1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
|
Return-Path: <prayank@tutanota.de>
Received: from smtp3.osuosl.org (smtp3.osuosl.org [140.211.166.136])
by lists.linuxfoundation.org (Postfix) with ESMTP id 6AAC5C0001
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 26 May 2021 14:47:49 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
by smtp3.osuosl.org (Postfix) with ESMTP id 5F2546072D
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 26 May 2021 14:47:49 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
X-Spam-Flag: NO
X-Spam-Score: 0.601
X-Spam-Level:
X-Spam-Status: No, score=0.601 tagged_above=-999 required=5
tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001,
RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001,
SPF_HELO_PASS=-0.001, SPF_PASS=-0.001]
autolearn=ham autolearn_force=no
Authentication-Results: smtp3.osuosl.org (amavisd-new);
dkim=pass (2048-bit key) header.d=tutanota.de
Received: from smtp3.osuosl.org ([127.0.0.1])
by localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id XhnV_zcplj7e
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 26 May 2021 14:47:48 +0000 (UTC)
X-Greylist: from auto-whitelisted by SQLgrey-1.8.0
Received: from w1.tutanota.de (w1.tutanota.de [81.3.6.162])
by smtp3.osuosl.org (Postfix) with ESMTPS id C5DD9605FC
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 26 May 2021 14:47:47 +0000 (UTC)
Received: from w3.tutanota.de (unknown [192.168.1.164])
by w1.tutanota.de (Postfix) with ESMTP id 0791DFBB3BC
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 26 May 2021 14:47:44 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1622040463;
s=s1; d=tutanota.de;
h=From:From:To:To:Subject:Subject:Content-Description:Content-ID:Content-Type:Content-Type:Content-Transfer-Encoding:Cc:Date:Date:In-Reply-To:MIME-Version:MIME-Version:Message-ID:Message-ID:Reply-To:References:Sender;
bh=S+HEG6BOJWjukM36woKV3y+3EOIXtRQ//+dUpKiuKiw=;
b=fPJL5fl9Qrm92kA6KMVdlVQt2kz9wnzIGZ+d8mvlKqonBAUlsatbvpUE0g2sG1mF
4iUz/XoTF/RxUqwHZZ4NUzGcFVFfyOWNl219LN68dRAWHDDSyt2jQtH5QBv0mXyDOtN
wbzbUUUNxvhnq1m4KK0xvhWhlXCVJpZD10HeVtiJPhlQWsCTI2L5GxqzDnAKAjUi5hV
8tmsrEL7yiuz0uaOTQItpu9zt/LSI68dGzS8poEY9B9jhHRVOdtsdF16En9x/O4CeGY
vtGWxsw46geT3udaqnYoW2dqYBIX/fzucyqdPmpB+o2GxftCg0wOQQrACeaSWQqhlM9
wa4ROKpcdA==
Date: Wed, 26 May 2021 16:47:43 +0200 (CEST)
From: Prayank <prayank@tutanota.de>
To: Bitcoin Dev <bitcoin-dev@lists.linuxfoundation.org>
Message-ID: <Mad8JLB--3-2@tutanota.de>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_Part_324043_48554067.1622040464011"
X-Mailman-Approved-At: Wed, 26 May 2021 15:50:58 +0000
Subject: [bitcoin-dev] Wallet fingerprinting and other privacy issues in
Bitcoin Core
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Wed, 26 May 2021 14:47:49 -0000
------=_Part_324043_48554067.1622040464011
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Hello World,
There are other privacy issues in Core (node and wallet) but recently I cam=
e across one which can be used to identify if someone is using Bitcoin Core=
with just the bitcoin address and couple of transactions. I think people h=
ave already given up and don't expect privacy in Core wallet especially dev=
elopers. However, below information may help some users who are not aware o=
f this specific issue and developers who are using Bitcoin Core wallet in t=
heir project.
