A magazine dedicated to all things Bitcoin
The Battle Is On - Silk Road vs Government, and Bitcoin Anonymityauthor: Vitalik Buterin
published: 2011-06-08 00:33:34 UTC
Recently, there has been a surge of media attention on the Silk Road market, which connects sellers and buyers of illegal drugs and uses Bitcoin as a means of payment. Naturally, part of this attention is attention from government, and the government has every incentive to try as hard as possible to bring Silk Road down. "Never before has a website so brazenly peddled illegal drugs online," a senator intent on cracking down on Silk Road said, and it is true. Silk Road's website looks like a legitimate, professionally done E-bay like service, and represents a move away from black markets in the shadows to blatant agorism - acting as if the government itself is illegitimate. Why is Silk Road so much more brazen than before? The simple reason is - because it can. Before, the weakest link in a drug transaction was payment - either a physical meeting (risky), a credit card or Paypal transfer (easily traced to physical identity) or a mail cash transfer (requires too much trust) was necessary, so participants in the drug economy had to rely on security through obscurity, keeping their websites and forums known to few, to avoid detection. Now, however, physical delivery is the only weak link, so although the security is not perfect the internet side of the transaction is, in theory, almost completely anonymous.
In order for anonymous transactions to be possible through Bitcoin, however, a mixing system must be used. There are two types of mixing systems: those secure against attack from people viewing the public transaction block, like Bitcoin Laundry and those secure against attack from the mixing system itself, like Open Transactions. The first work in something similar to the following:
- Alice wants to transfer 10 BTC to Bob. Alice deposits 10 BTC into the system, and gets a 10 BTC balance within the system.
- Alice gives Bob her one-time account key.
- Bob withdraws 10 BTC, but the coins come not from Alice but from some other people who had deposited 10 BTC earlier. Thus, there is no chain from Alice to Bob in the public transaction log.
In BitcoinLaundry in particular, steps 2 and 3 happen internally and automatically, so Alice directly sends coins to Bob's address without Bob participating in the process. The problem is that the mixing system knows that the key Alice got and the key Bob used are the same, or related, and thus knows that Alice transfetted money to Bob. Law enforcement agencies could potentially set up mixing systems as honeypots. The systems of the second type work in the following way:
- Alice deposits 10 BTC into the system, and sends an encrypted certificate to be blind signed. Blind signatures are a way that allows the bank to sign the certificate without knowing what the message signed or even the signature itself looks like; a more detailed description can be found here.
- The bank sends the blind signed certificate back to Alice. Alice decrypts the blind signed certificate and gets a normal signed certificate. She sends this to Bob.
- Bob sends the certificate to the bank, the bank verifies it and withdraws 10 BTC.
The advantage here is that the bank has no way of linking Alice's certificate to Bob's certificate even though it can tell that the certificate is legitimate. A useful real-world analogy is the one used in the name "blind signature": Alice creates a piece of paper with some text on it, blindfolds the bank, the bank signs the paper blindfolded, then Alice gives the paper to Bob, the bank takes off its blindfold and verifies the signature. The bank does not know who the certificate that Bob provided came from, but it can recognize the signature as its own. This is still vulnerable to statistical attacks - if Alice deposits 13500 BTC into one of these systems and Bob withdraws 13500 BTC, then it is obvious that Alice and Bob made a transaction with each other. There are further ways of masking this - one is using "clean" coins to send as a payment; a 400 BTC donation to hacker group LulzSec (press release here) was done this way and is completely untraceable; another way is splitting up the transaction, sending it to many different addresses belonging to Bob, but no matter what (unless you have freshly minted coins, which will not exist in significant quantities forever) there is still substantial information leakage, so Bitcoin's Jeff Garzik cautions: "Attempting major illicit transactions with bitcoin, given existing statistical analysis techniques deployed in the field by law enforcement, is pretty damned dumb." Minor illicit transactions, on the other hand, are easy to hide, and the sales currently made on Silk Road are almost all below 10 BTC.
Silk Road itself uses an internal mixing system of the first type, so it does have the weakness that users must trust it. The fact that the system is internal is itself a weakness: even if one cannot tell which drug someone bought, the fact that someone bought something off of Silk Road is easier to deduce, although there is always plausible deniability, since some legal products are sold there. Silk Road promises to delete the physical address of the buyer as soon as the transaction is complete, but there is no way to prove this. Because of this trust, it is a good idea for Silk Road users to use their own anonymity protection in addition to Silk Road's: using another bitcoin mixer, like BitcoinLaundry or using a bank as a mixer, like MyBitcoin, adds a layer of obfuscation to the transaction, and use of post boxes under fake IDs or someone else's house is often advised on Silk Road forums.
The de facto anonymity of Bitcoin can be increased by frequent use of mixers, and it is important to note that many types of services can be used as mixers: bitcoin accounts like MyBitcoin, Bitcoin poker sites and witcoin, no matter what their purpose, can be used. A startup promising Bitcoin debit cards and Bitbills offer the option to buy bitcoins anonymously physically, once again removing all traces of where they came from. As services like these are integrated into the Bitcoin economy, it may ultimately become impossible for investigators to see where coins came from more than 4 or 5 transactions back.
The senators' attack against Silk Road does have serious consequences for the Bitcoin economy, since the price of Bitcoin would likely fall considerably without Silk Road users' demand for the currency, but the government's focus seems to be on Silk Road itself, not Bitcoin. Looking at some of Charles Schumer's comments in this article, there is a lot of anger toward the brazenness of Silk Road, but no desire to attack the Bitcoin that is behind it. Senator Charles Schumer recognizes that Bitcoin is "an online form of money laundering used to disguise the source of money, and to disguise who's both selling and buying the drug", but it is not, for now, the focus. Schumer clearly does not see Bitcoin as being of prime importance in allowing internet drug users' blatantness to reach the level that it did, although his opinion should not necessarily be taken seriously: like most government officials, Schumer is not an expert in internet technological issues, since he advocated (see last paragraph) seizing Silk Road's domain name, even though Silk Road currently does not even use a domain name and operates only as a .onion hidden service visible on the Tor network. The DEA, upon investigating, may turn government eyes toward Bitcoin, but this will take some time. It is important to note that some parts of the government are already aware of Bitcoin: Gavin's speech to the CIA on Bitcoin is due to take place on June 14. Given that Gavin received the invitation to speak as early as April, the CIA has known about Bitcoin for some time and is not interested in a direct attack on it, and they will not change their course of action until they review Gavin's comments at the conference. Whatever the response against Silk Road may be, for at least a couple of weeks Bitcoin is safe.
The internet has resulted in profound changes to the economics of selling media. Before, if one wanted one an album or a movie, the only option would be to go to the store and buy it. Now, however,...
There's been a discussion recently on the Bitcoin forums regarding whether or not it is properly considered Currency, or Money, or what. So, I felt I would contribute, as it were, my two Bitcents....