{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,13]],"date-time":"2026-04-13T10:55:30Z","timestamp":1776077730591,"version":"3.50.1"},"reference-count":53,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2023,10,7]],"date-time":"2023-10-07T00:00:00Z","timestamp":1696636800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2023,10,7]],"date-time":"2023-10-07T00:00:00Z","timestamp":1696636800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"funder":[{"name":"Key Research and Development Program for Guangdong Province","award":["2019B010137003"],"award-info":[{"award-number":["2019B010137003"]}]},{"name":"Beijing Natural Science Foundation","award":["M21037"],"award-info":[{"award-number":["M21037"]}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Cybersecurity"],"abstract":"<jats:title>Abstract<\/jats:title><jats:p>Bitcoin is a decentralized P2P cryptocurrency. It supports users to use pseudonyms instead of network addresses to send and receive transactions at the data layer, hiding users\u2019 real network identities. Traditional transaction tracing attack cuts through the network layer to directly associate each transaction with the network address that issued it, thus revealing the sender\u2019s network identity. But this attack can be mitigated by Bitcoin\u2019s network layer privacy protections. Since Bitcoin protects the unlinkability of Bitcoin addresses and there may be a many-to-one relationship between addresses and nodes, transactions sent from the same node via different addresses are seen as coming from different nodes because attackers can only use addresses as node identifiers. In this paper, we proposed the <jats:italic>evicting and filling attack<\/jats:italic> to expose the correlations between addresses and cluster transactions sent from different addresses of the same node. The attack exploited the unisolation of Bitcoin\u2019s incoming connection processing mechanism. In particular, an attacker can utilize the shared connection pool and deterministic connection eviction strategy to infer the correlation between incoming and evicting connections, as well as the correlation between releasing and filling connections. Based on inferred results, different addresses of the same node with these connections can be linked together, whether they are of the <jats:italic>same<\/jats:italic> or <jats:italic>different<\/jats:italic> network types. We designed a multi-step attack procedure, and set reasonable attack parameters through analyzing the factors that affect the attack efficiency and accuracy. We mounted this attack on both our self-run nodes and multi-address nodes in real Bitcoin network, achieving an average accuracy of 96.9% and 82%, respectively. Furthermore, we found that the attack is also applicable to Zcash, Litecoin, Dogecoin, Bitcoin Cash, and Dash. We analyzed the cost of network-wide attacks, the application scenario, and proposed countermeasures of this attack.