public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
* [bitcoin-dev] Revisiting NODE_BLOOM: Proposed BIP
@ 2015-08-21  4:46 Matt Corallo
  2015-08-21  5:38 ` Peter Todd
                   ` (2 more replies)
  0 siblings, 3 replies; 30+ messages in thread
From: Matt Corallo @ 2015-08-21  4:46 UTC (permalink / raw)
  To: bitcoin-dev

Peter: Since I stole most of this text from your old BIP, should I leave
you as an author?

BIP: ?
Title: NODE_BLOOM service bit
Author: Matt Corallo <bip@bluematt•me>, Peter Todd <pete@petertodd•org>
Type: Standards Track (draft)
Created: 20-08-2015

Abstract
========

This BIP extends BIP 37, Connection Bloom filtering, by defining a
service bit to allow peers to advertise that they support bloom filters
explicitly. It also bumps the protocol version to allow peers to
identify old nodes which allow bloom filtering of the connection despite
lacking the new service bit.


Motivation
==========

BIP 37 did not specify a service bit for the bloom filter service, thus
implicitly assuming that all nodes that serve peers data support it.
However, the connection filtering algorithm proposed in BIP 37, and
implemented in several clients today, has been shown to provide little
to no privacy, as well as being a large DoS risk on some nodes. Thus,
allowing node operators to disable connection bloom filtering is a
much-needed feature.


Specification
=============

The following protocol bit is added:

    NODE_BLOOM = (1 << 2)

Nodes which support bloom filters should set that protocol bit.
Otherwise it should remain unset. In addition the protocol version is
increased from 70002 to 70011 in the reference implementation. It is
often the case that nodes which have a protocol version smaller than
70011, but larger than 70000 support bloom filtered connections without
the NODE_BLOOM bit set, however clients which require bloom filtered
connections should avoid making this assumption.

NODE_BLOOM is distinct from NODE_NETWORK, and it is legal to advertise
NODE_BLOOM but not NODE_NETWORK (eg for nodes running in pruned mode
which, nonetheless, provide filtered access to the data which they do have).

If a node does not support bloom filters but receives a "filterload",
"filteradd", or "filterclear" message from a peer the node should
disconnect that peer immediately. For backwards compatibility, in
initial implementations, nodes may choose to only disconnect nodes which
have the new protocol version set and attempt to send a filter command.

While outside the scope of this BIP it is suggested that DNS seeds and
other peer discovery mechanisms support the ability to specify the
services required; current implementations simply check only that
NODE_NETWORK is set.


Design rational
===============

A service bit was chosen as applying a bloom filter is a service.

The increase in protocol version is for backwards compatibility. In
initial implementations, old nodes which are not yet aware of NODE_BLOOM
and use a protocol version < 70011 may still send filter* messages to a
node without NODE_BLOOM. This feature may be removed after there are
sufficient NODE_BLOOM nodes available and SPV clients have upgraded,
allowing node operators to fully close the bloom-related DoS vectors.


Reference Implementation
========================

https://github.com/bitcoin/bitcoin/pull/6579


Copyright
=========

This document is placed in the public domain.


^ permalink raw reply	[flat|nested] 30+ messages in thread

* Re: [bitcoin-dev] Revisiting NODE_BLOOM: Proposed BIP
  2015-08-21  4:46 [bitcoin-dev] Revisiting NODE_BLOOM: Proposed BIP Matt Corallo
@ 2015-08-21  5:38 ` Peter Todd
  2015-08-21  5:42   ` Peter Todd
  2015-08-21  5:48 ` Jeff Garzik
  2015-08-24 15:29 ` Wladimir J. van der Laan
  2 siblings, 1 reply; 30+ messages in thread
From: Peter Todd @ 2015-08-21  5:38 UTC (permalink / raw)
  To: Matt Corallo; +Cc: bitcoin-dev

[-- Attachment #1: Type: text/plain, Size: 3657 bytes --]

On Fri, Aug 21, 2015 at 04:46:17AM +0000, Matt Corallo wrote:
> Peter: Since I stole most of this text from your old BIP, should I leave
> you as an author?

That's fine by me.

> BIP: ?
> Title: NODE_BLOOM service bit
> Author: Matt Corallo <bip@bluematt•me>, Peter Todd <pete@petertodd•org>
> Type: Standards Track (draft)
> Created: 20-08-2015
> 
> Abstract
> ========
> 
> This BIP extends BIP 37, Connection Bloom filtering, by defining a
> service bit to allow peers to advertise that they support bloom filters
> explicitly. It also bumps the protocol version to allow peers to
> identify old nodes which allow bloom filtering of the connection despite
> lacking the new service bit.
> 
> 
> Motivation
> ==========
> 
> BIP 37 did not specify a service bit for the bloom filter service, thus
> implicitly assuming that all nodes that serve peers data support it.
> However, the connection filtering algorithm proposed in BIP 37, and
> implemented in several clients today, has been shown to provide little
> to no privacy, as well as being a large DoS risk on some nodes. Thus,
> allowing node operators to disable connection bloom filtering is a
> much-needed feature.

I'd reference that paper on bloom filters re: the "little to no privacy"
issue. There's also a post in the bitcoinj mailing list somewhere IIRC
talking about the default settings, and how they don't provide any
privacy.

> Specification
> =============
> 
> The following protocol bit is added:
> 
>     NODE_BLOOM = (1 << 2)
> 
> Nodes which support bloom filters should set that protocol bit.
> Otherwise it should remain unset. In addition the protocol version is
> increased from 70002 to 70011 in the reference implementation. It is
> often the case that nodes which have a protocol version smaller than
> 70011, but larger than 70000 support bloom filtered connections without
> the NODE_BLOOM bit set, however clients which require bloom filtered
> connections should avoid making this assumption.
> 
> NODE_BLOOM is distinct from NODE_NETWORK, and it is legal to advertise
> NODE_BLOOM but not NODE_NETWORK (eg for nodes running in pruned mode
> which, nonetheless, provide filtered access to the data which they do have).
> 
> If a node does not support bloom filters but receives a "filterload",
> "filteradd", or "filterclear" message from a peer the node should
> disconnect that peer immediately. For backwards compatibility, in
> initial implementations, nodes may choose to only disconnect nodes which
> have the new protocol version set and attempt to send a filter command.
> 
> While outside the scope of this BIP it is suggested that DNS seeds and
> other peer discovery mechanisms support the ability to specify the
> services required; current implementations simply check only that
> NODE_NETWORK is set.

Good to note Mike Hearn's Cartography seed protocol here.

> Design rational
> ===============
> 
> A service bit was chosen as applying a bloom filter is a service.
> 
> The increase in protocol version is for backwards compatibility. In
> initial implementations, old nodes which are not yet aware of NODE_BLOOM
> and use a protocol version < 70011 may still send filter* messages to a
> node without NODE_BLOOM. This feature may be removed after there are
> sufficient NODE_BLOOM nodes available and SPV clients have upgraded,
> allowing node operators to fully close the bloom-related DoS vectors.

Ah good! That solves the backwards compatibility quite nicely.

-- 
'peter'[:-1]@petertodd.org
00000000000000000402fe6fb9ad613c93e12bddfc6ec02a2bd92f002050594d

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 650 bytes --]

^ permalink raw reply	[flat|nested] 30+ messages in thread

* Re: [bitcoin-dev] Revisiting NODE_BLOOM: Proposed BIP
  2015-08-21  5:38 ` Peter Todd
@ 2015-08-21  5:42   ` Peter Todd
  2015-08-21 17:55     ` Matt Corallo
  0 siblings, 1 reply; 30+ messages in thread
From: Peter Todd @ 2015-08-21  5:42 UTC (permalink / raw)
  To: Matt Corallo, bitcoin-dev

[-- Attachment #1: Type: text/plain, Size: 1338 bytes --]

On Thu, Aug 20, 2015 at 10:38:19PM -0700, Peter Todd via bitcoin-dev wrote:
> > Motivation
> > ==========
> > 
> > BIP 37 did not specify a service bit for the bloom filter service, thus
> > implicitly assuming that all nodes that serve peers data support it.
> > However, the connection filtering algorithm proposed in BIP 37, and
> > implemented in several clients today, has been shown to provide little
> > to no privacy, as well as being a large DoS risk on some nodes. Thus,
> > allowing node operators to disable connection bloom filtering is a
> > much-needed feature.
> 
> I'd reference that paper on bloom filters re: the "little to no privacy"
> issue. There's also a post in the bitcoinj mailing list somewhere IIRC
> talking about the default settings, and how they don't provide any
> privacy.

Oh, and we should also point out that Bloom filters have scaling issues,
as each application of the filter has to scan the whole blockchain -
with future blocksize increases these issues increase, in some proposals
quite dramatically. The underlying idea also conflicts with some
proposals to "shard" the blockchain, again suggesting that we need a bit
to handle future upgrades to more scalable designs.

-- 
'peter'[:-1]@petertodd.org
00000000000000000402fe6fb9ad613c93e12bddfc6ec02a2bd92f002050594d

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 650 bytes --]

^ permalink raw reply	[flat|nested] 30+ messages in thread

* Re: [bitcoin-dev] Revisiting NODE_BLOOM: Proposed BIP
  2015-08-21  4:46 [bitcoin-dev] Revisiting NODE_BLOOM: Proposed BIP Matt Corallo
  2015-08-21  5:38 ` Peter Todd
@ 2015-08-21  5:48 ` Jeff Garzik
  2015-08-21  5:55   ` Peter Todd
  2015-08-21 17:53   ` Matt Corallo
  2015-08-24 15:29 ` Wladimir J. van der Laan
  2 siblings, 2 replies; 30+ messages in thread
From: Jeff Garzik @ 2015-08-21  5:48 UTC (permalink / raw)
  To: Matt Corallo; +Cc: Bitcoin development mailing list

[-- Attachment #1: Type: text/plain, Size: 3610 bytes --]

If this is widely deployed + enabled, what is the impact to current wallets
in use?


On Fri, Aug 21, 2015 at 12:46 AM, Matt Corallo via bitcoin-dev <
bitcoin-dev@lists•linuxfoundation.org> wrote:

> Peter: Since I stole most of this text from your old BIP, should I leave
> you as an author?
>
> BIP: ?
> Title: NODE_BLOOM service bit
> Author: Matt Corallo <bip@bluematt•me>, Peter Todd <pete@petertodd•org>
> Type: Standards Track (draft)
> Created: 20-08-2015
>
> Abstract
> ========
>
> This BIP extends BIP 37, Connection Bloom filtering, by defining a
> service bit to allow peers to advertise that they support bloom filters
> explicitly. It also bumps the protocol version to allow peers to
> identify old nodes which allow bloom filtering of the connection despite
> lacking the new service bit.
>
>
> Motivation
> ==========
>
> BIP 37 did not specify a service bit for the bloom filter service, thus
> implicitly assuming that all nodes that serve peers data support it.
> However, the connection filtering algorithm proposed in BIP 37, and
> implemented in several clients today, has been shown to provide little
> to no privacy, as well as being a large DoS risk on some nodes. Thus,
> allowing node operators to disable connection bloom filtering is a
> much-needed feature.
>
>
> Specification
> =============
>
> The following protocol bit is added:
>
>     NODE_BLOOM = (1 << 2)
>
> Nodes which support bloom filters should set that protocol bit.
> Otherwise it should remain unset. In addition the protocol version is
> increased from 70002 to 70011 in the reference implementation. It is
> often the case that nodes which have a protocol version smaller than
> 70011, but larger than 70000 support bloom filtered connections without
> the NODE_BLOOM bit set, however clients which require bloom filtered
> connections should avoid making this assumption.
>
> NODE_BLOOM is distinct from NODE_NETWORK, and it is legal to advertise
> NODE_BLOOM but not NODE_NETWORK (eg for nodes running in pruned mode
> which, nonetheless, provide filtered access to the data which they do
> have).
>
> If a node does not support bloom filters but receives a "filterload",
> "filteradd", or "filterclear" message from a peer the node should
> disconnect that peer immediately. For backwards compatibility, in
> initial implementations, nodes may choose to only disconnect nodes which
> have the new protocol version set and attempt to send a filter command.
>
> While outside the scope of this BIP it is suggested that DNS seeds and
> other peer discovery mechanisms support the ability to specify the
> services required; current implementations simply check only that
> NODE_NETWORK is set.
>
>
> Design rational
> ===============
>
> A service bit was chosen as applying a bloom filter is a service.
>
> The increase in protocol version is for backwards compatibility. In
> initial implementations, old nodes which are not yet aware of NODE_BLOOM
> and use a protocol version < 70011 may still send filter* messages to a
> node without NODE_BLOOM. This feature may be removed after there are
> sufficient NODE_BLOOM nodes available and SPV clients have upgraded,
> allowing node operators to fully close the bloom-related DoS vectors.
>
>
> Reference Implementation
> ========================
>
> https://github.com/bitcoin/bitcoin/pull/6579
>
>
> Copyright
> =========
>
> This document is placed in the public domain.
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists•linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>

[-- Attachment #2: Type: text/html, Size: 4613 bytes --]

^ permalink raw reply	[flat|nested] 30+ messages in thread

* Re: [bitcoin-dev] Revisiting NODE_BLOOM: Proposed BIP
  2015-08-21  5:48 ` Jeff Garzik
@ 2015-08-21  5:55   ` Peter Todd
  2015-08-21  6:01     ` Jeff Garzik
  2015-08-21  8:31     ` Andreas Schildbach
  2015-08-21 17:53   ` Matt Corallo
  1 sibling, 2 replies; 30+ messages in thread
From: Peter Todd @ 2015-08-21  5:55 UTC (permalink / raw)
  To: Jeff Garzik; +Cc: Bitcoin development mailing list

[-- Attachment #1: Type: text/plain, Size: 2309 bytes --]

On Fri, Aug 21, 2015 at 01:48:23AM -0400, Jeff Garzik via bitcoin-dev wrote:
> If this is widely deployed + enabled, what is the impact to current wallets
> in use?

See my comment on the recently-opened issue, reproduced below. In short,
not all that much, especially if we adopt my suggestion of having the
Core implementation accept and respond to bloom filter requests from
non-upgraded clients regardless of whether or not NODE_BLOOM was set
until some fixed upgrade deadline in the future.


    Note that since the last time NODE_BLOOM was proposed, the landcape for
    (lite-)SPV clients has changed significantly in a few key ways:

    1) @mikehearn's [Cartographer](https://github.com/mikehearn/httpseed)
    seed protocol has been created and deployed in production to allow
    (lite-)SPV clients to find nodes supporting arbitrary service bits,
    notable NODE_GETUTXOs.

    2) Bloom filter usage has declined significantly, as lite-SPV clients
    are moving towards using centralized, trusted, servers run by the wallet
    authors. For instance
    [Mycelium](https://github.com/mycelium-com/wallet),
    [GreenBits](https://github.com/greenaddress/GreenBits),
    [AirBitz](https://www.reddit.com/r/Bitcoin/comments/3etohn/whats_wrong_with_breadwallet/ctirou5),
    and [Electrum](https://electrum.org/#home) all fall in this category.

    3) Bloom filters [have been found](http://eprint.iacr.org/2014/763) to
    have severe privacy issues, offering essentially no privacy at all.
    Under many threat models a small number of trusted servers pose less
    privacy security risk than connecting to random, sybil-attackable, peers
    using unencrypted connections and giving those peers very accurate
    wallet contents information.

    4) Finally, Bloom filters still have [unsolved DoS attack
    issues](https://www.reddit.com/r/Bitcoin/comments/3hjak7/the_hard_work_of_core_devs_not_xt_makes_bitcoin/cu9xntf?context=3),
    that will get significantly worse under upcoming blocksize increase
    proposals.

    Re: service bit identifier, I'd just pick 1<<3

    -https://github.com/bitcoin/bitcoin/issues/6578#issuecomment-133226943

-- 
'peter'[:-1]@petertodd.org
00000000000000000402fe6fb9ad613c93e12bddfc6ec02a2bd92f002050594d

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 650 bytes --]

^ permalink raw reply	[flat|nested] 30+ messages in thread

* Re: [bitcoin-dev] Revisiting NODE_BLOOM: Proposed BIP
  2015-08-21  5:55   ` Peter Todd
@ 2015-08-21  6:01     ` Jeff Garzik
  2015-08-21  6:07       ` Peter Todd
  2015-08-21  8:31     ` Andreas Schildbach
  1 sibling, 1 reply; 30+ messages in thread
From: Jeff Garzik @ 2015-08-21  6:01 UTC (permalink / raw)
  To: Peter Todd; +Cc: Bitcoin development mailing list

[-- Attachment #1: Type: text/plain, Size: 2608 bytes --]

I don't see any link to data backing up "Bloom filter usage has declined
significantly"

Is there actual data showing this feature's use is declining or
non-existent?


On Fri, Aug 21, 2015 at 1:55 AM, Peter Todd <pete@petertodd•org> wrote:

> On Fri, Aug 21, 2015 at 01:48:23AM -0400, Jeff Garzik via bitcoin-dev
> wrote:
> > If this is widely deployed + enabled, what is the impact to current
> wallets
> > in use?
>
> See my comment on the recently-opened issue, reproduced below. In short,
> not all that much, especially if we adopt my suggestion of having the
> Core implementation accept and respond to bloom filter requests from
> non-upgraded clients regardless of whether or not NODE_BLOOM was set
> until some fixed upgrade deadline in the future.
>
>
>     Note that since the last time NODE_BLOOM was proposed, the landcape for
>     (lite-)SPV clients has changed significantly in a few key ways:
>
>     1) @mikehearn's [Cartographer](https://github.com/mikehearn/httpseed)
>     seed protocol has been created and deployed in production to allow
>     (lite-)SPV clients to find nodes supporting arbitrary service bits,
>     notable NODE_GETUTXOs.
>
>     2) Bloom filter usage has declined significantly, as lite-SPV clients
>     are moving towards using centralized, trusted, servers run by the
> wallet
>     authors. For instance
>     [Mycelium](https://github.com/mycelium-com/wallet),
>     [GreenBits](https://github.com/greenaddress/GreenBits),
>     [AirBitz](
> https://www.reddit.com/r/Bitcoin/comments/3etohn/whats_wrong_with_breadwallet/ctirou5
> ),
>     and [Electrum](https://electrum.org/#home) all fall in this category.
>
>     3) Bloom filters [have been found](http://eprint.iacr.org/2014/763) to
>     have severe privacy issues, offering essentially no privacy at all.
>     Under many threat models a small number of trusted servers pose less
>     privacy security risk than connecting to random, sybil-attackable,
> peers
>     using unencrypted connections and giving those peers very accurate
>     wallet contents information.
>
>     4) Finally, Bloom filters still have [unsolved DoS attack
>     issues](
> https://www.reddit.com/r/Bitcoin/comments/3hjak7/the_hard_work_of_core_devs_not_xt_makes_bitcoin/cu9xntf?context=3
> ),
>     that will get significantly worse under upcoming blocksize increase
>     proposals.
>
>     Re: service bit identifier, I'd just pick 1<<3
>
>     -https://github.com/bitcoin/bitcoin/issues/6578#issuecomment-133226943
>
> --
> 'peter'[:-1]@petertodd.org
> 00000000000000000402fe6fb9ad613c93e12bddfc6ec02a2bd92f002050594d
>

[-- Attachment #2: Type: text/html, Size: 4160 bytes --]

^ permalink raw reply	[flat|nested] 30+ messages in thread

* Re: [bitcoin-dev] Revisiting NODE_BLOOM: Proposed BIP
  2015-08-21  6:01     ` Jeff Garzik
@ 2015-08-21  6:07       ` Peter Todd
  2015-08-21 22:15         ` Chris Pacia
  2015-08-21 23:08         ` Tom Harding
  0 siblings, 2 replies; 30+ messages in thread
From: Peter Todd @ 2015-08-21  6:07 UTC (permalink / raw)
  To: Jeff Garzik; +Cc: Bitcoin development mailing list

[-- Attachment #1: Type: text/plain, Size: 1037 bytes --]

On Fri, Aug 21, 2015 at 02:01:06AM -0400, Jeff Garzik wrote:
> I don't see any link to data backing up "Bloom filter usage has declined
> significantly"
> 
> Is there actual data showing this feature's use is declining or
> non-existent?

