Do you still think Bitcoin anonymity is unbreakable?

It has long been the belief of the cryptocurrency community that digital addresses in bitcoin and other wallets will protect the identities of those who use them to buy and sell.

A new paper published this week by researchers at Baylor College of Medicine and Rice University shatters that presumed anonymity.

The researchers used a technique called “address linking” to study transactions in Bitcoin’s first two years, from January 2009 to February 2011.

Their key finding was that during those first two years, the majority of Bitcoin was mined by 64 agents, worth a combined $84 billion at current prices.

This number is 1,000 times smaller than previous estimates of the size of the early Bitcoin community (75,000 people).

The 64 included some well-known figures who have become legends, such as Ross Ulbricht, whose name was “Dread Pirate Roberts.”

Ulbricht was the founder of “Silk Road,” a black market that used bitcoin for illicit activities until it was shut down by the FBI.

Between the time Bitcoin was launched and when it reached parity with the U.S. dollar, 64 agents mined most of the Bitcoin.

The researchers used the data breach to construct a map of the blockchain in early 2011, in which bitcoins were arranged by the agent of the mining, with a focus on studying the impact of people participating in game theory situations as anonymous parties.

Surprisingly, they found that early insiders like Ulbricht could exploit the relative scarcity of participants by sabotaging Bitcoin to double-spend Bitcoin, but they didn’t.

Their behavior is “altruistic” in order to maintain the integrity of the system. This is intriguing, but a more pressing discovery is that addresses can be traced and identities revealed.

To find out who was doing these early transactions, the team had to reverse engineer the entire premise of Bitcoin and all cryptocurrencies: anonymity.

As outlined by Satoshi Nakamoto in the original Bitcoin white paper, privacy will be protected in two ways: anonymous use of public keys and the creation of new key pairs for each transaction.

The traditional banking model achieves a degree of privacy by restricting access to information by interested parties and trusted third parties.

The need to publicly announce all transactions precludes this approach, but privacy can still be maintained by breaking the flow of information in another place: by maintaining the anonymity of the public key.

The public can see that someone is sending an amount to someone else, but there is no information linking the transaction to anyone.

As an additional firewall, each transaction should use a new key pair to prevent them from being linked to a common owner.

Some links are still unavoidable for multi-input transactions, which necessarily show that their inputs are owned by the same owner.

The risk is that if the owner of one key is revealed, the link may reveal other transactions belonging to the same owner.

Blackburn and the team had to track down these key pairs to reveal who was transacting in early Bitcoin.

To do this, they developed what they call a novel address linking scheme.

Two of these techniques exploit how Bitcoin mining software generates apparently meaningless strings that are used as part of Bitcoin’s cryptographic protection against counterfeiting.

In fact, there is a wide range of correlations between seemingly meaningless strings associated with one user.

Two other techniques exploit insecure user behavior, such as using multiple addresses to pay for a transaction, which makes it possible to link addresses based on transaction activity.

The consequence of this, they wrote, is the possibility of “following the money,” starting with a known identity and exposing any identity by following the chain of associations in the address graph.

These network properties have unintended privacy consequences, as they make the network easier to de-anonymize using a “follow the money” approach.

In this approach, the identity of the target Bitcoin address can be determined by identifying a short transaction path that connects to an address whose identity is known, and then following the path using off-chain data sources (from public data to subpoenas) Walk, determine who-pay-who to de-identify the address until the destination address is identified.