February 16, 2016
As the BitLicense drama continues to roll out since last year, it has been a rough time for bitcoin startups working with the cryptocurrency. While some companies have filed a patent, others were forced to retrieve operations in New York and form an opposition to fight the licensing.
One of the most important concerns regarding the license is that the government may require bitcoin companies to store information about transactions and bitcoin owners. Virtual currency anonymity is crucial because anonymity is one of the most important properties of any currency as neither the buyer nor the seller requires knowledge of its history.
Attacks to de-anonymize transactors range from highly sophisticated attacks on a single user to hacker attacks in which little effort and sophistication is required to de-anonymize broad groups of individuals. The government sees a difference in the anonymity of transactions between users and anonymity from the government. Maybe in regard to BitLicense—or maybe for other reasons—last year, a US government-backed non-profit organization called RAND, which was founded in 1948 by Douglas Aircraft Company to offer research and analysis to the United States Armed Forces, published an extensive report on the national security implications of virtual currency with insights on the fact that virtual currencies (in particular, bitcoin) were never truly anonymous. Whether it was a coincidence that the report came out the time when New York’s government passed BitLicense or not, it’s worth understanding that licensing doesn’t end the era of anonymity associated with virtual currency transactions. Virtual currency transactions were never actually bullet-proof when it came to privacy and anonymity.
Dual nature of virtual currency anonymity
Assuring everyday user anonymity is a different issue from assuring anonymity from the government by technically sophisticated and interested groups. In practice, however, almost all virtual currencies do not make this distinction. For decentralized virtual currencies, the two issues are currently inseparable because distinguishing attack source and sophistication is not a design parameter within a decentralized infrastructure.
Protecting the very nature of virtual currencies, many companies also protect user identities from government investigations. Those virtual currencies are the ones the government is looking to track and the ones usually involved in investigations because they attempt to provide such anonymity but are ripe for attack due to their centralized architecture.
There is a class of virtual currencies that can be considered as semi-centralized. However, they are not common and the best known would be Ripple. Ripple is not designed to be private because it is tailored to financial institutions rather than individuals. Semi-centralized virtual currencies are seen by some as the future of virtual currencies and the best alternative for businesses working with virtual currencies.
There has been a debate that semi-centralized virtual currencies may be the best way forward to maintain security and privacy for individuals while simultaneously allowing for government regulation, but the class of semi-centralized currencies hasn’t been actively explored and deployed yet.
Why anonymity of virtual currencies (bitcoin in particular) is an illusion
Turning to a particular example, we can look at bitcoin, which is pseudonymous because every user is represented by a random, cryptographically generated string of digits called an address, which does not reveal the user’s actual identity. If a user does not change his or her address from transaction to transaction, however, then the entire transaction history is completely public to anyone who knows his or her bitcoin address. This is because the bitcoin blockchain contains a public record of every transaction that has ever occurred. Therefore, repeated bitcoin transactions pose a serious risk to anonymity.
For those opposed to de-anonymization, the report explains why there wasn’t any anonymity as such. Bitcoin address can become known by many people in the course of regular transactions by anyone transacting with the user. Bitcoin is anonymous in the following sense: every bank transaction and every bank account’s balance is known to anyone with an Internet connection; the only information that is unknown is who owns each bank account. However, it can be inferred from user interactions. While transactions can be anonymous for a regular user, the government is capable of tracing the account’s owner if it was to put some efforts into recognizing the patterns. From the government’s perspective, it is still unacceptable for everyday economic life and the additional safeguards must be built in.
Anonymizing bitcoin comprises two aspects: anonymizing individual transactions and anonymizing the patterns of transactions. Making individual transactions anonymous is accomplished predominantly by assigning a random pseudonym to each individual. However, even with this pseudonym, an individual transaction might be identified by examining the Internet protocol (IP) addresses of the users, thereby revealing the user’s entire transaction history.
The pseudonym process, as mentioned above, does not in itself preserve anonymity; when given access to another user’s pseudonym, any individual can see all transactions and balances associated with that pseudonym.
Transaction patterns are the loopholes of de-anonymization that can be—and are—leveraged by interested ones. The procedures to trace the pattern and the user can be built-in. Moreover, the security-focused community has demonstrated the ability to perform privacy-reducing analytics on the overall bitcoin blockchain in an attempt to identify individuals solely by the pattern of their transactions.
How to anonymize bitcoin
While virtual currencies never were actually anonymous, there are certain techniques that could assure some level of anonymity. Many virtual currencies are built using bitcoin as their foundation, and therefore, many of the efforts to anonymize bitcoin can be applied for other virtual currencies.
As bitcoin transactions can be traced by the IP address, for those looking to anonymize themselves, the Bitcoin foundation recommends the use of technologies aimed to hide the address; a specific example could be Tor.
However, Tor has been a subject of a debate. It is believed that even Tor might not be able to hide the user from the government as de-anonymizing bitcoin users employing Tor is possible given the current manner in which bitcoin is configured.
As mentioned before, de-anonymization can occur if the same pseudonym is used every time for bitcoin transactions. Logically, if users iterate pseudonyms every time, it may create certain complexities for de-anonymization. However, the practice is not widely adopted, which keeps users vulnerable to identification.
As transactors can be identified by the patterns of their transactions, in an attempt to solve the de-anonymization problem, so-called mixing services exist to obfuscate transactions. Those services aggregate transactions so that they cannot be as easily traced to individual actors. Such services include CoinJoin, Mixcoin and Dark Wallet. However, the government warns that despite these services, there is always the threat of future advances in de-anonymization, thereby revealing past transactions—even those done with proper anonymity practices.