Bitcoin Forum

Bitcoin => Bitcoin Discussion => Topic started by: dacoinminster on August 04, 2011, 02:42:40 PM



Title: "BlitCoin": "unmasks one or both ends of a BitCoin transaction"?
Post by: dacoinminster on August 04, 2011, 02:42:40 PM
From this article: http://searchsecurity.techtarget.com/news/2240039221/Black-Hat-2011-Dan-Kaminsky-reveals-network-security-research-topics

Quote
BitCoin, a digital, virtual currency system, was the platform for some of Kaminsky’s new research. BitCoin is a payment system that charges a low cost per transaction. Each transaction is digitally signed and broadcast, supposedly anonymously, over a peer-to-peer network. Kaminsky announced a new tool called BlitCoin that unmasks one or both ends of a BitCoin transaction.

Anybody know anything about this supposed tool to unmask bitcoin users? Google search for "blitcoin"+kaminsty just returns two links to the article quoted above:

http://www.google.com/search?q="blitcoin"+kaminsky (http://www.google.com/search?q="blitcoin"+kaminsky)

That won't be true for long, but here is what I see:

http://img534.imageshack.us/img534/346/blitcoin.png (http://imageshack.us/photo/my-images/534/blitcoin.png/)


Title: Re: "BlitCoin": "unmasks one or both ends of a BitCoin transaction"?
Post by: Tasty Champa on August 04, 2011, 02:50:34 PM
I think I bought weed from that guy once. xD


Title: Re: "BlitCoin": "unmasks one or both ends of a BitCoin transaction"?
Post by: elggawf on August 04, 2011, 02:52:33 PM
He announced it at BlackHat yesterday - expect it to be a little while before even the slides show up, but more details will be forthcoming.

Or someone who actually went to Blackhat might post. I couldn't afford to go. :(


Title: Re: "BlitCoin": "unmasks one or both ends of a BitCoin transaction"?
Post by: wumpus on August 04, 2011, 02:56:32 PM
Consensus on the mailing list seems to be that this guy built a graph analysis tool, using some well known properties to associate addresses.

If that's the case it's kind of far-fetched to call it a security vulnerability. But until someone that was there reveals more, it's only guessing...



Title: Re: "BlitCoin": "unmasks one or both ends of a BitCoin transaction"?
Post by: Tasty Champa on August 04, 2011, 03:04:07 PM
Consensus on the mailing list seems to be that this guy built a graph analysis tool, using some well known properties to associate addresses.

If that's the case it's kind of far-fetched to call it a security vulnerability. But until someone that was there reveals more, it's only guessing...



something that correlates transactions to nodes, like MagicalTux's proof of concept for mining clients?
displays everything on a google map?


Title: Re: "BlitCoin": "unmasks one or both ends of a BitCoin transaction"?
Post by: kokjo on August 04, 2011, 03:09:52 PM
he seems to be serious. but unmasking is maybe a far fetch.
but i will gladly read the sliders when they come out. :)


Title: Re: "BlitCoin": "unmasks one or both ends of a BitCoin transaction"?
Post by: spruce on August 04, 2011, 03:13:07 PM
There's an interesting paper published 22 July online at http://arxiv.org/abs/1107.4524 entitled An Analysis of Anonymity in the Bitcoin System. There's an article based on that paper here: http://anonymity-in-bitcoin.blogspot.com/2011/07/bitcoin-is-not-anonymous.html

It's not Blitcoin, of course. I'll be interested to see what Kaminsky has come up with.


Title: Re: "BlitCoin": "unmasks one or both ends of a BitCoin transaction"?
Post by: allinvain on August 04, 2011, 03:38:34 PM
I hope he releases this tool, cause I'd like to use it to find out as much details as possible about a bitcoin theft I was the victim of in June. I'd be surprised if it really works to be honest, but you never know.



Title: Re: "BlitCoin": "unmasks one or both ends of a BitCoin transaction"?
Post by: spruce on August 04, 2011, 10:29:56 PM
From newbie:
Hi!  I was trying to respond to https://bitcointalk.org/index.php?topic=34383.0 , but as a newbie I can't.  So, maybe someone can quote this (or even move this) to that thread.

I'm Dan Kaminsky.  I'm the reason there's ASCII text that's returned if you run:

strings --bytes=20 .bitcoin/blk0001.dat

As reported, I've got a BitCoin deanonymization mechanism.  It's not complicated.

Connect to every node in the cloud, discoverable via sweeping/IRC/get_peers messages.  The first IP to consistently relay transactions for a given identity, is the given identity.

