Skip to main content
SpringerLink
Log in
Book cover

International Conference on Business Process Management

BPM 2021: Business Process Management: Blockchain and Robotic Process Automation Forum pp 85–101Cite as

Studying Bitcoin Privacy Attacks and Their Impact on Bitcoin-Based Identity Methods

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Business Information Processing ((LNBIP,volume 428))

Abstract

The Bitcoin blockchain was the first publicly verifiable, and distributed ledger, where it is possible for everyone to download and check the full history of all data records from the genesis block. These properties lead to the emergence of new types of applications and the redesign of traditional systems that no longer respond to current business needs (e.g., transparency, protection against censorship, decentralization). One particular application is the use of blockchain technology to enable decentralized and self-sovereign identities including new mechanisms for creating, resolving, and revoking them. The public availability of data records has, in turn, paved the way for new kinds of attacks that combine sophisticated heuristics with auxiliary information to compromise users’ privacy and deanonymize their identities. In this paper, we review and categorize Bitcoin privacy attacks, investigate their impact on one of the Bitcoin-based identity methods namely did:btcr, and analyze and discuss its privacy properties.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   54.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   69.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    https://haveibeenpwned.com/.

  2. 2.

    https://www.w3.org/TR/2021/CRD-did-core-20210609/.

  3. 3.

    https://ipfs.io/.

References

  1. Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system. In: Decentralized Business Review, p. 21260 (2008)

    Google Scholar 

  2. López-Pintado, O., García-Bañuelos, L., Dumas, M., Weber, I., Ponomarev, A.: CATERPILLAR: a business process execution engine on the ethereum blockchain. CoRR abs/1808.03517 (2018)

    Google Scholar 

  3. Ladleif, J., Weber, I., Weske, M.: External data monitoring using oracles in blockchain-based process execution. In: Asatiani, A., et al. (eds.) BPM 2020. LNBIP, vol. 393, pp. 67–81. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-58779-6_5

    Chapter  Google Scholar 

  4. Prybila, C., Schulte, S., Hochreiner, C., Weber, I.: Runtime verification for business processes utilizing the bitcoin blockchain. Future Gener. Comput. Syst. 107, 816–831 (2020)

    Article  Google Scholar 

  5. Lesavre, L., Varin, P., Mell, P., Davidson, M., Shook, J.: A taxonomic approach to understanding emerging blockchain identity management systems. arXiv preprint arXiv:1908.00929 (2019)

  6. Dunphy, P., Petitcolas, F.A.: A first look at identity management schemes on the blockchain. IEEE Secur. Privacy 16(4), 20–29 (2018)

    Article  Google Scholar 

  7. Allen, C., Hamilton Duffy, K., Grant, R., Pape, D.: BTCR did method. https://w3c-ccg.github.io/didm-btcr/ (2019)

  8. Ghesmati, S., Fdhila, W., Weippl, E.: Bitcoin privacy - a survey on mixing techniques. Cryptology ePrint Archive, Report 2021/629 (2021). https://eprint.iacr.org/2021/629

  9. Cooper, A., et al.: Privacy considerations for internet protocols. Internet Architecture Board (2013)

    Google Scholar 

  10. Meiklejohn, S., et al.: A fistful of bitcoins: characterizing payments among men with no names. In: Proceedings of the 2013 Conference on Internet Measurement Conference, pp. 127–140 (2013)

    Google Scholar 

  11. Biryukov, A., Tikhomirov, S.: Deanonymization and linkability of cryptocurrency transactions based on network analysis. In: IEEE European Symposium on Security and Privacy (EuroS&P), vol. 2019, pp. 172–184. IEEE (2019)

    Google Scholar 

  12. English, S.M., Nezhadian, E.: Conditions of full disclosure: The blockchain remuneration model. In: IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), vol. 2017, pp. 64–67. IEEE (2017)

    Google Scholar 

  13. Sabry, F., Labda, W., Erbad, A., Al Jawaheri, H., Malluhi, Q.: Anonymity and privacy in bitcoin escrow trades. In: Proceedings of the 18th ACM Workshop on Privacy in the Electronic Society, pp. 211–220 (2019)

    Google Scholar 

  14. Yousaf, H., Kappos, G., Meiklejohn, S.: Tracing transactions across cryptocurrency ledgers. In: 28th \(\{\)USENIX\(\}\) Security Symposium (\(\{\)USENIX\(\}\) Security 19), pp. 837–850 (2019)

    Google Scholar 

  15. Reed, D., Sporny, M., Longley, D., Allen, C., Grant, R., Sabadello, M., Holt, J.: Decentralized identifiers (dids) v1. 0. Draft Community Group Report (2021)

    Google Scholar 

  16. Sporny, M., Noble, G., Longley, D., Burnett, D., Zundel, B.: Verifiable credentials data model (2019)

    Google Scholar 

  17. Wiki: Op\(\_\)return. https://en.bitcoin.it/wiki/OP_RETURN (2020)

  18. Bonneau, J., Narayanan, A., Miller, A., Clark, J., Kroll, J.A., Felten, E.W.: Mixcoin: anonymity for bitcoin with accountable mixes. In: Christin, N., Safavi-Naini, R. (eds.) FC 2014. LNCS, vol. 8437, pp. 486–504. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-45472-5_31

    Chapter  Google Scholar 

  19. Henry, R., Herzberg, A., Kate, A.: Blockchain access privacy: challenges and directions. IEEE Secur. Privacy 16(4), 38–45 (2018)

    Article  Google Scholar 

  20. Spagnuolo, M., Maggi, F., Zanero, S.: BitIodine: extracting intelligence from the bitcoin network. In: Christin, N., Safavi-Naini, R. (eds.) FC 2014. LNCS, vol. 8437, pp. 457–468. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-45472-5_29

    Chapter  Google Scholar 

  21. Kalodner, H., et al.: Blocksci: design and applications of a blockchain analysis platform. In: 29th \(\{\)USENIX\(\}\) Security Symposium), pp. 2721–2738 (2020)

    Google Scholar 

  22. Conti, M., Gangwal, A., Ruj, S.: On the economic significance of ransomware campaigns: a bitcoin transactions perspective. Comput. Secur. 79, 162–189 (2018)

    Article  Google Scholar 

  23. Huang, D.Y., et al.: Tracking ransomware end-to-end. In: IEEE Symposium on Security and Privacy (SP), vol. 2018, pp. 618–631. IEEE (2018)

    Google Scholar 

  24. Lee, S., et al.: Cybercriminal minds: an investigative study of cryptocurrency abuses in the dark web. In: NDSS (2019)

    Google Scholar 

  25. Boshmaf, Y., Elvitigala, C., Al Jawaheri, H., Wijesekera, P., Al Sabah, M.: Investigating MMM Ponzi scheme on bitcoin. In: Proceedings of the 15th ACM Asia Conference on Computer and Communications Security, pp. 519–530 (2020)

    Google Scholar 

  26. Koshy, P., Koshy, D., McDaniel, P.: An analysis of anonymity in bitcoin using P2P network traffic. In: Christin, N., Safavi-Naini, R. (eds.) FC 2014. LNCS, vol. 8437, pp. 469–485. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-45472-5_30

    Chapter  Google Scholar 

  27. Biryukov, A., Khovratovich, D., Pustogarov, I.: Deanonymisation of clients in bitcoin p2p network. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pp. 15–29 (2014)

    Google Scholar 

  28. Neudecker, T., Hartenstein, H.: Could network information facilitate address clustering in bitcoin? In: Brenner, M., et al. (eds.) FC 2017. LNCS, vol. 10323, pp. 155–169. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70278-0_9

