Bitcoin Forum
December 06, 2016, 04:09:58 PM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Network analysis to identify a Bitcoin user  (Read 938 times)
bitlotto
Hero Member
*****
Offline Offline

Activity: 672


BitLotto - best odds + best payouts + cheat-proof


View Profile WWW
July 17, 2011, 03:25:46 PM
 #1

I've seen it explained a couple times but I'm not sure if I understand what was meant or how hard it would be to accomplish.

Let's assume a person used a bitcoin online wallet or something similar to obscure his record on the blockchain. Now all we know is an address and want to know who's it is.

So for network analysis to work you would have to:
-have many nodes on the Bitcoin network
-wait until they spend from that address and use traffic spikes to figure out who did it?
-could you send to the address and see a pattern in traffic that only the receiver would do if they were online?

Am I correct that that using network analysis could work to identify an IP address but would fail if the user was using TOR? Would it be too hard to analyze TOR traffic to analyze Bitcoin traffic? Or does TOR have too much encrypted traffic while Bitcoin traffic is so small it would be hard to notice?

I'm just trying to wrap my head around it.

*Next Draw Feb 1*  BitLotto: monthly raffle (0.25 BTC per ticket) Completely transparent and impossible to manipulate who wins. TOR
TOR2WEB
Donations to: 1JQdiQsjhV2uJ4Y8HFtdqteJsZhv835a8J are appreciated.
1481040598
Hero Member
*
Offline Offline

Posts: 1481040598

View Profile Personal Message (Offline)

Ignore
1481040598
Reply with quote  #2

1481040598
Report to moderator
1481040598
Hero Member
*
Offline Offline

Posts: 1481040598

View Profile Personal Message (Offline)

Ignore
1481040598
Reply with quote  #2

1481040598
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481040598
Hero Member
*
Offline Offline

Posts: 1481040598

View Profile Personal Message (Offline)

Ignore
1481040598
Reply with quote  #2

1481040598
Report to moderator
1481040598
Hero Member
*
Offline Offline

Posts: 1481040598

View Profile Personal Message (Offline)

Ignore
1481040598
Reply with quote  #2

1481040598
Report to moderator
Rob P.
Member
**
Offline Offline

Activity: 84



View Profile WWW
July 17, 2011, 06:32:57 PM
 #2

It would be easier to begin building a database of known addresses.  People have addresses in their Sigs.  They publish addresses, etc.

When those addresses spend coins, you know they spent them, so you can track where they went.  If they went to a known address in your database, you can begin to build patterns of transactions.

For example, I just announced elsewhere in the forum that I sent a donation to a developer.  That receive address is well-known and I even mentioned the amount.  So it would be trivial to find the address that sent the coins.  If I didn't have enough coins in the address selected, it will have multiple inputs to make up that address, so that will leak another address or set of addresses.  Those addresses received coins at some point, so now you know additional addresses of mine and can reverse-engineer additional receipts.  Also, if the inputs are greater than the output, then the client will spin up a new address to accept the change, and now you know another address of mine, and can watch for it later.

The TOTAL address space currently in use is trivially small compared to the total address space available. 

Wouldn't be too hard to build a system that watched block explorer, recorded every address seen, then used spiders to begin to index addresses that have leaked publicly.  Once built, you can then begin to track transactions against known leaked credentials.

Said database could also be written to allow "guesses".  Lots of people commented before the Mt. Gox hack that the 400K BTC that were moved must have been them moving them to an off site wallet.  So, mark that address as owned by Mt. Gox, then look at every address that sent to that address, chances are they're all Mt. Gox addresses.  You don't KNOW that, but you can guess.  So, have some sort of "certainty" value in the database that can be modified as you learn new facts.  Sort of like the small pencil marks people use in Suduko.

Hmm, now this sounds like a fun project.

--

If you like what I've written here, consider tipping the messenger:
1GZu4CtHa6ai8iWoWiVFxV5VVoNte4SkoG

If you don't like what I've written, send me a Tip and I'll stop talking.
sharky112065
Sr. Member
****
Offline Offline

Activity: 383



View Profile
July 17, 2011, 06:45:26 PM
 #3

It would be easier to begin building a database of known addresses.  People have addresses in their Sigs.  They publish addresses, etc.

When those addresses spend coins, you know they spent them, so you can track where they went.  If they went to a known address in your database, you can begin to build patterns of transactions.

For example, I just announced elsewhere in the forum that I sent a donation to a developer.  That receive address is well-known and I even mentioned the amount.  So it would be trivial to find the address that sent the coins.  If I didn't have enough coins in the address selected, it will have multiple inputs to make up that address, so that will leak another address or set of addresses.  Those addresses received coins at some point, so now you know additional addresses of mine and can reverse-engineer additional receipts.  Also, if the inputs are greater than the output, then the client will spin up a new address to accept the change, and now you know another address of mine, and can watch for it later.

The TOTAL address space currently in use is trivially small compared to the total address space available. 

Wouldn't be too hard to build a system that watched block explorer, recorded every address seen, then used spiders to begin to index addresses that have leaked publicly.  Once built, you can then begin to track transactions against known leaked credentials.

Said database could also be written to allow "guesses".  Lots of people commented before the Mt. Gox hack that the 400K BTC that were moved must have been them moving them to an off site wallet.  So, mark that address as owned by Mt. Gox, then look at every address that sent to that address, chances are they're all Mt. Gox addresses.  You don't KNOW that, but you can guess.  So, have some sort of "certainty" value in the database that can be modified as you learn new facts.  Sort of like the small pencil marks people use in Suduko.

Hmm, now this sounds like a fun project.

How would that even be possible?

There are multiple sending and receiving address in your wallet. You could use a different address for every transaction.

Just because I have a donation/receiving address in my posts, does not give you or anyone access to a sending address I tell the client to create (and then later use to buy something).

Donations welcome: 12KaKtrK52iQjPdtsJq7fJ7smC32tXWbWr
bitlotto
Hero Member
*****
Offline Offline

Activity: 672


BitLotto - best odds + best payouts + cheat-proof


View Profile WWW
July 17, 2011, 06:59:40 PM
 #4

There are multiple sending and receiving address in your wallet. You could use a different address for every transaction.

Just because I have a donation/receiving address in my posts, does not give you or anyone access to a sending address I tell the client to create (and then later use to buy something).
If you buy something Bitcoin will sometimes combine coins existing on multiple addresses. You don't really pick what addresses you use for sending. By seeing them combined you can assume the same person owns all those addresses. They would still have to tie an identity to one of those addresses though.

*Next Draw Feb 1*  BitLotto: monthly raffle (0.25 BTC per ticket) Completely transparent and impossible to manipulate who wins. TOR
TOR2WEB
Donations to: 1JQdiQsjhV2uJ4Y8HFtdqteJsZhv835a8J are appreciated.
sharky112065
Sr. Member
****
Offline Offline

Activity: 383



View Profile
July 17, 2011, 07:27:15 PM
 #5

There are multiple sending and receiving address in your wallet. You could use a different address for every transaction.

Just because I have a donation/receiving address in my posts, does not give you or anyone access to a sending address I tell the client to create (and then later use to buy something).
If you buy something Bitcoin will sometimes combine coins existing on multiple addresses. You don't really pick what addresses you use for sending. By seeing them combined you can assume the same person owns all those addresses. They would still have to tie an identity to one of those addresses though.

I have made zero off of my donation link, so I don't think I'm in any danger of being identified.  Smiley


Donations welcome: 12KaKtrK52iQjPdtsJq7fJ7smC32tXWbWr
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!