Do Bitcoin Users Really Care About Anonymity An

Do Bitcoin Users Really Care About Anonymity? - An Analysis of the Bitcoin Transaction Graph Anil Gaihre Yan Luo Hang Liu University of Massachusetts Lowell 6/6/2021

Outline ØIntroduction and Background ØAnonymity Metrics ØMacro Analysis ØMicro Analysis ØConclusions 2 6/6/2021

Bitcoin • Intent of Bitcoin: replacing banks! • Technical guarantees: – Distributed consensus – Pseudo-anonymous 3 6/6/2021

How Does Bitcoin Work? Miners Proof of work … Alice Bob Ram Hari Transaction Alice Bob … Transactions inside block Transaction Confirmed Alice Bob Normally 6 blocks after transaction Alice 4 Publicly available blockchain Bob 6/6/2021

Background and Related Works on Anonymity concern: Not Anonymous Altcoins E. g. Dash. Coin Mixers E. g. Bitcoin Blender Graph Analysis Interacting with merchants/users Trustless Coinjoin E. g. Coinshuffle References: 1. Tim Ruffing, et al. Coinshuffle: Practical decentralized coin mixing for bitcoin. In European Symposium on Research in Computer Security, pages 345– 364. Springer, 2014. 2. Gregory Maxwell. Coinjoin: Bitcoin privacy for the real world, 2013. Available at https: //bitcointalk. org/? topic=279249. 3. Dash. Coin, Anonymous peer-to-peer Internet currency. Available at http: //dashcoin. info/ Third Party Crawling E. g. Bitcoin forums References: 1. Malte Moser, et al. An inquiry into money laundering tools in the bitcoin ecosystem. In e. Crime Researchers Summit (e. CRS), 2013, pages 1– 14. IEEE, 2013 2. Michael Fleder, et al. Bitcoin transaction graph analysis. ar. Xiv reprint ar. Xiv: 1502. 01657, 2015 3. Sarah Meiklejohn, et al. A fistful of bitcoins: characterizing payments among men with no names. In Proceedings of the 2013 conference on Internet measurement conference, pages 127– 140. ACM, 2013 But, do users really care about anonymity? Or to what extent they care about it? 5 6/6/2021

Contributions • Anonymity Metrics – Direct metric: hide their real-world identity? – Indirect metric: hide their intention? • Macro view analysis of anonymity concern of users – The collective anonymity concerns from all users • Micro view analysis of critical addresses – Addresses from big organizations: Hot and cold wallet addresses. – Bitcoin “believers”: Stock buyer addresses – Addresses from backbone participants: Miners addresses • BIGDATA: ~10 years of transaction data (~230 GB)! 6 6/6/2021

Bitcoin Transaction Graph Looks Like Transaction Alice Bob Address M 7 6/6/2021 Transaction M Mining Transaction

Constructing Bitcoin Transaction Graph Bitcoin Core (v 0. 16. 0) Blockchain Raw Data Rusty Block Parser Bipartite Graph Generator CSV Dumps Anonymity concern insights! Graph Analysis Graph in correct format Graph Project Start Edge Lists(BTC, timestamps) References: • Bitcoin Core Software. Available at https: //bitcoin. org/en/bitcoin-core/ • 8 Rusty blockparser github repository. Available at https: //github. com/gcarq/rustyblockparser 6/6/2021

Outline ØIntroduction and Background ØAnonymity Metrics ØMacro Analysis ØMicro Analysis ØConclusions 9 6/6/2021

Anonymity Metrics: How to Detect Anonymity Concern? Metric 1 (Address Reusing Frequency). Reusing an address = low concern on anonymity. • Address. Reuse. Available at https: //en. bitcoin. it/wiki/Address reuse • Satoshi Nakamoto. Bitcoin: A peer-to-peer electronic cash system. 2008 Metric 2 (Zero Balance). Addresses turned into zero balance = concern about anonymity. Metric 3 (Address Intention). Hiding intention = cares about anonymity. • Important because identifying the intentions of the addresses helps grouping them together into some category to speed up the deanonymization process 10 6/6/2021

Outline ØIntroduction and Background ØAnonymity Metrics ØMacro Analysis ØMicro Analysis ØConclusions 11 6/6/2021

Causes of Diameter Dynamics Unchanged A 1 T 2 A 3 T 3 Unchanged A 1 T 1 A 2 A 4 T 1 T 2 A 4 A 3 T 3 Increased A 1 T 2 A 3 Decreased A 1 T 3 T 1 A 2 T 2 A 3 T 3 • New addresses: Diameter remains unchanged or increases • No new addresses: Diameter remains unchanged or decreases 12 6/6/2021 Diameter: The maximum shortest path between any 2 vertices in graph.

2009 -03 -13 2009 -05 -21 2009 -07 -28 2009 -10 -05 2009 -12 -13 2010 -02 -20 2010 -04 -30 2010 -07 -07 2010 -09 -14 2010 -11 -22 2011 -01 -30 2011 -04 -09 2011 -06 -16 2011 -08 -24 2011 -11 -01 2012 -01 -09 2012 -03 -18 2012 -05 -25 2012 -08 -02 2012 -10 -10 2012 -12 -18 2013 -02 -25 2013 -05 -04 2013 -07 -12 2013 -09 -19 2013 -11 -27 2014 -02 -04 2014 -04 -13 2014 -06 -21 2014 -08 -29 2014 -11 -06 2015 -01 -14 2015 -03 -23 2015 -05 -31 2015 -08 -08 2015 -10 -16 2015 -12 -24 2016 -03 -01 2016 -05 -09 2016 -07 -17 2016 -09 -24 2016 -12 -01 2017 -02 -08 2017 -04 -18 2017 -06 -26 2017 -09 -03 2017 -11 -10 2018 -01 -18 2018 -03 -28 2018 -06 -05 Diameter Macro View Analysis of Anonymity Concerns Connected components remain separated 13 Majority: anonymity concern users Majority: unconcerned users 5000 4000 6/6/2021 Remain consistent 7000 6000 New address attaching on tail 3000 2000 1000 0 Diameter : Main connected component with majority of vertices

2009 -03 -13 2009 -05 -21 2009 -07 -28 2009 -10 -05 2009 -12 -13 2010 -02 -20 2010 -04 -30 2010 -07 -07 2010 -09 -14 2010 -11 -22 2011 -01 -30 2011 -04 -09 2011 -06 -16 2011 -08 -24 2011 -11 -01 2012 -01 -09 2012 -03 -18 2012 -05 -25 2012 -08 -02 2012 -10 -10 2012 -12 -18 2013 -02 -25 2013 -05 -04 2013 -07 -12 2013 -09 -19 2013 -11 -27 2014 -02 -04 2014 -04 -13 2014 -06 -21 2014 -08 -29 2014 -11 -06 2015 -01 -14 2015 -03 -23 2015 -05 -31 2015 -08 -08 2015 -10 -16 2015 -12 -24 2016 -03 -01 2016 -05 -09 2016 -07 -17 2016 -09 -24 2016 -12 -02 2017 -02 -08 2017 -04 -18 2017 -06 -26 2017 -09 -03 2017 -11 -10 2018 -01 -18 2018 -03 -28 2018 -06 -05 Diameter 7000 6000 5000 14 New Addresses used to receive Bitcoin Old address used to receive Bitcoin Diameter 4000 25 3000 20 2000 15 10 1000 • On average, old addresses: 55. 25% vs new addresses: 44. 75% to receive Bitcoin • Exception: establishment of Bitcoin exchange centers + price hike probably caused • New users joining Bitcoin the increase of new address usage. 6/6/2021 #Addresses (Millions) New Address vs Old Address to Receive Bitcoin 40 0 35 30 5 0

2009 -03 -13 2009 -05 -21 2009 -07 -28 2009 -10 -05 2009 -12 -13 2010 -02 -20 2010 -04 -30 2010 -07 -07 2010 -09 -14 2010 -11 -22 2011 -01 -30 2011 -04 -09 2011 -06 -16 2011 -08 -24 2011 -11 -01 2012 -01 -09 2012 -03 -18 2012 -05 -25 2012 -08 -02 2012 -10 -10 2012 -12 -18 2013 -02 -25 2013 -05 -04 2013 -07 -12 2013 -09 -19 2013 -11 -27 2014 -02 -04 2014 -04 -13 2014 -06 -21 2014 -08 -29 2014 -11 -06 2015 -01 -14 2015 -03 -23 2015 -05 -31 2015 -08 -08 2015 -10 -16 2015 -12 -24 2016 -03 -01 2016 -05 -09 2016 -07 -17 2016 -09 -24 2016 -12 -01 2017 -02 -08 2017 -04 -18 2017 -06 -26 2017 -09 -03 2017 -11 -10 2018 -01 -18 2018 -03 -28 2018 -06 -05 Percentage Rich Vs Poor Addresses Events of hacking and stealing 120% 16 Rich Addresses 6/6/2021 Poor Addresses 100% 80% 60% 40% 20% 0% Rich Addresses: Top 25% rich Bitcoin addresses. Poor Addresses: Remaining non-zero Bitcoin addresses. Rich addresses are more concerned about anonymity. References: • Timithy B. Lee. A brief history of Bitcoin hacks and frauds. Available at https: //arstechnica. com/techpolicy/2017/12/a-brief-history-of-bitcoin-hacks-and-frauds/

Outline ØIntroduction and Background ØAnonymity Metrics ØMacro Analysis ØMicro Analysis ØConclusions 17 6/6/2021

Stock Buyer Addresses 1000000 100000 Stock address 10000 Bitcoin price 100000 10 1000 10/30/07 3/13/09 1 7/26/10 12/8/11 4/21/13 9/3/14 1/16/16 0. 1 5/30/17 10/12/18 2/24/20 • Stock buyer address features: only receive the Bitcoin but never spent • Out-degree = 0. • This is how we reveal their intentions. • More insights: stock addresses are immediately influenced by the exchange rate of Bitcoin. 18 Bitcoin price (USD) #Stock address 10000000 6/6/2021

Miners: Before and After Bitcoin Price Hike (2 real cases) CASE I • Miner accumulates the mined Bitcoins • Low Anonymity concern M 1 1 Addresses 5 4 50 BTC M 2 Address with BTC Transaction 150 BTC 2 6 7 3 8 9 10 11 50 BTC 2010 -06 -04 to 2010 -06 -15 M 3 M Mining Transaction 50 BTC 16. 00036303 BTC 17. 97607515 BTC 26 23 27 25 2018 -01 -05 24 1 2010 -02 -21 19 2 3 4 5 6 15 16 20 19 7 2011 -06 -14 2017 -11 -19 CASE II Miner splits the mined Bitcoins, when Bitcoin price rises. Change in anonymity concern 6/6/2021 16. 00036719 BTC 18 8 50 BTC M 1 22 21 17 10 9 11 14 12 13

Hot and Cold Wallets of Big Organizations 20 Hot Wallet Cold Wallet Connected to the internet Offline (hard disk or paper) Convenient to use but vulnerable to hacking More secured but not convenient to use 6/6/2021

Hot Wallet Addresses of Big Organizations Tag Address ID Total inflow from other addresses Bitcoin balance Degree Deepbit 1 Vay. Nert 3 x 1 Kzbpz. MGt 2 qdqr. AThi. Rovi 8 25467352. 64 0. 2 1565611 Satoshi. DICE Hot Wallet 18 uvwk. MJsg 9 cx. FEd 1 QDFg. Qpoe. XWmm. Snq. Ss 399678. 8714 0. 00053 414842 Satoshi. DICE Hot Wallet 1 MSzm. VTBaa. Sp. KDARK 3 VGv. P 8 v 7 a. Ctw. Z 9 zbw 386456. 4036 0. 00033 414270 Satoshi. DICE Hot Wallet 1 Peoha. RGa. TF 8 c. Sz. Dq. P 1 y. Yfz. Dah 66 xiri. EQ 384443. 0361 0. 00079806 413407 Satoshi. DICE Hot Wallet 1 Bd 5 wr. Fx. HYRkk 4 UCFttc. PNMYzq. Jn. QKf. XUE 383879. 8434 0. 05339999 415362 Satoshi. DICE Hot Wallet 15 f. Xd. Ty. FL 1 p 53 q. Q 8 Nkrj. Bq. PUb. PWv. Wm. Z 3 G 9 383444. 5918 0. 00028 415042 Fox. Bit Hot Wallet 1 Fox. Bitj. Xc. Be. ZUS 4 e. Dz. PZ 7 b 124 q 3 N 7 QJK 7 156329. 1069 0. 04314468 560202 Unknown 13 v. HWR 3 i. Ls. He. Yw. T 42 Rnu. KYNBo. VPr. KKZg. Rv 17600542. 04 0. 00306531 1011905 Unknown 19 i. Vy. H 1 q. Uxgyw. Y 8 LJSbp. V 4 Vavj. Zmyu. Eyx. V 9326468. 877 0. 00000651 430643 Hot wallet addresses of big organizations: – Private key is online for convenience – Has relatively high degree, with low accumulations of Bitcoin but higher flow through them. – Feature: Degree >= 50, 000, flow >= 150, 000 BTC , Accumulated BTC <=10 BTC • We can help uncover hidden (similar) hot wallets! 21 6/6/2021

Outline ØIntroduction and Background ØAnonymity Metrics ØMacro Analysis ØMicro Analysis ØConclusions 22 6/6/2021

Conclusions • Majority of the users don't care about the anonymity • Most of the addresses that are concerned about anonymity are rich addresses • Users start concerning about anonymity when the price of Bitcoin goes high – Seen with a real examples of miners – Rich addresses concerning more when price hiked, and hacking events started • Stock addresses don’t hide their intent of making profits on Bitcoin price hike. • With design of some filters, one can find the hot wallet addresses and cold wallet addresses of big organizations (like exchange centers, gambling sites, miners etc. ) 23 6/6/2021

Thank You & Questions? Opensource at: https: //github. com/Anil-Gaihre/Bitcoin_Anonymity. Concern Contacts: Anil_Gaihre@student. uml. edu 6/6/2021

BACK UP SLIDES 6/6/2021 25

2009 -03 -13 2009 -05 -21 2009 -07 -29 2009 -10 -05 2009 -12 -13 2010 -02 -20 2010 -04 -30 2010 -07 -08 2010 -09 -15 2010 -11 -23 2011 -01 -30 2011 -04 -09 2011 -06 -17 2011 -08 -25 2011 -11 -02 2012 -01 -10 2012 -03 -19 2012 -05 -26 2012 -08 -03 2012 -10 -11 2012 -12 -19 2013 -02 -26 2013 -05 -06 2013 -07 -13 2013 -09 -20 2013 -11 -28 2014 -02 -05 2014 -04 -15 2014 -06 -23 2014 -08 -31 2014 -11 -07 2015 -01 -15 2015 -03 -25 2015 -06 -02 2015 -08 -10 2015 -10 -18 2015 -12 -25 2016 -03 -03 2016 -05 -11 2016 -07 -19 2016 -09 -26 2016 -12 -04 2017 -02 -11 2017 -04 -20 2017 -06 -28 2017 -09 -05 2017 -11 -13 2018 -01 -21 2018 -03 -31 2018 -06 -07 Miners Addresses Exchange centers established. #Connected components 60000 50000 40000 30000 20000 10000 0 Method of anonymity analysis: Claim 3 (Intention) • The mining addresses along with their transactions remain as separate connected component if none of them transact with main connected component. • Detected intentions of saving Bitcoin! • At the date of download, some of the small connected components were detected from around 2010 26 6/6/2021

Construction of Bitcoin transaction graph • Raw Data Download (January 3, 2009 to June 7, 2018) – Bitcoin Core v 0. 16. 0 – Raw data size of approximately 230 GB • Parsing: – Rusty Block parser (https: //github. com/gcarq/rusty-blockparser) – Output: csv dump • Transaction-address bipartite graph – Developed tool to process the csv dumps from the Rusty Block Parser – Output: Edge lists with Bitcoin as weights, Addresses/Transactions Maps, Transactions Timestamps • Compressed Sparse Row (CSR construction) – Graph project start (https: //github. com/asherliu/graph_project_start) – Output: csr edge lists 27 6/6/2021

What is Blockchain and Bitcoin? • Blockchain : A distributed ledger of transaction – Append only distributed ledger – Decentralized consensus used for validation – Collects the transactions in blocks and attach the blocks to maintain a linked list. – Miners to validate the transactions • Check for double spend • Bitcoin : – A blockchain based cryptocurrency – Most popular and widely used cryptocurrency – Users references to UTXO (Unspent Transaction Output), of a transaction in the blockchain. – Pseudo anonymous in nature 28 6/6/2021

Appendices Miners Real world examples • Case I Mining Transactions: 1. fa 796 ffd 60 affebb 030 d 7 ff 8 e 81474 ceb 7 e 3 fba 91 e 92235 f 8094 69 e 434025 f 1 b 2. e 9 e 2747 a 9 a 10 db 68912 d 3215 a 4 fda 1 a 5 ff 0 d 4 c 018928851 ac 5 f 8 e 0 e 80 d 0 c 091 c 3. c 43 ed 2 ff 2 dbc 51 f 7 c 677 ce 88 c 416050 e 13 e 892707 bd 12738 a 1 f 68 bdd 81226 c 3 e • Case II Mining Transactions 1. 089 bf 008 a 36 a 182 f 816498 f 3 f 15 aa 56885 dda 745 b 678 d 8 f 9 fd 7 f 51 b 05 aab 502 f 29 6/6/2021

Result Validation • https: //www. blockchain. com/ • https: //bitinfocharts. com/top-100 -richest-bitcoinaddresses. html Signed by Alice Pay to Pkbob: H() 30 6/6/2021

Bitcoin Address • A Bitcoin address is a 160 bit hash of the public portion of a public/private ECDSA keypai r. Using public-key cryptography, you can "sign" data with your private key and anyone who knows your public key can verify that the signature is valid. 31 6/6/2021

