The anonymity provided by Bitcoin and other blockchain-based technologies has been pitched as a signification and differentiating feature relative to institution-mediated transactions. While some researchers have demonstrated the ability to link an anonymous bitcoin wallet to a real-world entity, there are several simple solutions to this problem (e.g., tumblers). A new paper published by researchers at Princeton's Center for Information Technology Policy (CITP) has highlighted a new threat to anonymity in blockchain products like Ethereum.

Plagiarism detection software, often based on term frequency-inverse document frequency (TF-IDF) machine learning algorithms, has been used in several contexts for years. The new work from the CITP group has extending these capabilities to detect the same authorial fingerprint in the abstract syntax trees (ASTs) created by lower level programming languages like C/C++. This most recent paper demonstrates that the group can identify the code author by examining only the compiled code.

The authors point out that this could go a long way towards identifying the authors of malware. But it also has enormous implications in the world of blockchain. The appeal of technologies like Ethereum is the ability to insert executable code into the blockchain. Like C code, Ethereum contracts are compiled to binary code, obfuscating potential coding style information. The expectation is that one could build an anonymous exchange, built on blockchain, that would allow transactions of complex code-based financial and contractual instruments. The new CITP research now shows that anonymity of the code author may be deduced purely from the compiled binary code embedded in the blockchain.

You may think this is making a mountain out of a molehill--after all, it is likely that the major players in any Ethereum-based system will be public. However, the ability to identify the author doesn't stop at the institution level. It's reasonable to expect that there would be several code authors within each large institution, each with a particular trading focus. The CITP research suggests that not only could you identify that a particular instrument originated from a particular bank, but you could even identify which department or strategy group authored the code. And just like that, all of the bank's internal strategy decisions dating back to the beginning of the blockchain will be out in the open. The simplest tell might be telegraphing the existence of an iceberg order, but there's no doubt someone with such a wealth of inside information--legally gleaned!--could make a fortune at the bank's expense.

XLP Capital is a family office and as such is not required to be registered as an investment adviser with the U.S. Securities and Exchange Commission. Investments are made available only to accredited, qualified, or institutional investors that are eligible as family office clients, pursuant to the rules of the U.S. Investment Advisors Act of 1940. XLP does not seek or solicit investment for these funds or any other funds, and nothing on this page should constitute a solicitation for investment. The descriptions on this page is provided for information value only, as examples of prior investment related work XLP has conducted. XLP Capital assumes no liability for investment losses direct and indirectly resulting from recommendations made, implied, or inferred by its research. Likewise, XLP Capital assumes no claim to investment gains direct or indirectly resulting from trading profits, investment management or advisory fees obtained by following investment recommendations made, implied, or inferred by its research. Investment involves risk, and all investments should be made with the supervision of a professional investment manager or advisor. The materials on the Website are not an offer to sell or a solicitation of an offer to buy any investment, security or commodity, nor shall any security be offered or sold to any person, in any jurisdiction in which such offer would be unlawful under the securities laws of such jurisdiction.