Return-Path: Received: from smtp3.osuosl.org (smtp3.osuosl.org [140.211.166.136]) by lists.linuxfoundation.org (Postfix) with ESMTP id 6AAC5C0001 for ; Wed, 26 May 2021 14:47:49 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp3.osuosl.org (Postfix) with ESMTP id 5F2546072D for ; Wed, 26 May 2021 14:47:49 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org X-Spam-Flag: NO X-Spam-Score: 0.601 X-Spam-Level: X-Spam-Status: No, score=0.601 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: smtp3.osuosl.org (amavisd-new); dkim=pass (2048-bit key) header.d=tutanota.de Received: from smtp3.osuosl.org ([127.0.0.1]) by localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XhnV_zcplj7e for ; Wed, 26 May 2021 14:47:48 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.8.0 Received: from w1.tutanota.de (w1.tutanota.de [81.3.6.162]) by smtp3.osuosl.org (Postfix) with ESMTPS id C5DD9605FC for ; Wed, 26 May 2021 14:47:47 +0000 (UTC) Received: from w3.tutanota.de (unknown [192.168.1.164]) by w1.tutanota.de (Postfix) with ESMTP id 0791DFBB3BC for ; Wed, 26 May 2021 14:47:44 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1622040463; s=s1; d=tutanota.de; h=From:From:To:To:Subject:Subject:Content-Description:Content-ID:Content-Type:Content-Type:Content-Transfer-Encoding:Cc:Date:Date:In-Reply-To:MIME-Version:MIME-Version:Message-ID:Message-ID:Reply-To:References:Sender; bh=S+HEG6BOJWjukM36woKV3y+3EOIXtRQ//+dUpKiuKiw=; b=fPJL5fl9Qrm92kA6KMVdlVQt2kz9wnzIGZ+d8mvlKqonBAUlsatbvpUE0g2sG1mF 4iUz/XoTF/RxUqwHZZ4NUzGcFVFfyOWNl219LN68dRAWHDDSyt2jQtH5QBv0mXyDOtN wbzbUUUNxvhnq1m4KK0xvhWhlXCVJpZD10HeVtiJPhlQWsCTI2L5GxqzDnAKAjUi5hV 8tmsrEL7yiuz0uaOTQItpu9zt/LSI68dGzS8poEY9B9jhHRVOdtsdF16En9x/O4CeGY vtGWxsw46geT3udaqnYoW2dqYBIX/fzucyqdPmpB+o2GxftCg0wOQQrACeaSWQqhlM9 wa4ROKpcdA== Date: Wed, 26 May 2021 16:47:43 +0200 (CEST) From: Prayank To: Bitcoin Dev Message-ID: MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_324043_48554067.1622040464011" X-Mailman-Approved-At: Wed, 26 May 2021 15:50:58 +0000 Subject: [bitcoin-dev] Wallet fingerprinting and other privacy issues in Bitcoin Core X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 26 May 2021 14:47:49 -0000 ------=_Part_324043_48554067.1622040464011 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Hello World, There are other privacy issues in Core (node and wallet) but recently I cam= e across one which can be used to identify if someone is using Bitcoin Core= with just the bitcoin address and couple of transactions. I think people h= ave already given up and don't expect privacy in Core wallet especially dev= elopers. However, below information may help some users who are not aware o= f this specific issue and developers who are using Bitcoin Core wallet in t= heir project. Issue is explained here:=C2=A0https://github.com/bitcoin/bitcoin/issues/220= 18 Even if there exists another wallet with similar behavior, it can affect pr= ivacy in some cases. Example: Alice is spying on Bob and collecting as much= information as possible. She looks at social media accounts for Bob and th= inks he might be using one of the wallets mentioned in PoC. She can confirm= if Bob is using Bitcoin Core wallet by sending 2 small amounts to one of t= he address in different transactions. One transaction should have really lo= w fee rate that it doesn't get confirmed.=C2=A0 I found this issue while reviewing PR:=C2=A0https://github.com/bitcoin/bitc= oin/pull/18418 It was also discussed in a 'Core Review PR club' meeting recently:=C2=A0htt= ps://bitcoincore.reviews/18418 Also there are 2 things that helps identify wallet using address: 1. Can't = spend unconfirmed UTXO 2.=C2=A0OUTPUT_GROUP_MAX_ENTRIES OUTPUT_GROUP_MAX_ENTRIES was 10 earlier and 100 after PR #18418 got merged.= This will help in confirming if someone is using latest Bitcoin Core once = it is available in next release. Example: Alice is using Bitcoin Core v0.21= .0 and Bob is using Bitcoin Core v0.22.0 Carol is the attacker and other tw= o are victims. Carol sends small amounts to same address in 11 transactions= to both and confirms Bob is using latest Bitcoin Core wallet while Alice i= s using an older version. I will try to fix both 1 and 2 which can take few days and maybe never get = merged. IMO 1 can be fixed by locking all UTXOs associated with a scriptpub= key until all are confirmed. UTXO locks are stored in memory only so will h= ave to change that first. 2 can be fixed by using an approach similar to El= ectrum (All or None) --=20 Prayank ------=_Part_324043_48554067.1622040464011 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Hello World,

There are other privacy issu= es in Core (node and wallet) but recently I came across one which can be us= ed to identify if someone is using Bitcoin Core with just the bitcoin addre= ss and couple of transactions. I think people have already given up and don= 't expect privacy in Core wallet especially developers. However, below info= rmation may help some users who are not aware of this specific issue and de= velopers who are using Bitcoin Core wallet in their project.
=

Even if there exists another wallet wit= h similar behavior, it can affect privacy in some cases. Example: Alice is = spying on Bob and collecting as much information as possible. She looks at = social media accounts for Bob and thinks he might be using one of the walle= ts mentioned in PoC. She can confirm if Bob is using Bitcoin Core wallet by= sending 2 small amounts to one of the address in different transactions. O= ne transaction should have really low fee rate that it doesn't get confirme= d. 

I found this issue while reviewing PR= : https://gi= thub.com/bitcoin/bitcoin/pull/18418

It was= also discussed in a 'Core Review PR club' meeting recently: https://bitcoincore.reviews/18418


OUTPUT_GROUP_MAX_ENTRIES was 10 ea= rlier and 100 after PR #18418 got merged. This will help in confirming if s= omeone is using latest Bitcoin Core once it is available in next release. E= xample: Alice is using Bitcoin Core v0.21.0 and Bob is using Bitcoin Core v= 0.22.0 Carol is the attacker and other two are victims. Carol sends small a= mounts to same address in 11 transactions to both and confirms Bob is using= latest Bitcoin Core wallet while Alice is using an older version.

I will try to fix both 1 and 2 which can take few days= and maybe never get merged. IMO 1 can be fixed by locking all UTXOs associ= ated with a scriptpubkey until all are confirmed. UTXO locks are stored in = memory only so will have to change that first. 2 can be fixed by using an a= pproach similar to Electrum (All or None)


--
Prayank
------=_Part_324043_48554067.1622040464011--