<\/jats:p>","DOI":"10.1186\/s42400-023-00182-9","type":"journal-article","created":{"date-parts":[[2023,10,7]],"date-time":"2023-10-07T03:19:14Z","timestamp":1696648754000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":3,"title":["Evicting and filling attack for linking multiple network addresses of Bitcoin nodes"],"prefix":"10.1186","volume":"6","author":[{"given":"Huashuang","family":"Yang","sequence":"first","affiliation":[]},{"given":"Jinqiao","family":"Shi","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0009-0003-6302-2194","authenticated-orcid":false,"given":"Yue","family":"Gao","sequence":"additional","affiliation":[]},{"given":"Xuebin","family":"Wang","sequence":"additional","affiliation":[]},{"given":"Yanwei","family":"Sun","sequence":"additional","affiliation":[]},{"given":"Ruisheng","family":"Shi","sequence":"additional","affiliation":[]},{"given":"Dongbin","family":"Wang","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2023,10,7]]},"reference":[{"key":"182_CR1","doi-asserted-by":"crossref","unstructured":"Androulaki E, Karame GO, Roeschlin M, Scherer T, Capkun S (2013) Evaluating user privacy in bitcoin. In: Financial cryptography and data security: 17th international conference, FC 2013, Okinawa, Revised Selected Papers 17, Springer, pp 34\u201351","DOI":"10.1007\/978-3-642-39884-1_4"},{"key":"182_CR2","doi-asserted-by":"crossref","unstructured":"Biryukov A, Pustogarov I (2015) Bitcoin over tor isn\u2019t a good idea. In: 2015 IEEE symposium on security and privacy, IEEE, pp 122\u2013134","DOI":"10.1109\/SP.2015.15"},{"key":"182_CR3","doi-asserted-by":"crossref","unstructured":"Biryukov A, Khovratovich D, Pustogarov I (2014) Deanonymisation of clients in bitcoin p2p network. In: Proceedings of the 2014 ACM SIGSAC conference on computer and communications security, pp 15\u201329","DOI":"10.1145\/2660267.2660379"},{"key":"182_CR4","unstructured":"Blockchair.com: Blockchair (2023). https:\/\/blockchair.com\/. Accessed 27 Mar 2023"},{"issue":"11","key":"182_CR5","doi-asserted-by":"publisher","first-page":"88","DOI":"10.1145\/3481627","volume":"64","author":"L Cai","year":"2021","unstructured":"Cai L, Sun Y, Zheng Z, Xiao J, Qiu W (2021) Blockchain in China. Commun ACM 64(11):88\u201393","journal-title":"Commun ACM"},{"key":"182_CR6","unstructured":"Cash B (2023) Shared connection pool and deterministic eviction logic in Bitcoin Cash. https:\/\/github.com\/bitcoin-cash-node\/bitcoin-cash-node\/blob\/v26.0.0\/src\/net.cpp. Accessed 7 Mar 2023"},{"key":"182_CR7","unstructured":"Community BD (2015a) Better fingerprinting protection for non-main-chain getdatas. https:\/\/github.com\/bitcoin\/bitcoin\/commit\/85da-07a5a001a563488382435202b74a3e3e964a. Accessed 5 Mar 2023"},{"key":"182_CR8","unstructured":"Community BD (2015b) Ignore getaddr messages on Outbound connections. https:\/\/github.com\/bitcoin\/bitcoin\/commit\/dca799e1db6e-319fdd47e0bfdb038eab0efabb85. Accessed 5 Mar 2023"},{"key":"182_CR9","unstructured":"Community BD (2015c) Reduce fingerprinting through timestamps in \u2019addr\u2019 messages. https:\/\/github.com\/bitcoin\/bitcoin\/commit\/9c-2737901b5203f267d21d728019d64b46f1d9f3. Accessed 5 Mar 2023"},{"key":"182_CR10","unstructured":"Community BD (2020) Cache responses to GETADDR to prevent topology leaks. https:\/\/github.com\/bitcoin\/bitcoin\/pull\/18991. Accessed 5 Mar 2023"},{"key":"182_CR11","unstructured":"Community BD (2022a) AcceptConnection. https:\/\/github.com\/bitcoin\/bitcoin\/blob\/v22.0\/src\/net.cpp. Accessed 2022"},{"key":"182_CR12","unstructured":"Community BD (2022b) Add randomness on every cycle to avoid the possibility of P2P fingerprinting. https:\/\/github.com\/bitcoin\/bitcoin\/-blob\/master\/src\/net_processing.cpp. Accessed 5 Mar 2023"},{"key":"182_CR13","unstructured":"Community BD (2022c) AttemptToEvictConnection. https:\/\/github.com\/bitcoin\/bitcoin\/blob\/v22.0\/src\/net.cpp. Accessed 2022"},{"key":"182_CR14","unstructured":"Community BD (2022d) Bitcoin v22.0. MAX_PEER_CONNECTIONS\/MAX_-OUTBOUND_FULL_RELAY_CONNECTIONS\/MAX_BLOCK_RELAY-_ONLY-_CONNECTIONS. https:\/\/github.com\/bitcoin\/bitcoin\/blob\/v22.0\/src\/net.h. Accessed 2022"},{"key":"182_CR15","unstructured":"Community BD (2022e) mapLocalHost. https:\/\/github.com\/bitcoin\/bitcoin\/blob\/v22.0\/src\/net.cpp Accessed 19 Mar 2023"},{"key":"182_CR16","unstructured":"Community BD (2022f) Noban NetPermissionFlag. https:\/\/github.com\/-bitcoin\/bitcoin\/blob\/v22.0\/src\/net_permissions.h#L31. Accessed 27 Aug 2022"},{"key":"182_CR17","unstructured":"Community BD (2022g) Prevent block index fingerprinting by sending additional getheaders messages. https:\/\/github.com\/bitcoin\/-bitcoin\/pull\/24571. Accessed 27 Aug 2022"},{"key":"182_CR18","unstructured":"Community BD (2022h) Protect connections with certain characteristics. https:\/\/github.com\/bitcoin\/bitcoin\/blob\/d571cf2d2421c6f8efb2b61ca-844034eaf230945\/src\/node\/eviction.cpp#L180. Accessed 27 Aug 2022"},{"key":"182_CR19","unstructured":"Community BD (2022i) Stochastical (IP) address manager. https:\/\/git-hub.com\/bitcoin\/bitcoin\/blob\/v22.0\/src\/addrman.h. Accessed 19 Mar 2023"},{"key":"182_CR20","unstructured":"Community BD (2022j) vNodes. https:\/\/github.com\/bitcoin\/bitcoin\/blob\/v22.0\/src\/net.h. Accessed 19 Mar 2023"},{"key":"182_CR21","unstructured":"Community BD (2023a) I2P support in Bitcoin Core. https:\/\/github.com\/bitcoin\/bitcoin\/commits\/master\/doc\/i2p.md. Accessed 5 Mar 2023"},{"key":"182_CR22","unstructured":"Community BD (2023b) Tor support in Bitcoin Core. https:\/\/github.com\/bitcoin\/bitcoin\/blob\/master\/doc\/tor.md. Accessed 5 Mar 2023"},{"key":"182_CR23","unstructured":"Dash: Shared connection pool and deterministic eviction logic in Dash (2022). https:\/\/github.com\/dashpay\/dash\/blob\/v19.x\/src\/net.cpp. Accessed 7 Mar 2023"},{"key":"182_CR24","unstructured":"Developer B (2022) Bitcoin Block Synchronization. https:\/\/developer.bitcoin.org\/devguide\/p2p_network.html Accessed 5 Mar 2023"},{"key":"182_CR25","unstructured":"Dogecoin: shared connection pool and deterministic eviction logic in Dogecoin (2023). https:\/\/github.com\/dogecoin\/dogecoin\/blob\/1.14.7-dev\/src\/net.cpp. Accessed 7 Mar 2023"},{"key":"182_CR26","unstructured":"Fanti G, Viswanath, P (2017) Anonymity properties of the bitcoin p2p network. Preprint arXiv:1703.08761"},{"key":"182_CR27","unstructured":"Foundation B (2010) Bitnodes: reachable Bitcoin nodes. https:\/\/bitnodes.io\/. Accessed 25 Mar 2023"},{"key":"182_CR28","doi-asserted-by":"crossref","unstructured":"Franzoni F, Daza V (2020) Improving bitcoin transaction propagation by leveraging unreachable nodes. In: 2020 IEEE international conference on blockchain (Blockchain), IEEE, pp 196\u2013203","DOI":"10.1109\/Blockchain50366.2020.00031"},{"key":"182_CR29","first-page":"989","volume":"41","author":"F Gao","year":"2018","unstructured":"Gao F, Mao H, Wu Z, Shen M, Zhu L, Li Y (2018) Lightweight transaction tracing technology for bitcoin. Chin J Comput 41:989\u20131004","journal-title":"Chin J Comput"},{"key":"182_CR30","unstructured":"Group IM (2022) IPv4 Transfer Pricing. https:\/\/ipv4marketgroup.com\/ipv4-pricing\/ Accessed 27 Aug 2022"},{"key":"182_CR31","doi-asserted-by":"crossref","unstructured":"Grundmann M, Baumstark M, Hartenstein H (2022) On the peer degree distribution of the bitcoin p2p network. In: 2022 IEEE international conference on blockchain and cryptocurrency (ICBC), IEEE, pp 1\u20135","DOI":"10.1109\/ICBC54727.2022.9805511"},{"key":"182_CR32","doi-asserted-by":"crossref","unstructured":"Hou H (2017) The application of blockchain technology in e-government in china. In: 2017 26th international conference on computer communication and networks (ICCCN), IEEE, pp 1\u20134","DOI":"10.1109\/ICCCN.2017.8038519"},{"issue":"3","key":"182_CR33","doi-asserted-by":"publisher","first-page":"2543","DOI":"10.1109\/COMST.2018.2818623","volume":"20","author":"MCK Khalilov","year":"2018","unstructured":"Khalilov MCK, Levi A (2018) A survey on anonymity and privacy in bitcoin-like digital cash systems. IEEE Commun Surv Tutor 20(3):2543\u20132585","journal-title":"IEEE Commun Surv Tutor"},{"key":"182_CR34","doi-asserted-by":"crossref","unstructured":"Koshy P, Koshy D, McDaniel P (2014) An analysis of anonymity in bitcoin using p2p network traffic. In: Financial cryptography and data security: 18th international conference, FC 2014, Christ Church, Revised Selected Papers 18, Springer, pp 469\u2013485","DOI":"10.1007\/978-3-662-45472-5_30"},{"key":"182_CR35","unstructured":"Litecoin: Shared connection pool and deterministic eviction logic in Litecoin (2022). https:\/\/github.com\/litecoin-project\/litecoin\/blob\/0.21\/src\/net.cpp. Accessed 7 Mar 2023"},{"key":"182_CR36","doi-asserted-by":"crossref","unstructured":"Mastan ID, Paul S (2018) A new approach to deanonymization of unreachable bitcoin nodes. In: Cryptology and network security: 16th international conference, CANS 2017, Hong Kong, Revised Selected Papers 16, Springer, pp 277\u2013298","DOI":"10.1007\/978-3-030-02641-7_13"},{"key":"182_CR37","doi-asserted-by":"crossref","unstructured":"Meiklejohn S, Pomarole M, Jordan G, Levchenko K, McCoy D, Voelker GM, Savage S (2013) A fistful of bitcoins: characterizing payments among men with no names. In: Proceedings of the 2013 conference on internet measurement conference, pp 127\u2013140","DOI":"10.1145\/2504730.2504747"},{"key":"182_CR38","unstructured":"Miller A, Litton J, Pachulski A, Gupta N, Levin D, Spring N, Bhattacharjee B (2015) Discovering bitcoin\u2019s public topology and influential nodes"},{"issue":"1","key":"182_CR39","doi-asserted-by":"publisher","first-page":"215824402199870","DOI":"10.1177\/2158244021998704","volume":"11","author":"MA Nadeem","year":"2021","unstructured":"Nadeem MA, Liu Z, Pitafi AH, Younis A, Xu Y (2021) Investigating the adoption factors of cryptocurrencies-a case of bitcoin: empirical evidence from china. SAGE Open 11(1):2158244021998704","journal-title":"SAGE Open"},{"issue":"2","key":"182_CR40","doi-asserted-by":"publisher","first-page":"237","DOI":"10.3390\/fi5020237","volume":"5","author":"M Ober","year":"2013","unstructured":"Ober M, Katzenbeisser S, Hamacher K (2013) Structure and anonymity of the bitcoin transaction graph. Future Internet 5(2):237\u2013250","journal-title":"Future Internet"},{"key":"182_CR41","unstructured":"Ocean D (2022) Simple, predictable pricing for Basic Droplets. https:\/\/www.digitalocean.com\/pricing\/droplets. Accessed 27 Aug 2022"},{"key":"182_CR42","unstructured":"Pieter W (2020) Address linking in the same network based on cache map collisions. https:\/\/github.com\/bitcoin\/bitcoin\/pull\/18991-#issue-comment-668219345. Accessed 5 Mar 2023"},{"key":"182_CR43","unstructured":"practicalswift: address linking cross networks based on cache map collisions (2020). https:\/\/github.com\/bitcoin\/bitcoin\/pull\/18991-#issuecomment-629745947. Accessed 5 Mar 2023"},{"key":"182_CR44","doi-asserted-by":"publisher","DOI":"10.1007\/978-1-4614-4139-7_10","volume-title":"An analysis of anonymity in the Bitcoin system","author":"F Reid","year":"2013","unstructured":"Reid F, Harrigan M (2013) An analysis of anonymity in the Bitcoin system. Springer"},{"key":"182_CR45","doi-asserted-by":"crossref","unstructured":"Saad M, Chen S, Mohaisen D (2021) Syncattack: double-spending in bitcoin without mining power. In: Proceedings of the 2021 ACM SIGSAC conference on computer and communications security, pp 1668\u20131685","DOI":"10.1145\/3460120.3484568"},{"key":"182_CR46","unstructured":"WalletExplorer.com: WalletExplorer (2023). https:\/\/www.walletexplorer.com\/. Accessed 27 Mar 2023"},{"key":"182_CR47","unstructured":"Wang L, Pustogarov I (2017) Towards better understanding of bitcoin unreachable peers. Preprint arXiv:1709.06837"},{"key":"182_CR48","unstructured":"Wang M, Ichijo H, Xiao B (2020) Cryptocurrency address clustering and labeling. Preprint arXiv:2003.13399"},{"key":"182_CR49","unstructured":"Wiki B (2021) Bitcoin VERSION Message. https:\/\/en.bitcoin.it\/wiki\/Protocol_documentation#version. Accessed 5 Mar 2023"},{"key":"182_CR50","unstructured":"Wikipedia: cosine similarity (2022a). https:\/\/en.wikipedia.org\/wiki\/Cosine_similarity. Accessed 7 Mar 2023"},{"key":"182_CR51","unstructured":"Wikipedia: SimHash (2022b). https:\/\/en.wikipedia.org\/wiki\/SimHash. Accessed 7 Mar 2023"},{"key":"182_CR52","unstructured":"Zcash: Shared connection pool and deterministic eviction logic in Zcash (2023). https:\/\/github.com\/zcash\/zcash\/blob\/v5.4.2\/src\/net.cpp. Accessed 7 Mar 2023"},{"key":"182_CR53","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/s11432-019-9900-9","volume":"63","author":"B Zheng","year":"2020","unstructured":"Zheng B, Zhu L, Shen M, Du X, Guizani M (2020) Identifying the vulnerabilities of bitcoin anonymous mechanism based on address clustering. Sci China Inf Sci 63:1\u201315","journal-title":"Sci China Inf Sci"}],"container-title":["Cybersecurity"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1186\/s42400-023-00182-9.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1186\/s42400-023-00182-9\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1186\/s42400-023-00182-9.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,11,19]],"date-time":"2023-11-19T11:06:14Z","timestamp":1700391974000},"score":1,"resource":{"primary":{"URL":"https:\/\/cybersecurity.springeropen.com\/articles\/10.1186\/s42400-023-00182-9"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,10,7]]},"references-count":53,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2023,12]]}},"alternative-id":["182"],"URL":"https:\/\/doi.org\/10.1186\/s42400-023-00182-9","relation":{},"ISSN":["2523-3246"],"issn-type":[{"value":"2523-3246","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023,10,7]]},"assertion":[{"value":"4 May 2023","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"26 July 2023","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"7 October 2023","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare that they have no competing interests.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Competing interests"}}],"article-number":"50"}}