Paper 2018/243

A New Approach to Deanonymization of Unreachable Bitcoin Nodes

Indra Deep Mastan and Souradyuti Paul


Mounting deanonymization attacks on the unreachable Bitcoin nodes -- these nodes do not accept incoming connections -- residing behind the NAT is a challenging task. Such an attack was first given by Biryukov, Khovratovich and Pustogarov based on their observation that a node can be uniquely identified in a single session by their directly-connected neighbouring nodes (ACM CCS'15). However, the BKP15 attack is less effective across multiple sessions. To address this issue, Biryukov and Pustogarov later on devised a new strategy exploiting certain properties of address-cookies (IEEE S&P'15). Unfortunately, the BP15 attack is also rendered ineffective by the present modification to the Bitcoin client. In this paper, we devise an efficient method to link the sessions of unreachable nodes, even if they connect to the Bitcoin network over the Tor. We achieve this using a new approach based on organizing the block-requests made by the nodes in a Bitcoin session graph. This attack also works against the modified Bitcoin client. We performed experiments on the Bitcoin main network, and were able to link consecutive sessions with a precision of 0.90 and a recall of 0.71. We also provide counter-measures to mitigate the attacks.

Available format(s)
Publication info
Published elsewhere. MINOR revision.CANS 2017
Contact author(s)
souradyuti paul @ gmail com
2018-03-05: received
Short URL
Creative Commons Attribution


      author = {Indra Deep Mastan and Souradyuti Paul},
      title = {A New Approach to Deanonymization of Unreachable Bitcoin Nodes},
      howpublished = {Cryptology ePrint Archive, Paper 2018/243},
      year = {2018},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.