Deanonymization of clients in bitcoin p2p network diagrams
Having detected such a session, the system attempts to deanonymize the user, i. The system may determined the identity of the terminal on which the user conducts the session, and uses the identity of the terminal to establish a correlation between the pseudonym and the user. In some cases the terminal is known to belong to a specific user.
The present disclosure relates generally to digital currency, and particularly to methods and systems for deanonymization of digital currency users. Various digital currencies, or digital cash systems, have been proposed as an alternative to conventional currency. One prominent example is Bitcoin. One of the design goals of digital currency systems is anonymity of users and transactions. In the Bitcoin system, for example, users are identified by hashed values of their public cryptographic keys, referred to as pseudonyms.
Several techniques for Bitcoin deanonymization have been published. Example techniques are described by Meiklejohn et al. As another example, Biryukov et al. An embodiment that is described herein provides a method including monitoring communication sessions in a communication network.
A communication session, which relates to a transaction in a digital currency system and which includes a pseudonym used by a user to carry out the transaction in the digital currency system, is detected.
A communication terminal conducting the communication session is identified, and a correlation is established between the pseudonym and the user based on identification of the terminal. In some embodiments, identifying the terminal includes extracting an identifier of the terminal from the communication session, and establishing the correlation includes determining an identity of the user from the identifier.
In an embodiment, identifying the terminal includes obtaining from the communication network an authenticating identifier used for authenticating the terminal, and establishing the correlation includes determining an identity of the user from the authentication identifier. In another embodiment, identifying the terminal includes determining a geographical location of the terminal, and establishing the correlation includes determining an identity of the user from the geographical location.
In yet another embodiment, establishing the correlation includes accumulating the correlation over multiple communication sessions in which the pseudonym appears. In some embodiments, establishing the correlation includes correlating the terminal with a previous pseudonym that was used in a previous transaction that is linked to the transaction relating to the communication session. In an example embodiment, the previous pseudonym is obtained by querying a public record of transaction chains of the digital currency system.
There is additionally provided, in accordance with an embodiment that is described herein, a system including an interface and a processor. The interface is configured to monitor communication sessions in a communication network.
The processor is configured to detect a communication session that relates to a transaction in a digital currency system and that includes a pseudonym used by a user to carry out the transaction in the digital currency system, to identify a communication terminal conducting the communication session, and to determine an identity of the user by correlating the wireless communication terminal with the pseudonym.
The present disclosure will be more fully understood from the following detailed description of the embodiments thereof, taken together with the drawings in which:. Embodiments that are described herein provide improved methods and systems for deanonymizing digital currency users and transactions.
The embodiments described herein refer mainly to the Bitcoin system, but the disclosed techniques are also applicable in other digital currency schemes. In some embodiments, a deanonymization system monitors communication sessions that are conducted in a communication network. Alternatively, however, the disclosed techniques can be used in various wired networks, as well.
From among the monitored sessions, the system detects sessions in which users carry out Bitcoin transactions. In some embodiments, the system determines the identity of the terminal e. In some cases the terminal e. In this case, correlating the Bitcoin pseudonym with the terminal is equivalent to correlating the Bitcoin pseudonym with the user. In other scenarios, such as in NAT or home-network environments, identifying the terminal may not provide a positive indication of a single specific user.
In these scenarios, the system may accumulate several correlations that involve the same Bitcoin pseudonym in different locations or at different times, in order to narrow-down the correlation to a single user. In some embodiments, after extracting a Bitcoin pseudonym from a communication session, the system scans the publically-available chain of Bitcoin transactions that led to the monitored transaction.
The system extracts one or more other pseudonyms that were used in previous transactions in the chain. Such pseudonyms may belong to the same user who conducted the monitored session, or to individuals associated with that user. As such, establishing correlations with these additional pseudonyms may be valuable, as well.
System 20 monitors communication sessions that are conducted by users 24 of communication terminals 28 in a communication network The system detects sessions relating to Bitcoin transactions, and uses them to deanonymize the Bitcoin pseudonyms used in the transactions. In some embodiments, network 32 may comprise a wireless network, such as a cellular telephony network e.
In such embodiments, terminals 28 may comprise, for example, mobile phones, wireless-enabled computing devices, or any other suitable type of wireless device. Terminals 28 typically conduct communication sessions in network 32 by communicating with base stations The description that follows refers mainly to wireless networks.
In alternative embodiments, however, network 32 may comprise a wireline network, in which case terminals 28 comprise devices such as desktop computers or Voice over IP VoIP phones. The figure shows a single user and a single terminal for the sake of simplicity.
Real-life networks typically comprise a large number of users and terminals of various kinds. Users 24 of wireless network 32 may communicate with one another or with users of other networks. In the present example, wireless network 32 is connected to a Wide-Area Network 40 , such as the Internet, and users 24 may also communicate with wired users 44 who use wired terminals In this context, network 32 is regarded as an access network, via which users 24 access the Internet or other large-scale network.
Users 24 may use terminals 28 to conduct various kinds of communication sessions. In particular, in some of the sessions users 24 may carry out Bitcoin transactions, e. As will be described in detail below, deanonymization system 20 analyzes such sessions and attempts to correlate the Bitcoin pseudonyms used in the sessions with human users. In the present example, system 20 comprises an interface 52 for monitoring communication sessions in network 32 , a processor 56 that carries out the correlation methods described herein, and a database 60 that is used for storing the correlation or other information.
The configuration of system 20 shown in FIG. In alternative embodiments, any other suitable system configuration can be used. For example, in some embodiments combines the disclosed deanonymization techniques with blacklists of Bitcoin pseudonyms. As another example, in some embodiments combines the disclosed deanonymization techniques with an alert engine that issues alerts in response to suspicious Bitcoin transactions.
Additionally or alternatively, certain elements of system 20 can be implemented using software, or using a combination of hardware and software elements. Database 60 may be implemented using any suitable memory or storage device, e. Typically, processor 56 comprises one or more general-purpose processors, which are programmed in software to carry out the functions described herein. The Bitcoin system aims to maintain the anonymity of its users.
The present disclosure will be more fully understood from the following detailed description of the embodiments thereof, taken together with the drawings in which:. Embodiments that are described herein provide improved methods and systems for deanonymizing digital currency users and transactions.
The embodiments described herein refer mainly to the Bitcoin system, but the disclosed techniques are also applicable in other digital currency schemes.
In some embodiments, a deanonymization system monitors communication sessions that are conducted in a communication network. Alternatively, however, the disclosed techniques can be used in various wired networks, as well. From among the monitored sessions, the system detects sessions in which users carry out Bitcoin transactions. In some embodiments, the system determines the identity of the terminal e.
In some cases the terminal e. In this case, correlating the Bitcoin pseudonym with the terminal is equivalent to correlating the Bitcoin pseudonym with the user. In other scenarios, such as in NAT or home-network environments, identifying the terminal may not provide a positive indication of a single specific user.
In these scenarios, the system may accumulate several correlations that involve the same Bitcoin pseudonym in different locations or at different times, in order to narrow-down the correlation to a single user.
In some embodiments, after extracting a Bitcoin pseudonym from a communication session, the system scans the publically-available chain of Bitcoin transactions that led to the monitored transaction. The system extracts one or more other pseudonyms that were used in previous transactions in the chain. Such pseudonyms may belong to the same user who conducted the monitored session, or to individuals associated with that user.
As such, establishing correlations with these additional pseudonyms may be valuable, as well. System 20 monitors communication sessions that are conducted by users 24 of communication terminals 28 in a communication network The system detects sessions relating to Bitcoin transactions, and uses them to deanonymize the Bitcoin pseudonyms used in the transactions.
In some embodiments, network 32 may comprise a wireless network, such as a cellular telephony network e. In such embodiments, terminals 28 may comprise, for example, mobile phones, wireless-enabled computing devices, or any other suitable type of wireless device.
