis Conclusion Transactions - M 1 .5 U 1 1 U 1 1 - ◮ user U , merchant M ◮ spend tx outputs (value and recipient) ◮ inputs

Bitcoin Clustering P2P wallet leak Analysis Conclusion Transactions - M 1 .5 U 1 1 U 1 1 U 2 .5 - ◮ user U , merchant M ◮ change ◮ spend tx outputs (value and recipient) ◮ inputs

Bitcoin Clustering P2P wallet leak Analysis Conclusion Transactions - M 1 .5 M 2 .6 U 1 1 U 1 1 U 2 .5 - U 4 .4 ◮ user U , merchant M ◮ change ◮ spend tx outputs (value and recipient) ◮ inputs

Bitcoin Clustering P2P wallet leak Analysis Conclusion Transactions - M 1 .5 M 2 .6 U 1 1 U 1 1 U 2 .5 - U 4 .4 - U 3 .5 ◮ user U , merchant M ◮ change ◮ spend tx outputs (value and recipient) ◮ inputs

Bitcoin Clustering P2P wallet leak Analysis Conclusion Transactions - M 1 .5 M 2 .6 U 1 1 U 1 1 U 2 .5 U 2 .5 - U 4 .4 - U 3 .5 U 3 .5 ◮ user U , merchant M ◮ change ◮ spend tx outputs ◮ multi-input tx (value and recipient) ◮ inputs Privacy in Bitcoin Jonas Nick 8/34

Bitcoin Clustering P2P wallet leak Analysis Conclusion Transactions - M 1 .5 M 2 .6 U 1 1 U 1 1 U 2 .5 U 2 .5 - U 4 .4 - U 3 .5 U 3 .5 ◮ user U , merchant M ◮ change ◮ spend tx outputs ◮ multi-input tx (value and recipient) ◮ pay-to-pubkey-hash ◮ inputs Privacy in Bitcoin Jonas Nick 8/34

Bitcoin Clustering P2P wallet leak Analysis Conclusion Questions? Privacy in Bitcoin Jonas Nick 9/34

Bitcoin Clustering P2P wallet leak Analysis Conclusion Clustering Strategies ◮ Given pubkey, use blockchain to find pubkeys of the same wallet ◮ make assumptions about wallet behavior ◮ heuristics Privacy in Bitcoin Jonas Nick 10/34

Bitcoin Clustering P2P wallet leak Analysis Conclusion Multi-input heuristic All inputs of a transaction belong to the same wallet. Privacy in Bitcoin Jonas Nick 11/34

Bitcoin Clustering P2P wallet leak Analysis Conclusion Multi-input heuristic All inputs of a transaction belong to the same wallet. M 1 .5 M 1 .5 M 2 .6 U 2 .5 U 2 .5 U 2 .5 U 2 .5 U 4 .4 - U 3 .5 U 3 .5 Privacy in Bitcoin Jonas Nick 11/34

Bitcoin Clustering P2P wallet leak Analysis Conclusion Multi-input heuristic All inputs of a transaction belong to the same wallet. M 1 .5 M 1 .5 M 2 .6 U 2 .5 U 2 .5 U 2 .5 U 2 .5 U 4 .4 - U 3 .5 U 3 .5 U 3 .5 Privacy in Bitcoin Jonas Nick 11/34

Bitcoin Clustering P2P wallet leak Analysis Conclusion Shadow change heuristic Change pubkeys have never been seen before in the blockchain. Privacy in Bitcoin Jonas Nick 12/34