Thomas Voegtlin [ARCHIVE] on Nostr: š
Original date posted:2015-07-22 š Original message:Hello, Although Electrum ...
š
Original date posted:2015-07-22
š Original message:Hello,
Although Electrum clients connect to several servers in order to fetch
block headers, they typically request address balances and address
histories from a single server. This means that the chosen server knows
that a given set of addresses belong to the same wallet. That is true
even if Electrum is used over TOR.
There have been various proposals to improve on that, but none of them
really convinced me so far. One recurrent proposal has been to create
subsets of wallet addresses, and to send them to separate servers. In my
opinion, this does not really improve anonymity, because it requires
trusting more servers.
Here is an idea, inspired by TOR, on which I would like to have some
feedback: We create an anonymous routing layer between Electrum servers
and clients.
* Each server S publishes a RSA public key, KS
* Each client receives a list of available servers and their pubkeys
* For each wallet address, addr_i, a client chooses a server S_i, and a
RSA keypair (K_addr_i, k_addr_i)
* The client creates a list of encrypted requests. Each request contains
addr_i and K_addr_i, and is encrypted with the pubkey KS_i of S_i
* The client chooses a main server M, and sends the list of encrypted
requests to M
* M dispatches the client's requests to the corresponding servers S_i
(without the client's IP address.)
* Each server decrypts the requests it receives, performs the request,
and encrypts the result with K_addr_i
* M receives encrypted responses, and forwards them to the client.
* The client decrypts the encrypted response with k_addr_i
What do you think? What are the costs and benefits of such an approach?
(Note: this will not work if all servers, or a large fraction of them,
are controlled by the same entity that controls M)
Thomas
Published at
2023-06-07 15:42:43Event JSON
{
"id": "cf5af89d8c9a6c09a93a08af452bc9528f67cd73d0643a9d0551608a48b87dae",
"pubkey": "7a4ba40070e54012212867182c66beef592603fe7c7284b72ffaafce9da20c05",
"created_at": 1686152563,
"kind": 1,
"tags": [
[
"e",
"118b9de54e189b18402c92d943ea538ff30d5f541b4aeaba9bb62ae15123b652",
"",
"reply"
],
[
"p",
"a23dbf6c6cc83e14cc3df4e56cc71845f611908084cfe620e83e40c06ccdd3d0"
]
],
"content": "š
Original date posted:2015-07-22\nš Original message:Hello,\n\nAlthough Electrum clients connect to several servers in order to fetch\nblock headers, they typically request address balances and address\nhistories from a single server. This means that the chosen server knows\nthat a given set of addresses belong to the same wallet. That is true\neven if Electrum is used over TOR.\n\nThere have been various proposals to improve on that, but none of them\nreally convinced me so far. One recurrent proposal has been to create\nsubsets of wallet addresses, and to send them to separate servers. In my\nopinion, this does not really improve anonymity, because it requires\ntrusting more servers.\n\nHere is an idea, inspired by TOR, on which I would like to have some\nfeedback: We create an anonymous routing layer between Electrum servers\nand clients.\n\n* Each server S publishes a RSA public key, KS\n* Each client receives a list of available servers and their pubkeys\n* For each wallet address, addr_i, a client chooses a server S_i, and a\nRSA keypair (K_addr_i, k_addr_i)\n* The client creates a list of encrypted requests. Each request contains\naddr_i and K_addr_i, and is encrypted with the pubkey KS_i of S_i\n* The client chooses a main server M, and sends the list of encrypted\nrequests to M\n* M dispatches the client's requests to the corresponding servers S_i\n(without the client's IP address.)\n* Each server decrypts the requests it receives, performs the request,\nand encrypts the result with K_addr_i\n* M receives encrypted responses, and forwards them to the client.\n* The client decrypts the encrypted response with k_addr_i\n\nWhat do you think? What are the costs and benefits of such an approach?\n\n(Note: this will not work if all servers, or a large fraction of them,\nare controlled by the same entity that controls M)\n\n\nThomas",
"sig": "28f61f3d2f1b2d6d70b4497d6d8c801e521397b6f9d8802c60272c8638d80d5d29a5811ec6ce87f9e4d0cc51f37b8ab804da2034160d64e4292583d57ebd4090"
}