This paper presents an efficient method to deanonymise Bitcoin users, which allows to link user pseudonyms to the IP addresses where the transactions are generated. The deanonymisation techniques suggested work for the most common and the most challenging scenario when users are behind NATs or firewalls of their ISPs.

They link transactions of a user behind NAT and to distinguish connections and transactions of different users behind the same NAT. The paper also shows that a natural countermeasure of using Tor or other deanonymisation services can be cut-off by abusing anti-DoS countermeasures of the Bitcoin network.

However, not every rogue behaviour is detectable. If a certain form of unwanted behaviour is not visible, it can hardly be policed or prevented. That’s why the paper explores  a number of techniques that reveal the topology of the Bitcoin network. Some of the techniques are used for a specific attack, but the entire set is interesting by itself – not just in in the context of deanonymisation.