š
Original date posted:2015-04-27
š Original message:-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 04/27/2015 02:53 PM, Brian Deery wrote:
> 1. There will be a 1:1 relationship between a payment code owner
> and their identity. Presumably the payment code would be strongly
> and publicly tied to the identity. This makes the notification
> address strongly tied to the user. An SPV client connecting to a
> full node who has a list of notification address can tie an
> identity to a bloom filter and connecting IP.
SPV clients that connect exclusively to hidden services through Tor
could mitigate this, especially if those clients broadcast their
transactions through different peers than the ones they use for
checking their balance.
Maybe they should even go the opposite way in terms of the false
positive rate.
A client could create a filter that *only* matches their notification
address and use that filter with a selected peer.
All the rest of their addresses would be contained in a different
filter that is never sent to the same full node which is watching
their notification address.
> 2. The client can use a bloom filter with a higher false positive
> rate. An active attacker can counter that by sending several
> payment codes to an individual user. The user would then add to
> their bloom filter all the shared addresses between them and the
> attacker. Even with a high false positive filter, always matching
> all the attacker's payment codes would strongly tie the user to the
> filter.
I'm not sure this problem is solvable in general.
Any entity which has sent bitcoins to a known user could use that
knowledge to attempt to find their bloom filter (if they use one).
I think that for SPV to have any privacy at all clients need to get a
lot smarter about how they use bloom filters overall, such as by
connecting to more than one peer, only putting a subset of their
addresses in a single filter, and temporally varying the addresses
which they watch.
- --
Justus Ranvier | Monetas <http://monetas.net/>;
<mailto:justus at monetas.net> | Public key ID : C3F7BB2638450DB5
| BM-2cTepVtZ6AyJAs2Y8LpcvZB8KbdaWLwKqc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBAgAGBQJVPlu8AAoJECpf2nDq2eYj/cAP/iL9qlIkk/jz2N3mT4dIdrSn
rQ+m7dHOSeucUhePrjdM79VzDUQWGmewdi5a1e8wCL2PCBeq/7mapEpHrvWu3xUU
g0qtCa6CbSceW5pO1/BGnKpt298wrBIueeweR3/BPum90RrXT+T/ssQvjGvlY4Jg
ADFeH4axalmCkc87OsJhsEbAAbP9i/u96rItV9ECpOET9pRxp4PzNT/7nz/x5n+q
Lm/vuWy1yoWLUjXiAmXWJVzPs8+Pzf1liy3SEzkam156kUwTj/CqjI/uhf7heSx2
FYSswBc/R1fga7eu++Bm449KUTmyTnnEIT4109A1w18fidY2Dg6PpKYp5CGug96t
aHit1hqLfc8HpNUVWLrBrHsC7riy+QGta4Ie7fAl9SvFcNturkXBFxZLO8f34WMb
HFuWkcCAgZcS3hb1ShmyodMjnOWvHQo/dXAoUc+zI8yuiH9wAD6T4LOTkSwCjvvv
9y4Ia4Mr6v6oHQpUM8ddCMU4AyAYvZXFb68SsnWMZCCio3Ff9wqp2d690oSq36G7
jdjmxot7LrPMnJjNKwTl2jndDTB9Huh9sjWyE9gGBkkIib1purOYtucDsY3h6z7i
5ppG1KTph+xaOLMEvyJZyDNvPhrQGk1ll1kMoD2k7P/5OGV7QwQ0IxpoAqZ1uxJG
44rCXd7P+2R+Bza9qHSH
=d2l3
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0xEAD9E623.asc
Type: application/pgp-keys
Size: 18399 bytes
Desc: not available
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20150427/5ec2884a/attachment.bin>;
Justus Ranvier [ARCHIVE] /
npub1k2ā¦9qd6m
2023-06-07 15:32:45
in reply to nevent1qā¦35cq
Author Public Key
npub1k2eekmevs6gg60df75qpjw4a2atmy89vx28c8zqq5jxy64tuzrws39qd6mSeen on
wss://relay.noswhere.comPublished at
2023-06-07 15:32:45Event JSON
{
"id": "180f2b38f249bfa1a446f2dace95b589bd66d8c5ee9352cf669b61ba0cad6710",
"pubkey": "b2b39b6f2c86908d3da9f500193abd5757b21cac328f838800a48c4d557c10dd",
"created_at": 1686151965,
"kind": 1,
"tags": [
[
"e",
"363dba92d8f4092d5783f969f65b8b48c71c1f640defd43ee9addd2e46c261d8",
"",
"root"
],
[
"e",
