Saturday, 30 January 2016

Anonymity vs Pseudonymity In Cryptocurrencies

I wrote earlier this week about some of this misconceptions around Bitcoin.  Probably the biggest is that if you transact using Bitcoin you can do so with total anonymity.  In the case of Bitcoin Users are confusing anonymity  with pseudonymity.

Part of the design of the blockchain that Bitcoin uses is that every transaction is visible.  The blockchain is highly visible.  The table below shows the very latest blocks that have been accepted into the Bitcoin blockcahin:
This data is drawn from a site called http://blockr.io/ but there are several. If you visit https://blockchain.info/ you can even see the latest transactions that have been submitted but not yet accepted into the blockchain. In most of these online systems you can drill down into each transaction, including the as yet unconfirmed ones.  Here's one chosen at random:


The IP address from which the transaction hails could easily be obscured using something such as Tor, but as discussed previously Tor itself does not guarantee anonymity.

More importantly for those assuming Bitcoin is anonymous, the transactions have an origin and destination public address, and as soon as you have such meta data you can call upon cluster analysis to start to look for associations and correlations.  Using these techniques, combined with the fact that some addresses are well known sources of illegal activity, you can quickly start to build a picture of where "money" is flowing and for what purpose.

Not surprising then that research has been conducted for years using exactly these techniques, primarily to see how Bitcoin was actually being used.  The starting point was back in 2013 when Sarah Meiklejohn et al published their initial findings.

What was perhaps surprising was what the analysis revealed: the vasy majority by quantity (not value) of Bitcoin transactions (in 2012/2013) were for online gambling. 

Graphical Results From Work Of Meiklejohn et al

The technique was also used to analyse some very high profile thefts of Bitcoins.  One was particularly revealing as it showed that following what was billed as a theft by hackers, the Bictoins in question had not left the Bitcoin Exchange: it was shown to be fraud on a grand scale.

You probably also won't be surprised to learn that these techniques have been productised and are in use by law enforcement agencies around the world.  Probably the best tool I have come across is Chainalysis demonstrated live at a recent meetup in New York.



Having played with the tool I was able to track some very interesting activities and, without knowing who was behind the public addresses, it was possible to infer who they were and what they were doing.  Bear in mind that all transaction ever conducted with Bitcoin are kept in the blockchain so you can do some very interesting historical analysis.


And there you have it.  Bitcoin is not anonymous.  It affords a degree of anonymity but being only pseudonymous means that by careful analysis of the meta data it is often possible to track down illegal use of Bitcoins.  The classic policing technique of "follow the money" isn't dead yet.