Of course the entire BitCoin cloud doesn't allow inbound connections (although you can do rather evil stuff with UPNP to force that open too).  But this isn't a problem -- there's only about 3000 to 8000 IPs that are BitCoin nodes that accept inbound connections.  Since everyone else depends on them, you just need to create your own mass cluster of IPs that are a decent chunk of the P2P network.  Nodes on average have seven outbound connections, so it should take only a few hundred unique to be one of the first-hop peers even for the outbound-only set.

Now that I think about it, it might even be possible to do this from a single IP, with lots of ports.  I remember seeing some code in there to try to distribute peers across Class B's though so this can be interesting bug #9 that BitCoin manages to smush.

(As a note, I have a tremendous amount of respect for BitCoin; I count it in the top five most interesting security projects of the decade.  Entire classes of bugs are missing.  But it's just not an anonymous solution, and the devs will say as much.)


Title: Re: "BlitCoin": "unmasks one or both ends of a BitCoin transaction"?
Post by: dacoinminster on August 04, 2011, 10:41:26 PM
From newbie:
Hi!  I was trying to respond to https://bitcointalk.org/index.php?topic=34383.0 , but as a newbie I can't.  So, maybe someone can quote this (or even move this) to that thread.

I'm Dan Kaminsky.  I'm the reason there's ASCII text that's returned if you run:

strings --bytes=20 .bitcoin/blk0001.dat

As reported, I've got a BitCoin deanonymization mechanism.  It's not complicated.

Connect to every node in the cloud, discoverable via sweeping/IRC/get_peers messages.  The first IP to consistently relay transactions for a given identity, is the given identity.

Of course the entire BitCoin cloud doesn't allow inbound connections (although you can do rather evil stuff with UPNP to force that open too).  But this isn't a problem -- there's only about 3000 to 8000 IPs that are BitCoin nodes that accept inbound connections.  Since everyone else depends on them, you just need to create your own mass cluster of IPs that are a decent chunk of the P2P network.  Nodes on average have seven outbound connections, so it should take only a few hundred unique to be one of the first-hop peers even for the outbound-only set.

Now that I think about it, it might even be possible to do this from a single IP, with lots of ports.  I remember seeing some code in there to try to distribute peers across Class B's though so this can be interesting bug #9 that BitCoin manages to smush.

(As a note, I have a tremendous amount of respect for BitCoin; I count it in the top five most interesting security projects of the decade.  Entire classes of bugs are missing.  But it's just not an anonymous solution, and the devs will say as much.)

So "deanonymize" means "associate transaction with IP address"? If so, that does seem like it would work. I recall seeing somewhere that bitcoin can run over TOR, but I doubt very many people do that. I guess if you are using silk road you should!

Unfortunately, it won't help anybody investigating past crimes, since you would have to be monitoring the network in this way when the crime happened.

Also, is Dan claiming he put text in the genesis block? Maybe I don't understand correctly, or maybe it was a joke . . .

Hopefully a mod can whitelist Dan so he can chat in this thread.


Title: Re: "BlitCoin": "unmasks one or both ends of a BitCoin transaction"?
Post by: BitVapes on August 04, 2011, 10:48:24 PM
Also, is Dan claiming he put text in the genesis block? Maybe I don't understand correctly, or maybe it was a joke . . .

Not the genesis block, a more recent block. He embedded some text in the blockchain, an ASCII-art tribute to a hacker who recently committed suicide, as well as Ben Bernanke, the terrorist (http://silvervigilantes.com/2011/ben-bernanke-is-a-criminal/) who controls the world economy.


Title: Re: "BlitCoin": "unmasks one or both ends of a BitCoin transaction"?
Post by: Tasty Champa on August 04, 2011, 10:51:49 PM
I suggest licensing a screenshot so all the media outlets that want to cover this are forced to pay Dan BTC! xD


Title: Re: "BlitCoin": "unmasks one or both ends of a BitCoin transaction"?
Post by: dacoinminster on August 04, 2011, 10:56:42 PM
Also, is Dan claiming he put text in the genesis block? Maybe I don't understand correctly, or maybe it was a joke . . .

Not the genesis block, a more recent block. He embedded some text in the blockchain, an ASCII-art tribute to a hacker who recently committed suicide, as well as Ben Bernanke, the terrorist (http://silvervigilantes.com/2011/ben-bernanke-is-a-criminal/) who controls the world economy.

Somebody paste it please. I'm lazy/busy/not running linux, but I want to see the tribute to the hacker who became "an hero".


