"BlitCoin": "unmasks one or both ends of a BitCoin transaction"? - page 2.

BitVapes

full member

Activity: 140

Merit: 100

BitVapes.com

Quote from: makomk on August 05, 2011, 08:00:40 AM

I really like the descriptions of Bitcoin scalability in your other set of slides; they fairly succinctly point out the issues with scaling, and how the proposed solution to dealing with large transaction volumes inevitably mean Bitcoin will become highly centralized.

who knows, maybe we will all have 900 Petabit/sec connections by the time bitcoin transactions require 1 Terabit/sec. One can hope.

makomk

hero member

Activity: 686

Merit: 564

I really like the descriptions of Bitcoin scalability in your other set of slides; they fairly succinctly point out the issues with scaling, and how the proposed solution to dealing with large transaction volumes inevitably mean Bitcoin will become highly centralized.

Edit: Also, now I've found the correct set of slides - how would bitcoinfs by injecting data into other users' transactions work? The signature obviously can't sign itself, but the rest of the transaction script is signed - you'd have to somehow inject data into the signature value itself. Which I guess might be doable actually...

(Oh - and the suggestion of generating private keys from passwords is interesting, because Bitcoin users are obviously already using a less secure version of this using a single round of SHA256.)

EhVedadoOAnonimato

hero member

Activity: 630

Merit: 500

Quote from: apetersson on August 05, 2011, 05:23:18 AM

i don't know who came up with this "bitcoin is anonymous" thing.
it is clearly not, anyone who knows about graphs, read the paper or looked at blockexplorer can tell you that. so please stop beating a dead horse

Right... how much bitcoins do I have then, if I have any? Point any transactions done by me, or prove I haven't ever done any.

Bitcoins do have a good level of anonymity, and if you use it properly, they are much more anonymous than any other electronic means of payment I'm aware of.

Quote from: apetersson on August 05, 2011, 05:23:18 AM

that does not mean it is useless. in fact, its non-anonymity legitimizes it when looked at by governments. embrace it.

The easier it gets to trace bitcoins transactions, the easier it will be for governments to pursuit those who use the technology. Don't be naive, most governments will try to ban bitcoin if it ever grows enough to bothers them. Actually, I imagine many governments already have laws that implicitly forbid things like bitcoin.

Helping people to preserve their financial privacy is important, and I think it's the second most important utility of bitcoin, after fighting inflation, of course. Actually, I think you cannot do the latter if you can't do the former.

apetersson

hero member

Activity: 668

Merit: 501

i don't know who came up with this "bitcoin is anonymous" thing.
it is clearly not, anyone who knows about graphs, read the paper or looked at blockexplorer can tell you that. so please stop beating a dead horse

that does not mean it is useless. in fact, its non-anonymity legitimizes it when looked at by governments. embrace it.

EhVedadoOAnonimato

hero member

Activity: 630

Merit: 500

This just highlights the importance of hiding your IP when using bitcoin. The use of Tor should be a "recommended practice" as the use of different address per transaction. It would be nice to provide a bitcoin+Tor bundle on bitcoin.org.

Unfortunately I'm not sure if the current bootstrap process could handle most nodes being behind Tor or I2P. Bitcoin should be capable to connect to URLs instead of only IPs (is it? I'm not sure), so that hidden services could be resolved. And it would be nice if every bitcoin node, bundled with the anonymization proxy, could set up a hidden service for itself automatically.

Serith

sr. member

Activity: 269

Merit: 250

Quote from: Gavin Andresen

so it is a de-anonymize-via IP address not de-anonymize-via Bitcoin
address.

Blitcoin? (Black Hat 2011)

how about an obvious solution to have proxy settings as an option for bitcoin client?

cbeast

donator

Activity: 1736

Merit: 1010

Let's talk governance, lipstick, and pigs.

