Alex Biryukov and Ivan Pustogarov from the University of Luxembourg has published a new paper where they claimed that bitcoin over Tor is not a good idea.

Some of the main issues discussed throughout the paper are related with the problems associated with the Tor exit nodes.These nodes have been identified as the source of “man in the middle” attacks.The paper has cause a lot of buzz and controversy in the bitcoin world, but it looks like there is no need for serious distress.The matters discussed in the paper from the academics pair mainly revolve around 2 points of attack: sybil attacks and traffic analysis.

Many participants noted in a related Reddit thread that traffic analysis has been a recognized issue with exit nodes for quite some time.The crypto currency does not encrypt and validate traffic. However, that is a counter-measure proposed to the solution that was offered at the end of the paper.Bitcoin agitator Justus Ranvier added more details on the other types of attacks discussed in the paper.He explained that the paper shows that attackers find it relatively cheap to get all Tor exit nodes barred by the network excluding the one the attacker controls.

This allows the attacker to pry on all Tor-to-clearnet bitcoin traffic. Some applicable sybil attacks were elaborated too. Unraveling only Sybil attacks do not bring any solution to the problem.Ranvier suggested a better name for the paper, indicating that Tor Exit Nodes cause the problem but Sybil Attacks are responsible too.

One of the distinctions that should be made when using bitcoin over Tor is that the basic anonymity network works better when the user stays within the Tor ecosystem.If a user starts to use the exit nodes as a portal to the clearnet, he exposes himself to a wide range of concerns.This was an important point that Ranvier made when he was asked about the seriousness of the allegations in the paper.Ranvier noted when talking about an attack about a mass banning of some Tor exit nodes related to the bitcoin network that only clients who use Tor to connect to clearnet nodes are affected.Users who only join to hidden services are not prone to this specific attack.

He demonstrated how the hidden services users remain unaffected and how if more than one attacker tries this strategy at the same time, they will all fail.Having more bitcoin nodes as hidden services is considered the right move. This would raise the cost of such a DoS attack on the Tor hidden service directory.The fraction of Bitcoin peers available as Tor hidden services is quite small for the attacker.This means it is less likely that a client will choose a peer available as a hidden service and also makes black-holing of current Bitcoin hidden services practical.It seems like Tor is still a feasible option for users who wants to protect their financial privacy.