Author

Topic: Network analysis to identify a Bitcoin user (Read 1118 times)

sr. member
Activity: 383
Merit: 250
July 17, 2011, 02:27:15 PM
#5
There are multiple sending and receiving address in your wallet. You could use a different address for every transaction.

Just because I have a donation/receiving address in my posts, does not give you or anyone access to a sending address I tell the client to create (and then later use to buy something).
If you buy something Bitcoin will sometimes combine coins existing on multiple addresses. You don't really pick what addresses you use for sending. By seeing them combined you can assume the same person owns all those addresses. They would still have to tie an identity to one of those addresses though.

I have made zero off of my donation link, so I don't think I'm in any danger of being identified.  Smiley

hero member
Activity: 672
Merit: 500
BitLotto - best odds + best payouts + cheat-proof
There are multiple sending and receiving address in your wallet. You could use a different address for every transaction.

Just because I have a donation/receiving address in my posts, does not give you or anyone access to a sending address I tell the client to create (and then later use to buy something).
If you buy something Bitcoin will sometimes combine coins existing on multiple addresses. You don't really pick what addresses you use for sending. By seeing them combined you can assume the same person owns all those addresses. They would still have to tie an identity to one of those addresses though.
sr. member
Activity: 383
Merit: 250
It would be easier to begin building a database of known addresses.  People have addresses in their Sigs.  They publish addresses, etc.

When those addresses spend coins, you know they spent them, so you can track where they went.  If they went to a known address in your database, you can begin to build patterns of transactions.

For example, I just announced elsewhere in the forum that I sent a donation to a developer.  That receive address is well-known and I even mentioned the amount.  So it would be trivial to find the address that sent the coins.  If I didn't have enough coins in the address selected, it will have multiple inputs to make up that address, so that will leak another address or set of addresses.  Those addresses received coins at some point, so now you know additional addresses of mine and can reverse-engineer additional receipts.  Also, if the inputs are greater than the output, then the client will spin up a new address to accept the change, and now you know another address of mine, and can watch for it later.

The TOTAL address space currently in use is trivially small compared to the total address space available. 

Wouldn't be too hard to build a system that watched block explorer, recorded every address seen, then used spiders to begin to index addresses that have leaked publicly.  Once built, you can then begin to track transactions against known leaked credentials.

Said database could also be written to allow "guesses".  Lots of people commented before the Mt. Gox hack that the 400K BTC that were moved must have been them moving them to an off site wallet.  So, mark that address as owned by Mt. Gox, then look at every address that sent to that address, chances are they're all Mt. Gox addresses.  You don't KNOW that, but you can guess.  So, have some sort of "certainty" value in the database that can be modified as you learn new facts.  Sort of like the small pencil marks people use in Suduko.

Hmm, now this sounds like a fun project.

How would that even be possible?

There are multiple sending and receiving address in your wallet. You could use a different address for every transaction.

Just because I have a donation/receiving address in my posts, does not give you or anyone access to a sending address I tell the client to create (and then later use to buy something).
member
Activity: 84
Merit: 10
It would be easier to begin building a database of known addresses.  People have addresses in their Sigs.  They publish addresses, etc.

When those addresses spend coins, you know they spent them, so you can track where they went.  If they went to a known address in your database, you can begin to build patterns of transactions.

For example, I just announced elsewhere in the forum that I sent a donation to a developer.  That receive address is well-known and I even mentioned the amount.  So it would be trivial to find the address that sent the coins.  If I didn't have enough coins in the address selected, it will have multiple inputs to make up that address, so that will leak another address or set of addresses.  Those addresses received coins at some point, so now you know additional addresses of mine and can reverse-engineer additional receipts.  Also, if the inputs are greater than the output, then the client will spin up a new address to accept the change, and now you know another address of mine, and can watch for it later.

The TOTAL address space currently in use is trivially small compared to the total address space available. 

Wouldn't be too hard to build a system that watched block explorer, recorded every address seen, then used spiders to begin to index addresses that have leaked publicly.  Once built, you can then begin to track transactions against known leaked credentials.

Said database could also be written to allow "guesses".  Lots of people commented before the Mt. Gox hack that the 400K BTC that were moved must have been them moving them to an off site wallet.  So, mark that address as owned by Mt. Gox, then look at every address that sent to that address, chances are they're all Mt. Gox addresses.  You don't KNOW that, but you can guess.  So, have some sort of "certainty" value in the database that can be modified as you learn new facts.  Sort of like the small pencil marks people use in Suduko.

Hmm, now this sounds like a fun project.
hero member
Activity: 672
Merit: 500
BitLotto - best odds + best payouts + cheat-proof
I've seen it explained a couple times but I'm not sure if I understand what was meant or how hard it would be to accomplish.

Let's assume a person used a bitcoin online wallet or something similar to obscure his record on the blockchain. Now all we know is an address and want to know who's it is.

So for network analysis to work you would have to:
-have many nodes on the Bitcoin network
-wait until they spend from that address and use traffic spikes to figure out who did it?
-could you send to the address and see a pattern in traffic that only the receiver would do if they were online?

Am I correct that that using network analysis could work to identify an IP address but would fail if the user was using TOR? Would it be too hard to analyze TOR traffic to analyze Bitcoin traffic? Or does TOR have too much encrypted traffic while Bitcoin traffic is so small it would be hard to notice?

I'm just trying to wrap my head around it.
Jump to: