Skip to main content
Download PDF

Computer Science > Cryptography and Security

Title:Bitcoin over Tor isn't a good idea

Abstract: Bitcoin is a decentralized P2P digital currency in which coins are generated by a distributed set of miners and transaction are broadcasted via a peer-to-peer network. While Bitcoin provides some level of anonymity (or rather pseudonymity) by encouraging the users to have any number of random-looking Bitcoin addresses, recent research shows that this level of anonymity is rather low. This encourages users to connect to the Bitcoin network through anonymizers like Tor and motivates development of default Tor functionality for popular mobile SPV clients. In this paper we show that combining Tor and Bitcoin creates an attack vector for the deterministic and stealthy man-in-the-middle attacks. A low-resource attacker can gain full control of information flows between all users who chose to use Bitcoin over Tor. In particular the attacker can link together user's transactions regardless of pseudonyms used, control which Bitcoin blocks and transactions are relayed to the user and can \ delay or discard user's transactions and blocks. In collusion with a powerful miner double-spending attacks become possible and a totally virtual Bitcoin reality can be created for such set of users. Moreover, we show how an attacker can fingerprint users and then recognize them and learn their IP address when they decide to connect to the Bitcoin network directly.
Comments: 11 pages, 4 figures, 4 tables
Subjects: Cryptography and Security (cs.CR)
Cite as: arXiv:1410.6079 [cs.CR]
  (or arXiv:1410.6079v2 [cs.CR] for this version)

Submission history

From: Ivan Pustogarov [view email]
[v1] Wed, 22 Oct 2014 15:37:07 UTC (207 KB)
[v2] Thu, 8 Jan 2015 00:42:57 UTC (214 KB)
Full-text links:


Current browse context:

new | recent | 1410

Change to browse by:


References & Citations


BibSonomy logo Mendeley logo Reddit logo ScienceWISE logo