Cryptocurrencies like Bitcoin exist in a state of tension between the radical transparency of the blockchain and the pseudonymity of users. This has led to an arms race between blockchain analysis techniques to trace transactions and anonymity techniques to foil such analysis.
In this talk, I’ll argue that the privacy of cryptocurrencies in practice depends on the behavior of users and services, and can only be analyzed empirically. I’ll show how rampant vulnerabilities in web-based cryptocurrency payment flows leak users’ identities and compromise privacy. Next, I’ll present a series of related attacks showing that “mixing” coins among users doesn’t protect privacy as well as previously thought. Much of this analysis was carried out using BlockSci, our open-source tool for blockchain science. I’ll conclude the talk with a set of privacy guidelines for cryptocurrency designers.
This talk is based on several recent and ongoing projects:
Arvind Narayanan is an Assistant Professor of Computer Science at Princeton. He leads the Princeton Web Transparency and Accountability Project to uncover how companies collect and use our personal information. Narayanan also leads a research team investigating the security, anonymity, and stability of cryptocurrencies as well as novel applications of blockchains. He co-created a Massive Open Online Course as well as a textbook on Bitcoin and cryptocurrency technologies. His doctoral research showed the fundamental limits of de-identification, for which he received the Privacy Enhancing Technologies Award.
Narayanan is an affiliated faculty member at the Center for Information Technology Policy at Princeton and an affiliate scholar at Stanford Law School's Center for Internet and Society. You can follow him on Twitter at @random_walker.