Silk Road forums
Discussion => Security => Topic started by: lithium on January 01, 2013, 08:40 pm
-
I found this paper on bitcoin graph analysis:
http://eprint.iacr.org/2012/584.pdf
Which rises a few questions. In the analysis they state that they could see who owns the most number of bitcoins. Since bitcoin transactions are all public, the more transactions can be linked to physical entities the greater the chance that the owners of these large accounts can be identified. Further more, if somebody owns a bitcoin account with a large number of bitcoins and then orders something from a compromized source having to give out their real address, wouldn't it also mean that this persons all previous transactions can now be traced as well?
They also seem to be able to join transactions that have gone through mixers. The paper states that it's quite easy to filter out large branches that are first separated and then joined back together into a lump sum of bitcoins - enabling them to assume that all the mixing nodes indeed belong to the same entity - as well as the ending node which is now connected to the starting node via all the branches inbetween.
Since all of the transactions are public and can be analyzed in this way, how safe is the bitcoin system? Wouldn't it be possible to trace virtually all transactions ever made inside the system and connect them to outside events as the analysis tools for the public blocks database become more advanced?
-
Since bitcoin transactions are all public, the more transactions can be linked to physical entities the greater the chance that the owners of these large accounts can be identified.
Correct.
Further more, if somebody owns a bitcoin account with a large number of bitcoins and then orders something from a compromized source having to give out their real address, wouldn't it also mean that this persons all previous transactions can now be traced as well?
It depends on how well they separated those transactions. All, some or none of their previous transactions could be linked.
They also seem to be able to join transactions that have gone through mixers. The paper states that it's quite easy to filter out large branches that are first separated and then joined back together into a lump sum of bitcoins - enabling them to assume that all the mixing nodes indeed belong to the same entity - as well as the ending node which is now connected to the starting node via all the branches inbetween.
The large coin transactions that they analyzed didn't go through the mixing services that exist today. It was much more crude. They were probably manually broken up into many addresses and rejoined. The better mixing services today use separate pools of addresses, so there's zero taint or linkage between them. A temporary ledger that keeps account of which coins go to which addresses is maintained in a separate database, and supposedly they delete that info after 6 confirmations.
However, it could still be possible to link transactions in separate address pools, assuming you can identify the addresses in them. If you know that a certain mixing service charges a 1.5% fee, and you see 100 bitcoins go in (in any number of transactions, from/to any number of addresses), then in the other pool you see 98.5 bitcoins come out (ditto), you could link the two. This is difficult with large mixing services and many transactions, but theoretically possible.
The defense is to buy more bitcoins than you need. If you need 30 BTC, buy 50, send them to the mixing service and then send 30 to SR and 20 somewhere else. That makes the coins much harder to link.
Since all of the transactions are public and can be analyzed in this way, how safe is the bitcoin system? Wouldn't it be possible to trace virtually all transactions ever made inside the system and connect them to outside events as the analysis tools for the public blocks database become more advanced?
Not all, because there isn't good data on a lot of purchases. Consider the people who use cash drops or buy through the mail. The addresses they use will always be hard if not impossible to link to an identity, and that's a matter of traditional detective work that no statistical analysis on the block chain can solve.