Title: Re: "BlitCoin": "unmasks one or both ends of a BitCoin transaction"?
Post by: bitclown on August 04, 2011, 11:01:30 PM
Also, is Dan claiming he put text in the genesis block? Maybe I don't understand correctly, or maybe it was a joke . . .

Not the genesis block, a more recent block. He embedded some text in the blockchain, an ASCII-art tribute to a hacker who recently committed suicide, as well as Ben Bernanke, the terrorist (http://silvervigilantes.com/2011/ben-bernanke-is-a-criminal/) who controls the world economy.

Somebody paste it please. I'm lazy/busy/not running linux, but I want to see the tribute to the hacker who became "an hero".
If you're that busy it would have been quicker to just search the forums than to write that post...
https://bitcointalk.org/index.php?topic=33618.0


Title: Re: "BlitCoin": "unmasks one or both ends of a BitCoin transaction"?
Post by: dacoinminster on August 04, 2011, 11:45:28 PM
For the even lazier:


---BEGIN TRIBUTE---
#./BitLen          
:::::::::::::::::::
:::::::.::.::.:.:::
:.: :.' ' ' ' ' : :
:.:'' ,,xiW,"4x, ''
:  ,dWWWXXXXi,4WX,  
' dWWWXXX7"     `X,
 lWWWXX7   __   _ X
:WWWXX7 ,xXX7' "^^X
lWWWX7, _.+,, _.+.,
:WWW7,. `^"-" ,^-'  
 WW",X:        X,  
 "7^^Xl.    _(_x7'  
 l ( :X:       __ _
 `. " XX  ,xxWWWWX7
  )X- "" 4X" .___.  
,W X     :Xi  _,,_  
WW X      4XiyXWWXd
"" ,,      4XWWWWXX
, R7X,       "^447^
R, "4RXk,      _, ,
TWk  "4RXXi,   X',x
lTWk,  "4RRR7' 4 XH
:lWWWk,  ^"     `4  
::TTXWWi,_  Xll :..
=-=-=-=-=-=-=-=-=-=
LEN "rabbi" SASSAMA
     1980-2011      
Len was our friend.
A brilliant mind,  
a kind soul, and    
a devious schemer;  
husband to Meredith
brother to Calvin,  
son to Jim and      
Dana Hartshorn,    
coauthor and        
cofounder and      
Shmoo and so much  
more.  We dedicate  
this silly hack to  
Len, who would have
found it absolutely
hilarious.          
--Dan Kaminsky,    
Travis Goodspeed    
P.S.  My apologies,
BitCoin people.  He
also would have    
LOL'd at BitCoin's  
new dependency upon
   ASCII BERNANKE  
:'::.:::::.:::.::.:
: :.: ' ' ' ' : :':
:.:     _.__    '.:
:   _,^"   "^x,   :
'  x7'        `4,  
 XX7            4XX
 XX              XX
 Xl ,xxx,   ,xxx,XX
( ' _,+o, | ,o+,"  
 4   "-^' X "^-'" 7
 l,     ( ))     ,X
 :Xx,_ ,xXXXxx,_,XX
  4XXiX'-___-`XXXX'
   4XXi,_   _iXX7'  
  , `4XXXXXXXXX^ _,
  Xx,  ""^^^XX7,xX  
W,"4WWx,_ _,XxWWX7'
Xwi, "4WW7""4WW7',W
TXXWw, ^7 Xk 47 ,WH
:TXXXWw,_ "), ,wWT:
::TTXXWWW lXl WWT:  
----END TRIBUTE----


I read a bit about him. Definitely seems like the sort of person who should be in the block chain. Could even be Satoshi himself. I wonder what he couldn't live with . . .

Edit: It was depression (http://boingboing.net/2011/07/04/rip-len-sassaman-cyp.html) and he probably wasn't Satoshi since he wasn't too impressed with bitcoin (https://twitter.com/#!/lensassaman/status/82754572958961664 (https://twitter.com/#!/lensassaman/status/82754572958961664)). Interesting that there were several days of twitter silence before his death (https://twitter.com/#!/lensassaman (https://twitter.com/#!/lensassaman)). I think I've been hanging around some of you conspiracy theorists for too long.


Title: Re: "BlitCoin": "unmasks one or both ends of a BitCoin transaction"?
Post by: elggawf on August 05, 2011, 12:46:40 AM
Since everyone else depends on them, you just need to create your own mass cluster of IPs that are a decent chunk of the P2P network.

