How One Piece of Paper Disproved the Anonymity Claim of Bitcoin

All individuals transacting in Bitcoin are within six degrees or fewer of separation from a core group, say researchers.

FREMONT, CA:The idea that the numerical addresses of Bitcoin and other wallets will conceal the identities of those using them to purchase and trade has long been a tenet of the cryptocurrency ecosystem. This presumption of anonymity has been disproved by a new report published by researchers at Rice University and Baylor College of Medicine. The report, which is now available on the researchers' server, is titled Cooperation within an Anonymous Group, Protected Bitcoin through Failures of Decentralization.

A lead researcher from Baylor and Rice University, and her teammates Christoph Huber, Yossi Eliaz, Muhammad S. Shamim, David Weisz, Goutham Seshadri, Kevin Kim, Shengqi Hang, and Erez Lieberman Aiden examined Bitcoin transactions from January 2009 to February 2011 using a method known as address linking.

In the first two years, most Bitcoin was mined by only sixty-four agents, collectively accounting for ₿2,676,800 (PV: USD 84 billion), according to their major finding. They're talking about the method of creating fresh currencies by resolving computer puzzles. They note that the sum of 64 people is 1000 times smaller than previous estimates of the membership of the early Bitcoin community (75,000).

Among the 64 are some illustrious individuals who have already attained legendary status, such as Ross Ulbricht, also known as the nom de guerre Dread Pirate Roberts. Ulbricht is the creator of Silk Road, a dark web marketplace that exploited Bitcoin for illegal objectives until the FBI shut it down.

Blackburn and his team wanted to investigate the effects of anonymous players in game-theoretical scenarios. Unexpectedly, they discovered that early adopters like Ulbricht could have taken advantage of the relatively small number of users by weakening Bitcoin to double-spend funds, but they chose not to. They acted altruistically to keep the system's integrity.

While it is fascinating, the ability to track down addresses and identify people is a more urgent development.

The conventional banking approach ensures a certain level of privacy by only allowing the parties involved and the trusted third party access to information. This approach cannot be used because all transactions must be disclosed to the public, but privacy can still be protected by blocking the information's flow by making public keys anonymous. The public can observe that money is being transferred from one person to another, but no one is identifiable from the transaction. This is comparable to the level of information disclosed by stock exchanges, where the tape, or the time and size of individual trades, is made available to the public without disclosing the identities of the persons involved.

Each transaction should utilise a different key pair as an additional firewall to prevent them from being connected to the same owner. With multi-input transactions, some linkage is still inevitable because it is necessary to indicate that the same owner controlled all of the inputs. Linking could show other transactions that belonged to the same owner if the owner of a key is made public.

Blackburn and his colleagues had to reverse-engineer the fundamental idea behind Bitcoin and all other cryptocurrencies' anonymity to determine who was carrying out those early transactions.

The initial Bitcoin white paper specified that privacy will be protected through the use of anonymous public keys and the creation of fresh key pairs for each transaction. Blackburn and crew were required to track those significant pairs to identify the early Bitcoin trading parties. They created what they described as a new address-linking mechanism to do this.

The system seeks two patterns that identify users: the first is the presence of recurring code, and the second is the use of duplicate addresses in some transactions.

Both of these methods take advantage of the way that the bitcoin mining software produced seemingly useless strings that were utilised as a part of the cryptographic safeguards against counterfeiting. In actuality, the seemingly meaningless sequences connected to a single user show strong relationships. The other two methods take advantage of insecure user actions that allow addresses to be linked depending on transaction activity, such as using numerous addresses to pay for a single transaction.

As a result, they claim, it is possible to follow the money and reveal any identity by starting with a known identity and tracing a chain of relatedness in a graph of addresses:

These network characteristics have unanticipated privacy repercussions since they increase the network's susceptibility to deanonymization through the follow-the-money method. By finding a brief transaction path connecting a target bitcoin address to an address whose identity is known and using off-chain data sources (such as public data and subpoenas) to walk along the path, it is possible to determine who-paid-whom to de-identify addresses until the target address is found.

More specifically, they speculate that several cryptocurrencies may be vulnerable to follow-the-money assaults. When encrypting private material and making it public, customers cannot believe that it'll be private forever. Drip-by-drip, information leakage erodes the once-impenetrable blocks, carving out a new landscape of socioeconomic data, the team writes in the report's conclusion.