Skip to main content

Studying Bitcoin Privacy Attacks and Their Impact on Bitcoin-Based Identity Methods

  • 798 Accesses

Part of the Lecture Notes in Business Information Processing book series (LNBIP,volume 428)

Abstract

The Bitcoin blockchain was the first publicly verifiable, and distributed ledger, where it is possible for everyone to download and check the full history of all data records from the genesis block. These properties lead to the emergence of new types of applications and the redesign of traditional systems that no longer respond to current business needs (e.g., transparency, protection against censorship, decentralization). One particular application is the use of blockchain technology to enable decentralized and self-sovereign identities including new mechanisms for creating, resolving, and revoking them. The public availability of data records has, in turn, paved the way for new kinds of attacks that combine sophisticated heuristics with auxiliary information to compromise users’ privacy and deanonymize their identities. In this paper, we review and categorize Bitcoin privacy attacks, investigate their impact on one of the Bitcoin-based identity methods namely did:btcr, and analyze and discuss its privacy properties.

Keywords

  • Decentralized identifier
  • DID
  • Privacy
  • BTCR
  • Blockchain
  • Bitcoin

This is a preview of subscription content, access via your institution.

Buying options

Chapter
USD   29.95
Price excludes VAT (USA)
  • DOI: 10.1007/978-3-030-85867-4_7
  • Chapter length: 17 pages
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
eBook
USD   59.99
Price excludes VAT (USA)
  • ISBN: 978-3-030-85867-4
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
Softcover Book
USD   74.99
Price excludes VAT (USA)
Fig. 1.
Fig. 2.
Fig. 3.

Notes

  1. 1.

    https://haveibeenpwned.com/.

  2. 2.

    https://www.w3.org/TR/2021/CRD-did-core-20210609/.

  3. 3.

    https://ipfs.io/.

References

  1. Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system. In: Decentralized Business Review, p. 21260 (2008)

    Google Scholar 

  2. López-Pintado, O., García-Bañuelos, L., Dumas, M., Weber, I., Ponomarev, A.: CATERPILLAR: a business process execution engine on the ethereum blockchain. CoRR abs/1808.03517 (2018)

    Google Scholar 

  3. Ladleif, J., Weber, I., Weske, M.: External data monitoring using oracles in blockchain-based process execution. In: Asatiani, A., et al. (eds.) BPM 2020. LNBIP, vol. 393, pp. 67–81. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-58779-6_5

    CrossRef  Google Scholar 

  4. Prybila, C., Schulte, S., Hochreiner, C., Weber, I.: Runtime verification for business processes utilizing the bitcoin blockchain. Future Gener. Comput. Syst. 107, 816–831 (2020)

    CrossRef  Google Scholar 

  5. Lesavre, L., Varin, P., Mell, P., Davidson, M., Shook, J.: A taxonomic approach to understanding emerging blockchain identity management systems. arXiv preprint arXiv:1908.00929 (2019)

  6. Dunphy, P., Petitcolas, F.A.: A first look at identity management schemes on the blockchain. IEEE Secur. Privacy 16(4), 20–29 (2018)

    CrossRef  Google Scholar 

  7. Allen, C., Hamilton Duffy, K., Grant, R., Pape, D.: BTCR did method. https://w3c-ccg.github.io/didm-btcr/ (2019)

  8. Ghesmati, S., Fdhila, W., Weippl, E.: Bitcoin privacy - a survey on mixing techniques. Cryptology ePrint Archive, Report 2021/629 (2021). https://eprint.iacr.org/2021/629

  9. Cooper, A., et al.: Privacy considerations for internet protocols. Internet Architecture Board (2013)

    Google Scholar 

  10. Meiklejohn, S., et al.: A fistful of bitcoins: characterizing payments among men with no names. In: Proceedings of the 2013 Conference on Internet Measurement Conference, pp. 127–140 (2013)

    Google Scholar 

  11. Biryukov, A., Tikhomirov, S.: Deanonymization and linkability of cryptocurrency transactions based on network analysis. In: IEEE European Symposium on Security and Privacy (EuroS&P), vol. 2019, pp. 172–184. IEEE (2019)

    Google Scholar 

  12. English, S.M., Nezhadian, E.: Conditions of full disclosure: The blockchain remuneration model. In: IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), vol. 2017, pp. 64–67. IEEE (2017)

    Google Scholar 

  13. Sabry, F., Labda, W., Erbad, A., Al Jawaheri, H., Malluhi, Q.: Anonymity and privacy in bitcoin escrow trades. In: Proceedings of the 18th ACM Workshop on Privacy in the Electronic Society, pp. 211–220 (2019)

    Google Scholar 

  14. Yousaf, H., Kappos, G., Meiklejohn, S.: Tracing transactions across cryptocurrency ledgers. In: 28th \(\{\)USENIX\(\}\) Security Symposium (\(\{\)USENIX\(\}\) Security 19), pp. 837–850 (2019)

    Google Scholar 

  15. Reed, D., Sporny, M., Longley, D., Allen, C., Grant, R., Sabadello, M., Holt, J.: Decentralized identifiers (dids) v1. 0. Draft Community Group Report (2021)

    Google Scholar 

  16. Sporny, M., Noble, G., Longley, D., Burnett, D., Zundel, B.: Verifiable credentials data model (2019)

    Google Scholar 

  17. Wiki: Op\(\_\)return. https://en.bitcoin.it/wiki/OP_RETURN (2020)

  18. Bonneau, J., Narayanan, A., Miller, A., Clark, J., Kroll, J.A., Felten, E.W.: Mixcoin: anonymity for bitcoin with accountable mixes. In: Christin, N., Safavi-Naini, R. (eds.) FC 2014. LNCS, vol. 8437, pp. 486–504. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-45472-5_31

    CrossRef  Google Scholar 

  19. Henry, R., Herzberg, A., Kate, A.: Blockchain access privacy: challenges and directions. IEEE Secur. Privacy 16(4), 38–45 (2018)

    CrossRef  Google Scholar 

  20. Spagnuolo, M., Maggi, F., Zanero, S.: BitIodine: extracting intelligence from the bitcoin network. In: Christin, N., Safavi-Naini, R. (eds.) FC 2014. LNCS, vol. 8437, pp. 457–468. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-45472-5_29

    CrossRef  Google Scholar 

  21. Kalodner, H., et al.: Blocksci: design and applications of a blockchain analysis platform. In: 29th \(\{\)USENIX\(\}\) Security Symposium), pp. 2721–2738 (2020)

    Google Scholar 

  22. Conti, M., Gangwal, A., Ruj, S.: On the economic significance of ransomware campaigns: a bitcoin transactions perspective. Comput. Secur. 79, 162–189 (2018)

    CrossRef  Google Scholar 

  23. Huang, D.Y., et al.: Tracking ransomware end-to-end. In: IEEE Symposium on Security and Privacy (SP), vol. 2018, pp. 618–631. IEEE (2018)

    Google Scholar 

  24. Lee, S., et al.: Cybercriminal minds: an investigative study of cryptocurrency abuses in the dark web. In: NDSS (2019)

    Google Scholar 

  25. Boshmaf, Y., Elvitigala, C., Al Jawaheri, H., Wijesekera, P., Al Sabah, M.: Investigating MMM Ponzi scheme on bitcoin. In: Proceedings of the 15th ACM Asia Conference on Computer and Communications Security, pp. 519–530 (2020)

    Google Scholar 

  26. Koshy, P., Koshy, D., McDaniel, P.: An analysis of anonymity in bitcoin using P2P network traffic. In: Christin, N., Safavi-Naini, R. (eds.) FC 2014. LNCS, vol. 8437, pp. 469–485. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-45472-5_30

    CrossRef  Google Scholar 

  27. Biryukov, A., Khovratovich, D., Pustogarov, I.: Deanonymisation of clients in bitcoin p2p network. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pp. 15–29 (2014)

    Google Scholar 

  28. Neudecker, T., Hartenstein, H.: Could network information facilitate address clustering in bitcoin? In: Brenner, M., et al. (eds.) FC 2017. LNCS, vol. 10323, pp. 155–169. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70278-0_9

    CrossRef  Google Scholar 

  29. Maxwell, G.: Coinjoin: Bitcoin privacy for the real world (2013). https://bitcointalk.org/index.php

  30. Kalodner, H.: Privacy. https://citp.github.io/BlockSci/reference/heuristics/change.html. Accessed 23 July 2020

  31. Wiki: Privacy. https://en.bitcoin.it/wiki/Privacy. Accessed 23 July 2020

  32. Wiki: Address reuse (2021). https://en.bitcoin.it/wiki/Address_reuse

  33. Möser, M., Böhme, R., Breuker, D.: An inquiry into money laundering tools in the bitcoin ecosystem. In: APWG eCrime Researchers Summit, vol. 2013, pp. 1–14. IEEE (2013)

    Google Scholar 

  34. Mai, A., Pfeffer, K., Gusenbauer, M., Weippl, E., Krombholz, K.: User mental models of cryptocurrency systems–a grounded theory approach (2020)

    Google Scholar 

  35. Krombholz, K., Judmayer, A., Gusenbauer, M., Weippl, E.: The other side of the coin: user experiences with bitcoin security and privacy. In: Grossklags, J., Preneel, B. (eds.) FC 2016. LNCS, vol. 9603, pp. 555–580. Springer, Heidelberg (2017). https://doi.org/10.1007/978-3-662-54970-4_33

    CrossRef  Google Scholar 

  36. Gibson, A.: Payjoin (2018). https://joinmarket.me/blog/blog/payjoin/

  37. Ghesmati, S., Kern, A., Judmayer, A., Stifter, N., Weippl, E.: Unnecessary input heuristics and PayJoin transactions. In: Stephanidis, C., Antona, M., Ntoa, S. (eds.) HCII 2021. CCIS, vol. 1420, pp. 416–424. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-78642-7_56

    CrossRef  Google Scholar 

  38. (W3C), C.C.G.: A primer for decentralized identifiers (2020). https://w3c-ccg.github.io/did-primer/

  39. Andrieu, J., et al.: Did method rubric v1.0 (2021). https://w3c.github.io/did-rubric/#privacy

  40. Wiki: Simplified payment verification (2019). https://en.bitcoinwiki.org/wiki/Simplified_Payment_Verification

Download references

Acknowledgments

This research is based upon work partially supported by (1) SBA Research (SBA-K1); SBA Research is a COMET Center within the COMET – Competence Centers for Excellent Technologies Programme and funded by BMK, BMDW, and the federal state of Vienna. The COMET Programme is managed by FFG. (2) the FFG ICT of the Future project 874019 dIdentity & dApps. (3) the FFG Basisprogramm Kleinprojekt 39019756 Decentralised Marketplace for Digital Identity.

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Simin Ghesmati .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Verify currency and authenticity via CrossMark

Cite this paper

Ghesmati, S., Fdhila, W., Weippl, E. (2021). Studying Bitcoin Privacy Attacks and Their Impact on Bitcoin-Based Identity Methods. In: González Enríquez, J., Debois, S., Fettke, P., Plebani, P., van de Weerd, I., Weber, I. (eds) Business Process Management: Blockchain and Robotic Process Automation Forum. BPM 2021. Lecture Notes in Business Information Processing, vol 428. Springer, Cham. https://doi.org/10.1007/978-3-030-85867-4_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-85867-4_7

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-85866-7

  • Online ISBN: 978-3-030-85867-4

  • eBook Packages: Computer ScienceComputer Science (R0)