Anonymity at Risk? Academics Claim Issues Using Bitcoin Over Tor

By Kyle Torpey Oct 29, 2014 8:39 AM EST

bitcoin anonymity

NEW YORK (InsideBitcoins) — A new paper by Alex Biryukov and Ivan Pustogarov of the University of Luxembourg has claimed that “Bitcoin Over Tor isn’t a Good Idea.” Some of the key points made throughout the paper have to do with problems associated with Tor exit nodes, which have been known to be a source of MITM (“man in the middle”) attacks in the past. Although this paper has stirred up a bit of controversy in the bitcoin community, it seems that there is no cause for serious distress.

Why is bitcoin over Tor a bad idea?

The issues described in the paper from the academic duo revolve around two main points of attack: traffic analysis and sybil attacks. As many participants in the Reddit thread associated with the paper noted, traffic analysis has been a known issue with exit nodes. Bitcoin does not encrypt and authenticate traffic, but that is a proposed countermeasure to the solution offered at the end of the paper.

I reached out to noted bitcoin agitator Justus Ranvier for more details on the other attacks described in the paper. As he explained, “What this paper shows is that it’s relatively cheap for an attacker to get all Tor exit nodes banned by the network except the one the attacker controls, allowing the attacker to snoop on all Tor-to-clearnet bitcoin traffic. They also discuss some Sybil attacks that are applicable whether or not Tor is involved. Solving Sybil attacks in general is not a solved problem, regardless of what network is involved.”

Ranvier noted that a better name for the paper would have been “Tor Exit Nodes are a Problem, and so are Sybil Attacks.”

Tor exit nodes versus hidden services

One of the distinctions that needs to be made when it comes to using bitcoin over Tor is that the anonymity network works much better when you stay within the Tor ecosystem. Once you start to use exit nodes as a portal to the clearnet, you open yourself up to a wide range of issues that have been documented over the years. This was a key point that Justus Ranvier made when I asked him about the seriousness of the allegations made by the paper.

In regards to an attack involving a mass banning of other Tor exit nodes connected to the bitcoin network, Ranvier noted, “Only clients that use Tor to connect to clearnet nodes are affected [by this attack]. Clients that only connect to hidden services are not subject to this specific attack.”

In addition to explaining that hidden services users are not affected, Ranvier also pointed out, “If more than one attacker attempts this strategy at the same time, all of them will fail.”

Is there a need for more bitcoin nodes operating as hidden services?

Running a bitcoin node as a hidden service may seem like the right solution to the issues outlined in the paper, but Ranvier made it clear that it’s not that simple. He stated, “Staying entirely within Tor helps, but it’s not a perfect solution because it’s possible to conduct DoS attacks on the Tor hidden service directory, which is a general problem that needs to be addressed by the Tor project.”

Having said that, having more bitcoin nodes operate as hidden services would definitely be a move in the right direction. This would increase the total cost of such a DoS attack on the Tor hidden service directory. As the paper in question pointed out, “Fortunately for the attacker the fraction of Bitcoin peers available as Tor hidden services is quite small.” The authors continued, “This results in (1) a very small probability for a client to choose a peer available as a hidden service; (2) this makes black-holing of existing Bitcoin hidden services practical.”

Hidden services not affected?

As pointed out by Bitcoin Authenticator developer Chris Pacia on Reddit, traffic analysis over hidden services should also not be an issue, as long as the bitcoin user is also an experienced Tor user. By simply reconnecting to the bitcoin network with a new IP address for each transaction, a bitcoin user can make sure that the other nodes on the network cannot easily figure out the pseudonymous identity behind a multitude of bitcoin addresses.

Ranvier agrees with Pacia’s general sentiment, stating “If a client was smart enough to form a completely new connection to a random hidden service, broadcast its transaction, and then disconnect, then it would be difficult for the attacker to correlate transactions.”

Ranvier, who’s based in Austin, Texas, also noted a possible improvement for anonymity in bitcoin. He claimed, “Other than nobody has bothered to write the code, there is no inherent reason why a node needs to use the same set of connections to receive the blockchain as it uses to broadcast a new transaction.”

For now, it seems that Tor is still a viable option for those who wish to protect their financial privacy.

You can follow @kyletorpey on Twitter.

Photo credit: VeRoNiK@ GR

Facebook Comments

  • Milly Bitcoin

    “Tor is still a viable option for those who wish to protect their financial privacy” is a pretty hyperbolic conclusion. Trying to link an IP address to a transaction is hardly the sole determination of protecting or not protecting financial privacy. Using the “connect” command that only allows you to connect to specific nodes will probably be good enough for most purposes. You can also copy and paste transactions into web-based portals that allow you to broadcast transactions. I assume you could do that via Tor but I never tried it.

Read previous post:
bitcoin and taxes
Bitcoin and Tax Evasion: Are the Possibilities Overstated?

NEW YORK (InsideBitcoins) -- The topic of tax evasion seems to be one of those subjects that creates a split...