May 29, 2013, 12:07 am
Unlike Liberty Reserve, Bitcoin Is Not Anonymous — Yet
By NICOLE PERLROTH
After Liberty Reserve, an online payment system, was shut down by law enforcement authorities Tuesday, many wondered whether Bitcoin, the digital currency, would be next.
Just a couple of years ago, a large pepperoni pizza would have cost you 10,000 Bitcoins. Now, a single Bitcoin is worth roughly $129. Bitcoin’s meteoric rise has been driven up largely by speculators who believe, like gold, it could be a haven from the fluctuations of other currencies. But in small part, that hyper-inflation also has been driven by those who believe the digital currency provides anonymous cover for illicit transactions.
Silk Road, a black market for illegal drugs, relies on Bitcoin. Assassins are also apparently big fans. (On the far, other end of the spectrum, it turns out the Winklevoss twins are also believers).
But contrary to conventional wisdom, Bitcoin is not anonymous. In fact, security experts say that if prosecutions like Liberty Reserve continue, the most likely targets are major payment systems like WebMoney and eForexGold, payment systems that security experts contend allow their users to move capital anywhere in the world without verifying their identities.
“There are a multitude of anonymous payments systems out there, similar to Liberty Reserve, of which there are over 100,” said Tom Kellermann, a vice president of the security company Trend Micro. “Many pretend to ‘know thy customer’ but do not actually do due diligence.”
Bitcoin operates with greater transparency than those systems. It may be fully decentralized and requires no central bank or government authority, but Bitcoin transactions are as public — if not more so — than any other payment network. Each transaction is recorded in a public ledger, called a “block chain,” to keep people from writing the digital equivalent of a bad check. That public block chain makes it possible to trace transactions, even years after they have transpired. In one case, researchers were able to trace the spending of 25,000 stolen Bitcoins in 2011.
Laundry services like Bitlaundry and Bitcoinlaundry make transactions harder to trace. But it’s unclear how long those services can operate with impunity after the Liberty Reserve shutdown. It also requires a fair amount of blind trust to assume that such services won’t themselves track — or steal — a users’ Bitcoins.
With some additional code, however, cryptographers believe Bitcoin could finally live up to its covert reputation. At an annual security and privacy symposium in San Francisco last week, a group of cryptographers from Johns Hopkins University debuted Zerocoin, a Bitcoin add-on that if widely adopted could make Bitcoin transactions impossible to trace.
The cryptographers, Ian Miers, Christina Garman, Matthew Green and Aviel D. Rubin, believe Zerocoin could eventually “break the link between individual Bitcoin transactions without adding trusted parties.”
The cryptography will make your head spin — a full technical explanation is available here — but Mr. Miers likened Zerocoin to an in-house laundry service. Essentially, the Zerocoin add-on allows users to leave their Bitcoins floating in a wash, for someone else to grab, so long as they can redeem the same amount of Bitcoin in the future.
There are some significant caveats. For Zerocoin to work, it will eventually require full-scale adoption. ”People have to have faith in the currency system to actually use it,” Mr. Miers said.
Zerocoins also require more computing power, which can lead to glitches and lag times. A complete transaction takes about two seconds to verify, which can be unpalatable to impatient users. Another challenge, Mr. Miers said, is explaining the “heavyweight crypto” to users.
“As complicated as Bitcoin is, you can explain the crypto even to nonexperts,” Mr. Green wrote in a blog post last month. “Unfortunately Zerocoin is a different animal. It will take time to convince people that these new techniques are safe.”
But the biggest challenge, in light of Tuesday’s indictment of Liberty Reserve, could be government interference.
Law enforcement officials have largely left Bitcoin alone. One exception was earlier this month when the federal authorities seized accounts associated with Mutum Sigillum, an intermediary of Mt. Gox, the world’s largest Bitcoin exchange. But according to the warrant, the accounts were seized because Mutum Sigillum had not properly registered as a money transmitter with the Treasury Department.
If Bitcoin became a truly anonymous payment system, security experts say it would spur far greater scrutiny if it hasn’t already.