How One Paper Just Blew Up Bitcoin's Claim To Anonymity

An anonymous reader quotes a report from ZDNet: Lead researcher Alyssa Blackburn of Baylor and Rice, along with team-mates Christoph Huber, Yossi Eliaz, Muhammad S. Shamim, David Weisz, Goutham Seshadri, Kevin Kim, Shengqi Hang, and Erez Lieberman Aiden, used a technique called 'address linking' to study the Bitcoin transactions in the first two years of its existence: January of 2009 to February of 2011. Their key discovery is that, in those first two years, 'most Bitcoin was mined by only sixty-four agents [] collectively accounting for B2,676,800 (PV: $84 billion).' They are referring to the process of minting new coins by solving computer challenges. That number -- 64 people in total -- 'is 1000-fold smaller than prior estimates of the size of the early Bitcoin community (75,000),' they observe. Those 64 people include some notable figures that have already become legends, such as Ross Ulbricht, known by the handle Dread Pirate Roberts. Ulbricht is the founder of Silk Road, a black-market operation that used Bitcoin for illicit means -- until it was shut down by the FBI.

For Blackburn and team, the point was to study the effects of people participating in game-theoretic situations as anonymous parties. Surprisingly, they found early insiders like Ulbricht could have exploited the relative paucity of participants by undermining Bitcoin to double-spend coins, but they did not. They acted 'altruistically' to maintain the integrity of the system. That's intriguing, but a more pressing discovery is that addresses can be traced and identities can be revealed. To find out who was doing those early transactions, Blackburn and team had to reverse-engineer the entire premise of Bitcoin and of all crypto: anonymity.

As outlined in the original Bitcoin white paper by Satoshi Nakamoto, privacy was to be preserved by two means: anonymous public key use and creating new key pairs for every transaction. Blackburn and team had to trace those key pairs to reveal early Bitcoin's transacting parties. To do so, they developed what they called a novel address-linking scheme. The scheme finds two patterns that point to users: one is the presence of recurring bits of code, and one is duplicate addresses for certain transactions. The consequence of that, they write, is that it is possible to 'follow the money' to expose any identity by following a chain of relatedness in a graph of addresses, starting from a known identity. Further, they hypothesize that 'many cryptocurrencies may be susceptible to follow-the-money attacks.' Blackburn told The New York Times's Siobhan Roberts, 'When you are encrypting private data and making it public, you cannot assume that it'll be private forever.' As the team concludes in the report, 'Drip-by-drip, information leakage erodes the once-impenetrable blocks, carving out a new landscape of socioeconomic data.' The new paper, titled 'Cooperation among an anonymous group, protected Bitcoin during failures of decentralization,' has been posted on the researchers' server (PDF).

Read more of this story at Slashdot.