I thought it was going to come down to this, personally. I was kind of hoping for something a little more interesting, giving his penchant for breaking shit - but this is neat too.


Title: Re: "BlitCoin": "unmasks one or both ends of a BitCoin transaction"?
Post by: bitplane on August 05, 2011, 01:03:13 AM
What type of transactions are we talking about here? Would you need to actually spend BTC to reveal information?

Can anyone who is familiar with the network source give us a breakdown of how this attack would work?


Title: Re: "BlitCoin": "unmasks one or both ends of a BitCoin transaction"?
Post by: dakami on August 05, 2011, 01:09:29 AM
Heh all.

Slides are up at dankaminsky.com/bo2k11.

"What type of transactions are we talking about here? Would you need to actually spend BTC to reveal information? "

Loose transactions that involve sending money, can expose the IP address of the sender.  The transaction has to enter the relay network somehow, and the first sender is the source.

"I was kind of hoping for something a little more interesting, giving his penchant for breaking shit - but this is neat too."

No need to overcomplicate things.  Although, looking at the source, each peer node that is selected from the outbound lists has to be on a unique /16 network.  Getting large numbers of nodes with inbound connectivity and unique x.y.0.0 addresses is actually a bit of a task.  I have a little more interesting plan for how to achieve that inexpensively.


Title: Re: "BlitCoin": "unmasks one or both ends of a BitCoin transaction"?
Post by: elggawf on August 05, 2011, 01:11:57 AM
What type of transactions are we talking about here? Would you need to actually spend BTC to reveal information?

Can anyone who is familiar with the network source give us a breakdown of how this attack would work?

I'm guessing you just float a buttload of incoming-capable P2P hosts on the Bitcoin network*, then wait for your mark to spend some coins. You might be able to speed this process up by spending some to them, so they think "shit, free money" and spend it elsewhere, but maybe not and it's certainly not always required if you can know they're going to do a spend at some point.

Then the basic idea is you just watch which peer on the network the transaction comes from first, with that peer being the likely IP address of the originator. It involves a lot of peers (since you need a way to guarantee that you are connected to pretty much every peer on the network), some luck, and you have to hope that they're not using a proxy/open WLAN/whatever, and that getting their IP is useful in actually identifying them.

It's not really a useful real-world attack for the most part, other than demonstrating that "anonymous" is absolutely the wrong word to describe Bitcoin... but if you've done your reading then you know that the only people who use the word "anonymous" to describe Bitcoin don't know their arse from their elbow anyway.

Edit: Yes, the slides indeed say this and he even suggests it's not as many as I figured you'd need given that the average outbound-only client connects to about 7~8 peers.


Title: Re: "BlitCoin": "unmasks one or both ends of a BitCoin transaction"?
Post by: bitplane on August 05, 2011, 01:47:23 AM
Superb, that makes sense. Thanks for clarifying :)


Title: Re: "BlitCoin": "unmasks one or both ends of a BitCoin transaction"?
Post by: netrin on August 05, 2011, 04:00:05 AM
If peers exchanged session keys (pki or diffie-h-m), then users could onion-wrap their transactions just like nym/cypherpunk remailers. If nodes broadcast transactions at random or frequent intervals I think it would be very difficult to associate a single ip with a transaction, like TOR-lite implemented in the bitcoin network itself.


Title: Re: "BlitCoin": "unmasks one or both ends of a BitCoin transaction"?
Post by: cbeast on August 05, 2011, 05:31:16 AM
"Dan’s two main assertions are that Bitcoin is not scalable (at transaction levels reaching even a fraction of those for the Visa payment network)"

Does this mean we can make Visa payments for a fraction of a cent? I don't agree with Dan's comparison's of bitcoin to Visa. A more interesting argument would be in how Visa would benefit from decentralization.


Title: Re: "BlitCoin": "unmasks one or both ends of a BitCoin transaction"?
Post by: Serith on August 05, 2011, 06:31:02 AM
Quote from: Gavin Andresen
so it is a de-anonymize-via IP address not de-anonymize-via Bitcoin
address.
Blitcoin? (Black Hat 2011) (http://sourceforge.net/mailarchive/forum.php?thread_name=CAJNQ0stRrv4Yqf9ENszoXJE8%2BFpzwXZaGVDP%3DstZi27x4BRmmg%40mail.gmail.com&forum_name=bitcoin-development)

how about an obvious solution to have proxy settings as an option for bitcoin client?


