Date: Wed, 26 May 2021 16:47:43 +0200 (CEST)
From: Prayank <prayank@tutanota.de>
To: Bitcoin Dev <bitcoin-dev@lists.linuxfoundation.org>
Message-ID: <Mad8JLB--3-2@tutanota.de>
MIME-Version: 1.0
Content-Type: multipart/alternative; 
 boundary="----=_Part_324043_48554067.1622040464011"
Subject: [bitcoin-dev] Wallet fingerprinting and other privacy issues in
	Bitcoin Core
Precedence: list

------=_Part_324043_48554067.1622040464011
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

Hello World,

There are other privacy issues in Core (node and wallet) but recently I cam=
e across one which can be used to identify if someone is using Bitcoin Core=
 with just the bitcoin address and couple of transactions. I think people h=
ave already given up and don't expect privacy in Core wallet especially dev=
elopers. However, below information may help some users who are not aware o=
f this specific issue and developers who are using Bitcoin Core wallet in t=
heir project.

Issue is explained here:=C2=A0https://github.com/bitcoin/bitcoin/issues/220=
18

Even if there exists another wallet with similar behavior, it can affect pr=
ivacy in some cases. Example: Alice is spying on Bob and collecting as much=
 information as possible. She looks at social media accounts for Bob and th=
inks he might be using one of the wallets mentioned in PoC. She can confirm=
 if Bob is using Bitcoin Core wallet by sending 2 small amounts to one of t=
he address in different transactions. One transaction should have really lo=
w fee rate that it doesn't get confirmed.=C2=A0

I found this issue while reviewing PR:=C2=A0https://github.com/bitcoin/bitc=
oin/pull/18418

It was also discussed in a 'Core Review PR club' meeting recently:=C2=A0htt=
ps://bitcoincore.reviews/18418

Also there are 2 things that helps identify wallet using address: 1. Can't =
spend unconfirmed UTXO 2.=C2=A0OUTPUT_GROUP_MAX_ENTRIES

OUTPUT_GROUP_MAX_ENTRIES was 10 earlier and 100 after PR #18418 got merged.=
 This will help in confirming if someone is using latest Bitcoin Core once =
it is available in next release. Example: Alice is using Bitcoin Core v0.21=
.0 and Bob is using Bitcoin Core v0.22.0 Carol is the attacker and other tw=
o are victims. Carol sends small amounts to same address in 11 transactions=
 to both and confirms Bob is using latest Bitcoin Core wallet while Alice i=
s using an older version.

I will try to fix both 1 and 2 which can take few days and maybe never get =
merged. IMO 1 can be fixed by locking all UTXOs associated with a scriptpub=
key until all are confirmed. UTXO locks are stored in memory only so will h=
ave to change that first. 2 can be fixed by using an approach similar to El=
ectrum (All or None)

--=20
 Prayank
------=_Part_324043_48554067.1622040464011
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<html>
  <head>
    <meta http-equiv=3D"content-type" content=3D"text/html; charset=3DUTF-8=
">
  </head>
  <body>
<div>Hello World,<br></div><div><br></div><div>There are other privacy issu=
es in Core (node and wallet) but recently I came across one which can be us=
ed to identify if someone is using Bitcoin Core with just the bitcoin addre=
ss and couple of transactions. I think people have already given up and don=
't expect privacy in Core wallet especially developers. However, below info=
rmation may help some users who are not aware of this specific issue and de=
velopers who are using Bitcoin Core wallet in their project.<br></div><div>=
<br></div><div>Issue is explained here:&nbsp;<a href=3D"https://github.com/=
bitcoin/bitcoin/issues/22018">https://github.com/bitcoin/bitcoin/issues/220=
18</a><br></div><div><br></div><div>Even if there exists another wallet wit=
h similar behavior, it can affect privacy in some cases. Example: Alice is =
spying on Bob and collecting as much information as possible. She looks at =
social media accounts for Bob and thinks he might be using one of the walle=
ts mentioned in PoC. She can confirm if Bob is using Bitcoin Core wallet by=
 sending 2 small amounts to one of the address in different transactions. O=
ne transaction should have really low fee rate that it doesn't get confirme=
d.&nbsp;<br></div><div><br></div><div>I found this issue while reviewing PR=
:&nbsp;<a href=3D"https://github.com/bitcoin/bitcoin/pull/18418">https://gi=
thub.com/bitcoin/bitcoin/pull/18418</a><br></div><div><br></div><div>It was=
 also discussed in a 'Core Review PR club' meeting recently:&nbsp;<a href=
=3D"https://bitcoincore.reviews/18418">https://bitcoincore.reviews/18418</a=
><br></div><div><br></div><div>Also there are 2 things that helps identify =
wallet using address: 1. Can't spend unconfirmed UTXO 2.&nbsp;OUTPUT_GROUP_=
MAX_ENTRIES<br></div><div><br></div><div>OUTPUT_GROUP_MAX_ENTRIES was 10 ea=
rlier and 100 after PR #18418 got merged. This will help in confirming if s=
omeone is using latest Bitcoin Core once it is available in next release. E=
xample: Alice is using Bitcoin Core v0.21.0 and Bob is using Bitcoin Core v=
0.22.0 Carol is the attacker and other two are victims. Carol sends small a=
mounts to same address in 11 transactions to both and confirms Bob is using=
 latest Bitcoin Core wallet while Alice is using an older version.<br></div=
><div><br></div><div>I will try to fix both 1 and 2 which can take few days=
 and maybe never get merged. IMO 1 can be fixed by locking all UTXOs associ=
ated with a scriptpubkey until all are confirmed. UTXO locks are stored in =
memory only so will have to change that first. 2 can be fixed by using an a=
pproach similar to Electrum (All or None)</div><div><br></div><div><br></di=
v><div>-- <br></div><div> Prayank</div>  </body>
</html>

------=_Part_324043_48554067.1622040464011--