Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id E4E2540D for ; Wed, 4 Jan 2017 10:13:05 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-vk0-f45.google.com (mail-vk0-f45.google.com [209.85.213.45]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id D1DFDD5 for ; Wed, 4 Jan 2017 10:13:04 +0000 (UTC) Received: by mail-vk0-f45.google.com with SMTP id p9so284955157vkd.3 for ; Wed, 04 Jan 2017 02:13:04 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jtimon-cc.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=Bfo+TzN5JWJaA4/S9OB5oJ6r/hDb05c/SPdhJ5OqTws=; b=oQbPk9VFKtCq9wA8eZGmY3HFYJSofgteRwuJKcSscwi3b5ZQpuU4E64DQL8SJzoYmH ru5aZNC5KFQVFgvD3rbkhStrLxTvEjNHNb1BU2t2m62REsjaekXRT/WK6cL8IgU6n3Yz ehzvldVfB9KGmFNW9mmiBqmWE649E76r1alfVFaijWjFCUSeWBebUoE1gEnQe9ekGQLE R1rR6m7XHWJg0WubEZmtwarNRh2E409nxMoQtUiB1DSIZxkmfzGMd7ZNn2GAMqcwBALE HMf8eNG358xckQt816bNqHlZ2cXJofVH9m0H2awEeLnpe4vSWHBIFt0GafozAIhUQrbP WDjQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=Bfo+TzN5JWJaA4/S9OB5oJ6r/hDb05c/SPdhJ5OqTws=; b=GRs7FeeM7dUh7TJZiLAaNUH7ZnU9e2fqJojQfwq/yXPhQ4guFO59ZHsA3qXM4PRu2V 3MfOQBAB3qGnKNdowW2bYrHkrCalZpsJ2ijm6ErKtNNC9IuWs4/buPfmX668+z1Ibyfc /9aW5lIYICZ0P3Rmv8jGjzVqUYwyDHswVCLDw55Blr6Z+3hJsZJDgSmdqrfSqMX93nE2 B+alFOELZ8iU2kBVgHCGE5wHdNq7LxPfUuUcfmrhl7z6aJ4xbxMm17O9jAEkQ2akWJDz QOsZ4DMwqASc6alh7iGS0R1oBx4TC/FwbzqfFei/KMSwKf2pIfMWIReJ5fE00mVCtCZP ECcA== X-Gm-Message-State: AIkVDXLJWcQ8OKMfEIsiXQmeKAT3GzlGDJ04TvRa9oIO1em+KodZ/Xb0hkJ+06XnHk4ffOdVJqfewsMR10vczQ== X-Received: by 10.31.139.12 with SMTP id n12mr18967703vkd.100.1483524783923; Wed, 04 Jan 2017 02:13:03 -0800 (PST) MIME-Version: 1.0 Received: by 10.31.216.130 with HTTP; Wed, 4 Jan 2017 02:13:02 -0800 (PST) Received: by 10.31.216.130 with HTTP; Wed, 4 Jan 2017 02:13:02 -0800 (PST) In-Reply-To: References: <71d822e413ac457a530e1c367811cc24@cock.lu> <77b6dd25-0603-a0bd-6a9e-38098e5cb19d@jonasschnelli.ch> <74aeb4760316b59a3db56c0d16d11f28@cock.lu> From: =?UTF-8?B?Sm9yZ2UgVGltw7Nu?= Date: Wed, 4 Jan 2017 11:13:02 +0100 Message-ID: To: Aaron Voisine , Bitcoin Dev Content-Type: multipart/alternative; boundary=001a11437e56c2f61405454207bb X-Spam-Status: No, score=-1.4 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, HTML_MESSAGE, RCVD_IN_DNSWL_NONE, RCVD_IN_SORBS_SPAM autolearn=no version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Subject: Re: [bitcoin-dev] Committed bloom filters for improved wallet performance and SPV security X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Jan 2017 10:13:06 -0000 --001a11437e56c2f61405454207bb Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable There were talks about implementing spv mode for bitcoin core without using bloom filters. Less efficient because it downloads full blocks, but better for privacy. Perhaps other spv implementations should consider doing the same instead of committing the filters in the block? Now I feel I was missing something. I guess you can download the whole block you're interested in instead of only your txs and that gives you privacy. But how do you get to know which blocks are you interested in? If the questions are too basic or offtopic for the thread, I'm happy getting answers privately (but then maybe I get them more than once). On 4 Jan 2017 09:57, "Aaron Voisine via bitcoin-dev" < bitcoin-dev@lists.linuxfoundation.org> wrote: It's easy enough to mark a transaction as "pending". People with bank accounts are familiar with the concept. Although the risk of accepting gossip information from multiple random peers, in the case where the sender does not control the receivers network is still minimal. Random node operators have no incentive to send fake transactions, and would need to control all the nodes a client connects to, and find a non-false-positive address belonging to the victims wallet. It's not impossible, but it's non trivial, would only temporarily show a pending transaction, and provide no benefit to the node operator. There are much juicier targets for an attacker with the ability to sybil attack the entire bitcoin p2p network. Aaron On Tue, Jan 3, 2017 at 11:47 PM Jonas Schnelli wrote= : > Hi > > > > > Unconfirmed transactions are incredibly important for real world use. > > > Merchants for instance are willing to accept credit card payments of > > > thousands of dollars and ship the goods despite the fact that the > > > transaction can be reversed up to 60 days later. There is a very large > > > cost to losing the ability to have instant transactions in many or > > > even most situations. This cost is typically well above the fraud risk. > > > > > > It's important to recognize that bitcoin serves a wide variety of use > > > cases with different profiles for time sensitivity and fraud risk. > > > > > I agree that unconfirmed transactions are incredibly important, but not > > over SPV against random peers. > > > > If you offer users/merchants a feature (SPV 0-conf against random > > peers), that is fundamentally insecure, it will =E2=80=93 sooner or later= =E2=80=93 lead > > to some large scale fiasco, hurting Bitcoins reputation and trust from > > merchants. > > > > Merchants using and trusting 0-conf SPV transactions (retrieved from > > random peers) is something we should **really eliminate** through > > education and by offering different solution. > > > > There are plenty, more sane options. If you can't run your own full-node > > as a merchant (trivial), maybe co-use a wallet-service with centralized > > verification (maybe use two of them), I guess Copay would be one of > > those wallets (as an example). Use them in watch-only mode. > > > > For end-users SPV software, I think it would be recommended to... > > ... disable unconfirmed transactions during SPV against random peers > > ... enable unconfirmed transactions when using SPV against a trusted > > peer with preshared keys after BIP150 > > ... if unconfirmed transactions are disabled, show how it can be enabled > > (how to run a full-node [in a box, etc.]) > > ... educate, inform users that a transaction with no confirmation can be > > "stopped" or "redirected" any time, also inform about the risks during > > low-conf phase (1-5). > > > > I though see the point that it's nice to make use of the "incoming > > funds..." feature in SPV wallets. But =E2=80=93 for the sake of stability= and > > (risk-)scaling =E2=80=93 we may want to recommend to scarify this feature= and =E2=80=93 > > in the same turn =E2=80=93 to use privacy-preserving BFD's. > > > > > > > > > > _______________________________________________ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev --001a11437e56c2f61405454207bb Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
There were talks about implementing spv mode for bit= coin core without using bloom filters. Less efficient because it downloads = full blocks, but better for privacy. Perhaps other spv implementations shou= ld consider doing the same instead of committing the filters in the block?<= div dir=3D"auto">
Now I feel I was missing somet= hing. I guess you can download the whole block you're interested in ins= tead of only your txs and that gives you privacy.
Bu= t how do you get to know which blocks are you interested in?