"a4f7659e3bd626885a20c7b380681a9d9c919cb903fa7089fb0a0932a7a2ac91",
"",
"reply"
],
[
"p",
"a98400d22de8e29cab7f7ba9bd6e37741990150a7a8b46bdfbc3792119ac814c"
]
],
"content": "š
Original date posted:2015-04-27\nš Original message:-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nOn 04/27/2015 02:53 PM, Brian Deery wrote:\n\u003e 1. There will be a 1:1 relationship between a payment code owner\n\u003e and their identity. Presumably the payment code would be strongly\n\u003e and publicly tied to the identity. This makes the notification\n\u003e address strongly tied to the user. An SPV client connecting to a\n\u003e full node who has a list of notification address can tie an\n\u003e identity to a bloom filter and connecting IP.\n\nSPV clients that connect exclusively to hidden services through Tor\ncould mitigate this, especially if those clients broadcast their\ntransactions through different peers than the ones they use for\nchecking their balance.\n\nMaybe they should even go the opposite way in terms of the false\npositive rate.\n\nA client could create a filter that *only* matches their notification\naddress and use that filter with a selected peer.\n\nAll the rest of their addresses would be contained in a different\nfilter that is never sent to the same full node which is watching\ntheir notification address.\n\n\u003e 2. The client can use a bloom filter with a higher false positive\n\u003e rate. An active attacker can counter that by sending several\n\u003e payment codes to an individual user. The user would then add to\n\u003e their bloom filter all the shared addresses between them and the\n\u003e attacker. Even with a high false positive filter, always matching\n\u003e all the attacker's payment codes would strongly tie the user to the\n\u003e filter.\n\nI'm not sure this problem is solvable in general.\n\nAny entity which has sent bitcoins to a known user could use that\nknowledge to attempt to find their bloom filter (if they use one).\n\nI think that for SPV to have any privacy at all clients need to get a\nlot smarter about how they use bloom filters overall, such as by\nconnecting to more than one peer, only putting a subset of their\naddresses in a single filter, and temporally varying the addresses\nwhich they watch.\n\n\n- -- \nJustus Ranvier | Monetas \u003chttp://monetas.net/\u003e\n\u003cmailto:justus at monetas.net\u003e | Public key ID : C3F7BB2638450DB5\n | BM-2cTepVtZ6AyJAs2Y8LpcvZB8KbdaWLwKqc\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v2\n\niQIcBAEBAgAGBQJVPlu8AAoJECpf2nDq2eYj/cAP/iL9qlIkk/jz2N3mT4dIdrSn\nrQ+m7dHOSeucUhePrjdM79VzDUQWGmewdi5a1e8wCL2PCBeq/7mapEpHrvWu3xUU\ng0qtCa6CbSceW5pO1/BGnKpt298wrBIueeweR3/BPum90RrXT+T/ssQvjGvlY4Jg\nADFeH4axalmCkc87OsJhsEbAAbP9i/u96rItV9ECpOET9pRxp4PzNT/7nz/x5n+q\nLm/vuWy1yoWLUjXiAmXWJVzPs8+Pzf1liy3SEzkam156kUwTj/CqjI/uhf7heSx2\nFYSswBc/R1fga7eu++Bm449KUTmyTnnEIT4109A1w18fidY2Dg6PpKYp5CGug96t\naHit1hqLfc8HpNUVWLrBrHsC7riy+QGta4Ie7fAl9SvFcNturkXBFxZLO8f34WMb\nHFuWkcCAgZcS3hb1ShmyodMjnOWvHQo/dXAoUc+zI8yuiH9wAD6T4LOTkSwCjvvv\n9y4Ia4Mr6v6oHQpUM8ddCMU4AyAYvZXFb68SsnWMZCCio3Ff9wqp2d690oSq36G7\njdjmxot7LrPMnJjNKwTl2jndDTB9Huh9sjWyE9gGBkkIib1purOYtucDsY3h6z7i\n5ppG1KTph+xaOLMEvyJZyDNvPhrQGk1ll1kMoD2k7P/5OGV7QwQ0IxpoAqZ1uxJG\n44rCXd7P+2R+Bza9qHSH\n=d2l3\n-----END PGP SIGNATURE-----\n-------------- next part --------------\nA non-text attachment was scrubbed...\nName: 0xEAD9E623.asc\nType: application/pgp-keys\nSize: 18399 bytes\nDesc: not available\nURL: \u003chttp://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20150427/5ec2884a/attachment.bin\u003e",
"sig": "2f738627197a58e4ff19188bf016a9bc07aca9ebb80b71b94a5d050d5dbabb8141299d86bcb96b69711c8f9098deaf213392da3823c75ea0c44322975962f7d7"
}