"Dan’s two main assertions are that Bitcoin is not scalable (at transaction levels reaching even a fraction of those for the Visa payment network)"

Does this mean we can make Visa payments for a fraction of a cent? I don't agree with Dan's comparison's of bitcoin to Visa. A more interesting argument would be in how Visa would benefit from decentralization.

netrin

sr. member

Activity: 322

Merit: 251

FirstBits: 168Bc

If peers exchanged session keys (pki or diffie-h-m), then users could onion-wrap their transactions just like nym/cypherpunk remailers. If nodes broadcast transactions at random or frequent intervals I think it would be very difficult to associate a single ip with a transaction, like TOR-lite implemented in the bitcoin network itself.

bitplane

sr. member

Activity: 321

Merit: 250

Firstbits: 1gyzhw

Superb, that makes sense. Thanks for clarifying

elggawf

sr. member

Activity: 308

Merit: 250

Quote from: bitplane on August 04, 2011, 09:03:13 PM

What type of transactions are we talking about here? Would you need to actually spend BTC to reveal information?

Can anyone who is familiar with the network source give us a breakdown of how this attack would work?

I'm guessing you just float a buttload of incoming-capable P2P hosts on the Bitcoin network*, then wait for your mark to spend some coins. You might be able to speed this process up by spending some to them, so they think "shit, free money" and spend it elsewhere, but maybe not and it's certainly not always required if you can know they're going to do a spend at some point.

Then the basic idea is you just watch which peer on the network the transaction comes from first, with that peer being the likely IP address of the originator. It involves a lot of peers (since you need a way to guarantee that you are connected to pretty much every peer on the network), some luck, and you have to hope that they're not using a proxy/open WLAN/whatever, and that getting their IP is useful in actually identifying them.

It's not really a useful real-world attack for the most part, other than demonstrating that "anonymous" is absolutely the wrong word to describe Bitcoin... but if you've done your reading then you know that the only people who use the word "anonymous" to describe Bitcoin don't know their arse from their elbow anyway.

Edit: Yes, the slides indeed say this and he even suggests it's not as many as I figured you'd need given that the average outbound-only client connects to about 7~8 peers.

dakami

newbie

Activity: 4

Merit: 0

Heh all.

Slides are up at dankaminsky.com/bo2k11.

"What type of transactions are we talking about here? Would you need to actually spend BTC to reveal information? "

Loose transactions that involve sending money, can expose the IP address of the sender. The transaction has to enter the relay network somehow, and the first sender is the source.

"I was kind of hoping for something a little more interesting, giving his penchant for breaking shit - but this is neat too."

No need to overcomplicate things. Although, looking at the source, each peer node that is selected from the outbound lists has to be on a unique /16 network. Getting large numbers of nodes with inbound connectivity and unique x.y.0.0 addresses is actually a bit of a task. I have a little more interesting plan for how to achieve that inexpensively.

bitplane

sr. member

Activity: 321

Merit: 250

Firstbits: 1gyzhw

What type of transactions are we talking about here? Would you need to actually spend BTC to reveal information?

Can anyone who is familiar with the network source give us a breakdown of how this attack would work?

elggawf

sr. member

Activity: 308

Merit: 250

Quote from: dakami on August 04, 2011, 06:28:16 PM

Since everyone else depends on them, you just need to create your own mass cluster of IPs that are a decent chunk of the P2P network.

I thought it was going to come down to this, personally. I was kind of hoping for something a little more interesting, giving his penchant for breaking shit - but this is neat too.

dacoinminster

legendary

Activity: 1260

Merit: 1031

Rational Exuberance

For the even lazier:

---BEGIN TRIBUTE---
#./BitLen
:::::::::::::::::::
:::::::.::.::.:.:::
:.: :.' ' ' ' ' : :
:.:'' ,,xiW,"4x, ''
: ,dWWWXXXXi,4WX,
' dWWWXXX7" `X,
lWWWXX7 __ _ X
:WWWXX7 ,xXX7' "^^X
lWWWX7, _.+,, _.+.,
:WWW7,. `^"-" ,^-'
WW",X: X,
"7^^Xl. _(_x7'
l ( :X: __ _
`. " XX ,xxWWWWX7
  )X- "" 4X" .___.
,W X :Xi _,,_
WW X 4XiyXWWXd
"" ,, 4XWWWWXX
, R7X, "^447^
R, "4RXk, _, ,
TWk "4RXXi, X',x
lTWk, "4RRR7' 4 XH
:lWWWk, ^" `4
::TTXWWi,_ Xll :..
=-=-=-=-=-=-=-=-=-=
LEN "rabbi" SASSAMA
   1980-2011
Len was our friend.
A brilliant mind,
a kind soul, and
a devious schemer;
husband to Meredith
brother to Calvin,
son to Jim and
Dana Hartshorn,
coauthor and
cofounder and
Shmoo and so much
more. We dedicate
this silly hack to
Len, who would have
found it absolutely
hilarious.
--Dan Kaminsky,
Travis Goodspeed
P.S. My apologies,
BitCoin people. He
also would have
LOL'd at BitCoin's
new dependency upon
   ASCII BERNANKE
:'::.:::::.:::.::.:
: :.: ' ' ' ' : :':
:.: _.__ '.:
: _,^" "^x, :
' x7' `4,
XX7 4XX
XX XX
Xl ,xxx, ,xxx,XX
( ' _,+o, | ,o+,"
4 "-^' X "^-'" 7
l, ( )) ,X
:Xx,_ ,xXXXxx,_,XX
  4XXiX'-___-`XXXX'
   4XXi,_ _iXX7'
  , `4XXXXXXXXX^ _,
  Xx, ""^^^XX7,xX
W,"4WWx,_ _,XxWWX7'
Xwi, "4WW7""4WW7',W
TXXWw, ^7 Xk 47 ,WH
:TXXXWw,_ "), ,wWT:
::TTXXWWW lXl WWT:
----END TRIBUTE----

I read a bit about him. Definitely seems like the sort of person who should be in the block chain. Could even be Satoshi himself. I wonder what he couldn't live with . . .

Edit: It was depression (http://boingboing.net/2011/07/04/rip-len-sassaman-cyp.html) and he probably wasn't Satoshi since he wasn't too impressed with bitcoin (https://twitter.com/#!/lensassaman/status/82754572958961664). Interesting that there were several days of twitter silence before his death (https://twitter.com/#!/lensassaman). I think I've been hanging around some of you conspiracy theorists for too long.

bitclown

full member

Activity: 185

Merit: 100

Quote from: dacoinminster on August 04, 2011, 06:56:42 PM

Quote from: BitVapes on August 04, 2011, 06:48:24 PM

Quote from: dacoinminster on August 04, 2011, 06:41:26 PM

Also, is Dan claiming he put text in the genesis block? Maybe I don't understand correctly, or maybe it was a joke . . .

Not the genesis block, a more recent block. He embedded some text in the blockchain, an ASCII-art tribute to a hacker who recently committed suicide, as well as Ben Bernanke, the terrorist who controls the world economy.

Somebody paste it please. I'm lazy/busy/not running linux, but I want to see the tribute to the hacker who became "an hero".

If you're that busy it would have been quicker to just search the forums than to write that post...
https://bitcointalksearch.org/topic/a-tribute-to-len-rabbi-sassama-33618

dacoinminster

legendary

Activity: 1260

Merit: 1031

Rational Exuberance

Quote from: BitVapes on August 04, 2011, 06:48:24 PM

Quote from: dacoinminster on August 04, 2011, 06:41:26 PM

Also, is Dan claiming he put text in the genesis block? Maybe I don't understand correctly, or maybe it was a joke . . .

Not the genesis block, a more recent block. He embedded some text in the blockchain, an ASCII-art tribute to a hacker who recently committed suicide, as well as Ben Bernanke, the terrorist who controls the world economy.

Somebody paste it please. I'm lazy/busy/not running linux, but I want to see the tribute to the hacker who became "an hero".

Tasty Champa

member

Activity: 84

Merit: 10

I suggest licensing a screenshot so all the media outlets that want to cover this are forced to pay Dan BTC! xD

BitVapes

full member

Activity: 140

Merit: 100

BitVapes.com

Quote from: dacoinminster on August 04, 2011, 06:41:26 PM

Also, is Dan claiming he put text in the genesis block? Maybe I don't understand correctly, or maybe it was a joke . . .

