A group of researchers in Luxembourg say they have found a way to uncover the identities of Bitcoin users. So how anonymous is the vaunted crypto-currency?
Bitcoin has been having some difficulty persuading consumers to use it for online transactions, but the virtual currency is nevertheless slowly starting to win people over. Bitcoin is a peer-to-peer system, which means there is no centralisation or control, and payments can be made rapidly across the world free of charge. Every user’s identity is hidden behind an encrypted pseudonym and an address, both of which can be changed on a regular basis to protect confidentiality. Against this background, a team of cryptographic experts working at the University of Luxembourg have been carrying out research in order to find out whether the system really guarantees anonymous transactions. Now the researchers, Alex Biryukov, Dmitri Khovratovich and Ivan Pustogarov, have just published a paper entitled ‘Deanonymisation of clients in Bitcoin P2P network’, in which they claim to have discovered a means of identifying users’ IP addresses.
Closing the loophole
The three cryptographers describe their method of finding out by whom – or at least from which IP address – a given transaction was being made. Focusing on the Tor security network used by many Bitcoin aficionados to protect their identity, they managed to disable Tor access to the user’s client by using deliberately malformed messages and were then able to get the Bitcoin server to reveal the IP address that was connecting to the Bitcoin entry nodes. Using this method, the researchers claim to have managed to ‘de-anonymise’ up to 60% of all users targeted. They say a hacker could discover the identity of a Bitcoin user by spending just under €1,500 on an attack involving several computers, which means that most ordinary Internet users would not be able to exploit this weak point and only the most experienced and best equipped hackers will be able to get in through the loophole. Nevertheless, the aim of the Luxembourg team is not simply to point out deficiencies in the system but to help rectify the situation, and they are now working with the Bitcoin developers on new software designed to render transactions really secure and anonymous.
Transparency versus confidentiality
It will come as no surprise however to learn that people closely involved with the virtual currency are aware of potential privacy issues. “Bitcoin is often perceived as an anonymous payment network. But in reality, Bitcoin is probably the most transparent payment network in the world,” points out one of the first sites dedicated to the currency. For this reason a number of tools such as Darkwallet have already been developed with a view to enhancing the confidentiality of Bitcoin financial transactions. The Luxembourg research project is one of the very first efforts to test the limits of the crypto-currency but, given the obvious attractions of having an anonymous cash-like system for worldwide online transfers, it will doubtless not be the last. Meanwhile the revelations might well make people hesitate before embarking on such innovative ideas as preserving their DNA via the Bitcoin network, or even simply making micro-payments over the social networks, where a degree of confidentiality is a major requirement.