Title: Re: "BlitCoin": "unmasks one or both ends of a BitCoin transaction"?
Post by: EhVedadoOAnonimato on August 05, 2011, 08:06:34 AM
This just highlights the importance of hiding your IP when using bitcoin. The use of Tor should be a "recommended practice" as the use of different address per transaction. It would be nice to provide a bitcoin+Tor bundle on bitcoin.org.

Unfortunately I'm not sure if the current bootstrap process could handle most nodes being behind Tor or I2P. Bitcoin should be capable to connect to URLs instead of only IPs (is it? I'm not sure), so that hidden services could be resolved. And it would be nice if every bitcoin node, bundled with the anonymization proxy, could set up a hidden service for itself automatically.


Title: Re: "BlitCoin": "unmasks one or both ends of a BitCoin transaction"?
Post by: apetersson on August 05, 2011, 09:23:18 AM
i don't know who came up with this "bitcoin is anonymous" thing.
it is clearly not, anyone who knows about graphs, read the paper or looked at blockexplorer can tell you that. so please stop beating a dead horse :)

that does not mean it is useless. in fact, its non-anonymity legitimizes it when looked at by governments. embrace it.


Title: Re: "BlitCoin": "unmasks one or both ends of a BitCoin transaction"?
Post by: EhVedadoOAnonimato on August 05, 2011, 11:49:37 AM
i don't know who came up with this "bitcoin is anonymous" thing.
it is clearly not, anyone who knows about graphs, read the paper or looked at blockexplorer can tell you that. so please stop beating a dead horse :)

Right... how much bitcoins do I have then, if I have any? Point any transactions done by me, or prove I haven't ever done any.

Bitcoins do have a good level of anonymity, and if you use it properly, they are much more anonymous than any other electronic means of payment I'm aware of.
 
that does not mean it is useless. in fact, its non-anonymity legitimizes it when looked at by governments. embrace it.

The easier it gets to trace bitcoins transactions, the easier it will be for governments to pursuit those who use the technology. Don't be naive, most governments will try to ban bitcoin if it ever grows enough to bothers them. Actually, I imagine many governments already have laws that implicitly forbid things like bitcoin.

Helping people to preserve their financial privacy is important, and I think it's the second most important utility of bitcoin, after fighting inflation, of course. Actually, I think you cannot do the latter if you can't do the former.


Title: Re: "BlitCoin": "unmasks one or both ends of a BitCoin transaction"?
Post by: makomk on August 05, 2011, 12:00:40 PM
I really like the descriptions of Bitcoin scalability in your other set of slides; they fairly succinctly point out the issues with scaling, and how the proposed solution to dealing with large transaction volumes inevitably mean Bitcoin will become highly centralized.

Edit: Also, now I've found the correct set of slides - how would bitcoinfs by injecting data into other users' transactions work? The signature obviously can't sign itself, but the rest of the transaction script is signed - you'd have to somehow inject data into the signature value itself. Which I guess might be doable actually...

(Oh - and the suggestion of generating private keys from passwords is interesting, because Bitcoin users are obviously already using a less secure version of this using a single round of SHA256.)


Title: Re: "BlitCoin": "unmasks one or both ends of a BitCoin transaction"?
Post by: BitVapes on August 05, 2011, 12:23:30 PM
I really like the descriptions of Bitcoin scalability in your other set of slides; they fairly succinctly point out the issues with scaling, and how the proposed solution to dealing with large transaction volumes inevitably mean Bitcoin will become highly centralized.

who knows, maybe we will all have 900 Petabit/sec connections by the time bitcoin transactions require 1 Terabit/sec.  One can hope.


Title: Re: "BlitCoin": "unmasks one or both ends of a BitCoin transaction"?
Post by: TraderTimm on August 05, 2011, 05:58:55 PM
The major flaw in making any of this works assumes the coins will be spent or transferred immediately. They could just as easily be 'parked' for quite some time until things cool down.


Title: Re: "BlitCoin": "unmasks one or both ends of a BitCoin transaction"?
Post by: jgarzik on August 05, 2011, 10:14:31 PM
That is definitely an area in need of improvement:  we are always desperately short of hosts that accept incoming connections on the network.


Title: Re: "BlitCoin": "unmasks one or both ends of a BitCoin transaction"?
Post by: Big Time Coin on August 07, 2011, 08:14:48 AM
Heh all.

Slides are up at dankaminsky.com/bo2k11.

"What type of transactions are we talking about here? Would you need to actually spend BTC to reveal information? "

Loose transactions that involve sending money, can expose the IP address of the sender.  The transaction has to enter the relay network somehow, and the first sender is the source.