Not the genesis block, a more recent block. He embedded some text in the blockchain, an ASCII-art tribute to a hacker who recently committed suicide, as well as Ben Bernanke, the terrorist who controls the world economy.

dacoinminster

legendary

Activity: 1260

Merit: 1031

Rational Exuberance

Quote from: spruce on August 04, 2011, 06:29:56 PM

From newbie:

Quote from: dakami on August 04, 2011, 06:28:16 PM

Hi! I was trying to respond to https://bitcointalksearch.org/topic/blitcoin-unmasks-one-or-both-ends-of-a-bitcoin-transaction-34383 , but as a newbie I can't. So, maybe someone can quote this (or even move this) to that thread.

I'm Dan Kaminsky. I'm the reason there's ASCII text that's returned if you run:

strings --bytes=20 .bitcoin/blk0001.dat

As reported, I've got a BitCoin deanonymization mechanism. It's not complicated.

Connect to every node in the cloud, discoverable via sweeping/IRC/get_peers messages. The first IP to consistently relay transactions for a given identity, is the given identity.

Of course the entire BitCoin cloud doesn't allow inbound connections (although you can do rather evil stuff with UPNP to force that open too). But this isn't a problem -- there's only about 3000 to 8000 IPs that are BitCoin nodes that accept inbound connections. Since everyone else depends on them, you just need to create your own mass cluster of IPs that are a decent chunk of the P2P network. Nodes on average have seven outbound connections, so it should take only a few hundred unique to be one of the first-hop peers even for the outbound-only set.

Now that I think about it, it might even be possible to do this from a single IP, with lots of ports. I remember seeing some code in there to try to distribute peers across Class B's though so this can be interesting bug #9 that BitCoin manages to smush.

(As a note, I have a tremendous amount of respect for BitCoin; I count it in the top five most interesting security projects of the decade. Entire classes of bugs are missing. But it's just not an anonymous solution, and the devs will say as much.)

So "deanonymize" means "associate transaction with IP address"? If so, that does seem like it would work. I recall seeing somewhere that bitcoin can run over TOR, but I doubt very many people do that. I guess if you are using silk road you should!

Unfortunately, it won't help anybody investigating past crimes, since you would have to be monitoring the network in this way when the crime happened.

Also, is Dan claiming he put text in the genesis block? Maybe I don't understand correctly, or maybe it was a joke . . .

Hopefully a mod can whitelist Dan so he can chat in this thread.

spruce

full member

Activity: 140

Merit: 100

From newbie:

Quote from: dakami on August 04, 2011, 06:28:16 PM

Hi! I was trying to respond to https://bitcointalksearch.org/topic/blitcoin-unmasks-one-or-both-ends-of-a-bitcoin-transaction-34383 , but as a newbie I can't. So, maybe someone can quote this (or even move this) to that thread.

I'm Dan Kaminsky. I'm the reason there's ASCII text that's returned if you run:

strings --bytes=20 .bitcoin/blk0001.dat

As reported, I've got a BitCoin deanonymization mechanism. It's not complicated.

Connect to every node in the cloud, discoverable via sweeping/IRC/get_peers messages. The first IP to consistently relay transactions for a given identity, is the given identity.

Of course the entire BitCoin cloud doesn't allow inbound connections (although you can do rather evil stuff with UPNP to force that open too). But this isn't a problem -- there's only about 3000 to 8000 IPs that are BitCoin nodes that accept inbound connections. Since everyone else depends on them, you just need to create your own mass cluster of IPs that are a decent chunk of the P2P network. Nodes on average have seven outbound connections, so it should take only a few hundred unique to be one of the first-hop peers even for the outbound-only set.

Now that I think about it, it might even be possible to do this from a single IP, with lots of ports. I remember seeing some code in there to try to distribute peers across Class B's though so this can be interesting bug #9 that BitCoin manages to smush.

(As a note, I have a tremendous amount of respect for BitCoin; I count it in the top five most interesting security projects of the decade. Entire classes of bugs are missing. But it's just not an anonymous solution, and the devs will say as much.)

Topic: "BlitCoin": "unmasks one or both ends of a BitCoin transaction"? - page 2. (Read 7850 times)