Terminals 28 typically conduct communication sessions in network 32 by communicating with base stations The description that follows refers mainly to wireless networks. In alternative embodiments, however, network 32 may comprise a wireline network, in which case terminals 28 comprise devices such as desktop computers or Voice over IP VoIP phones.
The figure shows a single user and a single terminal for the sake of simplicity. Real-life networks typically comprise a large number of users and terminals of various kinds. Users 24 of wireless network 32 may communicate with one another or with users of other networks. In the present example, wireless network 32 is connected to a Wide-Area Network 40 , such as the Internet, and users 24 may also communicate with wired users 44 who use wired terminals In this context, network 32 is regarded as an access network, via which users 24 access the Internet or other large-scale network.
Users 24 may use terminals 28 to conduct various kinds of communication sessions. In particular, in some of the sessions users 24 may carry out Bitcoin transactions, e. As will be described in detail below, deanonymization system 20 analyzes such sessions and attempts to correlate the Bitcoin pseudonyms used in the sessions with human users.
In the present example, system 20 comprises an interface 52 for monitoring communication sessions in network 32 , a processor 56 that carries out the correlation methods described herein, and a database 60 that is used for storing the correlation or other information. The configuration of system 20 shown in FIG. In alternative embodiments, any other suitable system configuration can be used.
For example, in some embodiments combines the disclosed deanonymization techniques with blacklists of Bitcoin pseudonyms.
As another example, in some embodiments combines the disclosed deanonymization techniques with an alert engine that issues alerts in response to suspicious Bitcoin transactions. Additionally or alternatively, certain elements of system 20 can be implemented using software, or using a combination of hardware and software elements. Database 60 may be implemented using any suitable memory or storage device, e.
Typically, processor 56 comprises one or more general-purpose processors, which are programmed in software to carry out the functions described herein. The Bitcoin system aims to maintain the anonymity of its users. For the sake of anonymity, as well as security, Bitcoin users are identified in Bitcoin transactions using pseudonyms. A pseudonym comprises a hash value that is computed over a public cryptographic key of the user. Pseudonyms are also referred to as Bitcoin addresses.
In some applications it is desirable to deanonymize a Bitcoin pseudonym, e. Deanonymization may be used, for example, by law enforcement agencies for tracking illegal transactions performed using the Bitcoin system. Such illegal transactions may relate to fraud, money laundering, trading of illicit goods or smuggling, to name just a few examples.
In some embodiments, system 20 performs deanonymization by correlating Bitcoin pseudonyms with information on wireless terminals 28 obtained from network The method begins with system 20 monitoring communication sessions in wireless network 32 using interface 52 , at a monitoring step In some embodiments, monitoring is performed off-air, in which case interface 52 comprises a suitable wireless receiver for receiving and decoding the air interface between terminals 24 and base stations Additionally or alternatively, system 20 may monitor one or more of the wireline interfaces between network-side nodes of network In such embodiments, interface 52 may comprise a suitable network probe.
A network probe would also be used, for example, when network 32 comprises a wired network. At a transaction detection step 74 , processor 56 detects in the monitored sessions a communication session relating to a Bitcoin transaction. Typically, the session involves some user 24 paying or receiving payment in Bitcoins. Processor 56 identifies and extracts the Bitcoin pseudonym that the user gives in the transaction, at a pseudonym extraction step Additionally, processor 56 identifies the terminal 28 e.
At a correlation step 90 , processor 56 correlates the user determined at step 86 with the Bitcoin pseudonym extracted at step System 20 may present the deanonymization result correlation between user and pseudonym to an operator, store the result in database 60 , or take any other suitable action. The method of FIG. Additionally or alternatively, the method of FIG.
In various embodiments, processor 56 may identify the terminal and the user from the monitored session in different ways. For example, processor 56 may extract from the monitored session an identifier of the terminal, and deduce the user identity from the identifier.
The connection between terminal identifier and user identity can be obtained, for example, from a database of the wireless system service provider.