Tor At The Heart: Cryptocurrencies

by asn | December 20, 2016

During the month of December, we're highlighting other organizations and projects that rely on Tor, build on Tor, or are accomplishing their missions better because Tor exists. Check out our blog each day to learn about our fellow travelers. And please support the Tor Project! We're at the heart of Internet freedom. Donate today!



The topic for today is electronic money. The blockchain is pretty hot right now! Bitcoin, dogecoin, ethereum, zcash you name it... Cryptocurencies have grown from e-toys to globally recognized systems by facilitating free and borderless trade, no bank fees and improved privacy.

You are reading the Tor blog, so let's focus on the privacy and anonymity part. Could cryptocurrencies claim that they provide privacy if Tor was not around to give strong transport-layer anonymity?

To visualize this, let's go through just a few ways Tor is used around the cryptocurrency ecosystem. We will mainly focus on Bitcoin, but the same applies to most blockchain-based cryptocurrencies:

Tor provides privacy to cryptocurrency transactions!

Let's imagine that Alice wants to buy a ticket for Torconf, the best (fictional) conference on computer anonymity. She wants to buy the ticket with Bitcoin so that she does not reveal her interests to her bank or her identity to the conference organizers. To buy the ticket with Bitcoin, she needs to perform a Bitcoin transaction.

Bitcoin transactions work by Alice broadcasting her transaction to a few Bitcoin supernodes. Those nodes then propagate the transaction further to the rest of the Bitcoin network until it becomes recognized. If Alice did not use Tor to conduct her transaction, those initial supernodes trivially learn the IP address of Alice. Furthermore, since the Bitcoin blockchain is a public log of transactions, analysts could match her newest transaction with her previous transactions and just follow the money trail. These are just some of the many well known privacy risks of Bitcoin, and companies have been collecting and selling social graph analytics of the Bitcoin blockchain for years now...

Given the above threats, it should be no surprise that most Bitcoin clients give the option to their users to perform transactions over the Tor network. By routing traffic over Tor, no one learns the origin IP address of Alice when she buys her Torconf ticket.

Furthermore, even the hottest and newest cryptocurrencies (like Zcash) that provide transaction anonymity as a fundamental security property still benefit from Tor's transport-layer anonymity to actually anonymize the networking part of the Zcash transaction.

We feel that Tor has tremendously helped the cryptocurrency community to grow just by providing transport-layer anonymity to transactions! Also, please remember that maintaining anonymity is not an easy task, so always be up-to-date on the latest security news depending on your threat model.

Tor secures cryptocurrency networks!

Apart from users performing anonymous Bitcoin transactions, the Bitcoin network itself uses Tor to increase its defenses. Since last year, the Bitcoin core project has integrated Tor onion services to their core network daemon. If Tor is installed in the system, Bitcoin will automatically create an onion service and act as a Bitcoin node over Tor to avoid leaking the real IP address of the node. This provides greater network resilience and protection against targeted attacks to Bitcoin nodes. You can see that there are hundreds of Tor bitcoin nodes. Zcash and other cryptocurrencies have followed the same path.

Furthermore, many mining pools advertise onion service support for their miners. Bitcoin infrastructure has been a target of hackers for a while, and virgin blocks are more and more valuable, so having anonymity as a miner is a desirable security property.

Tor protects the wider cryptocurrency ecosystem!

If you take a look around the Bitcoin world, you will notice that Tor support is advertised by all sorts of websites and services! Most bitcoin-related websites have onion sites that people can visit over Tor: for example, blockchain.info has been running a popular Tor onion service for its users. Most Bitcoin tumbler services also work over Tor onion services. Same goes for websites and forums offering help with Bitcoin. This is obviously done because the Bitcoin community has a great appreciation and need for privacy.

Tor is proud to have helped the cryptocurrency community grow over the years. We believe that electronic currencies can be a powerful tool for social change, but also a great scientific research area with results that can benefit other areas, like secure electronic voting, consensus algorithms, append-only data structures and secure name systems.

Help Tor grow the cypherpunk ecosystem by donating today!! We also accept Bitcoin!

Have a good day :)

Comments

Please note that the comment area below has been archived.

December 19, 2016

Permalink

Bitcoin does the correct thing. ZCash is a fork of Bitcoin with a poorly implemented plugin that is meant to provide support for the ZeroCash protocol, but it inherits the same Tor support that Bitcoin developed. It is an insult to the Bitcoin developers to list ZCash as if it's done any work in this arena at all.

It's also pretty telling that Monero is entirely ignored by this article, despite it's cypherpunk routes and pro-privacy efforts, simply because it is focused on i2p in addition to Tor (https://github.com/monero-project/kovri).

> Not co-operating with I2P could very well be the actual, long-term downfall of Tor,

How so?

Years ago I2P was in Tails, but it seems to have been dropped. Years ago an independent security audit found flaws in I2P, but I don't know whether they have been fixed. If you know more, please explain.

> so I really hope that isn't what's going on.

Huh?

December 20, 2016

Permalink

I'm surprised (though only a little) that Torcoin wasn't mentioned. Yes, the project does seem to be abandoned, last time I checked, but still, Tor blog, Torcoin...

For those who don't know, Torcoin was a cryptocurrency that used a technique (protocol?) called TorPath to track Tor relays and their bandwidth, and associate a Torcoin address with them, allowing relays to mine coins by providing bandwidth to the network. I think it could have been an interesting, if not valuable, cryptocurrency that would have benefitted the Tor network, but unfortunately I lack the skills to revive it. Note that Torcoin was never developed or endorsed by the Tor Project, afaik. Any thoughts (even if trivial) from the Tor people about Torcoin?

Hello,

Torcoin was indeed never developed or endorsed by the Tor project. The fact that 'Tor' is in its name is a bit sneaky on their part, since it actually confuses people into thinking it's an official project or that we should write blog posts about it.

I find the Torcoin concept kinda intriguing actually, but for this blog post I decided to focus on the really active and alive cryptocurrency projects benefiting from Tor.

December 20, 2016

Permalink

AFAIK, applying Tor to the problem of designing safe and secure cryptocurrences was not envisaged when onion routing was created.

I have a strategic suggestion for Shari: another possible future application for Tor might be the problem of designing safe and secure evoting systems which feature strong authentication just before the vote is cast, but preserve anonymity for the actual vote. See

https://www.eff.org/deeplinks/2016/02/voter-privacy-what-you-need-know-…
Voter Privacy: What You Need to Know About Your Digital Trail During the 2016 Election
Dave Maass
29 Feb 2016

> The right to an anonymous vote is a cornerstone of the U.S. democratic process. Yet from the time until you walk into the voting booth until long, long after you cast your ballot, your personal information is a highly sought-after commodity. Often your name, contact details, and political leanings are frighteningly easy for political campaigns to access, collect, share, trade, and sell.

Maybe Tor Project can put this on the list of suggested research topics for the privacy technology academic community?

December 22, 2016

Permalink

If we have/had a crypto-currency which is:
- Anonymous
- Lightweight on the client side (not miners)
and a browser add-on that allow websites visitors to pay tiny amount of money at each visit, We could put an end to all the adds and privacy abuse from websites.
If we take most major news websites as an example:
- They don't gain much at each visit with the adds
- They invade readers privacy as much as possible
- The user pay in computer power and electricity (Tons of javascripts) and bandwidth for the privacy invasion
- The articles are often sponsored by companies voiding the little journalistic independence that was left.

At the end of the day the journalists also need to be paid but deteriorating the quality of the articles and abusing users to do it defeats the point.

However if we had a browser add-on that uses an anonymous and lightweight crypto-currency to make the user finance such websites with really tiny amount of money (given the amount of revenue generated by adds it will not be hard to match) we could finance journalism, and have journalists have even better independence.

This could also extend to finance many of the people that do videos on youtube professionally without needing them to rely on youtube at all.

Free journalism!

I think this is potentially a great idea.

As a "fully torified news junkie", if there were only some easy to use and highly secure and throughly anonymous ecurrency I could use, I would voluntarily contribute to support my favorite news organizations.

Such a development would not be at all easy to achieve, I think, but it could solve the problem of Google and other giants of the next relying on stealing and sharing with anyone willing to pay so much extremely detailed and potentially dangerous information every citizen's minute by minute location and activities.

It follows that our community to should try to persuade Google to Make it So.

December 29, 2016

Permalink

Britcoin (BRIT) is proudly always on Tor. Financial privacy is important to everyone, especially to us Brits. :)

January 01, 2017

Permalink

Hi, I am the founder and lead dev of Bitsquare [1].

Bitsquare is a decentralized Bitcoin exchange using Tor hidden services for it's custom P2P network. It uses a similar concept like Ricochet though is implemented in Java and does not share any code base with Ricochet.
In Bitsquare all traffic is routed over Tor by default. Tor is integrated so the user does not need to install or configure anything. It is all open source (AGPL) and a community project.
If any dev with Tor experience wants to help, please get in touch! There is plenty of work to be done...

Best regards and happy new year!
Manfred

[1] https://bitsquare.io/

January 01, 2017

Permalink

Forget about Zcash. It's corporate, taxed and terribly flawed (not anon by default). Cool kids use Monero.

February 21, 2017

Permalink

Come and check out Spectrecoin (XSPEC), we have integrated Tor in our codebase and we have anonymous transactions w/ ring signatures