Bit coin is a decentralized P2P digital currency in which coins are generated by a distributed set of miners and transactions are broadcasted via a peer-to-peer network. While Bit coin provides some level of anonymity (or rather pseudonymity) by encouraging the users to have any number of random-looking Bit coin addresses, recent research shows that this level of anonymity is rather low. This encourages users to connect to the Bit coin network through anonymizers like Tor and motivates development of default Tor functionality for popular mobile SPV clients. In this paper we show that combining Tor and Bit coin creates a new attack vector. A low-resource attacker can gain full control of information flows between all users who chose to use Bit coin over Tor. In particular the attacker can link together user's transactions regardless of pseudonyms used, control which Bit coin blocks and transactions are relayed to user and can delay or discard user's transactions and blocks. Moreover, we show how an attacker can fingerprint users and then recognize them and learn their IP addresses when they decide to connect to the Bit coin network directly.
[1]
Walid Dabbous,et al.
Compromising Tor Anonymity Exploiting P2P Information Leakage
,
2010,
ArXiv.
[2]
Adi Shamir,et al.
Quantitative Analysis of the Full Bitcoin Transaction Graph
,
2013,
Financial Cryptography.
[3]
S A R A H M E I K L E J O H N,et al.
A Fistful of Bitcoins Characterizing Payments Among Men with No Names
,
2013
.
[4]
Alex Biryukov,et al.
Trawling for Tor Hidden Services: Detection, Measurement, Deanonymization
,
2013,
2013 IEEE Symposium on Security and Privacy.
[5]
Patrick D. McDaniel,et al.
An Analysis of Anonymity in Bitcoin Using P2P Network Traffic
,
2014,
Financial Cryptography.
[6]
Alex Biryukov,et al.
Deanonymisation of Clients in Bitcoin P2P Network
,
2014,
CCS.