Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 2D85A48C for ; Fri, 24 Jul 2015 04:44:07 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-pd0-f176.google.com (mail-pd0-f176.google.com [209.85.192.176]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 993BC177 for ; Fri, 24 Jul 2015 04:44:06 +0000 (UTC) Received: by pdbbh15 with SMTP id bh15so7359003pdb.1 for ; Thu, 23 Jul 2015 21:44:06 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :subject:references:in-reply-to:content-type; bh=a8pVhmn9tws2Acyi3bt8I9euy8NVjx9hzEAlLYb7Mzc=; b=jZg8bOGmzsX2U0ZN/nvN0OYhlh9uxviGl5Z3j0tJnjhO6CUzaf/ceGp/oc/u6yCnwu 1Be1IKBKte2QP89jrSzlFM4BKL6G6UvuyBguPcgiZvUOQOEI3wiy+QjJUZakicZPOvWw TeDNE7DDqFF9vHTBg/MVT+YcfWqc/xg9jv1qy4y6L6heY/wUGbVV1FknndPVeb/hCHZZ A5LY2M6oXfYtc6X53SVQAbLJcsNCoGerSJ+9TOkGgBp9Ys39c56C3uUjA16uPWIPwQkW 7qhI3FW+mXjSKdYJd6Yo/Bp5TfIfGznE3xWp8W/PRi0egaXg9YOE1eJ08vwqv03Bxs5u T/TA== X-Gm-Message-State: ALoCoQndaXXJRFjsthYZKzsBS2cXVHS8zQexjj6tzVbLcqdZXeDOSSqCvpZZbOmon/taHpZWpVcJ X-Received: by 10.70.125.129 with SMTP id mq1mr27025073pdb.19.1437713046284; Thu, 23 Jul 2015 21:44:06 -0700 (PDT) Received: from [10.0.1.14] (c-67-161-88-20.hsd1.wa.comcast.net. [67.161.88.20]) by smtp.googlemail.com with ESMTPSA id vr2sm11858558pab.26.2015.07.23.21.44.05 (version=TLSv1/SSLv3 cipher=OTHER); Thu, 23 Jul 2015 21:44:05 -0700 (PDT) Message-ID: <55B1C2A2.6020704@voskuil.org> Date: Thu, 23 Jul 2015 21:44:18 -0700 From: Eric Voskuil User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0 MIME-Version: 1.0 To: Slurms MacKenzie , bitcoin-dev@lists.linuxfoundation.org References: <55AFBBE6.3060702@electrum.org> <1437606706.2688.0.camel@yahoo.com> <114b2a76-ebc7-461a-b4bc-10873574d6c4@HUB2.rwth-ad.de> , <55B1A254.6070806@voskuil.org> In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="v0Kk3xFTmEJ2mD0dWUF78TPXB0gX2ACRA" X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Subject: Re: [bitcoin-dev] Making Electrum more anonymous X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Development Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 24 Jul 2015 04:44:07 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --v0Kk3xFTmEJ2mD0dWUF78TPXB0gX2ACRA Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable On 07/23/2015 08:42 PM, Slurms MacKenzie via bitcoin-dev wrote: >> From: "Eric Voskuil via bitcoin-dev" >> >> From our perspective, another important objective of query privacy is >> allowing the caller make the trade-off between the relative levels of >> privacy and performance - from absolute to non-existent. In some >> cases privacy is neither required nor desired. >> >> Prefix filtering accomplishes the client-tuning objective. It also >> does not suffer server collusion attacks nor is it dependent on >> computational bounds. The primary trade-off becomes result set >> (download) size against privacy. > > Keep in mind this is the similar premise as claimed to be offered by > BIP37 bloom filters, but faulty assumptions and implementation > failure in BitcoinJ have meant that bloom filters uniquely identify > the wallet and offer no privacy for the user no matter what the > settings are. Yes, quite true. And without the ability to search using filters there is no private restore from backup short of downloading the full chain, rendering the idea rather pointless. This is why privacy remains a significant issue. Privacy is an essential aspect of fungibility. This is a central problem for Bitcoin. The correlation of addresses within transactions is of course problematic. Possibly zero knowledge proof will at some point come to the rescue. But the correlation of addresses via search works against the benefits of address non-reuse, and the correlation of addresses to IP addresses works against the use of private addresses. Solving the latter two problems can go a long way to reducing the impact of the former. But currently the only solution is to run a full chain wallet. This is not a viable solution for many scenarios, and getting less so. This is not a problem that can be ignored, nor is it unique to Electrum. The Bloom filter approach was problematic, but that doesn't preclude the existence of valid solutions. > If you imagine a system where there is somehow complete > separation and anonymization between all requests and subscriptions, > the timing still leaks the association between the addresses to the > listeners. Well because of presumed relationship in time these are not actually separated requests. Which is why even the (performance-unrealistic) option of a distinct Tor route for each independent address request is *still* problematic. > The obvious solution to that is to use a very high latency > mix network, but I somehow doubt that there's any desire for a wallet > with SPV security that takes a week to return results. Introducing truly-random timing variations into the mixnet solutions can mitigate timing attacks, but yes, this just makes the already intolerable performance problem much worse. e --v0Kk3xFTmEJ2mD0dWUF78TPXB0gX2ACRA Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJVscKiAAoJEDzYwH8LXOFOpQUH/Rxq8pCXwWuEjSFizC4A4J6O 506fqc/xbDDYHlzCiMlJY8FUAYuQl/7bCJ7Df40EYqByOxKPW6jxzksDqkB6bnGd yoouHA56gm7BcxyTpIKYCfXzH/xhrdJcuzB6SAk7ll65HizZE1PqSa1hOL1Fkxmk pEJjZjxPURL/ifvKw7EYL60rfc2GFkSRjbOALf31xxyjA0EKF+/zq6pW3yl2Eg0r KBk1wYzO1Zxr/PXoJkK3CoSymGh3BT2woAmFWNJmmfBtnznPEyz2aqv2ngb7C1DL rMF9Jfg0yRiW7hV0ROPxaKQCnmq0zbMxYkCFNa7u+UOetaQtji/m9oY809+H3fk= =BDce -----END PGP SIGNATURE----- --v0Kk3xFTmEJ2mD0dWUF78TPXB0gX2ACRA--