Issue is explained here:=C2=A0https://github.com/bitcoin/bitcoin/issues/220=
18
Even if there exists another wallet with similar behavior, it can affect pr=
ivacy in some cases. Example: Alice is spying on Bob and collecting as much=
information as possible. She looks at social media accounts for Bob and th=
inks he might be using one of the wallets mentioned in PoC. She can confirm=
if Bob is using Bitcoin Core wallet by sending 2 small amounts to one of t=
he address in different transactions. One transaction should have really lo=
w fee rate that it doesn't get confirmed.=C2=A0
I found this issue while reviewing PR:=C2=A0https://github.com/bitcoin/bitc=
oin/pull/18418
It was also discussed in a 'Core Review PR club' meeting recently:=C2=A0htt=
ps://bitcoincore.reviews/18418
Also there are 2 things that helps identify wallet using address: 1. Can't =
spend unconfirmed UTXO 2.=C2=A0OUTPUT_GROUP_MAX_ENTRIES
OUTPUT_GROUP_MAX_ENTRIES was 10 earlier and 100 after PR #18418 got merged.=
This will help in confirming if someone is using latest Bitcoin Core once =
it is available in next release. Example: Alice is using Bitcoin Core v0.21=
.0 and Bob is using Bitcoin Core v0.22.0 Carol is the attacker and other tw=
o are victims. Carol sends small amounts to same address in 11 transactions=
to both and confirms Bob is using latest Bitcoin Core wallet while Alice i=
s using an older version.
I will try to fix both 1 and 2 which can take few days and maybe never get =
merged. IMO 1 can be fixed by locking all UTXOs associated with a scriptpub=
key until all are confirmed. UTXO locks are stored in memory only so will h=
ave to change that first. 2 can be fixed by using an approach similar to El=
ectrum (All or None)
--=20
Prayank
------=_Part_324043_48554067.1622040464011
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
<html>
<head>
<meta http-equiv=3D"content-type" content=3D"text/html; charset=3DUTF-8=
">
</head>
<body>
<div>Hello World,<br></div><div><br></div><div>There are other privacy issu=
es in Core (node and wallet) but recently I came across one which can be us=
ed to identify if someone is using Bitcoin Core with just the bitcoin addre=
ss and couple of transactions. I think people have already given up and don=
't expect privacy in Core wallet especially developers. However, below info=
rmation may help some users who are not aware of this specific issue and de=
velopers who are using Bitcoin Core wallet in their project.<br></div><div>=
<br></div><div>Issue is explained here: <a href=3D"https://github.com/=
bitcoin/bitcoin/issues/22018">https://github.com/bitcoin/bitcoin/issues/220=
18</a><br></div><div><br></div><div>Even if there exists another wallet wit=
h similar behavior, it can affect privacy in some cases. Example: Alice is =
spying on Bob and collecting as much information as possible. She looks at =
social media accounts for Bob and thinks he might be using one of the walle=
ts mentioned in PoC. She can confirm if Bob is using Bitcoin Core wallet by=
sending 2 small amounts to one of the address in different transactions. O=
ne transaction should have really low fee rate that it doesn't get confirme=
d. <br></div><div><br></div><div>I found this issue while reviewing PR=
: <a href=3D"https://github.com/bitcoin/bitcoin/pull/18418">https://gi=
thub.com/bitcoin/bitcoin/pull/18418</a><br></div><div><br></div><div>It was=
also discussed in a 'Core Review PR club' meeting recently: <a href=
=3D"https://bitcoincore.reviews/18418">https://bitcoincore.reviews/18418</a=
><br></div><div><br></div><div>Also there are 2 things that helps identify =
wallet using address: 1. Can't spend unconfirmed UTXO 2. OUTPUT_GROUP_=
MAX_ENTRIES<br></div><div><br></div><div>OUTPUT_GROUP_MAX_ENTRIES was 10 ea=
rlier and 100 after PR #18418 got merged. This will help in confirming if s=
omeone is using latest Bitcoin Core once it is available in next release. E=
xample: Alice is using Bitcoin Core v0.21.0 and Bob is using Bitcoin Core v=
0.22.0 Carol is the attacker and other two are victims. Carol sends small a=
mounts to same address in 11 transactions to both and confirms Bob is using=
latest Bitcoin Core wallet while Alice is using an older version.<br></div=
><div><br></div><div>I will try to fix both 1 and 2 which can take few days=
and maybe never get merged. IMO 1 can be fixed by locking all UTXOs associ=
ated with a scriptpubkey until all are confirmed. UTXO locks are stored in =
memory only so will have to change that first. 2 can be fixed by using an a=
pproach similar to Electrum (All or None)</div><div><br></div><div><br></di=
v><div>-- <br></div><div> Prayank</div> </body>
</html>
------=_Part_324043_48554067.1622040464011--
|