"I was kind of hoping for something a little more interesting, giving his penchant for breaking shit - but this is neat too."

No need to overcomplicate things.  Although, looking at the source, each peer node that is selected from the outbound lists has to be on a unique /16 network.  Getting large numbers of nodes with inbound connectivity and unique x.y.0.0 addresses is actually a bit of a task.  I have a little more interesting plan for how to achieve that inexpensively.

That's great Dan.  Nice work.  Most of the stolen coins can be traced with your technique when they get moved around.  At the very least we can see when they are NOT being moved around, which is also useful information.  It would be nice to put it to work right away because hackers may be dumping mass coins as I type this.

How soon can we mirror blockexplorer.com enhanced with the IPs listed next to the send and recieve addresses in other words how much would you estimate the cost/man-hour investment?  Is this a one-man one-day job or are we talking 10 guys full time for a month.

Once the software is coded up and running smooth, how much would it cost to run your proposed monitoring network 24/7?  Can it be run on a single top-end desktop PC or would it take a huge hardware rental/investment - and what kind of bandwidth?

Just ballpark estimate, can this be done for under $10k and by the end of the month?


Title: Re: "BlitCoin": "unmasks one or both ends of a BitCoin transaction"?
Post by: Economics on September 08, 2011, 04:03:30 PM
This seems pretty simple, but I'm not sure what it takes to scale it.  I modified the standard linux bitcoind client to connect to as many clients as possible and write a line to the log file for each new transaction received.

With my home connection and a mediocre machine, I'm at 375 connections.  What would it take to get more?  Just wait longer; it still seems to grow slowly?  Connect to all irc channels (00-99) to listen for more new connections?  What else could be done?

Below is a sample of the log file (with ip obfuscated slightly).  I could imagine that if you could combine this type of data with blockexplorer, you could get a percentage confidence that a particular ip initiated the transaction.

ip, transaction id, number of connections, time, time with ms
======================================
New tx from,*.*.79.142,   1a1d4f099b2bb9ec3121f99d1efd2ffccd31aad72dbab5528f7fccb868fe581f,   372,   1315497415,   1315497415632
New tx from,*.*.112.255,389557dc8d0d1a55210a324fec4d96af5aa6718ced5dd02ac7227f18d35bbecb,374,1315497444,1315497444126
New tx from,*.*.44.152,d066924c72b5ce47a3fdeae61b7ce684e32ae67de260d4e62097ab701e62d603,372,1315497447,1315497447440
New tx from,*.*.186.54,3c204aa513e940642e7ad07a1b07265d22fb063001b4721d51f270abf457f358,373,1315497451,1315497451284
New tx from,*.*.162.247,b21ee08eb268313a660ce65771b24f16f5b213bc5ee87f692559d783abd41362,376,1315497469,1315497469097
New tx from,*.*.48.11,15cc9d11d658b7239036e119fc2bc9a4959fc686609a44c05b2c7603612657c0,376,1315497469,1315497469939
New tx from,*.*.164.43,24cdfeacc2de0ef849aaa490a22b5f44f5faeb3a20c4c979c894d05f5fd7a688,376,1315497472,1315497472182
New tx from,*.*.119.238,bbbb7ff8aebcff5e5a71f735dfe26217f1930cc6ea8f3f9f3818624317e1d2b7,379,1315497494,1315497494491
New tx from,*.*.75.41,1b261310e0915e2b29fa7a5c24d5188d827da2eeab1480956606e9ddd9b23728,380,1315497516,1315497516919
New tx from,*.*.24.189,bd480e84e14988389bdf6b3de0cf99afc3b53b6be0934e5d5c87596d911bf056,380,1315497517,1315497517998

--E


Title: Re: "BlitCoin": "unmasks one or both ends of a BitCoin transaction"?
Post by: SgtSpike on September 08, 2011, 04:14:35 PM
So let's talk about how to get around this problem, besides using tor (since it is notoriously slow, I can't see it being very suitable for downloading the blockchain through, etc).

What about generating transactions offline, then sending them from a public location, or uploading them to a website, etc?  Is there a way to do this?


Title: Re: "BlitCoin": "unmasks one or both ends of a BitCoin transaction"?
Post by: burlyman007 on September 08, 2011, 05:28:33 PM
This is super interesting.

Thank you, dakami, for the find! I enjoyed your slides.

Is there a way to configure my Bitcoin client to run through Tor? Although I don't expect anyone to attempt to trace any of my addresses, I'm all about privacy and security.

