A Theoretical Evaluation of Anonymity and Security of Bitcoin System

Sulaiman Hamood Al Shekaili Msc. Computer Science 682732

Project Dissertation submitted to Swansea University in Partial Fulfillment for the Degree of Master of Science

Department of Computer Science Swansea University September 2013

SUMMARY

This research entails evaluating the extent to which the Bitcoin system is secure and anonymous. The approach used for this paper includes a review of literature on the system and previous research on the same topic. To further provide additional background information around the topic, the research covers components of the Bitcoin system such as the various digital wallets that handle Bitcoin transactions. Bitcoin mining, a process for using special computers to solve complex algorithms in return for Bitcoins is also explored to explain one of the main ways how Bitcoins come into existence. The characteristics of the Bitcoin system that affect its security are also explored, with comparisons being done between the characteristics of Bitcoin and those of similar currencies in use. The anonymity and security of the system are tested through an egocentric analysis of a well-known attack that was launched on the Bitcoin network. The egocentric approach works by focusing on the network around the thief. The knowledge presented by this research indicates that the Bitcoin system is not fully anonymous or secure. Most of its security and anonymity hinges on the different client/ wallet service businesses that facilitate storage of Bitcoins and transactions. This is because if there is a way an attacker can use the identity of a user and link it to a Bitcoin transaction by compromising the security of the wallet service, then the user ceases to be anonymous. Because of the relative young age and complexity of the Bitcoin system, there is a deficiency of knowledge and research about it. Obtaining

respondents who have used the Bitcoin system is extremely difficult and this makes it difficult to conduct interviews. However, by reviewing the major components of the System, the research sets the stage for future inquiry.

ii

DECLARATION
This work has not previously been accepted in substance for any degree and is not being concurrently submitted in candidature for any degree. Signature:................................ Date:................................

STATEMENT 1
This dissertation is the result of my own independent work/investigation, except where otherwise stated. Other sources are acknowledged by giving explicit references. A bibliography is appended. Signature:................................ Date:................................

STATEMENT 2
I hereby give consent for my dissertation, if accepted, to be available for photocopying and for inter-library loan, and for the title and summary to be made available to outside organisations. Signature:............................... Date:................................

iii

ACKNOWLEDGEMENTS

I would like to acknowledge the assistance of my supervisor, Professor Thomas Chen for his continual guidance and support throughout this work. I would also like to take this opportunity to thank the staff of the Department of Computer Science, for their assistance, valuable comments and encouragement. Finally, I would like to thank my wife, my kids and other members of the family for their encouragements and true caring from the start till the end.

iv

Contents

Chapter 1: Introduction .............................................................................................................1 1.1 Overview ...........................................................................................................................1 1.2 How Bitcoin Works ...........................................................................................................5 1.3 Cryptography for Anonymity and Security ......................................................................8 1.3.1 Hashing in Bitcoin ...................................................................................................11 1.3.2 Addresses in Bitcoin ...............................................................................................11 1.4 Bitcoin Mining ................................................................................................................12 1.5 Bitcoin Future ................................................................................................................16 Chapter 2: Project Objectives ......................................................................................... 20 2.1 Main Objectives .............................................................................................................21 2.2 Research Questions ........................................................................................................22 Chapter 3: Literature Review ..................................................................................................24 3.1 Anonymity ......................................................................................................................24 3.2 Maintaining Anonymity with Bitcoin ..............................................................................25 3.3 Why Digital Currency is better than Fiat Money ...........................................................26 3.4 Bitcoin Anonymity and Crime .........................................................................................27 Chapter 4: Project Background................................................................................................29 4.1 Types of Virtual Currencies.............................................................................................29 4.1.1 Closed Virtual Currency ..........................................................................................29 4.1.2 Virtual Currency with Unidirectional Flow .............................................................30 4.1.3 Virtual Currency with Bidirectional Flow ................................................................31 4.2 The Appeals of the Bitcoin System ................................................................................34 4.3 Weaknesses of Bitcoin System ......................................................................................37 Chapter 5: Analysis of Anonymity ...........................................................................................41 5.1 Egocentric Analysis ........................................................................................................41 5.2 Software that Interacts with Bitcoin ..............................................................................44 5.2.1 Bitcoin Client Applications ......................................................................................45 5.3 Mitigation ......................................................................................................................49 5.4 Bitcoin Wallets ...............................................................................................................50 v

5.4.1 Types of Bitcoin Wallets ..........................................................................................52 Chapter 6: Inferences drawn by Interviews on Bitcoin Anonymity .......................................54 6.1 Chapter Overview ...........................................................................................................54 6.2 Bitcoin is Anonymous; how Anonymous is it? ...............................................................55 6.3 Bitcoins Transparency....................................................................................................57 6.4 Future of Bitcoin Anonymity ..........................................................................................58 Chapter 7: Discussion and Future Work..................................................................................62 7.1 Discussion ......................................................................................................................62 7.2 Future Work ...................................................................................................................65 Chapter 8: Conclusion ..............................................................................................................67 References................................................................................................................................69 Appendix A ...............................................................................................................................76 Appendix B ...............................................................................................................................77 Appendix C ...............................................................................................................................78

vi

List of Figures
Figure 1: Transaction in Bitcoin ................................................................................... 5 Figure 2: The Shared Public transaction log ................................................................ 8 Figure 3: Bitcoin mining setup .................................................................................... 13 Figure 4: Mining profitability over time ...................................................................... 15 Figure 5: A mining rig made up of 41 Icarus FPGAs ................................................. 16 Figure 6: Bitcoin verses the U.S. Dollar on March 15th 2013..................................... 19 Figure 7: How buying of tokens and other virtual currencies work............................ 30 Figure 8: The farmville game that generates revenues from features purchased with virtual money ............................................................................................................... 32 Figure 9: The registration of Linden Dollars by users with time ................................ 33 Figure 10: the thiefs egocentric user network ............................................................ 42 Figure 11: An interesting sub-network connecting the thief to the victim ................... 43 Figure 12: MultiBit application (screenshot) .............................................................. 45 Figure 13: Armory Client (screenshot)........................................................................ 46 Figure 14: Electrum (screenshot) ................................................................................ 48 Figure 15: Bitcoin Wallet (screenshot)........................................................................ 49 Figure 16: armory wallet (screen shot) ....................................................................... 52 Figure 17: Coinbase. Web Wallet (screenshot) ........................................................... 53

vii

Chapter 1: Introduction
1.1 Overview
Bitcoin, an open source project using cryptographic software and peer-to-peer (p2p) technology, was introduced to the world in 2008. It depends on digital

signatures to ascertain ownership. A history of transactions helps the system to prevent double spending. A proof-of-work system helps to set the history of transactions which is shared using a peer-to-peer (p2p) network (Dimi, 2012) [18]. Although Bitcoin originated from outside of the traditional banking systems, it is placed as a global payment system that is distributed (Nakamoto, 2009) [47]. At about the same time that Bitcoin was introduced, a crisis tore its way through the modern banking system of the United States, rapidly spreading into a world crisis. Many governments bailed out their banks all over the world so as to restore trust while safeguarding against the problems from tremendous cascading failures in banking systems elsewhere. These global developments prompted Manuel Castells, a wellknown sociologist to start the Aftermath Project. The Aftermath Project is a research program for intellectuals who believe that the crisis was not only a financial crisis but a social one as well. Many European countries like Italy, Portugal and Spain continue to experience problems in government finances. The development of Bitcoin is timely because it comes during a period of financial unrest. Additionally, money and banking continue to be the subject of the on-going global finance debate.

Bitcoins are computer files. They are similar to a text or music file and may be destroyed or lost just like cash. They are stored in an entrusted online service or on a personal computer. Bitcoins may be used to buy either virtual or real goods or services. Spending Bitcoins is simply sending the Bitcoin files from user 1 to user 2. This is the same principle as sending emails over the internet. Individual transactions using Bitcoins are encrypted, logged by a system running on a great number of computers in a decentralized manner. Bitcoins are only transferred between users when the transaction has been approved by another user on Bitcoins peer-to-peer network. These transactions are decentralized and occur without the need for a government, payment network, regulator, bank or third party entity. The Bitcoin currency operates on different platforms and client applications (wallets). The Bitcoin wallet is an application that allows the user to transact with other people from any place in the world. The Bitcoin Wallet gives the user ownership of addresses in Bitcoin that the user may utilize to receive Bitcoins from other user(s). In addition, it enables the user to be send coins. As is the case for email messages, the user may receive Bitcoins when they are offline. All wallets are compatible and can send or receive money from each other. Examples include Bitcoin-Qt; MultiBit; Armory; Electrum and Bitcoin Wallet. In addition, there are three categories of wallets based on the manner employed to send or receive the Bitcoins. These categories are mobile wallets, software wallets and web wallets. The first Bitcoin transaction was done in January 2009. By June 2011, more than 6.5 million Bitcoins were in circulation courtesy of about 10,000 users. Media attention has fueled the currencys growth in market price as compared to other currencies. One Bitcoin traded for more than US$30 on the popular Bitcoin exchanges during its peak. However, the untraceability of Bitcoins has generated concern

regarding their potential to cause harm through money laundering, tax evasion and illegal transactions. The decentralized nature of the Bitcoin system has implications on the ability of authorities to control and monitor the way the currency flows. These implications are not yet fully understood. Many users use Bitcoin for political, philosophical as well as pragmatic reasons. Most of Bitcoins more technologically savvy users agree that anonymity is not one of the systems major attractions. However, there are varying opinions regarding the systems extent of anonymity. According to a member of the systems developmental team, Jeff Garzik, it would not be wise to try and perform major illicit transactions through Bitcoin. This is because of the statistical analysis techniques used by law enforcement in the field. However, before this work, there was no analysis of anonymity in the Bitcoin system that was available publicly to ascertain or refute the claims. Additionally, many other Bitcoin users do not believe this claim. Wikileaks, the whistleblower organization recently let its Twitter followers know that it had begun accepting donations through Bitcoin. Wikileaks then proceeded to describe a safer method of donating Bitcoins by generating a one-time public-key (Dimi, 2012) [18]. One would then pose the question: is it doable to relate a donation with other transactions performed by the same user on Bitcoin? Is it possible to identify Bitcoins transactions by using external information? The level of anonymity here remains unclear. Bitcoin uses various technological measures to ensure the security of its transactions. This is done through a cryptographic Proof system. This system allows users to transact directly with each other without the need for a third party to authorize the dealings. Each Bitcoin transaction utilizes a public key encryption to maintain the privacy of the transacting parties. The transaction rides on a public key

encryption. This ensures the privacy of the transacting parties. The public key encryption creates two keys that are mathematically related. The payee retains one private key (which acts as a private key or password). This private key is used to access the payers account. Funds can only be retrieved by a person with the private key associate with that account. The payer utilizes their own public key to locate the account of the payer. On the other hand, the account of the payer can only be accessed (and its funds extracted) by a user who has the private key associated with that account. The payer utilizes their own private key top and also to allow the Bitcoins to be extracted from their account. All approved transactions are then broadcast to the entire community of Bitcoin users. Public encryption is as very complex system. Creating a fake Bitcoin transaction would necessitate the work of a system with greater processing power than the whole Bitcoin network combined. Public encryption ensures the security of Bitcoin transactions. Bitcoin utilizes a distributed peer to peer timestamp server that is widely- published to verify that double spending of Bitcoins has not occurred. A time stamp makes a record of the exact time that a transaction occurs or a Bitcoin created. According to Plassaras (2013), all timestamps are aggregated into one master list which details all transactions involving any given Bitcoin file [52]. This is similar to a block chain. Each Bitcons block chains are available to all users in the network. These block chains are updated after every transaction [52]. Block chains comprise of a great deal of data on previous transactions. However, the time stamp enforces the security against the forgery at a block chain. In this regard, the timestamp is a very crucial component of the security of the Bitcoin system. As is always the case with most new technologies, people may not initially have to embrace Bitcoin in order for the system to be trusted. The challenge,

therefore, would be to make the Bitcoin service as user-friendly as possible without prior knowledge of hashes as addresses. There is need for research and awareness regarding Bitcoin if it is to become a widely accepted currency. This paper examines the Bitcoin currency system in terms of its functionality, security and anonymity.

1.2 How Bitcoin Works

Bitcoin depends on a record of public transactions. Upon using a Bitcoin, the user transfers ownership to a new owner and signifies this by signing a transfer statement. The new owner is identified in the public through a cryptographic key (Gring, Philipp & Grigg, 2011) [28]. When the transaction occurs, the Bitcoin recipient publishes it to a global Bitcoin network, giving undeniable evidence that a Bitcoin has been spent. This will notify other users to accept that particular Bitcoin from the new user only (Browdie, 2012) [9]. Therefore, these electronic coins are a series of digital signatures. All transactions bear a hash of the immediate previous transaction and a public-key belonging to the new owner. The new owner signs on the public-key and adds it to the coins end [47]. The diagram below illustrates the chain.

Figure 1: Transaction in Bitcoin

5

From the raw data as detailed in appendix A, we can obtain the transactions hash and its size in kb. Also recorded in the transaction is the number of outputs and inputs (vin_sz and vout_sz). Any transaction may have Bitcoins from more than one source and given to more than one recipient. As shown in the transaction, the public key belonging to user 1 is placed at the bottom. The user should have the public-key if they are to be allowed to add the transaction. The value of the transaction (50.014000 BTC) is placed in the value field. The nonces value is stored as n. In this particular transaction, a user is receiving Bitcoins for generating the block. Looking at the in portion shows the hash and the coinbase. This is the signature equivalent to the signature of user 0 for the generation input. This mechanism cannot prevent double spending on its own. This is because a trusted authority central to the operation would have to verify the transactions. However, this invalidates Bitcoins goal because it places one authority in charge of the whole network (Koss, 2011) [38]. The duty of verification should be distributed, achieved via the transaction record. There must be only a single transaction record to be shared among all of the networks nodes. Most of the users must be in agreement regarding the historys validity. This provides enough proof that a Bitcoin has not been traded previously [47]. The new Bitcoin user needs to choose a specific wallet that is then installed into the computer of mobile device. Once the user has installed the wallet, the first Bitcoin address is generated. More addresses may be created whenever needed. To get paid by affiliates or friends and vice versa, the user may disclose one of the addresses to them. In exchange, the friends or affiliates may give the user their addresses as well. This payment system may be compared to how email works. At this point, the

user then gets Bitcoins and keeps them safe. However, it is important that the users understand the technical bit of how Bitcoin works. More importantly, the user should understand the technical terms used in the transaction. The block chain, for example, is a public transaction log that is shared between different users. The entire Bitcoin system relies on this log. All transactions that are confirmed as spending Bitcoins may be verified through the transaction log. Cryptography is used to reinforce the chronological order and the integrity of the block chain. The transaction may be expressed as a transfer of value between two Bitcoin addresses. A transaction gets included in the block chain. Through the Bitcoin wallets, a private key for every single Bitcoin address is maintained. A private key is a secret piece of data. Private keys are utilized when signing transactions. This helps to maintain mathematical proof that the Bitcoins have originated from the owner of the address. This digital signature ensures that transactions may not be altered once they have been issued. All transactions are broadcasted between the Bitcoin Users and confirmed within a few minutes in the network. This process is known as mining. Mining is a consensus system that is distributed. This system is used to confirm transactions that are in waiting. This is done by including them in the block chain. The chronological order in the block chain is enforced by the system. In addition, the system also protects the networks neutrality, while allowing a consensus regarding the state of the system to be established between different computers on the network. Before the transactions are confirmed, they are packed into a block which contains strict cryptographic rules that must be verified by the network. These rules prevent blocks that have been previously stacked from being modified. This is because any alteration done on previous blocks would invalidate the subsequent blocks. In addition, mining creates an equivalent competitive lottery that prevents any

user from adding new blocks into the block chain consecutively. This ensures that no user has the power to control anything already included into the block chain or alter parts of the block chain with the intention of rolling back what they have already spent.

Figure 2: The Shared Public transaction log

1.3 Cryptography for Anonymity and Security

Bitcoin employs cryptography to safeguard the security and anonymity of transactions. Cryptography helps to achieve this in different ways. For example, the hash function transforms input data into a form which is irreversible and unpredictable. The SHA-256 has a 32 bytes hash (Santos, 2013) [57]. Any changes even of the slightest nature on the input data cause its hash to change unpredictably. This simply means that nobody can create a separate block that bears the same hash as another. Bitcoin employs several hashing functions such as RIPEMD-160 and SHA256 as well as the Elliptic Curve DSA which is used to perform signatures. A major question for research on the cryptography of Bitcoin would be how one may be able to ascertain if one user was authorized to transfer some amount of Bitcoins to another.
8

For example, how could the researcher tell that Joel was authorized to transfer 100 Bitcoins to Risper[57]. Bitcoin users would know this answer as: Joel provides his signature on the transaction with his private key and then publishes his signature for verification by the Bitcoin network using his public key (Santos, 2013) [57]. Joels signature is performed on the elliptical curve known as secp256kl (key.h): the screenshot of the elliptical curve is provided below:

However, Bitcoin does not sign the entire transaction chain (this would be too expensive); however, Bitcoins provides a signature for the cryptographic hash of the message. In script .ccp (see the screenshot below):

This is an SHA-256 double application:

This, however, exposes some weaknesses which may be exploited using quantum computers to break the elliptic curve chosen or solving the discrete logarithm code. Another way that Bitcoin cryptography may be exploited is by breaking the cryptographic hash function underlying. In this case, a known signature belonging to the user being attacked is obtained. The next step is to generate a second input transaction that gets the same hash value. This enables a replay of the previous signature. This attack is dependent on the serialized transaction processed by Bitcoin. Because there is a scripting system which allows for complex transactions to be created, an attacker may be able to construct an input. However, this approach would not work on addresses for single use because a signature would not be available for replay. This implies that in order to break the algorithm used to make the signature, a selective forgery or one which is stronger, is required. This also implies that arbitrary transactions can be forged for entry into the system. This would be a complete system break. For an attack through signature replay, some protection may be acquired by utilized client-side checks to ensure that the same signature is not employed for two different transactions.

10

1.3.1 Hashing in Bitcoin

Hashing is used in Bitcoin as a measure to ensure that a user cannot resend Bitcoins he really doesnt own as many instances as he likes, creating several branches of the transaction. Bitcoin prevents this by using the precautionary security measure of certifying a transaction chain through the solution of a mathematically difficult problem. Once a transaction has been confirmed by being included into a block, clients will prefer a transaction chain that has the greatest computational cost attached to it. This invalidates spending on other branches. This is a major strength of the cryptography of the Bitcoin system.

1.3.2 Addresses in Bitcoin

Bitcoin users generate private and public key-pairs which enable them to make signatures. In essence, Bitcoin users publish a fingerprint, which is a RIPEMD-160 hash as an identifier for places one may send Bitcoins to (util.h). This is shown in the screenshot below:

Unlike is the case for other systems like PGP, Bitcoin does not have a distribution mechanism for public keys. The RIPEMD-160 hash is the standard for a public key. This means that if collision is discovered in this public key space, someone may be able to spend Bitcoins from another persons address. However, this scenario for attack is mitigated by the fact that Bitcoin users are enabled and
11

encouraged to utilize multiple addresses for their wallet. For the Bitcoin system, it is apparent that many various primitives are employed together to show the specific Bitcoin protocol. This implies that if one primitive is compromised, other parts of the system are not necessarily affected (Yang 2013) [63].

1.4 Bitcoin Mining

There are different ways through which Bitcoin users can obtain Bitcoins. The first way is through purchasing them by exchanging them with real cash such as the Euro or the Dollar. Just like in a traditional money exchange market, the value of a Bitcoin is regarded in relation to that of the currency being used to buy the Bitcoin. Another way through which Bitcoin users can obtain Bitcoins is through exchange of goods or services just as real money works. The third option is through a process referred to as mining. Mining is the process that allows Bitcoin users to obtain Bitcoins rather than through purchasing them. A user uses the computational power of his or her computer to generate Bitcoins. The computer in this context is used to generate a solution to a complicated computer algorithm. Every ten minutes, the user with the correct answer (number) is awarded Bitcoins. Bitcoin mining may be

defined as the process of using computers to work out mathematical codes online to earn Bitcoins. It has been compared to playing the lottery but the difference is that one will always win. The hunts program for blocks and gets Bitcoins upon finding one. The majority of people who are mining, the harder it becomes to generate Bitcoins (Felten, 2013) [22]. Appendix B and C show the extent of Bitcoin mining and the distribution among pools. Figure 3 shows a Bitcoin mining setup.

12

Figure 3: Bitcoin mining setup (tumbler.com, n.d.)

However, Bitcoin Mining is a time consuming and arduous process. In addition, computers that are able to perform the Bitcoin mining procedures are highly specialized. The typical office computer would need approximately five to ten years to obtain any Bitcoins. The costs accruing from the use of electricity would outweigh the value of any Bitcoins generated. Additionally, the number of Bitcoins that can be generated through mining is strictly controlled. At the moment, solving a mining algorithm generates 50 Bitcoins however, that number is halved after every 210,000 blocks are created [11]. This usually takes approximately four years. To avoid inflation, the Bitcoin software slows down the process of Bitcoin generation over time. This ensures that the number of Bitcoins in circulation will never exceed 21 million [22]. This means that the number of Bitcoins in circulation has a finite limit. Bitcoin mining will come to a stop around 2025. This estimation is based on the current rate of growth of Bitcoin mining. By limiting this growth systematically, the

13

Bitcoin software ensures that there will never be artificially prompted deflation or inflation of the value of a Bitcoin. In order for a record of everything done within the system to be maintained, there is a ledger called the Block Chain. This is a shared database of all the successful transactions within the system. All transactions are broadcast into the Bitcoin network and all connected users obtain a copy of the block chain. Bitcoin miners verify these transactions and proceed to add groups of transactions known as blocks to the block chain. This process is completed every ten minutes. Anyone can become a Bitcoin miner. The Bitcoin mining software is ready for download. All the user has to do is to contribute raw computing power. For every block solved, the user obtains an agree amount of Bitcoins. The more processing power the Bitcoin miner has, the greater the ability to mine Bitcoins. Some of the software available for mining include: 50Miner; BTCMiner; BFGMiner; Bit Moose; Poclbm-mod; Poclbm; CGMiner; RPC Miner; DiabloMiner; Phoenix miner; MacMiner bfgminer, cpuminer and poclbm; Ufasoft miner; Cpu Miner; Remote miner; Pyminer - Python miner; Flash-Player Bitcoin Miner and Open Source Miner Board. Miners have maximized the ability of their hardware to ensure that their minding ability is also maximized. In 2009 at the beginning of the growth of Bitcoin, the difficulty level for mining was relatively low. Anyone could download mining software and proceed with the mining with only their CPU. However, with time, one had to have the GPU, a set of dedicated graphics chips, previously only reserved for gaming. Graphics cards from ATI or Nvidia offered a great boost to other chips [41].

14

Figure 4: Mining profitability over time. Source: Liu, (2013)[41]

The value of Bitcoins mined has also been on the decline as shown on Figure 4 above. With the increased electricity bills due to the transition of mining into a more difficult process, experts had to come up with even more dedicated hardware for mining. This was the beginning of the FPGA (field-programmable gate array) [11]. These are add-on cards which perform better than GPUs in mining, while being more economical. Better energy efficiency meant that miners would enjoy higher profits.

15

Figure 5: A mining rig made up of 41 Icarus FPGAs [49] As shown in figure 5, FPGAs were preferred to the less energy efficient GPUs. Even more competition in the mining area prompted the development of the Application-Specific Integrated Circuit (ASIC). This was a chip built only for mining. The chip is way smaller than its predecessors and, therefore, uses less power.

1.5 Bitcoin Future

Proponents of the Bitcoin system agree that it has the potential to solve the problems associated with real or fiat-money if widely accepted. Critics of the system, however, argue that the biggest hurdle to the success of Bitcoin is that it is a difficult concept for the average person to understand (Rouviere, 2013) [55]. However, as with most new technologies, people do not have to initially accept Bitcoin in order to be trusted. The challenge, therefore, would be to make the Bitcoin service as userfriendly as possible without prior knowledge of hashes as addresses. In the face of government restrictions, according to an interview conducted by Brad Jackson at Francis Cianfrocca -an expert in the digital currency field-, Bitcoin may survive only if there is widespread acceptance by the public (Jackson, 2013) [33].

16

The attraction of Bitcoin is hinged on more than just the anonymity that it provides its users with as well as the security that it offers against the traditional forms of counterfeiting. The Bitcoin system is designed to be scarce and consequently immune to inflation or deflation. There are no limitations to the number of possibilities that digital currencies provide to modern day business. This means that it is almost impossible to predict the future of the Bitcoin currency system. However, analysts have predicted that as markets improve on quality of their products, they will do the same thing for money. Much of what is available online regarding Bitcoins involves the perceived danger of the relative anonymity and the dangers of irreversibility of transactions. Researchers have claimed that Bitcoins may be used for criminal dealings such as money laundering and buying of drugs. This is because it becomes very difficult to establish the person who buys the drugs through the Bitcoin network due to anonymity. However, the developers of the Bitcoin program would claim that this fear-mongering has led to the stalling of rational development of the Bitcoin system. They claim that ordinary cash is also highly anonymous. This is because money, once stolen is difficult to recover. In addition, a cash transaction cannot readily be traced to the source. Another fear that has been raised regarding the Bitcoin system is that the Bitcoin software community is headed by young people who lack the kind of discipline that is required to run a currency system. However, this is not the case. The Bitcoin structure is headed by a group of rational and sober people who for a management team that was modeled on that of the Linux Foundation. The Bitcoin Foundation, just like the Linux Foundation, is funded by way of grants which are made by companies like the Mt. Gox Exchange, CoinLab and Bitinstant. These companies provide these grants

17

because they depend on the continued maintenance and stability of the open-source code underlying. Bitcoin can add value to the lives of ordinary people. As witnessed by several developing countries, the mismanagement of currency by governments often leads to depletion of family savings, capital controls and inflation. In Argentina, for example, citizens are desperately attempting to convert their pesos into stores of value which cannot be devalued by the government. One of the options that some of them have adopted is Bitcoin. Argentineans are using old Android phones to obtain and exchange Bitcoins even though the government has placed a restriction on transactions in U.S. dollars. Although these people do not know much about the underlying technology of Bitcoin, they recognize alternative currencies. This implies that although the Bitcoin system has been referred to as being complicated to understand, the example of Argentina proves that users may still use the currency without having to understand the technicalities involved in the system. However, Bitcoin developers and software developers agree that it might take some time before the Bitcoin system is converted fully into a simplified system that can be understood by the layman. The system that developers of Bitcoins is stable and secure even though the surrounding infrastructure has components that may not be so secure. Bitcoin experts assert that, the user is the best form of security for their Bitcoins. This is because no software is perfect and immune to corruption or attack. In addition, security vulnerabilities arise from time to time even in the Bitcoin client.

18

Figure 6: Bitcoin verses the U.S. Dollar on March 15th 2013. Greenberg (2013) [26] According to Freeman (n.d), there is an oncoming attack on Bitcoin which is inevitable. This judgment is based on the background of digital money and the kind of reception it has had in the past. In 1996, a similar currency known as E-gold was one of the first examples of digital money invented [24]. It received amazing growth and great attention. People saw E-gold as a means to free up the monetary system. Governments saw this as a threat to their control over the fiat currency and, therefore, created negative controversy around the venture. Freeman (n.d) predicts that the Bitcoin currency exchangers will be the first to be attacked. However, due to the fact that Bitcoin is decentralized and easily accessible, it will outlast the attacks against it. The peer-to-peer nature of Bitcoin places it in good stead as a trusted form of currency (Nakamoto, 2011) [48]. This is because the confidence created is maintained by the people. This is likely to create a good future for the currency if people can begin to have confidence in it.

19

Chapter 2: Project Objectives

The Bitcoin system is a digital currency that was launched in 2009. This means the system is still relatively new to most people. Like for all teams who develop complex systems, the Bitcoin community is in the process of simplifying the use of the currency as much as possible. This is because at its current state, the system may appear a bit complex for some people. Considering the fact that many people have to be able to understand a monetary system so as to attempt using it, the Bitcoin system has to overcome the problem of appearing too technical (Grinberg, 2012) [27]. In the meantime, researchers are, therefore, presented with the task of illuminating the Bitcoin technology in terms of its strengths and weaknesses. The anonymity of the Bitcoin System has been the cause for debate in the recent past. Experts have been divided on the extent to which the system is anonymous as well as on the safety that cryptography offers. Other causes for concern are the vulnerability of the system to use for illegal exploits such as drug trafficking and money laundering. The significance of this debate is that it is critical to examine the Bitcoin system as a potential common currency for the future. It is, therefore, important to expose any shortcomings that may be inherent in the system and to highlight the strengths. The proponents of the Bitcoin system expect opposition from governments based on these factors. Therefore, it is important for adequate research to be conducted on this topic pending any action for or against. This project aims at

20

shedding light on the Bitcoin digital system of payment and how it works. The author will attempt to illustrate how transactions are performed in the decentralized Bitcoin system as well as the extent to which the system is anonymous and secure (Lee, 2013; Broderick, 2013) [39], [8]. This will be achieved largely through a review of literature and an evaluation of the background of digital money in general and Bitcoin in particular [8].

2.1 Main Objectives

This project has various goals. However, perhaps the all-encompassing objective of this project is to amass knowledge around the Bitcoin project, its shortcomings and strengths as well as the potential it bears as a currency system. To do this, a review of literature provides a documented research and insights into the Bitcoin project. This includes some of the discoveries that have been made regarding the system as well as the developments and current usage of the digital currency. Like all monetary systems, the Bitcoin system is not without its challenges. These have been highlighted. Key among the factors considered in the literature review is the issue of anonymity and security. To understand how the system works and the virtues that it is based on, the properties of effective currencies are evaluated and explained in detail. This provides a background on money which is critical in evaluating the Bitcoin currency. In short, in order to know how to evaluate the Bitcoin currency, it is important to establish the criteria against which the system may be referenced. In addition, the researcher seeks to establish an existing gap in the effectiveness, stability and safety of fiat money. This is because understanding the existing gaps will help one to understand what is expected of a currency if it is to supplement or even
21

replace fiat money. This process entails enumerating the advantages and the disadvantages of the Bitcoin currency. Several components of the system such as the various types of wallets are examined to enable a deeper understanding of the Bitcoin system. In light of the previous challenges faced through the current monetary system such as the financial crisis, the significance of this project is highly amplified. The main objectives of this project may be enumerated as aiming to: Review and elaborate on the cryptographic algorithms utilized in the Bitcoin system. Demonstrate how Bitcoin mining and spending works. Evaluate the anonymity and its strength in Bitcoin. Evaluate the Bitcoin systems security weaknesses.

2.2 Research Questions

Anonymity is not one of the major design goals of the Bitcoin system; however, many people still refer to it as being anonymous. Despite it not being a major goal of the initial designs of Bitcoin, anonymity has risen as one of the most significant topics of the system. This is because it is viewed as having a bearing on the future of the currency and its stability. In order to approach the issue of anonymity with more understanding, several other components of Bitcoin have to be explored in detail. By answering certain pertinent questions, this research will have met its objectives. In this project, the author will attempt to answer the following research questions: How does the Bitcoin system work? Is the Bitcoin digital system fully anonymous? If not, to what extent is it anonymous?
22

How protected is the system against cyber attackers and theft? What security measures are in place to keep cyber-attacks at bay?

It is expected that even though the Bitcoin system holds a lot of promise for the future, there are some challenges that have to be overcome. The anonymity of the system is also not expected to be absolute. Through the review of literature, the paper attempts to provide the ground work for the examination of the above research questions in the context of the laid down objectives of the research.

23

Chapter 3: Literature Review

3.1 Anonymity
Anonymity is a quality that draws people to the world of digital currency. If digital currency is to achieve widespread adoption, providers of digital currency must prove their reliability and trustworthiness. This may only be achieved through offering secure marketplaces, calm extensive value fluctuations as well as easing the doubts of prospective users. Although the ability to remain anonymous is a major attraction for the users, this should change if the currency is to receive wide acceptance. According to Santos (2013), users do not realize that the anonymity of Bitcoin is relative and not absolute [57]. All Bitcoin transactions are recorded publicly. This implies that public metadata is readily available. User pseudonyms are also now verifiable. However, Santos (2013) believes that all this is not enough. To begin with, identity information which is reliable is essential for any infrastructure used for the management of goods, currency or services [57]. This means that online ID verification should be adopted. This is because it enables companies to achieve real-time authentification of potential customers, while offering the efficiency and scalability required for a global company. However, such rules and practices need a wider form adoption. A major issue that may hamper Bitcoin is that the digital money industry does not do enough to stop money laundering. Bitcoin-like industries, however, may assist
24

in this by drafting guidelines to secure and shape the digital currency industry. Without a safe infrastructure, there will be no digital currency that will achieve adoption on a wide scale.

3.2 Maintaining Anonymity with Bitcoin

According to Jules (2013), a Bitcoin user may move their cash into Bitcoins while protecting their identity. This is as evidenced by the proliferation of the Silkroad. The Silkroad is only available through the TOR network and the Bitcoin currency. The site is used for drug business and is run using the onion world. This is a shadow internet which is maintained by the TOR network [34]. Users can browse the internet anonymously and their identities cannot be discovered after the fact. However, Jules (2013) asserts that Bitcoin is not entirely anonymous. According to Jules (2013), a fully anonymous digital currency is eCache [34]. He further argues that addresses in a transaction are available to everyone and that although the addresses are in form of arbitrary numbers, if an address can be tied to an identity using any means, the owner of the address as well as their transactions may be unearthed. This information on the identity may be obtained from network analysis, Googling of the address or surveillance. This implies that a Bitcoin user is not entirely anonymous while undertaking transactions in the Bitcoin network. Network analysis may enable the revelation of the exchange service from which a user bought their Bitcoins from. This is because Bitcoins carry traces of the users original transaction even after making purchases at the Silkroad. Converting fiat currency into Bitcoins breaks the link between the user and what they intend to use the Bitcoins for. Western Union, PayPal and Dwolla as well as any other payment system leave a paper trail [8].

25

However, running the TOR software anonymizes all online activity for Bitcoin users. In addition, TOR also sets up accounts while enabling communication with Bitcoin exchangers. Users can also remain anonymous by getting a wallet to store their Bitcoins.

3.3 Why Digital Currency is better than Fiat Money

Scholars and experts assert that digital currency performs functions of currency better than government-backed, fiat money. Currency serves three major functions [52]. Firstly, it is a store of value. This implies that it is used to Store value for current earnings to be used in future spending. Secondly, it is a unit of account as well as a measure of relative worth. Thirdly, currency is a medium of exchange. Firstly, as a store of value, digital money works better than fiat money. The independence of Bitcoins from government intervention places it as s superior store of value than the conventional fiat money. Digital currency in general and Bitcoin in specific is reliable and stable enough to enable effective operation. It is unwise to store value in any means that is susceptible to corruption, external influence or collapse. Traditional currency systems are trusted because they are often backed-up by governments. This gives people the confidence of using such systems because they perceive the government backing as security that it is not easy for them to lose their savings. However, government backing is often referred to as a double-edged sword. This is because irresponsible governments have often tampered with the sanctity of national currency, to the detriment of the users. Electronic currencies like Bitcoin do not lend themselves to governmental interruptions and influence. As a measure of value and unit of account, electronic currencies provide a measure of relative worth that is almost intuitive without this measure of relative
26

value. The users of a currency may have to spend a lot of time, resources and money trying to establish what the real value of the currency is. For example, the value for gold comes from its rarity. This rarity may be compared to the high level of difficulty associated with the mining process which produces Bitcoins. This renders a Bitcoin intuitively and intrinsically valuable especially considering how difficult it is to produce the Bitcoin. The fact that it will not be possible to produce Bitcoins after the year 2025 implies that Bitcoins will soon be considered very rare -just like gold. In comparison with fiat money, Bitcoins have a greater intuitive and intrinsic value as a result of their rarity. However, the challenge faced by the Bitcoin system is that it must be accepted and recognized as a legitimate currency by its users first if any of its advantages are to take effect. As a medium of exchange, if accepted widely by users, Bitcoins would be superior to fiat currency. This is because Bitcoins require lower transaction costs than conventional fiat money. Bitcoins allow one to transact regardless of their location or whether the parties to the transaction know each other. Although payment systems like PayPal also enjoy such advantages, the Bitcoin system and other digital currencies overcome costs associated with transacting and exchanging one form of currency for another. Digital currencies like Bitcoin avoid transactional fees because they are designed to operate through the World Wide Web transnationally.

3.4 Bitcoin Anonymity and Crime

Some experts argue that Bitcoin is not as anonymous as many people think. They argue that transactions may be used to track someones real name through their Bitcoin wallet. If the user of a Bitcoin wallet leaves a pay with Bitcoin option visible on their sight, they may be tracked. Users who are good enough with
27

computers may also be able to explore the Bitcoin addresses, blocks and transactions that have been created by Bitcoin (Karame & Androulaki, 2011; Liu, 2013) [35], [41]. Users who do not want to get tracked through the transactions they make in Bitcoin should not make numerous transactions. Bitcoin may be referred to as a pseudo-anonymous network. This is because one can hold a Bitcoin address without having to reveal anything regarding their identity in the Bitcoin address. This also means that one person may hold several Bitcoin addresses, with nothing existing top link those addresses together. However, the level of transparency of the Bitcoin system becomes so high if a user publishes their Bitcoin address on a website. This is because the users information such as previous transactions and Bitcoin balance become available and accessible to the whole world (Liu, 2013; Pattison, 2011) [41], [45]. Interested parties are extremely good at inferencing information from movements occurring in large networks. The pseudo-anonymity of the system, while being s great strength, can also be a major weakness. According to Campbell (2013), the part anonymity of Bitcoin may be exploited for criminal use [12]. This is because Bitcoin may be used as a subsidy in black-market enterprises. Bitcoin has been used severally on Silk Road in the purchase of illegal drugs. The anonymity of the Bitcoin system is a double-edged sword. This is because while it fosters high security levels, it also has great potential to harbor criminals. It has been reported that the hacking group known as LulzSec prefers to donate to Bitcoin. LulzSec took responsibility for having hacked the Sony Corporation.

28

Chapter 4: Project Background

4.1 Types of Virtual Currencies
Virtual currencies can be defined as unregulated forms of digital money which are issued and usually managed by their developers in a virtual community where there is wide use and acceptance by members (European Central Bank, 2012) [21]. There are two ways in which one may obtain virtual currencies. Most virtual currency schemes require the prospective user to purchase them through fiat money at a predetermined exchange rate. Most virtual currencies do not have commodity-backed value (Back, 2002) [2]. Users may increase their stock by participating in specific activities like responding to advertisements, promotions or completing online surveys. Many virtual currency systems exist and it can be difficult to attempt classifying them. One way in which they can be classified is according to their manner of interaction with fiat (real) money in the real economy. This can be done through two channels: a) Flow of money through currency exchanges; b) Monetary flow with a possibility of purchasing real goods or services. With this as a basis, three types of virtual currencies can be distinctly identified:

4.1.1 Closed Virtual Currency

These schemes have little or no connection to the actual/ real economy. They are referred to loosely as in-game only schemes. In such schemes, users pay subscription fees and proceed to earn virtual money depending on how well they perform online (Cox, n.d.) [16]. The user can only spend this virtual currency to
29

purchase virtual assets or services that are on offer within the virtual world. Theoretically, this type of virtual money cannot be spent in the real world. However, some users have devised illegal methods to transfer such currencies to other users in return for real money. This is prohibited in most accounts. Closed virtual currency is only usable online. However, based on the capabilities that it can afford the user, it is still highly valuable. For example, buying clothing items online using virtual money is equivalent to buying the same items of clothing using fiat money. This implies that virtual money may be used to buy goods and services that are consumed win the real world just like real money would.

Figure 7: How buying of tokens and other virtual currencies works. Source: Cutler (2011)[17]

4.1.2 Virtual Currency with Unidirectional Flow

The virtual currency of this type is purchased using real money at the predetermined exchange rate. However, it cannot be reconverted to real money therefore earning the term unidirectional. An example of this is Facebook credits. (Ivan, 2011) [32]. Facebook credits may be purchased using real money to enable the user to enjoy some of the added features that is not available to the non-payer, once

30

real money is converted into Facebook credits. The credits may be converted into another form of virtual money depending on the virtual platform and the exchange rate between the virtual currencies. However, the initial unidirectional currency (such as Facebook Credits) cannot be converted back into real money [32].

4.1.3 Virtual Currency with Bidirectional Flow

This type of virtual currency scheme allows users to put and sell the virtual currency as per the exchange rate. This type of virtual money is similar in most regards to real money. This scheme allows the users to buy and sell both real and virtual goods and services. Virtual currencies with bidirectional flow may be converted both ways. This means that once the virtual currency is purchased at the current exchange rate, conversion of real money to virtual currency occurs. If the user of the virtual currency wishes to reconvert the virtual currency to real currency, that may also be done. The development of digital currency is tied to the growth of the internet and other global networks (Krieger, 2013) [37]. That means that there is no digital currency that has been around for a long time. Microsoft points and Facebook credit are two examples of digital currency which are tied closely to fiat money. When users purchase them, they are able to buy products within the given service. For example, the Farmville game (see figure 8), played within Facebook generated revenue worth $597.5 million in 2010. This was achieved through micro transactions where Facebook took a 30% cut of all purchases made using Facebook credits [22]. Other systems include Second life game which made $1.5 million in 2007 in transactions using a virtual currency known as Linden Dollars.

31

Figure 8: The farmville game that generates revenues from features purchased with virtual money. [17]

The Figure 9 showing the registration of Linden dollar users from 2010 indicates that there are a significant number of people using virtual money. This not only demonstrates the high activity level present online but also ushers in other electronic currencies. Many agree that if all the virtual worlds accepted one unifying digital currency, the currency would have a high likelihood of success. This is because there would be a ready market waiting to use it. With support from community and game creators, user confidence would be easily available. However, in markets where the quantity of virtual currency one holds is reliant on effort or skill, this would not be possible. In the online game World of Warcraft which features multiplayer properties, players earn currency (in-game gold) depending on the number of hours invested playing the game (Buterin, 2012) [11].

32

Figure 9: The registration of Linden Dollars by users with time [49] In the current e-commerce market, PayPal dominates due to the consumer trust it has gained by guaranteeing its users against fraud. Digital currencies have not been successful because of a number of reasons. Services like Pecunix and Gold money were tied to the gold standard rather than fiat currency. This was unpopular with users because they could not tell what the value of what they had corresponded to. Digicash laid too much emphasis on anonymity, which was not a priority for most users. One would ask, what is the advantage of a decentralized method of banking? A decentralized method of banking removes the middle-man from transactions thus reducing the fees paid because of middleman services. Additionally, the government would not be able to manipulate the supply of money so as to achieve its macroeconomic goals which according to many, they should not be entrusted with. The lack of security in fiat currency, therefore, necessitates a shift to digital currency. Fiat money can be easily manipulated and counterfeited. The high number of online transactions indicates that the world should change the way it is doing business (Santarelli, 2013) [56]. Theoretically at least, digital currency would favor

33

international business because it would not be tied to a countrys government (Courtney, 2013) [15]. This project seeks to examine Bitcoin as a modern digital currency. It is important to realize that Bitcoin is unregulated and apolitical with no likelihood of tampering to change its supply. Bitcoins management network keeps records so as to prevent fraud as well as double spending (Becker Breuker, Bhm, Rauer, Heide, & Holler, 2011) [4]. In addition, the currency exists outside boundaries of countries and it is impossible to tax. Its success would see one unified global currency. Bitcoins do not inherent worth. Just like paper money, they rely on broad acceptance by users for them to maintain their worth [50]. As this paper shows, the Bitcoin system of payments is a revolutionary idea which lays the foundation for a radical departure from the current economic system.

4.2 The Appeals of the Bitcoin System

Despite having taken three decades of intensive research on e-cash, the cryptographic communitys efforts seem to have been adversely affected by the success of Bitcoin. Nakamoto, a previously unheard of individual may have well outsmarted the ingenuity of all other cryptographers combined [47]. However, Bitcoin is far from perfect and has some well-known problems. One then would ask, what makes Bitcoin so successful? i) Decentralization Bitcoins architecture is completely distributed and does not have a single trusted entity. This is to mean that Bitcoin assumes the honesty of most of the nodes in its network, resorting to a majority vote set-up to avoid double spending and to enhance dispute resolution. Other e-cash schemes, however, employ a centralized
34

bank which is trusted to issue e-cash and to detect double spending. This appeals to individuals who prefer a freely-traded currency that is not controlled by any government, authorities or banks (Wile, 2013) [62]. These individuals, regrettably, may be drug-dealers and underground economy proponents. Just like in distributed internet, a decentralized system ensures that no one, however benevolent, can fall prey to temptation or be forced by government to subvert Bitcoin for their own benefit (BitPay, Inc., 2012) [5]. ii) Incentives and the economic system Bitcoin has an ingeniously designed eco-system that guarantees that users are given economic incentives so that they can participate. New Bitcoins are generated in a distributed manner and at a rate that can be predicted. Bitcoin Miners provide solutions to computational puzzles so that new Bitcoins can be generated. This process is closely connected to the ascertainment of previous transactions. Additionally, miners may collect transaction fees because of their effort of ascertaining transactions. This provides users economic incentives and motivations to spare computing cycles to verify Bitcoin transactions and generate new Bitcoins. iii) Predictable money supply Bitcoin ensures that new coins are minted at a rate that is fixed. This means that the larger Bitcoins community and total computational resource allocated to coin generation is, the more complex the computational puzzle turns out to be. This provides early adopters with strong incentives. This means that the earlier one is in the game, the cheaper the cost of Bitcoins minted. iv) Divisibility and fungability One of Bitcoins appeals is the ease in dividing and recombining coins for the creation of any denomination possible. However, this is an Achilles heel of e-cash

35

systems that are strongly anonymous. This is because denominations have to be standardized so as to be unlinkable, making computational costs for e-cash transactions to be linear in amount. However, in Bitcoin, the linkage is inherent. This prevents double spending. v) Openness, versatility and vibrancy Bitcoins completely distributed design partly makes it remarkably flexible. The project has an open-source nature that motivates the development of new applications while spurring new businesses. Its flexibility and openness causes the rich extended ecosystem that surrounds it to flourish. For example, users who require guarantees for better anonymity can be catered for by mixer services. Payment processor services now provide gadgets that vendors can embed in webpages to be able to receive Bitcoin payments as well as regular currency. vi) Scripting One of the more salient and innovative features of Bitcoin is that users (both payers and payees) can embed scripts to their Bitcoin transactions. Theoretically, this feature allows one to realize rich semantics and contracts on transactions through scripts. These include escrow, deposits, dispute resolution and assurance contracts. It is expected that in the future, there will be richer versions of financial contracts and that mechanisms will be created around Bitcoin though these features. vii) Transactional irreversibility Transactions in Bitcoin have quick irreversibility. This creates a niche market in which vendors are wary of charge-backs and credit-card fraud. Vendors who sell their products overseas prefer not to conduct business with customers from countries where credit-card fraud is rampant. Bitcoin offers protection to such individuals through its irreversibility of transactions.

36

viii)

Low fees

Bitcoin verifiers market has very low transaction fees (these are chosen by the payer and are optional). This is especially an advantage in micropayments where transaction fees are normally dominant. Additionally, international money transfers do not require additional costs due to disintermediation. ix) Implementations are readily available. As compared to other e-cash systems, Bitcoin provides readily available implementations which are not only used in a desktop computer but for mobile phones as well. Additionally, behind the maintenance of the open-source project is a vibrant community which provides healthy developments.

4.3 Weaknesses of Bitcoin System

One of the most observable problems of digital currencies is that they have major weak links. The first major weak link lies in currency exchangers who convert real cash to e-currency and then e-currency back to cash. These exchangers are vulnerable to authorities, who target these exchangers, leading to the failure of the system. This is what happened to E-gold, one of the first digital currencies. The authorities either regulate these currency exchangers or shut them down completely. The developers of digital currencies have often tried unsuccessfully to eliminate this weak link to make the currencies stable. The other major weak link is the lack of a verifiable form of backing and defense. Just like Bitcoins, a System like Pecunix is excellent. However, these two Systems have not achieved meaningful size to earn the defensibility that would make them strong as currencies. Perhaps an even bigger, but often overlooked, problem with Bitcoin and other digital currencies is the Wide lack of understanding of individual liberty and
37

property rights. Bitcoin requires a powerful network of people who regard property rights highly and are willing to defend them. These people would develop a form of territory where the backing of the e-currency would be stored as well as defended. Bitcoin has faced many challenges in the attempt to address these issues. According to Barok (2011), the ultimate territory exists in the minds of individuals and in the actions of the masses who know, understand and appreciate liberty and personal rights. This is described as a state of individual awareness or self-rule or autarchy [3]. Bitcoin has several other weaknesses as listed below. 1. According to M'barek & Myesser (2012), one of the weaknesses of Bitcoin is that the wallet is vulnerable to theft. If the wallet is not encrypted, it becomes a theft target (Onies, n.d.) [49]. However, recent Bitcoin client releases support the encryption so as to protect data in the wallet [43]. 2. According to Barok (2011) a coins history may be used to link identities of users to addresses. This may lead to an invasion of privacy because the currency users affiliations become well known by the public [3]. 3. An attacker may place many clients which he controls into the network. He may then use these clients to attack. A fraudulent Bitcoin user may create several false users which he may use to perform illegal operations in the system such as drug- dealing or money laundering. 4. There is no authentication required when sending Bitcoins to an IP address. A man-in-the-middle attack may be executed. Like in any online system, an attacker may device a method through which to compromise the security of a system. The lack of authentication to channel Bitcoins to a specific IP address makes an interception by a third party easier.

38

5. A potential attacker can see a user making a transaction. If the potential attacker has the ability to intercept the transaction, this makes it even easier to do so. This implies that although the transparency of the system is an advantage, it may also prove to be a disadvantage. 6. There are security vulnerabilities as well as bugs in the Bitcoin system. A newly discovered bug or vulnerability in security may lead to a split in a block chain. This is because the security of a subsequent block in the system chain is reinforced by the previous block. A vulnerability at one point in the block may lead to widespread vulnerability. 7. Another issue with Bitcoins is that their valuation often fluctuates depending on the demand. By 2nd June 2011, one Bitcoin had the value of ($9.90). However, around January 2013, one Bitcoin had the value of less than $1. This implies that Sites that accept Bitcoins continue to change their prices quickly. This creates confusion when a refund for a product or service is made [52]. For example, if an item of clothing is bought at 1.5 BTC and returned after seven days, experts are faced with the problem of deciding whether the item should be returned at the same price of 1.5 BTC even if the valuation of the Bitcoin has gone up or whether it should be returned at the current valuation. The Bitcoin community has still not arrived at a consensus on this question. 8. Yet another problem with Bitcoins is that of buyer protection. Once a buyer uses Bitcoins to buy goods and the seller fails to send the goods as promised, there is nothing that can be done to undo the transaction. Experts suggest that this problem may be sorted through a third party escrow service such as ClearCoin. However, escrow services would be assuming the role of banks if

39

they did this. This would draw Bitcoins closer to the traditional currency. This is something that the Bitcoin community would not favor. 9. Unknown technical flaws: the Bitcoin system may possess unknown technical flaws. This is because it is a fairly new system. If Bitcoins were to be adopted widely and such a flaw unearthed, it may accord tremendous worth to the exploiter, while completely crippling the Bitcoin economy. 10. The Bitcoin system has built in deflation. The total number of Bitcoins is limited to 21 million. This already sets the currency up for deflation. The value of every Bitcoin is bound to rise as more and more people adopt the currency. The system rewards early adopters. However, the question of when to spend the Bitcoin has become more and more important. This may result in spending surges which may lead to uncontrollable and unpredictable fluctuation.

40

Chapter 5: Analysis of Anonymity

Although Bitcoin is often described as being anonymous, it is not inherently anonymous. By using publicly available data and network analysis, the author will perform a passive analysis. This will be achieved by looking at a case study of Bitcoin theft. This case study involves a user who allegedly stole 25,000 Bitcoins. The summary of the victims posts in Bitcoin forums and his transactions are as shown below (Harrigan & Reid, 2013) [29]. The victim of the theft realized that he had been robbed of his Bitcoins on 13/06/2011 and they had been sent to the address

1KPTdMb6p7H3YCwsyFqrEmKGmsHqe1Q3jg. Records indicate that the alleged theft happened at 16:52:23 UTC on 13/06/2011. This was a short time after somebody had broken into the Slush pool account of the victim and replaced the payout address with 15iUDqk6nLmav3B1xUHPQivDpfMruVsu9f. The Bitcoins legally belong to 1J18yk7D353z3gRVcdbS7PV5Q8h5w6oWWG [29]

5.1 Egocentric Analysis

As shown in fig 10, each vertex stands for a user and the flow of Bitcoins from the public-key of a user that matches the source to the public-key of a user that matches the target, is represented by a directed edge between the source and the target. All directed edges are colored according to their respective source vertices.

41

The network is not perfect because there exists a one-to-one mapping between the users and public-keys.

Figure 10: the thiefs egocentric user network [29]. We only focus on the egocentric network around the thief. This is done by including every vertex that can be reached through a path of length, ignoring directionality and edges which are induced by the vertices included. All multiple edges, plus edges and loops that are not included in any biconnected component are then removed to declutter. The red vertex is a representation of the thief while the victim is represented by the green vertex. The green edge that joins the thief to the victim is the theft process. There are two green edges but only one of them shows a direct connection of the thief to the victim.

42

Figure 11: An interesting sub-network connecting the thief to the victim [29] Ignoring directionality, the thief and the victim are connected by paths. If we consider figure 11 which shows a sub-network induced by the red, green, yellow, purple and orange vertices, we realize that it is a cycle. By contracting all the vertices whose respective public-keys belong to one user, one can attach values in timestamps and Bitcoins to directed edges. It is noted that before the 25,000 BTC theft, there was another 1 BTC theft. The victim later reported this in Bitcoin forums. Using offnetwork data, some other colored vertices can be identified. The purple vertex shows the slush-pool account while the orange vertex shows the computer hacker group known as LulzSec. It can be seen that there was an attempt to link the theft with LulzSec. However, this was not a real connection and it was created by the thief after the theft. There is a genuine link between the orange vertex and LulzSec. This was created before the theft occurred. The thief had sent 0.31337 Bitcoins to LulzSec a short time after the theft. However, the thief cannot be associated with LulzSec in any other way. The main slush-pool account transferred 441.83 Bitcoins to the victim within a 70-day period. Additionally, it sent 0.2 Bitcoins to the yellow vertex in a 243

day period. A day before that theft, the yellow vertex sent 0.120607 to LulzSec. According to Harrigan and Reid (2013) the user represented by the yellow vertex owns at least 5 public-keys [29]: 13tst9ukW294Q7f6zRJr3VmLq6zp1C68EK 1MUpbAY7rjWxvLtUwLkARViqSdzypMgVW4 1AEW9ToWWwKoLFYSsLkPqDyHeS2feDVsVZ 1DcQvXMD87MaYcFZqHzDZyH3sAv8R5hMZe 1EWASKF9DLUCgEFqfgrNaHzp3q4oEgjTsF

This user is a member of slush-pool just like the victim and a one-time LulzSec donator like the thief. This donation which was done a day prior to the theft is this users last known activity performed using any of his five keys.

5.2 Software that Interacts with Bitcoin

One of the programs that can be used to write applications in Java that interact with a Bitcoin Network is BitcoinJ. BitcoinJ is a handy open source program that can be used for Java implementation on Bitcoin protocols. BitcoinJ allows maintenance of a wallet and transaction by either sending or receiving without a local implementation copy. Armory is another open source program that is a wallet management system employed in Bitcoin. It is deployed to provide high level security for Bitcoin users who have invested heavily. The program maintains good usability as well as convenience. It has many features that make it popular with many Bitcoin users. Armory allows users to maintain multiple wallets whether they have encryption or not.

44

5.2.1 Bitcoin Client Applications Bitcoin has several client applications. These include Bitcoin-Qt; MultiBit; Armory; Electrum and Bitcoin Wallet. Bitcoin-Qt is the first Bitcoin client. It provides the structural backbone on which the system is founded. Bitcoin-Qt provides high security levels, stability and privacy. The shortcoming of this client application is that it has few features and requires a lot of disk memory for it to operate. i) MultiBit: MultiBit on the other hand is a lighter client application whose major strength is its high speed and ease of use. MultiBit was developed by Jim Burton from the UK. This client application synchronizes with a network and becomes ready for operation within a few minutes. The MultiBit application supports multiple languages. Due to its ease of use and simplified look, this client application is one of the best for nontechnical users. This client application is utilized in MacOS, Windows and Linux and based on Bitcoinj. A major advantage of this client is that it supports the running of multiple wallets at the same time without having to download the whole block chain.

Figure 12: MultiBit application (screenshot)

45

ii) Armory: Armory runs on atop Bitcoin-Qt and is more advanced than MultiBit. This client application is more expanded for more technical/ power users. It offers features for encryption and backup. In addition, it allows cold-storage on offline computers that is secure. Armory is also Open Source. This means that it is available for free. Armory further guarantees that any programs based on its source code must also be open source and, therefore, free. The capability for Armory to be used offline ensures maximum security from hacking. Armory was created to have a split interface. This means that the application allows users to import addresses created with VanityGen. The user can choose between advanced or standard, allowing users to experience different features on the same application. In addition less advanced users may also be able to use the wallet without needing an expert. The average user can secure their Bitcoins by keeping them in an offline computer in what is known as cold storage.

Figure 13: Armory Client(screenshot)

46

iii) Electrum: Another major client application is Electrum. The focus of this application is mainly simplicity and speed, just like MultiBit. It requires lower resources to use. This application utilizes remote servers to handle the more complex components of the Bitcoin system. Electrum allows users to recover their wallets from a pre-saved secret phrase that may be learned by heart or written down on a piece of paper. The good thing with this client is that there is no waiting time after starting the application. This is because it does not have to download the entire Bitcoin blockchain [20] (see figure 14). Some of the features of this wallet in summary include: Instant on: the application does not have to download the blockchain. This is because a remote server is employed. The system is forgiving: the wallet may be recovered from the secret phrase. Ubiquitous: the same wallet may be employed in different computers because it auto-synchronizes. Open: the private keys may be exported into other Bitcoin clients No downtimes: the user may choose from the several available public servers. Transactions locally signed: these means that the private keys are not shared in the server. This implies that the user does not have to trust the Server with their Bitcoins. No Scripts: The client does not download scripts. This is a good security measure because a server which has been compromised cannot send a user arbitrary code with the intention of stealing money from them.
47

Firewall friendly: the client application does not have to open a port. It polls the server to get updates.

Written in Python: the code is brief and easy to follow or review. Tested and audited: The system is open source and was released for the first time in November 2011.

Electrum has several user interfaces. These user interfaces share the same wallet code these are Lite, Android, Gtk, Text (using curses) and Classic (Qt).

Figure 14: Electrum, screenshot. Source: [20]

iv) Bitcoin Wallet Bitcoin Wallet is a more lightweight client applications specifically designed for BlackBerry OS (10 or newer) and Android (2.3 or newer). A major strength of this client is that it doesnt have to be connected to any online service for it to work [ 14]. This program offers compatibility with NFC and QR code scanning (see figure 15). The features of this service in summary are: Display of the users wallet balance in Bitcoin as well as in other currencies.

48

There is no web-service or cloud server needed. This is because the wallet is peer-to-peer.

The user may enter transactions when offline and they are updated when online.

There are notifications on the system when Bitcoins are received. The service manages the blockchain on the users device to enhance security. There is an application widget for the Bitcoin balance. Bitcoins may be sent or received through QR codes, Bitcoin URLs or via NFC.

Figure 15: Bitcoin Wallet screenshot (as used in BlackBerry and Android) [14]

5.3 Mitigation
The Bitcoin system should educate users about the limits of anonymity. If some changes are effected on the system, they can help mitigate risks to privacy.
49

Bitcoin has developed a patch to the system that allows users to prevent linkages between public-keys. This can be done by alerting users regarding potential links in the client user-interface. The development of a protocol that supports mixing of Bitcoins at the protocol-level would make it difficult for passive third parties to track transaction histories of users (Matonis, 2011) [42]. Ultimately, the user is the best security measure for their Bitcoins. This is because no software is perfect. In addition, security vulnerabilities arise from time to time even in the Bitcoin client. The user should keep the client being used frequently updated with bug fixes as soon as they are available. This is especially when new vulnerabilities arise [42]. The computer system being employed should also be freed of all viruses, malware, remote access tools and key loggers which may duplicate delicate information. Immediately after a vulnerability is detected or the system compromised, the immediate step should be the creation of a new user. A new secure password should then be installed.

5.4 Bitcoin Wallets

The Bitcoin wallet is an application that allows the user to transact with the world. The Bitcoin Wallet gives the user ownership of addresses in Bitcoin that the user may utilized to receive Bitcoins from other user. In addition, it enables the user to be send coins. As is the case for email messages, the user may receive Bitcoins when they are offline. The user, therefore, receives the Bitcoins sent to them when they login into the system. All wallets are compatible and can send or receive money from each other. Some of the simplest wallets to begin with include MultiBit and BitcoinWallet. According to Stanford University (2013) an effective wallet should have several characteristics [59]. First, the wallet must be extensible. This means that it
50

should be able to accommodate all the different payment instruments and utilize multiple payment protocols. For example, the digital wallet should be able to hold digital coins and credit cards. The wallet should also be compatible with upcoming financial instruments and use them to make payments. For example the wallet should be compatible with electronic coupons. Secondly, the wallet should be client-driven. This implies that the manner in which the wallet interacts with the vendor should be determined by the client (Subramanian, 2013) [61]. Vendors should not have any control on the clients wallet which may be considered as annoyance. For example, the vendor should not have the ability to launch the clients wallet application when the user visits the web-page that is selling a product or service. Stanford University (2013) provides the analogy to explain this reason: Imagine if every time a buyer enters a store, the seller has the ability to reach into the buyers wallet and pull out their wallet, flash it before them and ask them if they wanted to buy something [59]. Designing a wallet that is clientdriven is crucial because the users should not view the wallet as being intrusive. This may create reluctance for electronic commerce. The third consideration is that wallets should be symmetric. Banks and vendors run software that is analogous to wallets. This software manages the users end of the financial operations. The functionality is very similar. This implies that it is sensible to re-use the same interfaces and infrastructure within wallets, banks and vendors. For example, the part that deals with financial instruments may be shared between financial operations participants. The fourth consideration is that the wallet should be generalized. This means that the interfaces should be similar regardless of the type of computer or device that the wallet, vendor or bank is running on.

51

5.4.1 Types of Bitcoin Wallets

There are three categories of wallets based on the manner employed to send or receive the Bitcoins. These categories are software wallets, mobile wallets and web wallets. Software wallets are installed on the users computer; these include BitcoinQt, MultiBit, Armory and Electrum. These are the base technology level for transacting with Bitcoins. They store a collection of keys on the Wallet address (computer). The purpose of these wallets is to enable the user to receive send Bitcoins through the network. Nobody should be allowed access to these keys except the computer user. The user should ensure that these keys are always secure. It is recommended that the user maintains a backup of these keys in case of accidental deletion or corruption of the Bitcoin files. A software wallet may be downloaded from the internet. After downloading, the client application should be installed in the computer system (either Linux, Mac or Windows). This leads to the automatic creation of a wallet which enables the access of the users transaction history.

Fig. 16: armory wallet (screen shot): a Software wallet

52

Mobile wallets allow the Bitcoin user to access the service from the comfort of their mobile devices (Huysman, 2013) [30]. Coins may be exchanged easily and paid to stores when the user scans a QR code or uses NFC tap to pay. Examples of Mobile wallets include Bitcoin wallet; Blockchain.info and Paytunia. Convenience is the key driver for mobile wallet (Grant, 2013) [25]. Web wallets allow the Bitcoin user to use the system unencumbered by geographical location. This means that the user can access the system and transact anywhere with minimal effort to protect their wallet. However, the web wallet should be chosen with care. This is because while choosing to host Bitcoins in a website, the user essentially trusts the websites owner and their security to protect the wallet from theft. The user should also chose the web wallet that best suits their needs, placing emphasis on security and convenience. Examples of web-based wallets include Blockchain.info, Bips, Coinbase and Electrum.

Fig.17: Coinbase. Web Wallet (screenshot)

53

Chapter 6: Inferences Drawn by Interviews on Bitcoin Anonymity

6.1 Chapter Overview

Bitcoin, an online cryptographic currency is today very popular because of its anonymity. Many people including anarchists, law enforcements antagonist, and criminals see and consider it as a way of conducting private financial transactions. Bitcoins are a digital currency that allows one to sell and buy them, and purchase other items with them or even exchange them for hard currencies such as the British Sterling Pound or the US Dollar. One can acquire Bitcoins either by mining them using computer resources to unlock them by solving complicated algorithms or buying them. Bitcoin has been praised by many commentators on the way it distinguishes an owner of a wallet and the wallet. It provides some sort of anonymity, such as that provided by some Swiss bank accounts. However, commentators and headlines have recently questioned the limits of Bitcoin anonymity. In fact regulators have accused Bitcoin of violating anti-money laundering regulations. Questions have been raised from various quarters regarding the anonymity of Bitcoin. This chapter reviews, analyses and integrates interviews from various reputable websites on the subject of Bitcoin anonymity and draws inference that

54

answer the questions: Is Bitcoin entirely anonymous? How private is Bitcoin? Is Bitcoin traceable and completely transparent? If so, what does it mean for privacy?

6.2 Bitcoin is anonymous; how anonymous is it?

The major Bitcoin currency exchange, Mt Gox, has recently introduce rules that would require people trading government managed currencies, referred to as fiat currencies to verify their identities. However, these regulations have not and still do not apply people trading Bitcoin currencies only. Incumbent or the pioneer Bitcoin users did not have such requirements imposed on them. This therefore, raises privacy issues [6]. The fact that since it was introduced, people considered Bitcoin to be anonymous. Most of the people who are using it do not want people or others using it to know who they are. The question is, are they really able to hide that information? According to Bradbury (2013), Bitcoin should be considered as a pseudoanonymous network. He argues that, Bitcoin is anonymous because one can have a Bitcoin address without actually revealing any personal information about them in that address [6]. Additionally, Bradbury, (2013) asserts that, a single person can have multiple addresses without those addresses being linked in any way. There would be nothing that can, in theory, be used to link the multiple or two adresses together. To show that they belong to one person and who that person that owns them is. However, Bradbury (2013) also argues that, Bitcoin has another different side; anything that happen in the Bitcoin world is very much traceable [6]. He argues in the way that the Bitcoin algorithm is structured. The algorithm is structured in such a way that any Bitcoin transaction is logged into a ledger like blockchain and is available publiclicy for all Bitcoin owners to see. Seaver's (2013), interviwed the VP Marketing, Jeff Ownby of Butterfly Labs, a company that manufactures high speed
55

encryption processors that Bitcoin uses in research, security, mining, and telecommunications agrees that this leads to some leav of transparency that may be surprising to Bitcoin users [58]. Publishing ones Bitcoin address on his/her website shows everyone in the world what your Bitcoin balance is, this is according to the CEO of Certimix, Sergio Lemer. Sergio Lemer, acryptography scientist with a sound backgrounds asserts that Bitcoin protocol design does not enforce privacy. According to him, the Satoshi algorithm, the base of Bitcoin, has several vulnarabilities [58]. Receving money from other users using the same address over and over again will make other users detect who has sent you money. This, according to Matthew Green, a co-developer of an anonymity algorithm for Zerocoin, a crypto currency and an assistant Professor at John Hopkins , is a huge problem [58]. He argues even though, ones name is not linked explicitly to his/her Bitcoin address, interested parties such as Google can be able to infer information from other large networks and may be able to eventually unearths ones real identity [26]. Green asserts that with simple data mining people will be able to find a lot of information that is now considered anonymous. He argues that the steps that Bitcoin are taking to keep its users anonymous is a bit naive since people and organizations have clever data mining trick that are far much better [26]. Analsying large data sets in a bid to recombine personal information, according to Narayanan has enormous ramifications for intelligence services and other law enforcement agencies [26]. Bitcoin is a prime target of reidentification because of its completely transaparent data set block chain.

56

6.3 Bitcoins Transparency

Claire Ingram (2013) of ArcticStratup interviewed Frank Schuil, the CEO of Safello on the anonymity and transparency of Bitcoin [31]. According to Ingram (2013), there are papers and studies that have poked hoes into the analogy that Bitcoin users could remain anonymous. Compared to any other currency in the world, Bitcoin is the most easiest to trace, Ingram asserted. Safello CEO, Frank Schuil argues that there is no need of focussing on the anonymity of Bitcoin, but rather, Bitcoin needs to work on removing the reputation that it is anonymus and is primarily for illegal transactions such as fraud and drug sale, in order for its economy to grow and for it to mature [31]. Brustein (2013), in his article in the BloombergBusiness argues that Bitcoin may not be as anonymous as people have been made to believe [10]. He argues that there have been attempts that by academicians to conjure technics and methods that would enable the tracking of Bitcoin transactions. Bitcoin transfers are vulnarable to such tricks. Just as has been metnioned above, Brustein (2013) asserts that it is more accurate to describe Bitcoin as being pseudoanymous and not anonymous. Bitcoin stores all transactions, information on all acounts that have transacted and the amount of Bitcoins transacted in a block chain which all Bitcoin users can access [10]. This, Bitcoin argues that is important since it helps the system analyze these transaction and ensure that the same coins are not used over and over again. Brustein interviewed the director of technology research program, Jerry Brito who asserted that although Bitcoin transactions may not be as transparent as credit-card transactions, they are far much better than cash transactions [10]. When asked on why he thought that Bitcoin is anonymous, Jerry Brito asserted that people are able to set up as many accounts as they are able to or want and there is no way or nothing within Bitcoin can connect
57

pseudonym Bitcoin users to their rea-life identities. For this reason, Jerry says that, Bitcoin users are anonymous but not to the extent in which they exhange governmentissued currencies for Bitcoins because federal regulators are only concerned with such transactions and not Bitcoin to Bitcoin exchanges. However, he also warns that, with enough data, it is very easy to unravel even anonymous networks as has been shown with user data from Netflix and AOL [10]. Researchers in Switzerland and Germany have been able to show that more than 30% of Bitocin pseudonym users real-life identities could be unraveled even in situations where users have used all recommended privacy protections [1]. Other researchers from George Mason University and the Universty of California argue that the fact that Bitcoin relies more on few large accounts makes it very easy to unravel users real-life identities. This is so because such large transactions can very easily be tracked to users real-life identities. This has made Bitcoin unattractive for large volume illegal transactions [46]. Further, Brito argues that the fact that the block chain is put in the public for anyone who want to look at it can do so without a probable cause or subpoena [10].

6.4 Future of Bitcoin Anonymity

According to Michael Carney (2013), Bitcoin needs to kill its anonymity reputation for it to grow. One of Bitcoins largest exchange sites, MT Gox have since announce that users will now be required to verify their identities using approved photos for any account owners who are seeking to deposit and withdraw governmentissued currencies [13]. This implies that, federal regulators are interested in killing Bitcoins anonymity and are therefore that Bitcoin exchange sites such as MT Gox,

58

should be properly registered as MSBs, MOner Service Buiness. They argue that, although Bitcoin is legal, it is not above the law [13]. According to Director at FinCEN, Jenniffer Shasky interview with an American Banker, digital currencies such as Bitcoin are just financial services as other government-backed currencies. Those dealing in them are considered as financial instituions. Therefore, they too can potentially be anti-money laundering threats and as such should have put in place controls that deal with money laundering threats. It is true that today, many people have opted to use digital, virtual currency such as Bitcoin because of their assumed annonymity. Jennifer Shasky, however, argues that this is just a mere fallacy and that, their anonymity is not their most valuable attribute [13]. She asserts that the value of virtual currencies such as Bitcoin, as opposed to traditional federal banking systems and fiat currencies is the fact that Bitcoin transactions do not incur conversion or wire transfer fees when they cross international borders. As the worlds continue to shrink as a result of the advancements in technology, virtual or digital currencies such as Bitcoin are likely to be the biggest drivers of business than anonymity could be. The anonymity within the Bitcoin network has been misunderstood, argues Jennifer Shasky. As has already been pointed out, the anonymity of ownership of Bitcoins is what is under threat and not the anonymity of use of Bitcoins. This means that the decision by MT Goxs to require account users to provide some sort of reallife identity makes it difficult anonymously obtain and have Bitcoin but not difficult for those who already have Bitcoin to continue using it anonymously. Authorities cannot know what you do with Bitcoins. This means that Bitcoins are somewhat now on at par with the traditional banking system and cash, fiat currency, in terms of anti-money laundering regualtions. However, it did not making

59

it any more difficult to money launder [13]. She further asserts that there are still ways that those willing to obtain and use Bitcoin for illicit purposes can gain anonymity as has always been the case with fiat currencies. For instance, there are already subtly named services which have already been setup such as Bitmix, Bitlaundry, and Bitcoinlaundry, for the purposes of laundering dirty Bitcoins or mixing it with other legit curecnies so as to make them untraceable. Bitcoin is not as anonymous as most people have thought despite the fact that it has become the preffered mode of payment for undergournd online transactions. It is the key to making illegal business possible. According to Greenberg (2013), spending bitcoin anonymously on illicit business online is not as easy as people have often made it out to be. Andy Greenberg, a reporter at Forbes asserts that they tried to order small amounts of Bhang using Bitcoin from different online Bitcoin-based black markets and several weeks later, none of them have been arrested [26]. However, according to his interview with Sarah Meiklejohn, a computer science researcher from the University of San Diego with a focus on Bitcoin, to try and test the privacy of their online black-market transaction. It was easy to trace the digital breadcrumbs that are left behind by Bitcoin [46]. However, Meiklejohn argued that, there are ways that one could use Bitcoin anonymously, but casual Bitcoin users may not be able to hide their activities very well. Meiklejohn asserted that the privacy properties of Bitcoin were somewhat inconsistent. First, Bitcoin network has made all transactions that occur on it publicly accessible by recording them in the block chain. Then, Bitcoin has a decentralized mechanism that makes tracking of who has what Bitcoins, when and how, and preventing counterfeiting and fraud possible [46]. However, in contradiction, the transactions are only recorded as addresses, which are not tied to anyones real-life

60

identity. This is what makes Bitcoins transactions anonymous. Meiklejohn asserts that a little snooping in Bitcoins transaction register, block chain, can often help one unravel who owns those Bitcoin addresses. According to Greenbergs interview with Pirate Roberts, Silk Road administrator, even though it was easy for Meiklejohn to trace Forbes online black market transactions, it is impossible to link ones deposits with withdrawals, which makes it even harder to tell where ones withdrawals came from [46]. This he asserts is because of the fact that all withdrawals and deposits undergo a general mix. Finally it is important to note that, although the anonymity of Bitcoin could be in question now and under threat in the future, user of Bitcoin that are seeking anonymity should be careful about sharing their Bitcoin addresses in public or even using them with Bitcoin services such as Coinbase which can be subpoenaed. This is so because such accounts can be used to link their anonymous Bitcoin address to their real-life identities [60].

61

Chapter 7: Discussion and Future Work

7.1 Discussion

The approach undertaken for this research is purely qualitative and secondary. This is because the evaluation is based entirely on the perspectives found in secondary sources. The strength of this approach is that it relies on expert opinion to inform that of the researcher. After reviewing literature on the Bitcoin system and its features, the research aggregates information on Bitcoin and also provides the perception on the level of anonymity and security in the system. This approach is based on the nature of the research topic and research objectives. An interview and survey may have been conducted to get more information regarding the security of the system from programmers and Bitcoin users. This may have been done through questionnaires and informal interviews. However, any attempts to communicate with possible respondents were not fruitful. This may be based on the fact that the system may still be considered to be in its infancy stage and the users and the programmers will not show their weaknesses and the security gaps that they faced while dealing with Bitcoin system.

62

In addition, there are some ethical issues that arise in any research situation whereby the respondents must give their consent before any information they have provided to the research process may be employed. However, some researchers were approached and their feedback was not supportive. This is because most of them do not quite understand the system to an extent which they believe their opinions to be authoritative. A major challenge in this research is that the number of people with sufficient knowledge on Bitcoin is limited. Getting cooperation from the ones who do is quite difficult as well. The deficiency of literature on the topic is also a major challenge which can only be overcome with time. It is expected that any attack that has been recorded will not be announced and published by the owners. This is because the developers would not want to compromise the development of the digital currency and would rather keep the shortcomings of their system (if any) in the dark until they have a way of making it better. The process of gathering information by way of a questionnaire based survey was not applicable for this research as a result of the little time available. Any furtherance of attempts to obtain information to enable a quantitative approach would require more than three months obtaining precise information. The credibility of the data obtained would be a significant component for this research that requires proper verification if data was to be collected from respondents through a survey. This is because most of the users that are easily accessible are part of the Bitcoin development team and their responses may be biased in favor of the system. As a result of the relatively high level of anonymity, it is difficult to obtain a sizeable and representative sample whose data would be applicable and relevant for the entire population.

63

Moreover, the information obtained would also need to be analyzed so as to draw relevant and applicable inference from the data collected. To analyze the Bitcoin system using programming is also a possible approach. However, given the complexity of the algorithms used by the system, the process would require a high value investment in terms of material resources. In addition, the time involved in this process is also a major issue because programming takes a great deal of time. Despite the many challenges encountered in the period of completing this research, there is still a chance that with more time, it is possible to conduct more comprehensive research. This could be done by defining the major components of security and anonymity that would need to be tested through the questionnaire process. The defined components of the inquiry would then be investigated through questions which necessitate the respondent to provide their opinions out of a range of choices. This may be facilitated by use of a system that converts qualitative data into quantitative measures which can be analyzed easily.

64

7.2 Future Work

Undoubtedly, the research conducted so far is not conclusive enough to inform a comprehensive conclusion. This is because the degree of anonymity is not known in a quantifiable sense. However, it serves as a suitable basis on which further work on the topic may be done. Having set the foundation for future research, future work will entail interviews, surveys as well as java programming for Bitcoin applications. Interviews will involve luminaries in the area of digital currencies as well as developers and programmers who fully understand the Bitcoin system. The interviews will equip the researcher with perspectives which will inform the inference. Because of the difficulty involved in obtaining interviewees, the research aims at getting at least 15 professionals and Bitcoin users for this purpose. Questionnaire-based surveys will also be employed to acquire data from respondents related to the Bitcoin system. This will be done mostly through questions which request the respondent to provide their opinions out of a range of choices on a gradually incremental scale. This is because this approach enables the conversion of qualitative data such as perspectives and views into qualitative data which enables a clearer picture of the inference to be developed. This approach also enables conclusive analysis of data which can then be used to provide a clear conclusion. Java programming will also equip the research with a more analytical and less descriptive edge. By employing the java language for

65

Bitcoin applications, the research allows for a better understanding on the nature of Bitcoin transactions as well as how they are safeguarded. This three-pronged approach undoubtedly provides a more comprehensive output which will contribute to the small pool of research that exists on this subject.

66

Chapter 8: Conclusion
Bitcoin is an open source project that employs cryptographic software and peer-to-peer (p2p) technology. Bitcoin was introduced in 2008. The system depends on digital signatures to ascertain ownership. Because of the high level of risk involved in digital currencies, a history of transactions helps the system to prevent double spending. This is done through a proof-of-work system. Like with all major digital currencies, security is always a significant issue. Bitcoin uses cryptography in a public key encryption system which helps to maintain the privacy of the transacting parties. The security of this system is highly linked to its anonymity, which is the ability to transact in Bitcoins while not revealing ones identity. The anonymity of Bitcoin is not absolute because an attacker can make use of security lapses in wallet clients or websites that facilitate Bitcoin transactions to link a public key to a user, thus unearthing their identity. As compared with other digital currency systems, Bitcoin is better in terms of security. However, it relies on the users maintaining their public keys extremely safe. The technicalities of the Bitcoin system have contributed to the slow pace with which it has been adopted. However, this may be overcome with time whereby the Bitcoin community may devise a more user friendly interface to allow users to use the currency without having to delve into the difficulties of understanding the entire process. Having proven that Bitcoin is not wholly anonymous, the remaining selling point is its decentralization. Bitcoin offers a decentralized system. This means that there is not central controlling authority that may exploit other users. The power and

67

authority rests with the many users of the currency. However, for the Bitcoin system to be widely adopted, it requires to gain the confidence of the masses. To achieve this, Bitcoin users must recognize their individual rights and liberties. They must realize that the power should not be vested in the government because doing so exposes the currency to manipulation. The Bitcoin system has to be safeguarded by responsible individuals in a collective manner to ensure that it remains secure. In addition, the decentralized nature of the Bitcoin currency as well as its superiority as a store of value, medium of exchange and measure of value should work hand in hand with its degree of anonymity to place it in good stead as a future currency. This research is qualitative in the sense that reviews literature on the system and aggregates information on security and anonymity to inform it. There is a limited pool of credible information on the system. This underlines the need for further research. In addition, the number of people who are knowledgeable on the system is limited. This means that obtaining people to interview becomes extremely difficult. This research lays a foundation for further developments in the field of digital currencies to be made. Many agree that the current position of the global markets is worrying and thus there is a need for a better system of payment. What is obvious is that Bitcoin has provided the direction in terms of thinking that other superior systems must take if the security of global markets is to be [36]. Undoubtedly, there needs to be more investment in research and development to make the system more secure while dealing with the vices (such as drug trafficking) propagated by the systems inherent anonymity.

68

References
[1] Androulaki, E., Karame, G., Roeschlin, M., Scherer, T., & Capkun, S. (2012). Evaluating User Privacy in Bitcoin. IACR Cryptology ePrint Archive, 2012, 596. [2] Back, A. (2002). Hashcash - Amortizable Publicly Auditable CostFunctions.CiteSeerX. Retrieved July 3, 2013, from

http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.3.3484 [3] Barok, D. (2011). Bitcoin: censorship-resistant currency and domain name system to the people. Networked Media, 3(2), 2-10. [4] Becker, J., Breuker, D., Bhm, R., Rauer, H., Heide, T., & Holler, J. (2011). Can We Afford Integrity by Proof-of-Work? Scenarios Inspired by the Bitcoin Currency. Workshop on the Economics of Information Security, 1(1), 1. [5] BitPayInc.(2012). Bitcoin Payment Gateway API.BITPAY, Inc., 1(1), 5. [6] Bradbury, D. (2013). How anonymous is Bitcoin? CoinDesk. Retrieved September 9, 2013, from http://www.coindesk.com/how-anonymous-is-bitcoin/ [7] Bramhall, S. (2013). Why Bitcoins Have Doubled in Value. DailyCensored.com Breaking Censored News, World, Independent, Liberal News - Underreported political and social news from the U.S. and around the world. Retrieved June 30, 2013, from http://www.dailycensored.com/why-bitcoins-have-doubled-invalue/ [8] Broderick, R. (2013). Traveling Down the Silk Road to Buy Drugs With Bitcoins | Motherboard. Motherboard | Home | Motherboard. Retrieved July 6, 2013, from http://motherboard.vice.com/blog/traveling-down-the-silkroad-to-buy-

drugs-with-bitcoins [9] Browdie, B. (2012). Bitcoin Likely to Grow, Poses Benefits and Risks: ECB Report. American Banker, 1, 13. [10] Brustein, J. (2013). Bitcoin May Not Be So Anonymous, After All. BloombergBusinessweek. Retrieved September 8, 2013, from

http://www.businessweek.com/articles/2013-08-27/bitcoin-may-not-be-soanonymous-after-all

69

[11] Buterin, V. (2012). Bitcoin Mining: A New Means of Paying for Video Games? | Bitcoin Magazine. Bitcoin Magazine | The authoritative source for Bitcoin news.. Retrieved June 30, 2013, from http://bitcoinmagazine.com/bitcoinmining-a-new-means-of-paying-for-video-games/ [12] Campbell, J. J. (2013). Bitcoin and Cryptocurrency: Advantages and Disadvantages. bitcoinproject, 1(2), 7. [13] Carney, M. (2013). For the bitcoin economy to grow, anonymity needs to die. pandodaily. Retrieved September 6, 2013, from

http://leaksource.wordpress.com/http://pandodaily.com/2013/05/31/for-thebitcoin-economy-to-grow-anonymity-needs-to-die/2013/08/30/study-bitcoin-notquite-anonymous/ [14] Code.google.com. (2013). bitcoin-wallet - Bitcoin Wallet for Android and BlackBerry OS - Google Project Hosting .Google Code. Retrieved July 13, 2013, from http://code.google.com/p/bitcoin-wallet/ [15] Courtney, M. (2013). Online anonymity is holding back Bitcoin (Wired UK). Wired.co.uk Future Science, Culture & Technology News and Reviews (Wired UK). Retrieved July 6, 2013, from

http://www.wired.co.uk/news/archive/2013-06/21/anonymity-holding-backbitcoin [16] Cox, J. (n.d.). Bitcoin Versus Gold | Bitcoin Report. Bitcoin Report |. Retrieved June 30, 2013, from http://bitcoinreport.com/bitcoin-versus-gold/ [17] Cutler, K. (2011). Pocket Change Brings Virtual Currency Revenues to Games That Lack In-App Economies .Inside Mobile Apps - Tracking the Convergence of Social Platforms, Virtual Goods, and Mobile Apps . Retrieved July 12, 2013, from http://www.insidemobileapps.com/2011/12/19/pocketchange-brings-virtual-currency-revenues-to-games-that-lack-in-appeconomies/ [18] Dimi, D. (2012). Can the Bitcoin Foundation build legitimacy for an outlaw currency? - Ecotribe. Ecotribe - ecology, transition, eco-villages, skill sharing, permaculture, alternative currencies, sustainability, micro grids, low tech, gift culture, changing the world.. Retrieved June 30, 2013, from

http://ecotri.be/can-the-bitcoin-foundation-build-legitimacy-f [19] Dorn, J. A. (1997). The Future of Money in the Information Age. Cato Institute

