Bitcoin software must learn about past and present blockchain activity through network queries. When querying for less information than the entire blockchain, the software may leak which addresses, transactions, and other blockchain elements it is interested in; this betrays to network attackers that these elements are relevant to a single person or organization. Similarly, software that sends bitcoins to recipients may leak similar information by betraying its consistent network origin to an attacker across multiple transactions.
Network Observer: A Network Observer is any attacker who uses passive or active network-based attacks to breach the privacy of his victim. For wallets connecting to the Bitcoin P2P network, such attackers often include nodes in the Bitcoin network and infrastructure providers such as ISPs. For client-server based wallets such as web wallets, the wallet provider is a potential network attacker, in addition to ISPs.
Easy. Most Bitcoin clients are not configured to use privacy networks to protect network traffic. Therefore, software that does not obtain the entire blockchain creates specific queries that can be linked to a common network origin, such as IP address. Likewise, software that does not use privacy networks often leaks similar information by broadcasting multiple new transactions.
Common. Most consumer wallet clients, for example, download the tiny fraction of blockchain data relevant to their particular wallet addresses. Also, most Bitcoin software either does not support the use of privacy networks when broadcasting new transactions, or does not do so by default and requires substantial configuration effort by the user to enable it. Web-based clients also often include stateful information such as HTTP cookies in their requests that can correlate the requests.
Moderate. Unless a software provider transparently discloses these network-based information leaks, users generally require specialized inspection software and relevant expertise to examine the traffic created by their software and determine what is being leaked.
High. Common network origin for multiple correlated addresses, transactions, and other elements represents a high-confidence heuristic for clustering analysis. The false positives created through privacy networks such as VPNs and Tor can usually be easily identified and removed from the analysis set because those IP addresses are commonly known and discoverable by the public.
Full node clients such as bitcoind/Bitcoin-Qt and btcd download a full copy of the blockchain, and therefore avoid information leaks while querying for blockchain data. Recent versions of bitcoind/Bitcoin-Qt modestly raise the cost to network attackers to identify a common origin of new transactions by broadcasting them in a staggered fashion to peers over time [5]. [1] The software projects used the most, however, do not have any of these protections.
Specialized inspection software may be required to examine your software’s network traffic to determine how connections are formed and what information is transmitted. Some software may provide instructions for intermediate and advanced users on how to configure the software for use with private proxies.
Your software provider should be able to provide you with details concerning this weakness, as well as plans to improve defenses in their future development roadmap.
To fully protect a user’s network identity, software must consider a variety of network observers, including Bitcoin nodes, Internet Service Providers, and wallet providers. One such protection establishes proxies between the user and the observers; this is most robustly achieved by connecting the user through Tor, I2P, or a comparable private routing network by default. In order to avoid linking blockchain data that would otherwise be uncorrelated by an attacker, the software should open multiple connections to the endpoints from which it fetches data, and avoid reusing these connections for different queries in a detectable way. Full nodes mitigate some of these attacks by downloading their own private copy of the blockchain. SPV and client-server based wallets can save space, bandwidth, and computation resources by downloading only the blockchain data relevant to the user, but betray more to observers by downloading only select data.
- Patrick the privacy attacker has hacked a blockchain data API service used by some Bitcoin wallet clients to query data. When these wallet clients look up the balance for one of their accounts, they submit a request to the API service which includes their IP address and an extended public key (“XPUB”). Patrick has surreptitiously changed the service’s behavior to log the IP address and XPUB fields of requests, and to send him these logs. When Patrick’s logs reveal that a single IP address has queried multiple XPUBs, he knows that all of those accounts belong to the same wallet. He also derives the first 10,000 receiving addresses for each XPUB on his own machine, and uses this to inform his blockchain clustering analysis. This analysis gives him detailed information about the transaction history and balance of wallets that interact with his hacked API service.
- Paige the privacy attacker cheaply operates dozens of nodes on the Bitcoin network. These nodes log the IP address and client fingerprint of any peer nodes that query hers for blockchain data. When SPV clients connect to Paige's nodes and submit bloom filters to match for subsequent blockchain updates, Paige calculates locally the set of addresses that match this bloom filter, knowing that current software sets the bloom filter false positive rate to a negligible value. Paige uses this information to cluster the addresses that belong to a given IP address, giving her detailed information about the transaction history and balance of those wallets.
If you write Bitcoin software libraries or have used them, please consider submitting code examples of how to mitigate specific threats using the library of your choice. See: HOWTO-CONTRIBUTE and HOWTO-PROVIDE-FEEDBACK
- Network observer attack #4: Reduce the false positive rate of filters by comparing how the filters received from a single client change over time
- Network observer attack #5: Reduce the false positive rate of filters by comparing the transactions sent by a client with the filter they have sent
- Network observer attack #6: Link different identities based on a bloom/prefix filter or other balance query that matches addresses associated with multiple identities
- Network observer attack #7: Link different identities by observing that the same IP address is sending outgoing transactions associated with multiple identities
- Criterion II A 2 b: If balance information is obtained via querying more than one address in a given query, is a separate connection context used for each unique query?
- Criterion II B 2 a: Are outgoing transactions routed through a different entry point into the network than the source of balance information?
- Criterion II C 1 a: Avoids including addresses from multiple identity containers in the same balance query?
- Criterion II C 1 b: Avoids broadcasting outgoing transactions from different identity containers via the same connection context?
- Criterion III A 1 a: Number of clicks to create a new identity container from the home screen of an existing identity container
- Criterion III A 1 b: Number of clicks to assign an imported private key into an identity container
- ^ Bitcoin Core v0.12.0 Release Notes, Replace global trickle node with random delays (Pieter Wuille), bitcoin.org
- How do SPV (simple payment verification) wallets learn about incoming transactions? Bitcoin Stack Exchange.
- “An Analysis of Anonymity in the Bitcoin System”. Reid and Harrigan.
- Bitcoin Privacy Threat Model, 2nd Edition. Open Bitcoin Privacy Project
- Bloom filter privacy and thoughts on a newer protocol. Mike Hearn.
- Privacy in BitcoinJ. Jonas Nick.
- On the Privacy Provisions of Bloom Filters in Lightweight Bitcoin Clients. Arthur Gervais, Ghassan Karame, Damian Gruber, and Srdjan Capkun.
- Bloom Filter. Bitcoin.org.
This work is placed in the public domain.
Title: OBPP Top 4 Privacy Threats for 2016: T4: Linking Bitcoin Addresses Together Through Network Activity
Author: Open Bitcoin Privacy Project
Created: 2017-02-01
Last Updated: 2016-02-01