If the questions are too basic or off= topic for the thread, I'm happy getting answers privately =C2=A0(but th= en maybe I get them more than once).

On 4 Jan 2017 09:57, "Aaron Voisine via b= itcoin-dev" <bitcoin-dev@lists.linuxfoundation.org> wrote:
It's easy enough to mark a transacti= on as "pending". People with bank accounts are familiar with the = concept.

Although the risk of accepting gossip inf= ormation from multiple random peers, in the case where the sender does not = control the receivers network is still minimal. Random node operators have = no incentive to send fake transactions, and would need to control all the n= odes a client connects to, and find a non-false-positive address belonging = to the victims wallet.=C2=A0

It's not impossib= le, but it's non trivial, would only temporarily show a pending transac= tion, and provide no benefit to the node operator. There are much juicier t= argets for an attacker with the ability to sybil attack the entire bitcoin = p2p network.

Aaron

On Tue, Jan 3, 2017 at 11:47 PM J= onas Schnelli <dev@jonasschnelli.ch> wrote:



> Unconfirmed transactions are incredibly i= mportant for real world use.
<= br>> Merchants for instance are willing to accept credit card payments o= f

> thousands of dollar= s and ship the goods despite the fact that the

> transaction can be reversed up to 60 days later. = There is a very large

>= cost to losing the ability to have instant transactions in many or

> even most situations. This c= ost is typically well above the fraud risk.

>

>= ; It's important to recognize that bitcoin serves a wide variety of use=

> cases with different= profiles for time sensitivity and fraud risk.

>

= I agree that unconfirmed transactions are incredibly important, but not

over SPV against random peers= .



If you offer users/merchants a feature (SPV 0-con= f against random

peers), t= hat is fundamentally insecure, it will =E2=80=93 sooner or later =E2=80=93 = lead

to some large scale f= iasco, hurting Bitcoins reputation and trust from

merchants.



Merchants using = and trusting 0-conf SPV transactions (retrieved from

random peers) is something we should **really el= iminate** through

educatio= n and by offering different solution.



There are ple= nty, more sane options. If you can't run your own full-node

as a merchant (trivial), maybe co-use= a wallet-service with centralized

verification (maybe use two of them), I guess Copay would be one o= f

those wallets (as an exa= mple). Use them in watch-only mode.



For end-users S= PV software, I think it would be recommended to...

... disable unconfirmed transactions during SPV ag= ainst random peers

... ena= ble unconfirmed transactions when using SPV against a trusted

peer with preshared keys after BIP150
... if unconfirmed transact= ions are disabled, show how it can be enabled

(how to run a full-node [in a box, etc.])

... educate, inform users that a transa= ction with no confirmation can be

"stopped" or "redirected" any time, also inform= about the risks during

lo= w-conf phase (1-5).



I though see the point that it&= #39;s nice to make use of the "incoming

funds..." feature in SPV wallets. But =E2=80=93 for= the sake of stability and
(risk-)scaling =E2=80=93 we may want to recommend to scarify this feature = and =E2=80=93

in the same = turn =E2=80=93 to use privacy-preserving BFD's.


</jonas>






_______________________________________________
bitcoin-dev mailing list
bitcoin-dev@lists.= linuxfoundation.org
https://lists.linuxfoundation.org= /mailman/listinfo/bitcoin-dev


--001a11437e56c2f61405454207bb--