Bitcoin over Tor isn't a good idea (1410.6079v2)

Abstract: Bitcoin is a decentralized P2P digital currency in which coins are generated by a distributed set of miners and transaction are broadcasted via a peer-to-peer network. While Bitcoin provides some level of anonymity (or rather pseudonymity) by encouraging the users to have any number of random-looking Bitcoin addresses, recent research shows that this level of anonymity is rather low. This encourages users to connect to the Bitcoin network through anonymizers like Tor and motivates development of default Tor functionality for popular mobile SPV clients. In this paper we show that combining Tor and Bitcoin creates an attack vector for the deterministic and stealthy man-in-the-middle attacks. A low-resource attacker can gain full control of information flows between all users who chose to use Bitcoin over Tor. In particular the attacker can link together user's transactions regardless of pseudonyms used, control which Bitcoin blocks and transactions are relayed to the user and can \ delay or discard user's transactions and blocks. In collusion with a powerful miner double-spending attacks become possible and a totally virtual Bitcoin reality can be created for such set of users. Moreover, we show how an attacker can fingerprint users and then recognize them and learn their IP address when they decide to connect to the Bitcoin network directly.

• The paper identifies significant security vulnerabilities when combining Bitcoin with Tor, enabling low-resource attackers to compromise user anonymity.
• Bitcoin communications over Tor are susceptible to man-in-the-middle attacks, allowing attackers to manipulate transaction visibility and potentially link pseudonyms.
• A fingerprinting technique using Bitcoin's peer discovery allows attackers to identify Tor users' real IP addresses, potentially linking activities to a single identity.

Analyzing the Security Risks of Using Bitcoin Over Tor

The paper "Bitcoin over Tor isn't a good idea" authored by Alex Biryukov and Ivan Pustogarov delivers an analytical evaluation of the security vulnerabilities posed by utilizing Bitcoin transactions through the Tor network. This research elucidates the security implications resulting from the combination of Bitcoin's decentralized currency protocol with Tor's anonymity network, thereby uncovering a potential attack surface for low-resource adversaries.

The authors dissect the components of both Bitcoin and Tor, articulating how their integration can culminate in compromised security and anonymity. Although Bitcoin transactions ostensibly offer pseudonymity, prior work has demonstrated significant susceptibility to de-anonymization attacks. Tor, while enhancing privacy by obscuring user IP addresses, inadvertently offers additional avenues for malevolent actors when intertwined with Bitcoin.

The research presents two pivotal contributions:

1. Man-in-the-Middle Attack Potential: The paper highlights that Bitcoin communications over Tor are exposed to man-in-the-middle (MITM) attacks. An attacker could gain authoritative control over the data exchanges, deciding which blockchain transactions and blocks are visible to the end-user. This manipulation opens several attack vectors, including transaction linking across pseudonyms, selective relay of transaction data, and potential to forge a dystopian Bitcoin “reality” by discarding/blocking valid transactions.
2. Fingerprinting Technique for User Identification: The authors develop a fingerprinting technique facilitated by Bitcoin's peer discovery methodology. This allows adversaries to place a unique "address cookie" within a user's connection database. Consequently, users can unwittingly disclose their real IP when they connect unencrypted to the network after utilizing Tor. This fingerprinting could persist across multiple sessions—potentially tethering all pseudonymous actions to a single real-world identity.

The implications of this paper are profound within both theoretical constructs and practical applications. On a theoretical front, it challenges the assumed defensibility of privacy mechanisms within convergent decentralized technologies; practically, it underscores pervasive vulnerabilities in current Bitcoin over Tor implementations used by privacy-demanding users.

A calculated estimation appeases the concerns that attackers would require modest resources to execute the aforementioned attacks. The paper illustrates that an economy-level adversary could impeach Bitcoin users' anonymity for financial costs significantly lower than previously estimated.

Future research may pivot on developing secure protocols to counteract identified vulnerabilities in the interoperation of Bitcoin and Tor or exploring alternative anonymity services designed explicitly with inherent blockchain interactions in mind. Potential defenses like authenticated encryption of Bitcoin traffic or enhanced Tor path selection protocols are worth noting. Envisioning robust countermeasures will be integral in attenuating the highlighted security ramifications for Bitcoin users leveraging Tor for enhanced privacy.

This paper decisively contributes to the discourse on digital currency security and privacy, reinforcing the necessity for conscientious scrutiny and iterative advancements in safeguarding mechanisms within cryptographic and decentralized ecosystems.