Cryptology ePrint Archive: Report 2018/243

A New Approach to Deanonymization of Unreachable Bitcoin Nodes

Indra Deep Mastan and Souradyuti Paul

Abstract: Mounting deanonymization attacks on the unreachable Bitcoin nodes -- these nodes do not accept incoming connections -- residing behind the NAT is a challenging task. Such an attack was first given by Biryukov, Khovratovich and Pustogarov based on their observation that a node can be uniquely identified in a single session by their directly-connected neighbouring nodes (ACM CCS'15). However, the BKP15 attack is less effective across multiple sessions. To address this issue, Biryukov and Pustogarov later on devised a new strategy exploiting certain properties of address-cookies (IEEE S&P'15). Unfortunately, the BP15 attack is also rendered ineffective by the present modification to the Bitcoin client.

In this paper, we devise an efficient method to link the sessions of unreachable nodes, even if they connect to the Bitcoin network over the Tor. We achieve this using a new approach based on organizing the block-requests made by the nodes in a Bitcoin session graph. This attack also works against the modified Bitcoin client. We performed experiments on the Bitcoin main network, and were able to link consecutive sessions with a precision of 0.90 and a recall of 0.71. We also provide counter-measures to mitigate the attacks.

Category / Keywords: applications / Anonymity, Bitcoin

Original Publication (with minor differences): CANS 2017

Date: received 4 Mar 2018

Contact author: souradyuti paul at gmail com

Available format(s): PDF | BibTeX Citation

Version: 20180305:160649 (All versions of this report)

Short URL: ia.cr/2018/243

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]