Bitcoin P2P deanonymization attack FAQ

From CryptoLUX
Jump to: navigation, search
Q. Will attack find my wallet if I run multiple nodes, and the one node that talks to the outside world would have an empty wallet?
A. Yes, it will. The attack will determine the public IP address of the node which talks to the outside world. Since an octet of entry nodes can serve as your personal identifier if you make several transactions during one session all these transactions from all your wallets can be linked, even if they use different new public keys. The same thing holds if a user is behind multiple VPNs and even if the user goes through the Tor network.
Q. Dan Kaminsky demonstrated that it is relatively easy to tie bitcoin addresses to IP addresses by watching the network, so what's new here?
A. This analysis will work only for peers who are not behind NATs (we call them servers) or users who were unlucky to connect to one of the attacker's nodes (note that most of the peers (about 100000 vs 8000) are behind NATs and cannot not be connected to). Our analysis handles users behind NATs. Moreover it will distinguish two users from the same ISP since their octet IDs would be different. Our attack has a very low false positive rate.
Q. Is it possible for someone to mount a long-term anti-TOR attack that would permanently stop people using TOR from accessing the Bitcoin network?
A. Yes. Moreover Tor would protect anonymity of this person, so it would be very hard to stop.
Q. Even if Tor Exit servers are banned by the attacker, Tor hidden services should still work?
A. Not necessarily. Individual hidden services can be black-holed, this requires only a bit of sophistication on the part of the attacker and is very cheap to mount. Moreover It might be possible to ban guard nodes and thus make Bitcoin hidden services unusable.
Q. How noticeable is this attack and what kind of resources it requires?
A. The Tor disconnection part is easy to mount from a single computer but is fairly noticeable, since all bitcoin transactions made via Tor would fail. The octet identifier sniffing requires to make 30-50 connections to each bitcoin "server" peer to be more reliable. This would be less noticeable if done from a distributed set of IP addresses in a gradual manner. It requires some dedication and patience from the attacker, but it is quite cheap (about 50 IP addresses would be enough).
Q. Are altcoins affected as well?
A. We did not check it on other alt-currencies, but those that share Bitcoin's P2P network code should have similar problems.
Q. What could be the countermeasures?
A. Refreshing the entry nodes after every transaction (assuming that a new connections are chosen at random) should prevent the attack. The attack would also not work if many users share a proxy. However if such proxy is publicly known the attacker can force Bitcoin servers to ban its address.
Q. Are mobile clients affected?
A. Yes, this is similar to the clients of an ISP case.
Q. Is this attack related to the de-anonymization attacks by Shamir et al., Meiklejohn et. al. and some others?
A. No, what we do is complementary to the Bitcoin transaction graph analysis. Those attacks analyze the transaction graph in the offline mode and try to correlate the Bitcoin pseudonym(s) and glue pseudonyms together. Our attack works on the network level and can link transactions in real time even if the pseudonyms are new or totally unrelated in the transaction graph.