1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
|
Return-Path: <eric@voskuil.org>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id 2D85A48C
for <bitcoin-dev@lists.linuxfoundation.org>;
Fri, 24 Jul 2015 04:44:07 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.7.6
Received: from mail-pd0-f176.google.com (mail-pd0-f176.google.com
[209.85.192.176])
by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 993BC177
for <bitcoin-dev@lists.linuxfoundation.org>;
Fri, 24 Jul 2015 04:44:06 +0000 (UTC)
Received: by pdbbh15 with SMTP id bh15so7359003pdb.1
for <bitcoin-dev@lists.linuxfoundation.org>;
Thu, 23 Jul 2015 21:44:06 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20130820;
h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to
:subject:references:in-reply-to:content-type;
bh=a8pVhmn9tws2Acyi3bt8I9euy8NVjx9hzEAlLYb7Mzc=;
b=jZg8bOGmzsX2U0ZN/nvN0OYhlh9uxviGl5Z3j0tJnjhO6CUzaf/ceGp/oc/u6yCnwu
1Be1IKBKte2QP89jrSzlFM4BKL6G6UvuyBguPcgiZvUOQOEI3wiy+QjJUZakicZPOvWw
TeDNE7DDqFF9vHTBg/MVT+YcfWqc/xg9jv1qy4y6L6heY/wUGbVV1FknndPVeb/hCHZZ
A5LY2M6oXfYtc6X53SVQAbLJcsNCoGerSJ+9TOkGgBp9Ys39c56C3uUjA16uPWIPwQkW
7qhI3FW+mXjSKdYJd6Yo/Bp5TfIfGznE3xWp8W/PRi0egaXg9YOE1eJ08vwqv03Bxs5u
T/TA==
X-Gm-Message-State: ALoCoQndaXXJRFjsthYZKzsBS2cXVHS8zQexjj6tzVbLcqdZXeDOSSqCvpZZbOmon/taHpZWpVcJ
X-Received: by 10.70.125.129 with SMTP id mq1mr27025073pdb.19.1437713046284;
Thu, 23 Jul 2015 21:44:06 -0700 (PDT)
Received: from [10.0.1.14] (c-67-161-88-20.hsd1.wa.comcast.net. [67.161.88.20])
by smtp.googlemail.com with ESMTPSA id
vr2sm11858558pab.26.2015.07.23.21.44.05
(version=TLSv1/SSLv3 cipher=OTHER);
Thu, 23 Jul 2015 21:44:05 -0700 (PDT)
Message-ID: <55B1C2A2.6020704@voskuil.org>
Date: Thu, 23 Jul 2015 21:44:18 -0700
From: Eric Voskuil <eric@voskuil.org>
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
rv:31.0) Gecko/20100101 Thunderbird/31.2.0
MIME-Version: 1.0
To: Slurms MacKenzie <slurms@gmx.us>,
bitcoin-dev@lists.linuxfoundation.org
References: <55AFBBE6.3060702@electrum.org>
<1437606706.2688.0.camel@yahoo.com> <114b2a76-ebc7-461a-b4bc-10873574d6c4@HUB2.rwth-ad.de> <CAH+=Z+Xt4mja348Rg5Ot0u1VeCnVxm0wkVUA3GVgryZ4Yp4QNw@mail.gmail.com>,
<55B1A254.6070806@voskuil.org>
<trinity-61061d18-d667-4dd3-b87e-01880612c446-1437709327718@3capp-mailcom-bs10>
In-Reply-To: <trinity-61061d18-d667-4dd3-b87e-01880612c446-1437709327718@3capp-mailcom-bs10>
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature";
boundary="v0Kk3xFTmEJ2mD0dWUF78TPXB0gX2ACRA"
X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_LOW
autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
Subject: Re: [bitcoin-dev] Making Electrum more anonymous
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Development Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Jul 2015 04:44:07 -0000
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--v0Kk3xFTmEJ2mD0dWUF78TPXB0gX2ACRA
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable
On 07/23/2015 08:42 PM, Slurms MacKenzie via bitcoin-dev wrote:
>> From: "Eric Voskuil via bitcoin-dev"
>>
>> From our perspective, another important objective of query privacy is
>> allowing the caller make the trade-off between the relative levels of
>> privacy and performance - from absolute to non-existent. In some
>> cases privacy is neither required nor desired.
>>
>> Prefix filtering accomplishes the client-tuning objective. It also
>> does not suffer server collusion attacks nor is it dependent on
>> computational bounds. The primary trade-off becomes result set
>> (download) size against privacy.
>
> Keep in mind this is the similar premise as claimed to be offered by
> BIP37 bloom filters, but faulty assumptions and implementation
> failure in BitcoinJ have meant that bloom filters uniquely identify
> the wallet and offer no privacy for the user no matter what the
> settings are.
Yes, quite true. And without the ability to search using filters there
is no private restore from backup short of downloading the full chain,
rendering the idea rather pointless.
This is why privacy remains a significant issue. Privacy is an essential
aspect of fungibility. This is a central problem for Bitcoin. The
correlation of addresses within transactions is of course problematic.
Possibly zero knowledge proof will at some point come to the rescue. But
the correlation of addresses via search works against the benefits of
address non-reuse, and the correlation of addresses to IP addresses
works against the use of private addresses.
Solving the latter two problems can go a long way to reducing the impact
of the former. But currently the only solution is to run a full chain
wallet. This is not a viable solution for many scenarios, and getting
less so.
This is not a problem that can be ignored, nor is it unique to Electrum.
The Bloom filter approach was problematic, but that doesn't preclude the
existence of valid solutions.
> If you imagine a system where there is somehow complete
> separation and anonymization between all requests and subscriptions,
> the timing still leaks the association between the addresses to the
> listeners.
Well because of presumed relationship in time these are not actually
separated requests. Which is why even the (performance-unrealistic)
option of a distinct Tor route for each independent address request is
*still* problematic.
> The obvious solution to that is to use a very high latency
> mix network, but I somehow doubt that there's any desire for a wallet
> with SPV security that takes a week to return results.
Introducing truly-random timing variations into the mixnet solutions can
mitigate timing attacks, but yes, this just makes the already
intolerable performance problem much worse.
e
--v0Kk3xFTmEJ2mD0dWUF78TPXB0gX2ACRA
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBAgAGBQJVscKiAAoJEDzYwH8LXOFOpQUH/Rxq8pCXwWuEjSFizC4A4J6O
506fqc/xbDDYHlzCiMlJY8FUAYuQl/7bCJ7Df40EYqByOxKPW6jxzksDqkB6bnGd
yoouHA56gm7BcxyTpIKYCfXzH/xhrdJcuzB6SAk7ll65HizZE1PqSa1hOL1Fkxmk
pEJjZjxPURL/ifvKw7EYL60rfc2GFkSRjbOALf31xxyjA0EKF+/zq6pW3yl2Eg0r
KBk1wYzO1Zxr/PXoJkK3CoSymGh3BT2woAmFWNJmmfBtnznPEyz2aqv2ngb7C1DL
rMF9Jfg0yRiW7hV0ROPxaKQCnmq0zbMxYkCFNa7u+UOetaQtji/m9oY809+H3fk=
=BDce
-----END PGP SIGNATURE-----
--v0Kk3xFTmEJ2mD0dWUF78TPXB0gX2ACRA--
|