Computing Reviews
Today's Issue Hot Topics Search Browse Recommended My Account Log In
Review Help
Search
Deanonymisation of clients in bitcoin P2P network
Biryukov A., Khovratovich D., Pustogarov I.  CCS 2014 (Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, Scottsdale, AZ, Nov 3-7, 2014)15-29.2014.Type:Proceedings
Date Reviewed: Nov 11 2015

Detailed descriptions of some parts of the bitcoin code that are not documented well are contained in this paper. Those trying to understand how the bitcoin code works should read this paper to start their journey. However, I am concerned about the knowledge and “hacking” techniques described in the paper for deanonymization of clients. Because core developers are changing the code regularly and can make this paper obsolete quickly, even elegant stochastic processes to measure different limits and bounds may produce different results as the code base is changing. At the same time, I understand that the authors’ goal is to make this paper obsolete as quickly as possible for the safety and security of bitcoin.

This is a novel approach to deanonymize clients while they are behind firewalls or network address translation (NAT). This technique will be useful in other networks and applications. The attack also needs a limited amount of resources, and will also work if “bitcoin encrypts the connection.” The techniques and probing used in this paper relate to the usage of the GETADDR, ADDR, and INVENTORY messages and that of the time stamps by the bitcoin protocol. The deanonymization process described in the paper has four steps. In step 1, it gets the list of bitcoin servers. In step 2, it composes the nodes it wants to deanonymize. In step 3, it maps clients to their entry nodes using some knowledge about the topology of the network. In step 4, transactions are mapped to entry nodes running in parallel to steps 1 to 3. This paper also describes “how to decrease block mining difficulty by creating an alternative blockchain.”

The attack described in the paper prohibits bitcoin servers from accepting connections via Tor or other similar services (section 3). This is not very practical, and parties looking to stay anonymous may stop using the system until they have access to such a service. Interestingly, once such a service is available, the proposed attack may not be able to deanonymize clients who are not using Tor or other similar services. Nevertheless, this paper is a good contribution toward making the bitcoin network more secure.
Reviewer:  Subhankar Ray Review #: CR143931 (1602-0171)
Bookmark and Share
 
Cybercash, Digital Cash (K.4.4 ... )
 
 
Abuse And Crime Involving Computers (K.4.1 ... )
 
 
Security and Protection (C.2.0 ... )
 
Would you recommend this review?
yes
no
Other reviews under "Cybercash, Digital Cash": Date
Beginning blockchain: a beginner’s guide to building blockchain solutions
Singhal B., Dhameja G., Panda P., Apress, New York, NY, 2018.  386, Type: Book (978-1-484234-43-3)		 Jul 8 2019
Blockchains from a distributed computing perspective
Herlihy M. Communications of the ACM 62(2): 78-85, 2019. Type: Article, Reviews: (1 of 2)		 Mar 14 2019
Blockchains from a distributed computing perspective
Herlihy M. Communications of the ACM 62(2): 78-85, 2019. Type: Article, Reviews: (2 of 2)		 Mar 18 2019
more...
E-Mail This Printer-Friendly
Send Your Comments
Contact Us
Reproduction in whole or in part without permission is prohibited.   Copyright 1999-2024 ThinkLoud®
Terms of Use | Privacy Policy