Lastly, would generating a new address for each transaction eliminate this security risk?


Title: Re: "BlitCoin": "unmasks one or both ends of a BitCoin transaction"?
Post by: Binford 6100 on September 08, 2011, 07:30:21 PM
So let's talk about how to get around this problem, besides using tor (since it is notoriously slow, I can't see it being very suitable for downloading the blockchain through, etc).

What about generating transactions offline, then sending them from a public location, or uploading them to a website, etc?  Is there a way to do this?

I have half a solution: spend coins via tor (broadcasting tx)
and download blockchain as usual, no need to cripple your bitcoin experience


Title: Re: "BlitCoin": "unmasks one or both ends of a BitCoin transaction"?
Post by: Economics on September 08, 2011, 08:40:32 PM
Bitcoin can use a socks4 proxy, so presumably you could easily set a proxy once the blockchain is downloaded.
In fact, there may be a market for a 'bitcoin proxy' that promises some sort of anonymity.  With a large enough user base, this would be feasible.

--E


Title: Re: "BlitCoin": "unmasks one or both ends of a BitCoin transaction"?
Post by: Big Time Coin on September 08, 2011, 09:10:08 PM
The thread lives!!

Remember "Economics", according to the slides, those IP addresses are not the ones initiating the transactions in (100% - 375/~50000) of cases, since those IPs are just gossiping nodes, relaying information received via P2P. 

To get the IP by your technique, you would need to connect to every node.  And since only 8 connections are allowed per node, and once it propogates to 8 it doesn't disconnect itself with no reason, that part of kaminsky's technique (described on slide 25) will not actually work IRL.  Node discovery and nat/tor problems as well.  Also the outbound/inbound allowed thing.

slides @ http://www.slideshare.net/dakami/black-ops-of-tcpip-2011-black-hat-usa-2011 (http://www.slideshare.net/dakami/black-ops-of-tcpip-2011-black-hat-usa-2011) see slide 22 - 35.


Title: Re: "BlitCoin": "unmasks one or both ends of a BitCoin transaction"?
Post by: SgtSpike on September 08, 2011, 10:05:26 PM
The thread lives!!

Remember "Economics", according to the slides, those IP addresses are not the ones initiating the transactions in (100% - 375/~50000) of cases, since those IPs are just gossiping nodes, relaying information received via P2P. 

To get the IP by your technique, you would need to connect to every node.  And since only 8 connections are allowed per node, and once it propogates to 8 it doesn't disconnect itself with no reason, that part of kaminsky's technique (described on slide 25) will not actually work IRL.  Node discovery and nat/tor problems as well.  Also the outbound/inbound allowed thing.

slides @ http://www.slideshare.net/dakami/black-ops-of-tcpip-2011-black-hat-usa-2011 (http://www.slideshare.net/dakami/black-ops-of-tcpip-2011-black-hat-usa-2011) see slide 22 - 35.
Actually, that's a good point.  You wouldn't be able to connect to existing nodes that limit themselves to 8 connections, as they already have 8 valid nodes to connect to, and won't change without reason.


Title: Re: "BlitCoin": "unmasks one or both ends of a BitCoin transaction"?
Post by: elggawf on September 08, 2011, 10:14:04 PM
Actually, that's a good point.  You wouldn't be able to connect to existing nodes that limit themselves to 8 connections, as they already have 8 valid nodes to connect to, and won't change without reason.

Okay, so you can't do the attack on demand. You could, however, trivially and for very little cost, maintain a good number of peers accepting incoming connections, and just wait it out until you're pretty sure you're connected to most of the peers on the network. That's (I think) what jgarzik is talking about how we always need more peers accepting incoming connections, because the less there are, the easier and less costly this attack is.


Title: Re: "BlitCoin": "unmasks one or both ends of a BitCoin transaction"?
Post by: piuk on September 08, 2011, 11:48:33 PM
I've started recording ip's on my block tracker site. Currently connected to 600 nodes but don't want to increase the limit any further as bitcoind cpu usages gets too high.

http://pi.uk.com/bitcoin/unconfirmed-transactions (http://pi.uk.com/bitcoin/unconfirmed-transactions)

It will be interesting to to see whether any of these ip's are actually the transaction sender. A lot of them link to personal home pages and stuff.

When i collect enough data i'll use the frequencies of ip's associated with a given address to try and guess the owner.


Title: Re: "BlitCoin": "unmasks one or both ends of a BitCoin transaction"?
Post by: Economics on September 08, 2011, 11:55:05 PM
I can easily get 400 connections with a simple setup and some minor code changes.  How many people would need to have the same setup and then pool the data to have 90% confidence that they know the ip address of the initial transaction?  Is that even possible?

Suppose there were 'n' computers with this setup, each with ~400 connections that log the time they first see a transaction.  The one 'n' computer that saw the transaction first would most likely know the originating ip.

Alternatively, Could/Would you have to map out the network (i.e. know who is connected to whom) to figure it out?

I agree that once a client has 8 connections it won't connect again, but I believe that disconnections are fairly common.  Just check the 'debug.log' file in your bitcoin client data directory and look for 'disconnecting node'.

--E



Title: Re: "BlitCoin": "unmasks one or both ends of a BitCoin transaction"?
Post by: Economics on September 09, 2011, 12:09:58 AM
I've started recording ip's on my block tracker site. Currently connected to 600 nodes but don't want to increase the limit any further as bitcoind cpu usages gets too high.

http://pi.uk.com/bitcoin/unconfirmed-transactions (http://pi.uk.com/bitcoin/unconfirmed-transactions)

It will be interesting to to see whether any of these ip's are actually the transaction sender. A lot of them link to personal home pages and stuff.

When i collect enough data i'll use the frequencies of ip's associated with a given address to try and guess the owner.

Just to confirm my own code changes...Are you logging the ip from the 'inv' or the 'tx' message?  I originally logged the 'tx', but realized that the 'inv' message comes first. :)

--E


Title: Re: "BlitCoin": "unmasks one or both ends of a BitCoin transaction"?
Post by: piuk on September 09, 2011, 12:20:45 AM
Just to confirm my own code changes...Are you logging the ip from the 'inv' or the 'tx' message?  I originally logged the 'tx', but realized that the 'inv' message comes first. :)

--E

Logging from "tx", i think your right it might be better to log from inv (although when the client asks for an inv item the response will come from the same node).


Title: Re: "BlitCoin": "unmasks one or both ends of a BitCoin transaction"?
Post by: Bazil on September 09, 2011, 01:47:25 AM
Couldn't you probe for an IP of a particular address by sending a small sum of BTC?


Title: Re: "BlitCoin": "unmasks one or both ends of a BitCoin transaction"?
Post by: elggawf on September 09, 2011, 02:03:03 AM
Couldn't you probe for an IP of a particular address by sending a small sum of BTC?

Only if they did something with it (ie, spend it on to another address), and then only maybe.


Title: Re: "BlitCoin": "unmasks one or both ends of a BitCoin transaction"?
Post by: Rogue Star on September 09, 2011, 04:15:44 AM
What about generating transactions offline, then sending them from a public location, or uploading them to a website, etc?  Is there a way to do this?
i have a proof of concept/platform for creating transactions using plain text/files/QR codes using the BitcoinJ client. The transaction can be forwarded from a relay client, which could be anywhere with an internet connection. I've been working on it in my spare time for the last couple of months and I've hinted at it on the forums every once in a while. The actual transacting is a bit light on testing and it needs more work on the receiver/relay side. Some of the bigger issues I haven't even begun to address are double spends attempts (accidental or intentional), transaction revocation, and other fun stuff I probably haven't thought of yet. I've been spending the last few weeks setting up tools in preparation of opening up development and doing an initial public release. Look out for in the coming weeks/months.


Title: Re: "BlitCoin": "unmasks one or both ends of a BitCoin transaction"?
Post by: aws on November 17, 2016, 12:21:13 AM
I know this is an old thread, but i just started looking into this right now.
There is also this (master's degree dissertation) project:
Koshy, Diana. An Analysis of Anonymity in Bitcoin Using P2P Network Traffic. Diss. The Pennsylvania State University, 2013
http://fc14.ifca.ai/papers/fc14_submission_71.pdf

Does anyone know of similar projects/papers?


Title: Re: "BlitCoin": "unmasks one or both ends of a BitCoin transaction"?
Post by: Soros Shorts on November 17, 2016, 12:41:49 AM
I know this is an old thread, but i just started looking into this right now.
There is also this (master's degree dissertation) project:
Koshy, Diana. An Analysis of Anonymity in Bitcoin Using P2P Network Traffic. Diss. The Pennsylvania State University, 2013
http://fc14.ifca.ai/papers/fc14_submission_71.pdf

Does anyone know of similar projects/papers?


Sarah Meiklejohn's paper:

https://cseweb.ucsd.edu/~smeiklejohn/files/imc13.pdf