In Chapter 5, we address user privacy in Bitcoin. Namely, in spite of the reliance on pseudonyms, the public time-stamping mechanism of Bitcoin raises serious concerns with respect to the privacy of users. In fact, given that Bitcoin transactions basically consist of a chain of digital signatures, the expenditure of individual coins can be publicly tracked.
In this chapter, we evaluate the privacy that is provided by Bitcoin. This is achieved (1) by investigating the behavior of Bitcoin client and exploiting its properties, and (2) by evaluating the privacy provisions in light of recent reported attacks on the system. Motivated by these attacks, we also discuss a number of possible measures that can be used to enhance the privacy of users in Bitcoin. Here, we cover system-based solutions, such as CoinJoin and mixers, as well as cryptographic-based solutions that enable privacy-preserving payments atop Bitcoin—such as ZeroCoin, Extended ZeroCoin, and ZeroCash.
In Chapter 6, we analyze the security and privacy of lightweight Bitcoin clients. These clients support a simplified payment verification (SPV) mode where only a small part of the blockchain is downloaded—thus enabling the usage of Bitcoin on constrained devices (e.g., smartphones, cheap virtual private servers). SPV clients were proposed by Nakamoto in the original white paper and were later extended to rely on Bloom filters in order to receive transactions that are relevant to their local wallet. These Bloom filters embed all the addresses used by the SPV clients, and are outsourced to more powerful Bitcoin nodes; these nodes will then forward to the SPV clients those transactions relevant to their wallets. Besides analyzing the security of existing SPV implementations, we also explore their privacy provisions due to the use of Bloom filters. We show that the current integration of Bloom filters within Bitcoin leaks considerable information about the addresses of Bitcoin users. This analysis is not only restricted to Bitcoin, but equally applies to other digital currencies that rely on similar SPV implementations. Our findings therefore motivate a careful assessment of the current implementation of SPV clients prior to any large-scale deployment.