Best News Network

How one paper just blew up Bitcoin’s claim to anonymity

crypto-mining.jpg

By Jiap — Shutterstock

It has been a totem of the cryptocurrency community that the numeric addresses of Bitcoin and other wallets will protect the identity of those using them to buy and sell. 

A new paper, released this week by researchers at Baylor College of Medicine and Rice University, has shattered that presumed anonymity. Titled “Cooperation among an anonymous group, protected Bitcoin during failures of decentralization,” the paper is now posted on the researchers’ server.

Lead researcher Alyssa Blackburn of Baylor and Rice, along with team-mates Christoph Huber, Yossi Eliaz, Muhammad S. Shamim, David Weisz, Goutham Seshadri, Kevin Kim, Shengqi Hang, and Erez Lieberman Aiden, used a technique called “address linking” to study the Bitcoin transactions in the first two years of its existence: January of 2009 to February of 2011.

Their key discovery is that, in those first two years, “most Bitcoin was mined by only sixty-four agents […] collectively accounting for ₿2,676,800 (PV: $84 billion).” They are referring to the process of minting new coins by solving computer challenges. 

That number — 64 people in total — “is 1000-fold smaller than prior estimates of the size of the early Bitcoin community (75,000),” they observe. 

Those 64 people include some notable figures that have already become legends, such as Ross Ulbricht, known by the handle Dread Pirate Roberts. Ulbricht is the founder of Silk Road, a black-market operation that used Bitcoin for illicit means — until it was shut down by the FBI. 

bitcoin research circle graph of mining agents

“Fig 1. Sixty-four agents mined most of the bitcoin between bitcoin’s launch and when it achieved price parity with the US dollar. We exploited data leakage to construct a map of the blockchain in early 2011, in which bitcoin are arranged according to the agent that mined them.”

Blackburn et al.

For Blackburn and team, the point was to study the effects of people participating in game-theoretic situations as anonymous parties. Surprisingly, they found early insiders like Ulbricht could have exploited the relative paucity of participants by undermining Bitcoin to double-spend coins, but they did not. They acted “altruistically” to maintain the integrity of the system.

That’s intriguing, but a more pressing discovery is that addresses can be traced and identities can be revealed. 

To find out who was doing those early transactions, Blackburn and team had to reverse-engineer the entire premise of Bitcoin and of all crypto: anonymity. 

As outlined in the original Bitcoin white paper by Satoshi Nakamoto, privacy was to be preserved by two means: anonymous public key use and creating new key pairs for every transaction.

The public can see that someone is sending an amount to someone else without information linking the transaction to anyone. This is similar to the level of information released by stock exchanges, where the time and size of individual trades, the “tape,” is made public without identifying the parties. 

A new key pair should be used for each transaction to keep them from being linked to a common owner. Some linking is still unavoidable with multi-input transactions, which reveal that the same owner owned their inputs. The risk is that if the owner of a key is revealed, linking could reveal other transactions that belonged to the same owner.

Blackburn and team had to trace those key pairs to reveal early Bitcoin’s transacting parties. To do so, they developed what they called a novel address-linking scheme. 

The scheme finds two patterns that point to users: one is the presence of recurring bits of code, and one is duplicate addresses for certain transactions. These techniques exploit how the Bitcoin mining software generates strings, which are used as part of bitcoin’s cryptographic protections against forgery. In fact, there are extensive correlations between the apparently-meaningless strings associated with a single user. They also exploit insecure user behaviors, such as the use of multiple addresses to pay for a single transaction, that make it possible to link addresses based on transaction activity.

The consequences, they write, are that it’s possible to “follow the money” to expose any identity by following a chain of relatedness in a graph of addresses, starting from a known identity.

“In this approach, the identity of a target Bitcoin address can be ascertained by identifying a short transaction path linking it to an address whose identity is known and then using off-chain data sources (ranging from public data to subpoenas) to walk along the path, determining who-paid-whom to de-identify addresses until the target address is identified,” Blackburn and team write.

Further, they hypothesize that “many cryptocurrencies may be susceptible to follow-the-money attacks.”

Blackburn told The New York Times‘s Siobhan Roberts, “When you are encrypting private data and making it public, you cannot assume that it’ll be private forever.”

As the team concludes in the report, “Drip-by-drip, information leakage erodes the once-impenetrable blocks, carving out a new landscape of socioeconomic data.”

Stay connected with us on social media platform for instant update click here to join our  Twitter, & Facebook

We are now on Telegram. Click here to join our channel (@TechiUpdate) and stay updated with the latest Technology headlines.

For all the latest Technology News Click Here 

 For the latest news and updates, follow us on Google News

Read original article here

Denial of responsibility! NewsAzi is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.