consider time of privacy breach for blockchain-based attacks #127
Comments
|
Is timing analysis an attack? For example, say I gamble at night, and buy coffee using bitcoin in the morning. Near consistently. If this is a pattern on even a daily basis, it'd be very easy to isolate my addresses over time based on those two correlations. |
|
Yes, definitely. I also expect that it would be a high entropy approach, though. For reference, oxt.me provides temporal analysis on a per-address basis, but the same could easily be done for clusters of addresses: https://oxt.me/address/tiid/133522641 |
|
Proposed attack (wording needs to be refined): Identify ownership of change output based on temporal patterns of output spends and how they coincide with temporal patterns of clustered addresses. |
Actually, OXT provides the same analysis on a per-entity basis too. :) A few examples:
A post on reddit explaining how to analyze these charts: https://www.reddit.com/r/Bitcoin/comments/42xcyp/privacy_do_bitcoiners_dream_of_electronic/ |
It may be helpful to break up attacks and/or countermeasures based on when privacy breaches actually take place.
For example, a change output might be attributed to you as a sender based on the transaction the output belongs to, or based on future transactions due to behavior of you and/or your counter-party.
There are related countermeasures for both of these. Since users tend to stick with the same wallet and wallet client behavior tends not to change drastically over time, the countermeasures will often apply to both times of potential privacy breach, but this is not necessarily always the case.
The text was updated successfully, but these errors were encountered: