Skip to main content
Research

Temporal Correlation Links User IP Addresses to Blockchain Pseudonyms

A passive network attack exploits the time difference between transaction confirmation and RPC query packets to deanonymize over 95% of users.
November 22, 20253 min

Spherical nodes are intricately connected by a lattice of vibrant blue, faceted cubes, forming an abstract representation of a decentralized network. This visual strongly suggests blockchain technology, where the spheres could symbolize network nodes or validator entities, and the crystalline cubes represent encrypted data packets or cryptographic primitives essential for secure transactions
An abstract composition features numerous faceted blue crystals and dark blue geometric shapes, interspersed with white spheres and thin metallic wires, all centered within a dynamic structure. A thick, smooth white ring partially encompasses this intricate arrangement, set against a clean blue-grey background

Briefing

The core research problem is the unexamined privacy risk at the interface between the public network and the blockchain’s application layer, where users rely on Remote Procedure Call (RPC) services under the false premise of pseudonymity. The proposed breakthrough is a passive deanonymization attack that exploits the temporal correlation between a user’s network-layer TCP packet timestamp for a transaction status query and the transaction’s public, on-chain confirmation timestamp. This reveals a fundamental, systemic vulnerability in the standard client-to-node communication model, achieving a high success rate and demonstrating that network-level privacy is a critical, unsolved challenge for all major public ledgers.

A translucent, frosted white material seamlessly merges with a vibrant, undulating blue substance, bridged by a central black connector featuring multiple metallic pins. The distinct textures and colors highlight a sophisticated interface between two separate yet interconnected components

Context

Prior to this analysis, the primary focus for blockchain privacy was on cryptographic solutions like zero-knowledge proofs or mixing services, assuming the network layer provided a baseline of anonymity through IP obfuscation or the use of public RPC endpoints. The prevailing theoretical limitation centered on costly, active attacks that required transaction fees or direct man-in-the-middle positioning. The foundational challenge remained ∞ formally quantifying the leakage of user identity when a pseudonym (wallet address) interacts with a public ledger via common, latency-sensitive network infrastructure.

A close-up perspective showcases a futuristic device, primarily composed of translucent blue material, featuring a central silver button labeled 'PUSH' set within a rectangular silver base. The device's sleek design and visible internal structures highlight its advanced engineering

Analysis

The core mechanism operates by establishing a cryptographic link between two distinct, time-stamped events. The attacker, positioned as a passive observer on the network backbone, monitors a user’s IP address and records the precise time a TCP packet is sent to an RPC node to check a transaction’s status. Concurrently, the attacker monitors the public blockchain to record the transaction’s final, immutable confirmation timestamp.

The extremely narrow and unique time window, or temporal signature , between the on-chain event and the subsequent off-chain query serves as a unique identifier. This correlation is robust because the latency is a near-constant for a specific user-to-node path, allowing the attacker to link the network-layer source (IP) to the application-layer identity (pseudonym) with high certainty.

A chain of glossy white spheres linked by transparent rods extends across a grey background, each sphere encircled by a dynamic cluster of blue and clear crystalline shards radiating light. The composition suggests an abstract representation of interconnected digital entities or processes

Parameters

  • Success Rate Against Normal Users ∞ Over 95%. Explanation: The measured efficacy of the attack against typical users on networks like Ethereum, Bitcoin, and Solana.
  • Transaction Fee Requirement ∞ Zero. Explanation: The attack is passive and does not require the adversary to submit or pay for any transactions.
  • Adversary Model ∞ Strong Passive. Explanation: Assumes the attacker has access to network infrastructure like border routers but does not actively interfere with traffic.

A detailed, angled perspective showcases a futuristic device featuring two polished, circular metallic buttons integrated into a translucent, textured casing. Beneath the clear surface, intricate blue patterns flow dynamically, suggesting internal processes or energy conduits

Outlook

The immediate strategic outlook requires a fundamental re-evaluation of client-node communication protocols, prioritizing network-layer privacy primitives. Future research must focus on integrating verifiable delay functions or time-randomization techniques into RPC query responses to break the temporal signature correlation. The long-term implication is the necessity of a “Privacy-by-Default” network architecture, potentially utilizing decentralized, zero-knowledge-enabled RPC relays or fully private transaction mempools to decouple the user’s physical location from their on-chain activity.

The image presents a close-up view of polished metallic cylindrical structures, interconnected by a dark blue flexible tube, with translucent, spherical elements visible in the foreground and background. These components are arranged in a complex, high-tech configuration against a muted grey backdrop

Verdict

This research delivers a decisive, empirical demonstration that the fundamental assumption of network-layer privacy for blockchain users is invalid, necessitating a new generation of privacy-preserving communication standards.

Network layer privacy, RPC service vulnerability, Temporal correlation attack, Blockchain deanonymization, Pseudonymity failure, Passive adversary model, Transaction confirmation latency, On-chain privacy challenge, Network traffic analysis, Public ledger forensics, Zero fee attack, Distributed systems security, User anonymity breach, IP address linking, Application layer security, Network border routers, TCP packet timestamp, Wallet address exposure, Cross-layer vulnerability, Transaction status query. Signal Acquired from ∞ arxiv.org

Micro Crypto News Feeds

application layer

Definition ∞ The Application Layer refers to the topmost layer of a network architecture where user-facing applications and services operate.

network infrastructure

Definition ∞ Network infrastructure refers to the underlying architecture and systems that support the operation of a communication network.

confirmation

Definition ∞ A confirmation signifies the validation of a transaction on a blockchain.

on-chain

Definition ∞ On-chain refers to any transaction or data that is recorded and validated directly on a blockchain ledger, making it publicly verifiable and immutable.

users

Definition ∞ Users are individuals or entities that interact with digital assets, blockchain networks, or decentralized applications.

transaction

Definition ∞ A transaction is a record of the movement of digital assets or the execution of a smart contract on a blockchain.

network

Definition ∞ A network is a system of interconnected computers or devices capable of communication and resource sharing.

privacy

Definition ∞ In the context of digital assets, privacy refers to the ability to conduct transactions or hold assets without revealing identifying information about participants or transaction details.

blockchain

Definition ∞ A blockchain is a distributed, immutable ledger that records transactions across numerous interconnected computers.

Tags:

Tags: