The Challenge of Bitcoin Pseudo-Anonymity to Computer Forensics
62 Pages Posted: 13 Oct 2015 Last revised: 17 Oct 2015
Date Written: October 9, 2015
Digital forensics must constantly adapt to new technological developments. The advent of Bitcoin is such a development. Bitcoin represents a new model for financial transactions. In many cash transactions between strangers, the underlying model is parties-unknown/transaction-unknown. There is no ledger record of the transaction. In contrast, PayPal illustrates the parties-known/transaction-known model. An intermediary will record both items of information. Bitcoin differs from both of these models; Bitcoin uses a parties-unknown/transaction-known model. The Bitcoin block chain records the transaction, but the user’s Bitcoin address is not expressly tied to an identity. Thus, Bitcoin users enjoy pseudo-anonymity.
As the recent experience with Silk Road demonstrates, there is a downside to this pseudo-anonymity. Precisely because of that feature, Silk Road served a marketplace for vendors to sell illegal narcotics, forged identifications, and other illicit goods and services. Given that danger, law enforcement authorities have a felt need to develop techniques to penetrate the pseudo-anonymity. To do so, they have turned to digital forensics experts.
This article evaluates two techniques that have been proposed for this purpose. The first is traffic analysis. This technique relies on the entry nodes that users employ to access the Internet. The second is transaction graph analysis. This technique clusters transactions to identify natural chokepoints in the Bitcoin economy, that is, service islands where, for example, the user might convert Bitcoins to fiat currency. The chokepoints becomes a target for a law enforcement subpoena to learn the user’s IP address.
After describing each technique, the article assesses the research conducted to date. In particular, the article reviews Alex Biryukov’s research into traffic analysis and Sarak Meiklejohn’s work with transaction graph analysis. The article applies the standards announced in Daubert v. Merrell Dow Pharmaceuticals, Inc., 509 U.S. 579 (1993) to determine whether, given the available data, expert testimony based on either technique would be admissible today. The article explains that it is doubtful whether testimony based on either technique would survive a Daubert admissibility challenge. The article concludes that further research is needed to enable law enforcement authorities to effectively penetrate the pseudo-anonymity of the new parties-unknown/transaction-known model.
Suggested Citation: Suggested Citation