70

[20] Electrum.com. (2013). Electrum Bitcoin Client.Electrum Bitcoin Client. Retrieved July 13, 2013, from http://electrum.org/ [21] European Central Bank. (2012). Virtual Currency Schemes.European Central Bank Eurosystem, 1(1), 16. [22] Felten, E. (2013). Basic Economics of Bitcoin Mining.Freedom To Tinker. Retrieved July 30, 2013, from https://freedom-to-tinker.com/blog/felten/basiceconomics-of-bitcoin-mining/ [23] Ford, P. (2013). Bitcoin May Be the Global Economy's Last Safe Haven Businessweek. Businessweek - Business News, Stock market & Financial Advice. Retrieved July 30, 2013, from

http://www.businessweek.com/articles/2013-03-28/bitcoin-may-be-the-globaleconomys-last-safe-haven [24] Freeman, A. (2011). BITCOIN - What It Is and Why It Matters. bitcoinproject, 2(3), 3-39. [25] Grant, R. (2013). Mobile payments tsunami is coming to wash away our wallets | VentureBeat. VentureBeat | Tech. People. Money.. Retrieved July 13, 2013, from http://venturebeat.com/2013/07/10/mobile-payments-tsunami-is-comingto-wash-away-our-wallets/ [26] Greenberg, A. (2013). Founder Of Drug Site Silk Road Says Bitcoin Booms And Busts Won't Kill His Black Market - Forbes. Information for the World's Business Leaders Forbes.com. Retrieved July 12, 2013, from

http://www.forbes.com/sites/andygreenberg/2013/04/16/founder-of-drug-site-silkroad-says-bitcoin-booms-and-busts-wont-kill-his-black-market/

[27] Grinberg. (2012). Today Techies, Tomorrow the World?Bitcoin.The Milken Institute Review, 2(2), 22-32. [28] Gring, Philipp and Ian Grigg (2011): Bitcoin & Gresham's Law - the economic in-evitability of Collapse.

http://iang.org/papers/BitcoinBreachesGreshamsLaw.pdf. [29] Harrigan., M., & Reid, F. (2011). An Analysis of Anonymity in the Bitcoin System. In Security and Privacy in Social Networks. Retrieved June 30, 2013, from http://anonymity-in-bitcoin.blogspot.com/ [30] Huysman, M. (2013). Where your phone is your wallet: Wired Money Pitch Room, session two (Wired UK). Wired.co.uk Future Science, Culture &

71

Technology News and Reviews (Wired UK). Retrieved July 13, 2013, from http://www.wired.co.uk/news/archive/2013-07/01/wired-money-pitch-2 [31] Ingram, C. (2013). Swedish Bitcoin Startup Safello Emphasizes Transparency. ArcticStartup. Retrieved September 5, 2013, from

http://www.arcticstartup.com/2013/09/04/swedish-bitcoin-startup-safelloemphasises-transparency [32] Ivan, T. (2011). Zynga files to raise $1 billion in IPO. Next Generation Business. Retrieved July 30, 2013, from http://www.next-gen.biz/news/zynga-filesraise-1-billion-ipo [33] Jackson, B. (2013). Is Bitcoin the Future of Money? | RedState. Political News Conservative Blog & Right Wing Views | RedState. Retrieved July 3, 2013, from http://www.redstate.com/2013/04/01/is-bitcoin-the-future-of-money/ [34] Jules. (2013). Maintaining anonymity while using Bitcoins - TheDailyAttack. TheDailyAttack -. Retrieved August 28, 2013, from

http://thedailyattack.com/2013/06/maintaining-anonymity-while-usingbitcoins/#comment-139 [35] Karame, G. O., & Androulaki, E. (2011). Two Bitcoins at the Price of One?Double-Spending Attacks on Fast Payments in Bitcoin.b, 21(3), 32. [36] Kerbal Space Program Forum. (2013). KSP should accept BitCoin [Archive] Kerbal Space Program Forum. Kerbal Space Program Forum. Retrieved June 30, 2013, from http://forum.kerbalspaceprogram.com/archive/index.php/t2156.html [37] Krieger, M. (2013). Folks Who Used To Be Fanatical About Silver And Gold Have Now Got A New Obsession... | www.bullfax.com. Market News and Analysis - www.bullfax.com | www.bullfax.com. Retrieved June 30, 2013, from http://www.bullfax.com/?q=node-folks-who-used-be-fanatical-about-

silver-and-gold-have[38] Koss, M. (2011). Bitcoin News: White Paper: A Bitcoin Primer, by CoinLab. Bitcoin News. Retrieved July 3, 2013, from

http://www.bitcoinnews.com/post/14971368999/coinlab-bitcoin-primer [39] Lee, T. B. (2013). Bitcoin's Volatility Is A Disadvantage, But Not A Fatal One Forbes. Information for the World's Business Leaders - Forbes.com. Retrieved July 6, 2013, from

72

http://www.forbes.com/sites/timothylee/2013/04/12/bitcoins-volatility-is-adisadvantage-but-not-a-fatal-one/ [40] Linden, B. K. (2011). Q1 2011 Linden dollar economy metrics up, users and usage unchanged. Second Life, 6. [41] Liu, A. (2013). A Guide to Bitcoin Mining: Why Someone Bought a $1,500 Bitcoin Miner on eBay for $20,600 | Motherboard. Motherboard | Home | Motherboard. Retrieved July 6, 2013, from

http://motherboard.vice.com/blog/a-guide-to-bitcoin-mining-why-someonebought-a-1500-bitcoin-miner-on-ebay-for-20600 [42] Matonis, Jon (2011): Why Are Libertarians Against Bitcoin? TheMonetary Future. From http://themonetaryfuture.blogspot.ie/2011/06/why-are-

libertarians-against-bitcoin.html, datum per se 26. Jun. 2011. [43] M'barek, W., & Myesser, H. (2012). Bitcoin: A peer-to-peer Electronic Cash System. Network Security Student Seminar, 2(3), 3. [44] McCullagh, D. (2013). Need Bitcoins? This ATM takes dollars and funds your account | Politics and Law - CNET News. Technology News - CNET News. Retrieved August 3, 2013, from http://news.cnet.com/8301-13578_3-

57570925-38/need-bitcoins-this-atm-takes-dollars-and-funds-your-account/ [45] McCullough, E. (2011). Bitcoin: A Sustainable Example Of Cryptographic, Decentralized Currency?.Project, 1(1), 3-6. [46] Meiklejohn, S., Pomarole, M., Grant Jordan, Levchenko, K., McCoy, D., Voelker, G. M., & Savage, S. (2013). A Fistful of Bitcoins: Characterizing Payments Among Men with No Names. San Francisco. [47] Nakamoto, S. (2009). Bitcoin: A Peer-to-Peer Electronic Cash System. bitcoin.org. Retrieved July 30, 2013, from http://bitcoin.org/bitcoin.pdf [48] Nakamoto, S. (2011). Bitcoin: An Electronic Cash System. www.bitcoin.org, 3(2), 34. [49] Onies, A. (n.d.). Disadvantages | Bitcoin.WWW-CS-FACULTY & STAFF Home Page (12-Apr-1995). Retrieved June 30, 2013, from http://www-cs faculty.stanford.edu/~eroberts/cs181/projects/201011/DigitalCurrencies/disadvantages/index.html [50] Parise, M. (2011). Spark 139 - February 27 & March 2, 2011. CBC radio. Retrieved July 30, 2012, from www.cbc.ca/spark/2011/02/spark-139-february27-march-2-2011/
73

[51] Pattison, M. L. (2011). Buying into Bitcoin: An Austrian Analysis of the Virtual Currencys Sustainability.bitcoinproject, 3(3), 13. [52] Plassaras, N. A. (2013). Regulating digital currencies: Bringing Bitcoin within the Reach of the IMF. Forthcoming, 14 Chi J Intl L, 14(3), 1-26. [53] Roncaglia, A. (2005). The wealth of ideas a history of economic thought. Cambridge: Cambridge University Press. [54] Rosenfeld, M. (2012). Analysis of hashrate-based double-spending.1(1), 4. [55] Rouviere, S. D. (2013). Speculation about Bitcoin's future. | Simon de la Rouviere. Simon de la Rouviere. Retrieved July 3, 2013, from

http://simondlr.com/post/44214403928/speculation-about-bitcoins-future [56] Santarelli, C. (2013). VA Atty Gen Responds to HCare Lawsuit Victory: We Have Beaten Back Attack Against Our Rights | Video | TheBlaze.com. Breaking news and opinion on TheBlaze. Retrieved June 30, 2013, from http://www.theblaze.com/stories/2013/03/29/what-are-bitcoins-could-they-bea-danger-for-the-global-economy/v [57] Santos, M. (2013). Why is the persevering anonymity issue still blocking Bitcoins evolution. BitCoin Examiner Your guide to the BitCoin Economy. Retrieved August 28, 2013, from http://bitcoinexaminer.org/why-is-thepersevering-anonymity-issue-still-blocking-bitcoins-evolution/ [58] Seaver, J. (2013). The Great Bitcoin Debate. Huffington Post. Retrieved September 4, 2013, from http://www.huffingtonpost.com/jesse-seaver/the-greatbitcoin-debate_b_3294847.html [59] Stanford University.(2013). Digital Wallets Project.Digital Wallets Project Home Page . Retrieved July 13, 2013, from

www.infolab.stanford.edu/~daswani/wallets [60] Stuckey, D. (2013). If Youre Not Careful, Bitcoins Aren't As Anonymous As You Think. MOTHERBOARD. Retrieved September 6, 2013, from

http://motherboard.vice.com/blog/if-youre-not-careful-bitcoins-arent-asanonymous-as-you-think [61] Subramanian, K. (2013). Google Checkout shelved. A look at Google Wallet and 6 other alternatives. | DIGITAL MEDIA NEWS | Digital Ministry. Digital Marketing and Digital Media Industry News and Events | Australia and New Zealand | Digital Ministry. Retrieved July 13, 2013, from

74

http://digitalministry.com/AU/articles/1930/+Google+Checkout+shelved+A+l ook+ [62] Wile, R. (2013). Gold And Silver Bugs Now Tout Bitcoin - Business Insider. Business Insider. Retrieved July 27, 2013, from

http://www.businessinsider.com/gold-and-silver-bugs-now-tout-bitcoin 2013?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3 A+TheMoneyGame. [63] Yang, E. Z. (2013). The Cryptography of Bitcoin : Inside 206-105. Inside 206105. Retrieved August 29, 2013, from http://blog.ezyang.com/2011/06/thecryptography-of-bitcoin/

75

Appendices

APPENDIX A: A Sample of Bitcoins Transaction

A SAMPLE TRANSACTION { "hash":"2a8cbe50702951ffe2bc1ca3b43b0c5f89015fe0fe89804e6044a1a062deefe7", "ver":1, "vin_sz":1, "vout_sz":1, "lock_time":0, "size":135, "in":[ { "prev_out":{ "hash":"0000000000000000000000000000000000000000000000000000000000000000", "n":4294967295 }, "coinbase":"04b1610f1a02dc01" } ], "out":[ { "value":"50.01400000", "scriptPubKey":"0444be0616bedaf687d12fd2442ee08c58b461234ee97e7b0c5ca3bb8784f6 f1728d0678aabf04fe5a772dd81842389817bf02637dc9a6e176a5cad3b3e94ea499 OP_CHECKSIG" } ] } (Harrigan & Reid, 2013) [29]

76

APPENDIX B Graph showing total Bitcoins mined over time

Total Bitcoins mined over time (http://zh.wikipedia.org/wiki/File:Total_bitcoins_over_time.png)

77

APPENDIX C: Hash Distribution over pools

Hash Distribution over pools. Courtesy of: http://bitcoinwatch.com/

78