    Chapter  Google Scholar 

  29. Maxwell, G.: Coinjoin: Bitcoin privacy for the real world (2013). https://bitcointalk.org/index.php

  30. Kalodner, H.: Privacy. https://citp.github.io/BlockSci/reference/heuristics/change.html. Accessed 23 July 2020

  31. Wiki: Privacy. https://en.bitcoin.it/wiki/Privacy. Accessed 23 July 2020

  32. Wiki: Address reuse (2021). https://en.bitcoin.it/wiki/Address_reuse

  33. Möser, M., Böhme, R., Breuker, D.: An inquiry into money laundering tools in the bitcoin ecosystem. In: APWG eCrime Researchers Summit, vol. 2013, pp. 1–14. IEEE (2013)

    Google Scholar 

  34. Mai, A., Pfeffer, K., Gusenbauer, M., Weippl, E., Krombholz, K.: User mental models of cryptocurrency systems–a grounded theory approach (2020)

    Google Scholar 

  35. Krombholz, K., Judmayer, A., Gusenbauer, M., Weippl, E.: The other side of the coin: user experiences with bitcoin security and privacy. In: Grossklags, J., Preneel, B. (eds.) FC 2016. LNCS, vol. 9603, pp. 555–580. Springer, Heidelberg (2017). https://doi.org/10.1007/978-3-662-54970-4_33

    Chapter  Google Scholar 

  36. Gibson, A.: Payjoin (2018). https://joinmarket.me/blog/blog/payjoin/

  37. Ghesmati, S., Kern, A., Judmayer, A., Stifter, N., Weippl, E.: Unnecessary input heuristics and PayJoin transactions. In: Stephanidis, C., Antona, M., Ntoa, S. (eds.) HCII 2021. CCIS, vol. 1420, pp. 416–424. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-78642-7_56

    Chapter  Google Scholar 

  38. (W3C), C.C.G.: A primer for decentralized identifiers (2020). https://w3c-ccg.github.io/did-primer/

  39. Andrieu, J., et al.: Did method rubric v1.0 (2021). https://w3c.github.io/did-rubric/#privacy

  40. Wiki: Simplified payment verification (2019). https://en.bitcoinwiki.org/wiki/Simplified_Payment_Verification

Download references

Acknowledgments

This research is based upon work partially supported by (1) SBA Research (SBA-K1); SBA Research is a COMET Center within the COMET – Competence Centers for Excellent Technologies Programme and funded by BMK, BMDW, and the federal state of Vienna. The COMET Programme is managed by FFG. (2) the FFG ICT of the Future project 874019 dIdentity & dApps. (3) the FFG Basisprogramm Kleinprojekt 39019756 Decentralised Marketplace for Digital Identity.

Author information

Authors and Affiliations

  1. SBA Research, Vienna, Austria

    Simin Ghesmati, Walid Fdhila & Edgar Weippl

  2. Vienna University of technology, Vienna, Austria

    Simin Ghesmati

  3. University of Vienna, Vienna, Austria

    Walid Fdhila & Edgar Weippl

Authors
  1. Simin Ghesmati
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Walid Fdhila
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Edgar Weippl
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Simin Ghesmati .

Editor information

Editors and Affiliations

  1. Escuela Técnica Superior de Ingeniería, Seville, Spain

    José González Enríquez

  2. IT University of Copenhagen, Copenhagen, Denmark

    Søren Debois

  3. German Research Center for Artificial Intelligence (DFKI) and Saarland University, Saarbrücken, Germany

    Peter Fettke

  4. Politecnico di Milano, Milan, Italy

    Pierluigi Plebani

  5. Utrecht University, Utrecht, The Netherlands

    Inge van de Weerd

  6. TU Berlin, Berlin, Germany

    Ingo Weber

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Ghesmati, S., Fdhila, W., Weippl, E. (2021). Studying Bitcoin Privacy Attacks and Their Impact on Bitcoin-Based Identity Methods. In: González Enríquez, J., Debois, S., Fettke, P., Plebani, P., van de Weerd, I., Weber, I. (eds) Business Process Management: Blockchain and Robotic Process Automation Forum. BPM 2021. Lecture Notes in Business Information Processing, vol 428. Springer, Cham. https://doi.org/10.1007/978-3-030-85867-4_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-85867-4_7

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-85866-7

  • Online ISBN: 978-3-030-85867-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation