Dead drops: the answer to the problems of using bitcoin over Tor

Monday 17 November 2014

 A lot of bitcoiners value their anonymity and take a range of measures to protect their identities. However, a new report shows that accessing the bitcoin client over Tor – one of the most popular measures – can be a very bad idea. Fortunately, there will soon be an alternative: a totally new protocol that offers a whole other level of privacy. Better still, it’s designed from the ground up for cryptocurrency payments, as well as secure messaging and cloud storage.

Bitcoin and Tor

Despite its popularity on sites like the Silk Road, Bitcoin is a highly-traceable protocol. Every transaction is publicly and permanently recorded on the blockchain, and can be tracked right back to the block from which it was mined. Every transaction links two or more addresses. Along with other ways of determining information about account holders from outside the blockchain (think how many people include their bitcoin addresses on a forum, for example – and that’s just a start), transactions can be and often are rendered effectively transparent.

Awareness of these limitations has prompted users to connect to the bitcoin network via anonymising services like Tor. However, as one paper claims,

‘Combining Tor and Bitcoin creates an attack vector for the deterministic and stealthy man-in-the-middle attacks. A low-resource attacker can gain full control of information flows between all users who chose to use Bitcoin over Tor. In particular the attacker can link together user’s transactions regardless of pseudonyms used, control which Bitcoin blocks and transactions are relayed to the user and can delay or discard user’s transactions and blocks. In collusion with a powerful miner double-spending attacks become possible and a totally virtual Bitcoin reality can be created for such set of users.’

In other words, use bitcoin over Tor and you might find you don’t have any bitcoins any more.

Surveillance unlimited

Anonymity has always been a big thing for cryptocurrency users, but the fact remains that there are always off-blockchain means by which privacy can be and frequently is compromised. Thanks to revelations about surveillance by the NSA and GCHQ, as well as a slew of recent hacks into cloud storage services and databases (JP Morgan and Apple being two big victims – along with hundreds of thousands of their customers), everyone knows that pretty much everything you do online is traceable, and the massive amount of data that is routinely collected doesn’t always remain as confidential as it should.

Anyone who doesn’t think this applies to them should read a recent report by the BBC, revealing some of the intrusive and concerning things going on with our personal data. ‘Sophisticated smartphone applications are now capable of building up detailed pictures not just of our location, but the context of our environment. In a recent paper, researchers provided the example of an app called CarSafe which is able to learn the driving habits of users by interpreting data from the two cameras on modern smartphones... Many of the mobile phone towers in your vicinity may not have been set up by your network provider, but governments – both domestic and foreign – who want to find out who’s walking by and what they’re up to. “The British government will not even acknowledge that they use them. We know they do, but they won’t even acknowledge that. The FBI does acknowledge that they use them, but is very secretive about how... Someone found that there are 80-100 of these in Washington DC not run by the US government. We don’t know who’s running them.”’

And of course, notes the report, ‘The same vulnerabilities exploited by intelligence agencies could be similarly exploited by corporations, insurance firms, health providers, or even malicious hackers, criminals or terrorists – the very people surveillance is supposed to target.’

That’s the problem that Telepathy aims to address.

A complete solution

Telepathy is built from the ground up to support anonymous communication and transactions, as well as other functions enabled by this basic capability. It uses a similar peer-to-peer network protocol as BitTorrent, with a few critical differences. And in those differences lies the Telepathy magic, because the result is a network so secure that sender and recipient don’t even need each others’ IP addresses to communicate – in fact, no one does. This is something like being able to send a letter to someone without even knowing their address. It is probably the most secure online communications solution available. So, how does it work?

P2P networks like BitTorrent allow many users (nodes, or ‘peers’) to connect to the network and pass packets of information between them. Nodes connect to a handful of other nodes close to them. When one node wants to communicate with another, the packets are passed from peer to peer: if a node is closer to the destination than I am, I send the packet to it. This is repeated by every peer until the packet reaches the destination. Like firemen passing buckets of water down the line, the packet gets closer and closer each time. It’s emergent behaviour: no one needs to know what the whole network looks like, they just have to find someone closer to the destination than they are.

One interesting factor is what it means to be ‘close’ to a point in the network. The overlay that shows the geography of the network is completely abstracted from locations in the real world. It’s a little bit like the London Underground map, which bears almost no relation to its above-ground geography. It’s just a convenience to help people get around and pick the right stations and lines. The same is true of the P2P network. Two nodes that look close to each other on the overlay might be on different sides of the world in reality.

Dead drops

Telepathy works by using ‘dead drop’ addresses. Quite simply, you send a packet to a location in the network that doesn’t exist. The packet is passed from peer to peer, until it reaches the end of the line. It’s not delivered to anyone, since no node ‘owns’ the location. It’s just a random point in network space.

But it’s a very special random point, because it has been calculated by the recipient to be close to his node, and many others. When a packet gets close to its dead drop destination, all the nodes in the vicinity are informed but only the real recipient can decrypt the packet. But which one is it? It’s impossible for an attacker to tell. This is a little like ring signatures in coins like Boolberry and Monero. If 20 or 30 nodes handle the packet, which is it meant really meant for? And even that information would only be available to a determined and very well-resourced attacker (think state-level surveillance).

End-to-end encryption means that no one can read any messages being passed around; the ‘dead drop’ solution means that now, no one even knows who the messages are being sent to. That level of exceptional security opens the way for truly anonymous payments, and a real chance of maintaining your online privacy.

Telepathy will launch at the end of the year and will underpin the SuperNET network of coins and services. Although it is BTCD’s built-in client, this will allow users to make transfers of bitcoins completely anonymously too. 

Brandon Hurst

comments powered by Disqus