Study: Bitcoin Is Not Anonymous, Should Not Be Used Over Tor Network
At the 2015 IEEE Symposium on Security and Privacy, Ivan Pustogarov, a doctoral student at CryptoLUX, the University of Luxembourg’s cryptology research group and author of the research titled Bitcoin Over Tor Isn’t A Good Idea, stated that Bitcoin over Tor is not a good idea because Bitcoin is not anonymous and thus can be tracked.
According to Pustogarov’s research published in late 2014, the use of Bitcoin over the anonymous network Tor could reveal the identity of the buyers if the IP addresses are leaked and linked to Bitcoin transactions. The paper states, “A low-resource attacker can gain full control of information flows between all users who chose to use bitcoin over Tor. In particular the attacker can link together user’s transactions regardless of pseudonyms used … and a totally virtual bitcoin reality can be created for such users.”
The NSA, internet service providers like AT&T, malicious peers and remote low-resources attackers can link Bitcoin transactions to IP addresses, and thus can reveal the identity of the users on the Tor network. Therefore, Bitcoin developers recommend that users generate as many Bitcoin pseudonyms (Bitcoin public keys) as possible on the Tor network, to avoid IP leakage.
“Attackers can delay and drop blocks or transaction which increases the probability for double spending, use traffic confirmation to ‘deanonymize’ users or reveal their guard nodes, and also link different pseudonyms of the users,” said Pustogarov.
In simpler words, attackers can ban all good Tor relays and Bitcoin peers and prevent users from connecting to the Tor network.
The graph below was presented by Pustogarov at the symposium and it represents the average delay between Bitcoin peers and Tor’s exit capacity.
However, Pustogarov explained that there are ways to monitor the attacks and counter them. During the symposium, Pustogarov proposed the following solution:
- Force all Bitcoin-over-Tor clients to connect through bad peers and relays
- Set a fingerprint upon a suspicious transaction
- As a client connects to the peer without Tor, check the fingerprint and deanonymize the Tor transaction
- Increase chances to be chosen by client without Tor
Pustogarov’s research also stated that the creation of a program which checks the percentage of Tor exit nodes banned by the Bitcoin network could detect the attempts of the attackers to delay Bitcoin users on the Tor network.