How addresses are created? 32 6/6/2021

How a transaction is verified cryptographically? • Suppose Alice receives m, digital signature { m, sig=sign(m, KR) } • Alice verifies m signed by Bob by applying Bob’s public key Ku to sig then checks verify(m, sig, Ku) = true or false? • If true, whoever signed m must have used Bob’s private key. Alice thus verifies that: ü Bob signed m. ü No one else signed m. ü Bob signed m and not m’. Non-repudiation: ü Alice can take (m, sig) to court and prove that Bob signed m. 6/6/2021 33

2. 2 Block format in Bitcoin Chain all blocks together • • Guarantee the integrity of transactions in a block A block contains “block head” and “block body”, “block head” stores the previous hash of the last block header.

Core：Proof of Work --- solving a puzzle u

Digital signature = signed message digest Alice verifies signature and integrity of digitally signed message: Bob sends digitally signed message: large message m H: Hash function Bob’s private key + KR H(m) digital signature (encrypt) Signed msg digest Sign(H(m), KR) signed msg digest large message m H: Hash function Sign(H(m), KR) Bob’s public key digital signature (decrypt) KU H(m) equal ? 6/6/2021 36

Hot wallet and cold wallet addresses Tag Deepbit Satoshi. DICE Hot Wallet Fox. Bit Hot Wallet Unknown • 1 Vay. Nert 3 x 1 Kzbpz. MGt 2 qdqr. AThi. Rovi 8 18 uvwk. MJsg 9 cx. FEd 1 QDFg. Qpoe. XWmm. Snq. Ss 1 MSzm. VTBaa. Sp. KDARK 3 VGv. P 8 v 7 a. Ctw. Z 9 zbw 1 Peoha. RGa. TF 8 c. Sz. Dq. P 1 y. Yfz. Dah 66 xiri. EQ 1 Bd 5 wr. Fx. HYRkk 4 UCFttc. PNMYzq. Jn. QKf. XUE 15 f. Xd. Ty. FL 1 p 53 q. Q 8 Nkrj. Bq. PUb. PWv. Wm. Z 3 G 9 1 Fox. Bitj. Xc. Be. ZUS 4 e. Dz. PZ 7 b 124 q 3 N 7 QJK 7 13 v. HWR 3 i. Ls. He. Yw. T 42 Rnu. KYNBo. VPr. KKZg. Rv 19 i. Vy. H 1 q. Uxgyw. Y 8 LJSbp. V 4 Vavj. Zmyu. Eyx. V 0. 2 0. 00053 0. 00033 0. 00079806 0. 05339999 0. 00028 0. 04314468 0. 00306531 0. 00000651 Degree 1565611 414842 414270 413407 415362 415042 560202 1011905 430643 Private key is online for convenience Has relatively high degree Filter: Degree >= 50, 000, flow >= 150, 000 BTC , Accumulated BTC <=10 BTC Tags wallet: Bitfinex-coldwallet: Bittrex-coldwallet: Bitstamp-coldwallet: Coincheck-coldwallet Unknown Address Id 3 D 2 oetd. Nu. ZUq. QHPJmc. MDDHYoqky. NVs. Fk 9 r 16 r. Cmbu. WDh. Pj. WTrp. QGa. U 3 EPd. ZF 7 MTd. Uk 3 Nxwenay 9 Z 8 Lc 9 JBiyw. Expn. EFi. Lp 6 Afp 8 v 336 x. Gp. Gweq 1 wt. Y 4 k. RTu. A 4 w 6 d 7 y. Dk. BU 9 cz. U 1 Feex. V 6 b. AHb 8 yb. Zjq. QMj. Jrc. Cr. HGW 9 sb 6 u. F 16 FSBGv. Qfy 4 K 8 d. Yv. PPWWpmzg. KM 6 Cvr. Co. Vy 1 Ah. Tj. UMzt. Cihi. Ty. A 4 K 6 E 3 QEpobj. WLw. Khk. R Cold wallet addresses of large organizations: – – – 37 25467352. 64 399678. 8714 386456. 4036 384443. 0361 383879. 8434 383444. 5918 156329. 1069 17600542. 04 9326468. 877 Bitcoin balance Hot wallet addresses of large organizations: – – – • Total inflow from other addresses Address ID Private key is offline for security Has relatively degree. Filter: BFS with depth 2, from detected hot wallet addresses and Bitcoin accumulation > 10, 000 BTC. 6/6/2021 Bitcoin balance 172236. 0323 117203. 0673 97848. 28321 34276. 54041 79957. 17569 35970. 01951 66378. 8101 Degree 9065 213 238 11007 196 865 204