I run a number of high speed nodes and while I don't have historical
logs handy over time, I've noticed a drop from about %5-%10 SPV clients
at any one time to closer to %1 (Matt: you have a few TB of logs saved
don't you?)

Also, as I mentioned, just look at the popularity of wallets such as
Mycelium that are not adopting bloom filters, but going with SPV
verification of block headers w/ lookup servers.

Anyway, look at the analogous implementation of NODE_GETUTXO's, which
helpfully has provided the infrastructure for wallets that need bloom
filters to find appropriate nodes to connect too - we certainely aren't
seeing any shortages of nodes for those wallets to use.

-- 
'peter'[:-1]@petertodd.org
00000000000000000402fe6fb9ad613c93e12bddfc6ec02a2bd92f002050594d

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 650 bytes --]

^ permalink raw reply	[flat|nested] 30+ messages in thread

* Re: [bitcoin-dev] Revisiting NODE_BLOOM: Proposed BIP
  2015-08-21  5:55   ` Peter Todd
  2015-08-21  6:01     ` Jeff Garzik
@ 2015-08-21  8:31     ` Andreas Schildbach
  1 sibling, 0 replies; 30+ messages in thread
From: Andreas Schildbach @ 2015-08-21  8:31 UTC (permalink / raw)
  To: bitcoin-dev

On 08/21/2015 07:55 AM, Peter Todd via bitcoin-dev wrote:

>     2) Bloom filter usage has declined significantly, as lite-SPV clients
>     are moving towards using centralized, trusted, servers run by the wallet
>     authors. For instance
>     [Mycelium](https://github.com/mycelium-com/wallet),
>     [GreenBits](https://github.com/greenaddress/GreenBits),
>     [AirBitz](https://www.reddit.com/r/Bitcoin/comments/3etohn/whats_wrong_with_breadwallet/ctirou5),
>     and [Electrum](https://electrum.org/#home) all fall in this category.

None of these wallets (except Electrum maybe) could gain a significant
amount of new users during the last year or so, if you look at the stats
of Google Play.

Specifically Mycelium lost a significant amount of users during the last
stress test when their centralized infrastructure was overloaded. As a
consenquence, their developer announced on Reddit to try moving the
wallet to SPV.

https://www.reddit.com/r/Bitcoin/comments/3db7qr/mycelium_servers_down/



^ permalink raw reply	[flat|nested] 30+ messages in thread

* Re: [bitcoin-dev] Revisiting NODE_BLOOM: Proposed BIP
  2015-08-21  5:48 ` Jeff Garzik
  2015-08-21  5:55   ` Peter Todd
@ 2015-08-21 17:53   ` Matt Corallo
  1 sibling, 0 replies; 30+ messages in thread
From: Matt Corallo @ 2015-08-21 17:53 UTC (permalink / raw)
  To: Jeff Garzik; +Cc: Bitcoin development mailing list

The proposal will not break any existing clients in the first release.
After sufficient time to upgrade SPV clients, a new version will be
released which will result in older SPV clients finding themselves
disconnected from peers when they send filter* commands, so they can go
find other peers which do support bloom filtering.

On 08/21/15 05:48, Jeff Garzik wrote:
> If this is widely deployed + enabled, what is the impact to current
> wallets in use?
> 
> 
> On Fri, Aug 21, 2015 at 12:46 AM, Matt Corallo via bitcoin-dev
> <bitcoin-dev@lists•linuxfoundation.org
> <mailto:bitcoin-dev@lists•linuxfoundation.org>> wrote:
> 
>     Peter: Since I stole most of this text from your old BIP, should I leave
>     you as an author?
> 
>     BIP: ?
>     Title: NODE_BLOOM service bit
>     Author: Matt Corallo <bip@bluematt•me <mailto:bip@bluematt•me>>,
>     Peter Todd <pete@petertodd•org <mailto:pete@petertodd•org>>
>     Type: Standards Track (draft)
>     Created: 20-08-2015
> 
>     Abstract
>     ========
> 
>     This BIP extends BIP 37, Connection Bloom filtering, by defining a
>     service bit to allow peers to advertise that they support bloom filters
>     explicitly. It also bumps the protocol version to allow peers to
>     identify old nodes which allow bloom filtering of the connection despite
>     lacking the new service bit.
> 
> 
>     Motivation
>     ==========
> 
>     BIP 37 did not specify a service bit for the bloom filter service, thus
>     implicitly assuming that all nodes that serve peers data support it.
>     However, the connection filtering algorithm proposed in BIP 37, and
>     implemented in several clients today, has been shown to provide little
>     to no privacy, as well as being a large DoS risk on some nodes. Thus,
>     allowing node operators to disable connection bloom filtering is a
>     much-needed feature.
> 
> 
>     Specification
>     =============
> 
>     The following protocol bit is added:
> 
>         NODE_BLOOM = (1 << 2)
> 
>     Nodes which support bloom filters should set that protocol bit.
>     Otherwise it should remain unset. In addition the protocol version is
>     increased from 70002 to 70011 in the reference implementation. It is
>     often the case that nodes which have a protocol version smaller than
>     70011, but larger than 70000 support bloom filtered connections without
>     the NODE_BLOOM bit set, however clients which require bloom filtered
>     connections should avoid making this assumption.
> 
>     NODE_BLOOM is distinct from NODE_NETWORK, and it is legal to advertise
>     NODE_BLOOM but not NODE_NETWORK (eg for nodes running in pruned mode
>     which, nonetheless, provide filtered access to the data which they
>     do have).
> 
>     If a node does not support bloom filters but receives a "filterload",
>     "filteradd", or "filterclear" message from a peer the node should
>     disconnect that peer immediately. For backwards compatibility, in
>     initial implementations, nodes may choose to only disconnect nodes which
>     have the new protocol version set and attempt to send a filter command.
> 
>     While outside the scope of this BIP it is suggested that DNS seeds and
>     other peer discovery mechanisms support the ability to specify the
>     services required; current implementations simply check only that
>     NODE_NETWORK is set.
> 
> 
>     Design rational
>     ===============
> 
>     A service bit was chosen as applying a bloom filter is a service.
> 
>     The increase in protocol version is for backwards compatibility. In
>     initial implementations, old nodes which are not yet aware of NODE_BLOOM
>     and use a protocol version < 70011 may still send filter* messages to a
>     node without NODE_BLOOM. This feature may be removed after there are
>     sufficient NODE_BLOOM nodes available and SPV clients have upgraded,
>     allowing node operators to fully close the bloom-related DoS vectors.
> 
> 
>     Reference Implementation
>     ========================
> 
>     https://github.com/bitcoin/bitcoin/pull/6579
> 
> 
>     Copyright
>     =========
> 
>     This document is placed in the public domain.
>     _______________________________________________
>     bitcoin-dev mailing list
>     bitcoin-dev@lists•linuxfoundation.org
>     <mailto:bitcoin-dev@lists•linuxfoundation.org>
>     https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
> 
> 


^ permalink raw reply	[flat|nested] 30+ messages in thread

* Re: [bitcoin-dev] Revisiting NODE_BLOOM: Proposed BIP
  2015-08-21  5:42   ` Peter Todd
@ 2015-08-21 17:55     ` Matt Corallo
  2015-08-21 22:06       ` Peter Todd
  2015-08-22  1:08       ` Matt Corallo
  0 siblings, 2 replies; 30+ messages in thread
From: Matt Corallo @ 2015-08-21 17:55 UTC (permalink / raw)
  To: Peter Todd, bitcoin-dev

Revised copy follows. re: mentioning the HTTP seeding stuff, I'm not
sure we want to encourage more people aside from bitcoinj to use
that...I thought about adding a DNS seed section to this bip, but
decided against it...still, I think we should add the option to select
service bits to DNS seeds ASAP.

Re: need to "shard" the blockchain: not sure what you're referring to
here. The bloom filter stuff requires you to download the chain
in-order, sure, but you have to do that for headers anyway, and
hopefully your total data isnt too much more than headers alone.

Anyone have the best reference for the DoS issues?

BIP: ?
Title: NODE_BLOOM service bit
Author: Matt Corallo <bip@bluematt•me>, Peter Todd <pete@petertodd•org>
Type: Standards Track (draft)
Created: 20-08-2015

Abstract
========

This BIP extends BIP 37, Connection Bloom filtering, by defining a
service bit to allow peers to advertise that they support bloom filters
explicitly. It also bumps the protocol version to allow peers to
identify old nodes which allow bloom filtering of the connection despite
lacking the new service bit.


Motivation
==========

BIP 37 did not specify a service bit for the bloom filter service, thus
implicitly assuming that all nodes that serve peers data support it.
However, the connection filtering algorithm proposed in BIP 37, and
implemented in several clients today, has been shown to provide little
to no privacy[1], as well as being a large DoS risk on some nodes[2].
Thus, allowing node operators to disable connection bloom filtering is a
much-needed feature.


Specification
=============

The following protocol bit is added:

    NODE_BLOOM = (1 << 2)

Nodes which support bloom filters should set that protocol bit.
Otherwise it should remain unset. In addition the protocol version is
increased from 70002 to 70011 in the reference implementation. It is
often the case that nodes which have a protocol version smaller than
70011, but larger than 70000 support bloom filtered connections without
the NODE_BLOOM bit set, however clients which require bloom filtered
connections should avoid making this assumption.

NODE_BLOOM is distinct from NODE_NETWORK, and it is legal to advertise
NODE_BLOOM but not NODE_NETWORK (eg for nodes running in pruned mode
which, nonetheless, provide filtered access to the data which they do have).

If a node does not support bloom filters but receives a "filterload",
"filteradd", or "filterclear" message from a peer the node should
disconnect that peer immediately. For backwards compatibility, in
initial implementations, nodes may choose to only disconnect nodes which
have the new protocol version set and attempt to send a filter command.

While outside the scope of this BIP it is suggested that DNS seeds and
other peer discovery mechanisms support the ability to specify the
services required; current implementations simply check only that
NODE_NETWORK is set.


Design rational
===============

A service bit was chosen as applying a bloom filter is a service.

The increase in protocol version is for backwards compatibility. In
initial implementations, old nodes which are not yet aware of NODE_BLOOM
and use a protocol version < 70011 may still send filter* messages to a
node without NODE_BLOOM. This feature may be removed after there are
sufficient NODE_BLOOM nodes available and SPV clients have upgraded,
allowing node operators to fully close the bloom-related DoS vectors.


Reference Implementation
========================

https://github.com/bitcoin/bitcoin/pull/6579


Copyright
=========

This document is placed in the public domain.


References
==========

[1] http://eprint.iacr.org/2014/763
[2] ???? is one example where the issues were found, though others
independently discovered issues as well. Sample DoS exploit code
available at https://github.com/petertodd/bloom-io-attack.



On 08/21/15 05:42, Peter Todd wrote:
> On Thu, Aug 20, 2015 at 10:38:19PM -0700, Peter Todd via bitcoin-dev wrote:
>>> Motivation
>>> ==========
>>>
>>> BIP 37 did not specify a service bit for the bloom filter service, thus
>>> implicitly assuming that all nodes that serve peers data support it.
>>> However, the connection filtering algorithm proposed in BIP 37, and
>>> implemented in several clients today, has been shown to provide little
>>> to no privacy, as well as being a large DoS risk on some nodes. Thus,
>>> allowing node operators to disable connection bloom filtering is a
>>> much-needed feature.
>>
>> I'd reference that paper on bloom filters re: the "little to no privacy"
>> issue. There's also a post in the bitcoinj mailing list somewhere IIRC
>> talking about the default settings, and how they don't provide any
>> privacy.
> 
> Oh, and we should also point out that Bloom filters have scaling issues,
> as each application of the filter has to scan the whole blockchain -
> with future blocksize increases these issues increase, in some proposals
> quite dramatically. The underlying idea also conflicts with some
> proposals to "shard" the blockchain, again suggesting that we need a bit
> to handle future upgrades to more scalable designs.
> 


^ permalink raw reply	[flat|nested] 30+ messages in thread

* Re: [bitcoin-dev] Revisiting NODE_BLOOM: Proposed BIP
  2015-08-21 17:55     ` Matt Corallo
@ 2015-08-21 22:06       ` Peter Todd
  2015-08-22  1:08         ` Matt Corallo
  2015-08-24 15:19         ` Tom Harding
  2015-08-22  1:08       ` Matt Corallo
  1 sibling, 2 replies; 30+ messages in thread
From: Peter Todd @ 2015-08-21 22:06 UTC (permalink / raw)
  To: Matt Corallo; +Cc: bitcoin-dev, Mike Hearn

[-- Attachment #1: Type: text/plain, Size: 6125 bytes --]

On Fri, Aug 21, 2015 at 05:55:58PM +0000, Matt Corallo wrote:
> Revised copy follows. re: mentioning the HTTP seeding stuff, I'm not
> sure we want to encourage more people aside from bitcoinj to use
> that...I thought about adding a DNS seed section to this bip, but
> decided against it...still, I think we should add the option to select
> service bits to DNS seeds ASAP.

Well, in general relying on seeds every time you start your node is a
really bad idea; doing so much be carefully weighed against the
downsides and should be used only as a last resort. Nodes should be
doing caching and proper gossip protocol participation whenever
possible. (note how bitcoinj nodes *do* rely on centralized servers,
implemented with an unauthenticated, unencrypted, protocol - the worst
of all possible solutions with many possible MITM vectors and privacy
security holes)

To that end, I'd be inclined to leave the DNS seed protocol as it is and
let others solve the centralized server use-case, for which Cartographer
isn't all that bad of a load balancing mechanism. Also as gmaxwell noted
on IRC, adding flag bits does have privacy implications.

> Re: need to "shard" the blockchain: not sure what you're referring to
> here. The bloom filter stuff requires you to download the chain
> in-order, sure, but you have to do that for headers anyway, and
> hopefully your total data isnt too much more than headers alone.

Any protocol change that would split blocks themselves into multiples.
Not an easy problem to solve, but given the inherent O(n^2) scaling of
global consensus blockchains, it's the only kind of solution that could
in the future make the blockchain itself have reasonable scalability.

> Anyone have the best reference for the DoS issues?

Well actually, we can reference the DoS attacks that Bitcoin XT nodes
are undergoing right now - part of the attack is repeated Bloom filter
requests to soak up disk IO bandwidth. I've CC'd Gavin and Mike - as far
as I know they haven't published details of those attacks - a write-up
would be very helpful.

While so far those are being directed only at XT nodes, obviously this
is a potential issue for Core nodes as well. Like I mentioned last time
around, it's critical that miners aren't affected by these attacks -
nodes simply serving SPV wallet clients are much less latency sensitive,
so a good DoS attack mitigation strategy would be to have the two
classes of nodes out there "in the wild"

> BIP: ?
> Title: NODE_BLOOM service bit
> Author: Matt Corallo <bip@bluematt•me>, Peter Todd <pete@petertodd•org>
> Type: Standards Track (draft)
> Created: 20-08-2015
> 
> Abstract
> ========
> 
> This BIP extends BIP 37, Connection Bloom filtering, by defining a
> service bit to allow peers to advertise that they support bloom filters
> explicitly. It also bumps the protocol version to allow peers to
> identify old nodes which allow bloom filtering of the connection despite
> lacking the new service bit.
> 
> 
> Motivation
> ==========
> 
> BIP 37 did not specify a service bit for the bloom filter service, thus
> implicitly assuming that all nodes that serve peers data support it.
> However, the connection filtering algorithm proposed in BIP 37, and
> implemented in several clients today, has been shown to provide little
> to no privacy[1], as well as being a large DoS risk on some nodes[2].
> Thus, allowing node operators to disable connection bloom filtering is a
> much-needed feature.
> 
> 
> Specification
> =============
> 
> The following protocol bit is added:
> 
>     NODE_BLOOM = (1 << 2)
> 
> Nodes which support bloom filters should set that protocol bit.
> Otherwise it should remain unset. In addition the protocol version is
> increased from 70002 to 70011 in the reference implementation. It is
> often the case that nodes which have a protocol version smaller than
> 70011, but larger than 70000 support bloom filtered connections without
> the NODE_BLOOM bit set, however clients which require bloom filtered
> connections should avoid making this assumption.
> 
> NODE_BLOOM is distinct from NODE_NETWORK, and it is legal to advertise
> NODE_BLOOM but not NODE_NETWORK (eg for nodes running in pruned mode
> which, nonetheless, provide filtered access to the data which they do have).
> 
> If a node does not support bloom filters but receives a "filterload",
> "filteradd", or "filterclear" message from a peer the node should
> disconnect that peer immediately. For backwards compatibility, in
> initial implementations, nodes may choose to only disconnect nodes which
> have the new protocol version set and attempt to send a filter command.
> 
> While outside the scope of this BIP it is suggested that DNS seeds and
> other peer discovery mechanisms support the ability to specify the
> services required; current implementations simply check only that
> NODE_NETWORK is set.
> 
> 
> Design rational
> ===============
> 
> A service bit was chosen as applying a bloom filter is a service.
> 
> The increase in protocol version is for backwards compatibility. In
> initial implementations, old nodes which are not yet aware of NODE_BLOOM
> and use a protocol version < 70011 may still send filter* messages to a
> node without NODE_BLOOM. This feature may be removed after there are
> sufficient NODE_BLOOM nodes available and SPV clients have upgraded,
> allowing node operators to fully close the bloom-related DoS vectors.
> 
> 
> Reference Implementation
> ========================
> 
> https://github.com/bitcoin/bitcoin/pull/6579
> 
> 
> Copyright
> =========
> 
> This document is placed in the public domain.
> 
> 
> References
> ==========
> 
> [1] http://eprint.iacr.org/2014/763
> [2] ???? is one example where the issues were found, though others
> independently discovered issues as well. Sample DoS exploit code
> available at https://github.com/petertodd/bloom-io-attack.

-- 
'peter'[:-1]@petertodd.org
00000000000000000402fe6fb9ad613c93e12bddfc6ec02a2bd92f002050594d

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 650 bytes --]

^ permalink raw reply	[flat|nested] 30+ messages in thread

* Re: [bitcoin-dev] Revisiting NODE_BLOOM: Proposed BIP
  2015-08-21  6:07       ` Peter Todd
@ 2015-08-21 22:15         ` Chris Pacia
  2015-08-21 22:25           ` Peter Todd
  2015-08-21 23:08         ` Tom Harding
  1 sibling, 1 reply; 30+ messages in thread
From: Chris Pacia @ 2015-08-21 22:15 UTC (permalink / raw)
  To: Peter Todd; +Cc: bitcoin-dev

[-- Attachment #1: Type: text/plain, Size: 557 bytes --]

On Aug 21, 2015 2:07 AM, "Peter Todd via bitcoin-dev" <
bitcoin-dev@lists•linuxfoundation.org> wrote:

> Also, as I mentioned, just look at the popularity of wallets such as
> Mycelium that are not adopting bloom filters, but going with SPV
> verification of block headers w/ lookup servers.

Related I recently had a conversation with a Mycelium employee who told me
they were considering moving to spv/bloom because of the server issues
Andreas mentioned.

I don't know any more about their plans, but I wouldn't assume the above
statement to be correct.

[-- Attachment #2: Type: text/html, Size: 727 bytes --]

^ permalink raw reply	[flat|nested] 30+ messages in thread

* Re: [bitcoin-dev] Revisiting NODE_BLOOM: Proposed BIP
  2015-08-21 22:15         ` Chris Pacia
@ 2015-08-21 22:25           ` Peter Todd
  0 siblings, 0 replies; 30+ messages in thread
From: Peter Todd @ 2015-08-21 22:25 UTC (permalink / raw)
  To: Chris Pacia; +Cc: bitcoin-dev

[-- Attachment #1: Type: text/plain, Size: 1195 bytes --]

On Fri, Aug 21, 2015 at 06:15:16PM -0400, Chris Pacia wrote:
> On Aug 21, 2015 2:07 AM, "Peter Todd via bitcoin-dev" <
> bitcoin-dev@lists•linuxfoundation.org> wrote:
> 
> > Also, as I mentioned, just look at the popularity of wallets such as
> > Mycelium that are not adopting bloom filters, but going with SPV
> > verification of block headers w/ lookup servers.
> 
> Related I recently had a conversation with a Mycelium employee who told me
> they were considering moving to spv/bloom because of the server issues
> Andreas mentioned.
> 
> I don't know any more about their plans, but I wouldn't assume the above
> statement to be correct.

That'd be a foolish design decision to move exclusively over; their
wallet was safe to use during the recent fork, unlike Android Wallet,
precisely because of their existing design.

In any case, regardless of whether we're wrong about the popularity
issue, I've yet to see any issues raised with implementing NODE_BLOOM
that will adversely affect such wallets - we've certainly got no
shortage of node capacity to go around.

-- 
'peter'[:-1]@petertodd.org
00000000000000000402fe6fb9ad613c93e12bddfc6ec02a2bd92f002050594d

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 650 bytes --]

^ permalink raw reply	[flat|nested] 30+ messages in thread

* Re: [bitcoin-dev] Revisiting NODE_BLOOM: Proposed BIP
  2015-08-21  6:07       ` Peter Todd
  2015-08-21 22:15         ` Chris Pacia
@ 2015-08-21 23:08         ` Tom Harding
  2015-08-24 15:21           ` Mike Hearn
  1 sibling, 1 reply; 30+ messages in thread
From: Tom Harding @ 2015-08-21 23:08 UTC (permalink / raw)
  To: bitcoin-dev

On 8/20/2015 11:07 PM, Peter Todd via bitcoin-dev wrote:

> I run a number of high speed nodes and while I don't have historical
> logs handy over time, I've noticed a drop from about %5-%10 SPV
> clients at any one time tocloser to %1


Just checked mine and found 20.4% bitcoinj connections.




^ permalink raw reply	[flat|nested] 30+ messages in thread

* Re: [bitcoin-dev] Revisiting NODE_BLOOM: Proposed BIP
  2015-08-21 22:06       ` Peter Todd
@ 2015-08-22  1:08         ` Matt Corallo
  2015-08-22  1:48           ` Peter Todd
  2015-08-24 15:19         ` Tom Harding
  1 sibling, 1 reply; 30+ messages in thread
From: Matt Corallo @ 2015-08-22  1:08 UTC (permalink / raw)
  To: Peter Todd; +Cc: bitcoin-dev, Mike Hearn



On 08/21/15 22:06, Peter Todd wrote:
> On Fri, Aug 21, 2015 at 05:55:58PM +0000, Matt Corallo wrote:
>> Revised copy follows. re: mentioning the HTTP seeding stuff, I'm not
>> sure we want to encourage more people aside from bitcoinj to use
>> that...I thought about adding a DNS seed section to this bip, but
>> decided against it...still, I think we should add the option to select
>> service bits to DNS seeds ASAP.
> 
> Well, in general relying on seeds every time you start your node is a
> really bad idea; doing so much be carefully weighed against the
> downsides and should be used only as a last resort. Nodes should be
> doing caching and proper gossip protocol participation whenever
> possible. (note how bitcoinj nodes *do* rely on centralized servers,
> implemented with an unauthenticated, unencrypted, protocol - the worst
> of all possible solutions with many possible MITM vectors and privacy
> security holes)
>
> To that end, I'd be inclined to leave the DNS seed protocol as it is and
> let others solve the centralized server use-case, for which Cartographer
> isn't all that bad of a load balancing mechanism. Also as gmaxwell noted
> on IRC, adding flag bits does have privacy implications.

Had a discussion on IRC and with Pieter, and I kinda agree that the more
optimal way is for DNS seeds to, instead of returning NODE_NETWORK
nodes, return any node which responds to getaddr, allowing clients to
connect to a few DNS seeds by name, do a getaddr, then disconnect (like
Bitcoin Core does now if you're using Tor). They can then select the
peers they want based on nServices.

>> Re: need to "shard" the blockchain: not sure what you're referring to
>> here. The bloom filter stuff requires you to download the chain
>> in-order, sure, but you have to do that for headers anyway, and
>> hopefully your total data isnt too much more than headers alone.
> 
> Any protocol change that would split blocks themselves into multiples.
> Not an easy problem to solve, but given the inherent O(n^2) scaling of
> global consensus blockchains, it's the only kind of solution that could
> in the future make the blockchain itself have reasonable scalability.

Meh, whatever, justification is already provided well enough without
having to go into "but if we did this long into the future"  arguments.

>> Anyone have the best reference for the DoS issues?
> 
> Well actually, we can reference the DoS attacks that Bitcoin XT nodes
> are undergoing right now - part of the attack is repeated Bloom filter
> requests to soak up disk IO bandwidth. I've CC'd Gavin and Mike - as far
> as I know they haven't published details of those attacks - a write-up
> would be very helpful.
> 
> While so far those are being directed only at XT nodes, obviously this
> is a potential issue for Core nodes as well. Like I mentioned last time
> around, it's critical that miners aren't affected by these attacks -
> nodes simply serving SPV wallet clients are much less latency sensitive,
> so a good DoS attack mitigation strategy would be to have the two
> classes of nodes out there "in the wild"

Ehh, I was going more for the oldest mention.

>> BIP: ?
>> Title: NODE_BLOOM service bit
>> Author: Matt Corallo <bip@bluematt•me>, Peter Todd <pete@petertodd•org>
>> Type: Standards Track (draft)
>> Created: 20-08-2015
>>
>> Abstract
>> ========
>>
>> This BIP extends BIP 37, Connection Bloom filtering, by defining a
>> service bit to allow peers to advertise that they support bloom filters
>> explicitly. It also bumps the protocol version to allow peers to
>> identify old nodes which allow bloom filtering of the connection despite
>> lacking the new service bit.
>>
>>
>> Motivation
>> ==========
>>
>> BIP 37 did not specify a service bit for the bloom filter service, thus
>> implicitly assuming that all nodes that serve peers data support it.
>> However, the connection filtering algorithm proposed in BIP 37, and
>> implemented in several clients today, has been shown to provide little
>> to no privacy[1], as well as being a large DoS risk on some nodes[2].
>> Thus, allowing node operators to disable connection bloom filtering is a
>> much-needed feature.
>>
>>
>> Specification
>> =============
>>
>> The following protocol bit is added:
>>
>>     NODE_BLOOM = (1 << 2)
>>
>> Nodes which support bloom filters should set that protocol bit.
>> Otherwise it should remain unset. In addition the protocol version is
>> increased from 70002 to 70011 in the reference implementation. It is
>> often the case that nodes which have a protocol version smaller than
>> 70011, but larger than 70000 support bloom filtered connections without
>> the NODE_BLOOM bit set, however clients which require bloom filtered
>> connections should avoid making this assumption.
>>
>> NODE_BLOOM is distinct from NODE_NETWORK, and it is legal to advertise
>> NODE_BLOOM but not NODE_NETWORK (eg for nodes running in pruned mode
>> which, nonetheless, provide filtered access to the data which they do have).
>>
>> If a node does not support bloom filters but receives a "filterload",
>> "filteradd", or "filterclear" message from a peer the node should
>> disconnect that peer immediately. For backwards compatibility, in
>> initial implementations, nodes may choose to only disconnect nodes which
>> have the new protocol version set and attempt to send a filter command.
>>
>> While outside the scope of this BIP it is suggested that DNS seeds and
>> other peer discovery mechanisms support the ability to specify the
>> services required; current implementations simply check only that
>> NODE_NETWORK is set.
>>
>>
>> Design rational
>> ===============
>>
>> A service bit was chosen as applying a bloom filter is a service.
>>
>> The increase in protocol version is for backwards compatibility. In
>> initial implementations, old nodes which are not yet aware of NODE_BLOOM
>> and use a protocol version < 70011 may still send filter* messages to a
>> node without NODE_BLOOM. This feature may be removed after there are
>> sufficient NODE_BLOOM nodes available and SPV clients have upgraded,
>> allowing node operators to fully close the bloom-related DoS vectors.
>>
>>
>> Reference Implementation
>> ========================
>>
>> https://github.com/bitcoin/bitcoin/pull/6579
>>
>>
>> Copyright
>> =========
>>
>> This document is placed in the public domain.
>>
>>
>> References
>> ==========
>>
>> [1] http://eprint.iacr.org/2014/763
>> [2] ???? is one example where the issues were found, though others
>> independently discovered issues as well. Sample DoS exploit code
>> available at https://github.com/petertodd/bloom-io-attack.
> 


^ permalink raw reply	[flat|nested] 30+ messages in thread

* Re: [bitcoin-dev] Revisiting NODE_BLOOM: Proposed BIP
  2015-08-21 17:55     ` Matt Corallo
  2015-08-21 22:06       ` Peter Todd
@ 2015-08-22  1:08       ` Matt Corallo
  1 sibling, 0 replies; 30+ messages in thread
From: Matt Corallo @ 2015-08-22  1:08 UTC (permalink / raw)
  To: Gregory Maxwell; +Cc: bitcoin-dev

BIP Editor: Can I get a BIP # for this?

On 08/21/15 17:55, Matt Corallo via bitcoin-dev wrote:
> Revised copy follows. re: mentioning the HTTP seeding stuff, I'm not
> sure we want to encourage more people aside from bitcoinj to use
> that...I thought about adding a DNS seed section to this bip, but
> decided against it...still, I think we should add the option to select
> service bits to DNS seeds ASAP.
> 
> Re: need to "shard" the blockchain: not sure what you're referring to
> here. The bloom filter stuff requires you to download the chain
> in-order, sure, but you have to do that for headers anyway, and
> hopefully your total data isnt too much more than headers alone.
> 
> Anyone have the best reference for the DoS issues?
> 
> BIP: ?
> Title: NODE_BLOOM service bit
> Author: Matt Corallo <bip@bluematt•me>, Peter Todd <pete@petertodd•org>
> Type: Standards Track (draft)
> Created: 20-08-2015
> 
> Abstract
> ========
> 
> This BIP extends BIP 37, Connection Bloom filtering, by defining a
> service bit to allow peers to advertise that they support bloom filters
> explicitly. It also bumps the protocol version to allow peers to
> identify old nodes which allow bloom filtering of the connection despite
> lacking the new service bit.
> 
> 
> Motivation
> ==========
> 
> BIP 37 did not specify a service bit for the bloom filter service, thus
> implicitly assuming that all nodes that serve peers data support it.
> However, the connection filtering algorithm proposed in BIP 37, and
> implemented in several clients today, has been shown to provide little
> to no privacy[1], as well as being a large DoS risk on some nodes[2].
> Thus, allowing node operators to disable connection bloom filtering is a
> much-needed feature.
> 
> 
> Specification
> =============
> 
> The following protocol bit is added:
> 
>     NODE_BLOOM = (1 << 2)
> 
> Nodes which support bloom filters should set that protocol bit.
> Otherwise it should remain unset. In addition the protocol version is
> increased from 70002 to 70011 in the reference implementation. It is
> often the case that nodes which have a protocol version smaller than
> 70011, but larger than 70000 support bloom filtered connections without
> the NODE_BLOOM bit set, however clients which require bloom filtered
> connections should avoid making this assumption.
> 
> NODE_BLOOM is distinct from NODE_NETWORK, and it is legal to advertise
> NODE_BLOOM but not NODE_NETWORK (eg for nodes running in pruned mode
> which, nonetheless, provide filtered access to the data which they do have).
> 
> If a node does not support bloom filters but receives a "filterload",
> "filteradd", or "filterclear" message from a peer the node should
> disconnect that peer immediately. For backwards compatibility, in
> initial implementations, nodes may choose to only disconnect nodes which
> have the new protocol version set and attempt to send a filter command.
> 
> While outside the scope of this BIP it is suggested that DNS seeds and
> other peer discovery mechanisms support the ability to specify the
> services required; current implementations simply check only that
> NODE_NETWORK is set.
> 
> 
> Design rational
> ===============
> 
> A service bit was chosen as applying a bloom filter is a service.
> 
> The increase in protocol version is for backwards compatibility. In
> initial implementations, old nodes which are not yet aware of NODE_BLOOM
> and use a protocol version < 70011 may still send filter* messages to a
> node without NODE_BLOOM. This feature may be removed after there are
> sufficient NODE_BLOOM nodes available and SPV clients have upgraded,
> allowing node operators to fully close the bloom-related DoS vectors.
> 
> 
> Reference Implementation
> ========================
> 
> https://github.com/bitcoin/bitcoin/pull/6579
> 
> 
> Copyright
> =========
> 
> This document is placed in the public domain.
> 
> 
> References
> ==========
> 
> [1] http://eprint.iacr.org/2014/763
> [2] ???? is one example where the issues were found, though others
> independently discovered issues as well. Sample DoS exploit code
> available at https://github.com/petertodd/bloom-io-attack.
> 
> 
> 
> On 08/21/15 05:42, Peter Todd wrote:
>> On Thu, Aug 20, 2015 at 10:38:19PM -0700, Peter Todd via bitcoin-dev wrote:
>>>> Motivation
>>>> ==========
>>>>
>>>> BIP 37 did not specify a service bit for the bloom filter service, thus
>>>> implicitly assuming that all nodes that serve peers data support it.
>>>> However, the connection filtering algorithm proposed in BIP 37, and
>>>> implemented in several clients today, has been shown to provide little
>>>> to no privacy, as well as being a large DoS risk on some nodes. Thus,
>>>> allowing node operators to disable connection bloom filtering is a
>>>> much-needed feature.
>>>
>>> I'd reference that paper on bloom filters re: the "little to no privacy"
>>> issue. There's also a post in the bitcoinj mailing list somewhere IIRC
>>> talking about the default settings, and how they don't provide any
>>> privacy.
>>
>> Oh, and we should also point out that Bloom filters have scaling issues,
>> as each application of the filter has to scan the whole blockchain -
>> with future blocksize increases these issues increase, in some proposals
>> quite dramatically. The underlying idea also conflicts with some
>> proposals to "shard" the blockchain, again suggesting that we need a bit
>> to handle future upgrades to more scalable designs.
>>
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists•linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
> 


^ permalink raw reply	[flat|nested] 30+ messages in thread

* Re: [bitcoin-dev] Revisiting NODE_BLOOM: Proposed BIP
  2015-08-22  1:08         ` Matt Corallo
@ 2015-08-22  1:48           ` Peter Todd
  0 siblings, 0 replies; 30+ messages in thread
From: Peter Todd @ 2015-08-22  1:48 UTC (permalink / raw)
  To: Matt Corallo; +Cc: bitcoin-dev, Mike Hearn


[-- Attachment #1.1: Type: text/plain, Size: 1222 bytes --]

On Sat, Aug 22, 2015 at 01:08:13AM +0000, Matt Corallo wrote:
> > Well actually, we can reference the DoS attacks that Bitcoin XT nodes
> > are undergoing right now - part of the attack is repeated Bloom filter
> > requests to soak up disk IO bandwidth. I've CC'd Gavin and Mike - as far
> > as I know they haven't published details of those attacks - a write-up
> > would be very helpful.
> > 
> > While so far those are being directed only at XT nodes, obviously this
> > is a potential issue for Core nodes as well. Like I mentioned last time
> > around, it's critical that miners aren't affected by these attacks -
> > nodes simply serving SPV wallet clients are much less latency sensitive,
> > so a good DoS attack mitigation strategy would be to have the two
> > classes of nodes out there "in the wild"
> 
> Ehh, I was going more for the oldest mention.

One of the oldest mentions is the to-be-published-later portion of my
Litecoin Audit report; attached.

(see http://lists.linuxfoundation.org/pipermail/bitcoin-dev/2013-July/003044.html
for the original report/timestamping/verification)

-- 
'peter'[:-1]@petertodd.org
00000000000000000939524874a2896a46ea96bf59776ed869ccff95679cb087

[-- Attachment #1.2: security.txt --]
[-- Type: text/plain, Size: 5701 bytes --]

Security vulnerabilities related to the Litecoin v0.8.3.6 release
=================================================================

Nonce: c0854ae01b1ed8526af3bb6fb82550ff
Date:  Jul 29 2013

To be released in full on January 29, 2014 to the public.


LevelDB
=======

Something not well appreciated outside of the Bitcoin developers is that the
temporary limits on block size and complexity introduced in response to the
fork, automatically removed on May 15th, were simply voluntary measures to
protect against accidental triggering of the fork. The measures did not protect
against malicious attempts to trigger the the fork.

Litecoin is no different. Because of that I strongly recomend that miners be
encouraged to transition to v0.8.3.6 as soon as possible to ensure as much
hashing power as possible is consolidated on one version. Transitioning for
users/merchants is also important, however with sufficient mining power on the
new version it would be difficult to pull off a double-spend attack against an
older version simply because it would take so long to get the required number
of confirmations.

The development team may want to clarify this point to the Litecoin community
and encourage users to be suspicious if it takes an especially long time to get
confirmations. Merchants with automatic systems should use fail-safes triggered
by unusually long confirmation times, and as always ensure that total possible
losses are limited. It would be good if popular "blockchain information" sites
upgraded to v0.8.3.6 along with miners to give users accurate information on
the state of the blockchain. In any case users and merchants should take this
advice in general regardless of specific threats.

I would not be surprised to see someone deliberately attempt to fork Litecoin
by exploiting the issue; there is a lot of hostility torwards and within the
alt-coins.


SPV and network-wide DoS attacks
================================

Bitcoin is quite vulnerable currently to network-wide DoS attacks due to the
maximum connections limits; we do not have any form of filtering on incoming
connections so an attack can be made simply by making sufficient connections to
all nodes that they hit that incoming connections limit. This is public
knowledge, as is the suggestion to stop the attack by having concepts of peer
"usefullness" so that "useless" peers can be dropped. Of course SPV nodes are
badly impacted by such measures.

What isn't as well-known publicly is that Litecoin will make this attack
significantly less costly to the attacker in v0.8.3.6 by adding support for
bloom filters. That support allows the attacker to reduce their bandwidth
consumption to a minimum, making the attack easier to pull off on a wide scale.

The Bitcoin team is aware of the issue. Our plans in the event of an attack are
to ensure that large pools and merchants connect to each other via a private
"darknet" while fixes are implemented. These plans are also useful in the event
of an attack exploiting the vulnerability discussed below.


Bloom filters and disk IO
=========================

However it gets worse: there is nothing limiting peers from requesting blocks.
Without bloom filters bandwidth is a natural limit, however with bloom filters
a malicious peer can simply set the filter to match almost nothing and simply
submit getdata messages to the target requesting all blocks. The target will do
an extremely large amount of disk IO at almost no cost to the attacker.

To quote one core developer in a private conversation regarding bloom filtering
"I think we didn't think hard enough before implementing this"

A good first measure would be to assign a service bit to advertise bloom filter
support:

 /** nServices flags */
 enum
 {
     NODE_NETWORK = (1 << 0),
+    NODE_BLOOM_FILTER = (1 << 1),
 };

Secondly add a command line switch that allows bloom filtering to be turned on
or off entirely. I would suggest that the next version of Litecoin be released
soon and have bloom filters *disabled* by default unless the user specifically
turns them on.

There is a *very* good chance of an attack being launched targetting this
vulnerability by people using it as a way to show their opinion of Mike Hearn;
lots of people strongly dislike him for what they regard as very poor judgement
on security and scalability issues and would be happy to show that a design he
promoted is flawed.

Disabling bloom filering does of course cause problems for SPV clients, however
in the Litecoin realm such clients are non-existent. In the long run DNS seeds
should allow for the specification of desired service bits and rate limiting of
getdata operations implemented. However given that attacks are likely imminent
I strongly suggest a quick solution.

Bitcoin should have done bloom filtering as a service bit on day one; not doing
so was a mistake.

The Bitcoin team is aware of this issue. Please contact me to discuss the
release process for a fix; I will also be happy to review it. Unfortunately due
to the impact on SPV clients this issue is political as well as technical on
the Bitcoin side of things.


CHECKMULTISIG dummy value
=========================

The AreInputsStandard() test does not check the contents of the dummy value
required to spend a BIP11 CHECKMULTISIG scriptPubKey; anything that be put in
that space as a way to get data into the blockchain. Less well appreciated is
that because scriptSigs are unsigned any node, even a non-miner, can change the
txid of a CHECKMULTISIG transaction by modifying the dummy value.

This issue will probably be fixed in Bitcoin soon, not to mention revealed
publically; I'm only including it for the sake of completeness.

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 650 bytes --]

^ permalink raw reply	[flat|nested] 30+ messages in thread

* Re: [bitcoin-dev] Revisiting NODE_BLOOM: Proposed BIP
  2015-08-21 22:06       ` Peter Todd
  2015-08-22  1:08         ` Matt Corallo
@ 2015-08-24 15:19         ` Tom Harding
  2015-08-24 17:39           ` Matt Corallo
  1 sibling, 1 reply; 30+ messages in thread
From: Tom Harding @ 2015-08-24 15:19 UTC (permalink / raw)
  To: bitcoin-dev

On 8/21/2015 3:06 PM, Peter Todd via bitcoin-dev wrote:
> On Fri, Aug 21, 2015 at 05:55:58PM +0000, Matt Corallo wrote:
>> Anyone have the best reference for the DoS issues?
> Well actually, we can reference the DoS attacks that Bitcoin XT nodes
> are undergoing right now - part of the attack is repeated Bloom filter
> requests to soak up disk IO bandwidth.

So, to summarize, someone is attacking Mike Hearn's bitcoin fork. 
Therefore, now is the perfect time to write a BIP and author changes
that begin the process of dropping support for the most broadly
successful class of wallets, which Mike Hearn's SPV client library enables.




^ permalink raw reply	[flat|nested] 30+ messages in thread

* Re: [bitcoin-dev] Revisiting NODE_BLOOM: Proposed BIP
  2015-08-21 23:08         ` Tom Harding
@ 2015-08-24 15:21           ` Mike Hearn
  0 siblings, 0 replies; 30+ messages in thread
From: Mike Hearn @ 2015-08-24 15:21 UTC (permalink / raw)
  To: Tom Harding; +Cc: Bitcoin Dev

[-- Attachment #1: Type: text/plain, Size: 3513 bytes --]

NACK: stated rationales are invalid: both privacy and DoS (see below for
experimental data).


1 - Bloom filtering doesn't add privacy for node operators, it adds privacy
for lightweight wallets. And in fact, with a high FP rate it does do that.
Most users want both low bandwidth usage *and* query scrambling, which is
harder to do but not impossible. There is a clear roadmap for how to
implement that with smarter clients: no protocol changes are needed.

So the first stated rationale is spurious: disabling Bloom filtering
doesn't improve privacy for anyone. It can only hurt.



2 - SPV usage is rising, not falling.

Peter's data is flawed because he ignored the fact that SPV clients tend to
connect, sync, then disconnect. They don't remain connected all the time.
So merely examining a random snapshot of what's connected at a single point
in time will give wildly varying and almost random results.

A more scientifically valid approach is to check the number of actual
connections over a long span of time. Here's the data from my node:

mike@plan99:~/.bitcoin$ grep -Po 'receive version message: ([^:]*):'
debug.log |sort |uniq -c|sort -n|tac|head -n 10
  11027 receive version message: /getaddr.bitnodes.io:
   6264 receive version message: /bitcoinseeder:
   4944 receive version message: /bitcoinj:
   2531 receive version message: /Snoopy:
   2362 receive version message: /breadwallet:
   1127 receive version message: /Satoshi:
    204 receive version message: /Bitcoin XT:
    128 receive version message: /BitCoinJ:
     97 receive version message: /Bither1.3.8/:
     82 receive version message: /Bitaps:

Once crawlers are removed, SPV wallets (bitcoinj, breadwallet) make up the
bulk of all P2P clients. This is very far from 1% and falling, as Todd
wrongly suggests.



3 - It is said that there is a DoS attack possible. This claim does not
seem to have been researched.

I decided to test it out for real, so I implemented a DoS attack similar to
the one we've seen against XT nodes: it sends getdata for large (1mb)
filtered blocks over and over again as fast as possible.

As was reported and makes sense, CPU usage goes to 100%. However I couldn't
see any other effects. RPCs still react immediately, the Qt GUI is fully
responsive, I was even able to sync another SPV client to that node and it
proceeded at full speed. It's actually pretty nice to see how well it held
up.

Most importantly transactions and blocks continued to be relayed without
delay. I saw my VPS node receive a block only eight seconds after my local
node, which is well within normal propagation delays.

There's another very important point here: I profiled my local node whilst
it was under this attack. It turns out that Bloom filtering is extremely
fast. 90% of the CPU time is spent on loading and deserializing the data
from disk. Only 10% of the CPU time was spent actually filtering.

Thus you can easily trigger exactly the same DoS attack by just using
regular getdata requests on large blocks over and over. You don't need
Bloom filtering. If you don't want to actually download the blocks just
don't TCP ACK the packets and then FIN after a few seconds .... the data
will all have been loaded and be sitting in the send buffers.

So even if I refine the attack and find a way to actually deny service to
someone, the fix would have to apply to regular non-filtered block fetches
too, which cannot be disabled.


In summary: this BIP doesn't solve anything, but does create a big upgrade
headache.

[-- Attachment #2: Type: text/html, Size: 4798 bytes --]

^ permalink raw reply	[flat|nested] 30+ messages in thread

* Re: [bitcoin-dev] Revisiting NODE_BLOOM: Proposed BIP
  2015-08-21  4:46 [bitcoin-dev] Revisiting NODE_BLOOM: Proposed BIP Matt Corallo
  2015-08-21  5:38 ` Peter Todd
  2015-08-21  5:48 ` Jeff Garzik
@ 2015-08-24 15:29 ` Wladimir J. van der Laan
  2015-08-24 17:37   ` Matt Corallo
  2 siblings, 1 reply; 30+ messages in thread
From: Wladimir J. van der Laan @ 2015-08-24 15:29 UTC (permalink / raw)
  To: Matt Corallo; +Cc: bitcoin-dev

> NODE_BLOOM is distinct from NODE_NETWORK, and it is legal to advertise
> NODE_BLOOM but not NODE_NETWORK (eg for nodes running in pruned mode
> which, nonetheless, provide filtered access to the data which they do have).

But is this useful without having decided on a way to signal which blocks pruned nodes do have?

It looks like the part between paranthesis is speculation and should be left to a future BIP. 

Wladimir


^ permalink raw reply	[flat|nested] 30+ messages in thread

* Re: [bitcoin-dev] Revisiting NODE_BLOOM: Proposed BIP
  2015-08-24 15:29 ` Wladimir J. van der Laan
@ 2015-08-24 17:37   ` Matt Corallo
  2015-08-24 17:41     ` Wladimir J. van der Laan
  2015-08-24 18:00     ` Peter Todd
  0 siblings, 2 replies; 30+ messages in thread
From: Matt Corallo @ 2015-08-24 17:37 UTC (permalink / raw)
  To: Wladimir J. van der Laan; +Cc: bitcoin-dev

Its more of a statement of "in the future, we expect things to happen
which would make this an interesting thing to do, so we state here that
it is not against spec to do so". Could reword it as "NODE_BLOOM is
distinct from NODE_NETWORK, and it is legal to advertise NODE_BLOOM but
not NODE_NETWORK (though there is little reason to do so now, some
proposals may make this more useful in the future)"?

Matt

On 08/24/15 15:29, Wladimir J. van der Laan wrote:
>> NODE_BLOOM is distinct from NODE_NETWORK, and it is legal to advertise
>> NODE_BLOOM but not NODE_NETWORK (eg for nodes running in pruned mode
>> which, nonetheless, provide filtered access to the data which they do have).
> 
> But is this useful without having decided on a way to signal which blocks pruned nodes do have?
> 
> It looks like the part between paranthesis is speculation and should be left to a future BIP. 
> 
> Wladimir
> 


^ permalink raw reply	[flat|nested] 30+ messages in thread

* Re: [bitcoin-dev] Revisiting NODE_BLOOM: Proposed BIP
  2015-08-24 15:19         ` Tom Harding
@ 2015-08-24 17:39           ` Matt Corallo
  0 siblings, 0 replies; 30+ messages in thread
From: Matt Corallo @ 2015-08-24 17:39 UTC (permalink / raw)
  To: Tom Harding, bitcoin-dev

I'll just quote what I said on github:

Neither this pull nor the BIP has any stated intention of phasing out
bloom filtering support in the protocol. As much as I'd love to, I 100%
agree with @mikehearn here, that would break any ability of SPV clients
to operate on the P2P network (either as a way to double-check
centralized servers, or otherwise), and that is really not a good idea
without a replacement in place. This pull/BIP DOES suggest we phase out
REQUIRED bloom filtering support in the protocol - thereby fixing the
peer selection of SPV clients in the face of btcd with some flags/many
patched versions of Core/etc peers, providing a remedy for a potential
DoS attack, etc.

Matt

On 08/24/15 15:19, Tom Harding via bitcoin-dev wrote:
> On 8/21/2015 3:06 PM, Peter Todd via bitcoin-dev wrote:
>> On Fri, Aug 21, 2015 at 05:55:58PM +0000, Matt Corallo wrote:
>>> Anyone have the best reference for the DoS issues?
>> Well actually, we can reference the DoS attacks that Bitcoin XT nodes
>> are undergoing right now - part of the attack is repeated Bloom filter
>> requests to soak up disk IO bandwidth.
> 
> So, to summarize, someone is attacking Mike Hearn's bitcoin fork. 
> Therefore, now is the perfect time to write a BIP and author changes
> that begin the process of dropping support for the most broadly
> successful class of wallets, which Mike Hearn's SPV client library enables.
> 
> 
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists•linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
> 


^ permalink raw reply	[flat|nested] 30+ messages in thread

* Re: [bitcoin-dev] Revisiting NODE_BLOOM: Proposed BIP
  2015-08-24 17:37   ` Matt Corallo
@ 2015-08-24 17:41     ` Wladimir J. van der Laan
  2015-08-24 17:58       ` Eric Lombrozo
  2015-08-24 18:00     ` Peter Todd
  1 sibling, 1 reply; 30+ messages in thread
From: Wladimir J. van der Laan @ 2015-08-24 17:41 UTC (permalink / raw)
  To: Matt Corallo; +Cc: bitcoin-dev

On Mon, Aug 24, 2015 at 05:37:51PM +0000, Matt Corallo wrote:
> Its more of a statement of "in the future, we expect things to happen
> which would make this an interesting thing to do, so we state here that
> it is not against spec to do so". Could reword it as "NODE_BLOOM is
> distinct from NODE_NETWORK, and it is legal to advertise NODE_BLOOM but
> not NODE_NETWORK (though there is little reason to do so now, some
> proposals may make this more useful in the future)"?

Yes, it makes sense to not explicitly exclude it. 
Looks good to me.

Wladimir



^ permalink raw reply	[flat|nested] 30+ messages in thread

* Re: [bitcoin-dev] Revisiting NODE_BLOOM: Proposed BIP
  2015-08-24 17:41     ` Wladimir J. van der Laan
@ 2015-08-24 17:58       ` Eric Lombrozo
  0 siblings, 0 replies; 30+ messages in thread
From: Eric Lombrozo @ 2015-08-24 17:58 UTC (permalink / raw)
  To: Wladimir J. van der Laan, Matt Corallo; +Cc: bitcoin-dev

[-- Attachment #1: Type: text/plain, Size: 1672 bytes --]

When I was working on mSIGNA I became a little torn on the whole filtering
mechanism. I fully support connection filtering...but in practice always
run my own full node instances to connect to due to the three fatal flaws:
1) no mechanism for short proofs of tx nonexclusion, txout unspentness,
block validity, nor the ability to find the first instance of the use of a
scriptPubKey without full blockchain scanning, 2) poor privacy, 3) lack of
incentives to run servers.

I always felt that BIP37 was necessarily a step towards a client/server
architecture.

Having said that, I have found the filter mechanism useful, if only because
no "special" server is required. However, in practice I'd rather make the
distinction between trustless peers and a client/server model more explicit.

On Mon, Aug 24, 2015, 10:41 AM Wladimir J. van der Laan via bitcoin-dev <
bitcoin-dev@lists•linuxfoundation.org> wrote:

> On Mon, Aug 24, 2015 at 05:37:51PM +0000, Matt Corallo wrote:
> > Its more of a statement of "in the future, we expect things to happen
> > which would make this an interesting thing to do, so we state here that
> > it is not against spec to do so". Could reword it as "NODE_BLOOM is
> > distinct from NODE_NETWORK, and it is legal to advertise NODE_BLOOM but
> > not NODE_NETWORK (though there is little reason to do so now, some
> > proposals may make this more useful in the future)"?
>
> Yes, it makes sense to not explicitly exclude it.
> Looks good to me.
>
> Wladimir
>
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists•linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>

[-- Attachment #2: Type: text/html, Size: 2252 bytes --]

^ permalink raw reply	[flat|nested] 30+ messages in thread

* Re: [bitcoin-dev] Revisiting NODE_BLOOM: Proposed BIP
  2015-08-24 17:37   ` Matt Corallo
  2015-08-24 17:41     ` Wladimir J. van der Laan
@ 2015-08-24 18:00     ` Peter Todd
  2015-08-24 18:07       ` Matt Corallo
  1 sibling, 1 reply; 30+ messages in thread
From: Peter Todd @ 2015-08-24 18:00 UTC (permalink / raw)
  To: Matt Corallo; +Cc: bitcoin-dev

[-- Attachment #1: Type: text/plain, Size: 607 bytes --]

On Mon, Aug 24, 2015 at 05:37:51PM +0000, Matt Corallo via bitcoin-dev wrote:
> Its more of a statement of "in the future, we expect things to happen
> which would make this an interesting thing to do, so we state here that
> it is not against spec to do so". Could reword it as "NODE_BLOOM is
> distinct from NODE_NETWORK, and it is legal to advertise NODE_BLOOM but
> not NODE_NETWORK (though there is little reason to do so now, some
> proposals may make this more useful in the future)"?

ACK

-- 
'peter'[:-1]@petertodd.org
000000000000000008aa6cf51dfde20be1d54e671494a44fb7f252fd4e913162

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 650 bytes --]

^ permalink raw reply	[flat|nested] 30+ messages in thread

* Re: [bitcoin-dev] Revisiting NODE_BLOOM: Proposed BIP
  2015-08-24 18:00     ` Peter Todd
@ 2015-08-24 18:07       ` Matt Corallo
  2015-08-24 18:15         ` Eric Lombrozo
  0 siblings, 1 reply; 30+ messages in thread
From: Matt Corallo @ 2015-08-24 18:07 UTC (permalink / raw)
  To: Peter Todd; +Cc: bitcoin-dev

BIP 111 was assigned, pull request (with the proposed changes) available
at https://github.com/bitcoin/bips/pull/183

Matt

On 08/24/15 18:00, Peter Todd wrote:
> On Mon, Aug 24, 2015 at 05:37:51PM +0000, Matt Corallo via bitcoin-dev wrote:
>> Its more of a statement of "in the future, we expect things to happen
>> which would make this an interesting thing to do, so we state here that
>> it is not against spec to do so". Could reword it as "NODE_BLOOM is
>> distinct from NODE_NETWORK, and it is legal to advertise NODE_BLOOM but
>> not NODE_NETWORK (though there is little reason to do so now, some
>> proposals may make this more useful in the future)"?
> 
> ACK
> 


^ permalink raw reply	[flat|nested] 30+ messages in thread

* Re: [bitcoin-dev] Revisiting NODE_BLOOM: Proposed BIP
  2015-08-24 18:07       ` Matt Corallo
@ 2015-08-24 18:15         ` Eric Lombrozo
  2015-08-24 18:28           ` Matt Corallo
  2015-08-24 18:30           ` Wladimir J. van der Laan
  0 siblings, 2 replies; 30+ messages in thread
From: Eric Lombrozo @ 2015-08-24 18:15 UTC (permalink / raw)
  To: Matt Corallo, Peter Todd; +Cc: bitcoin-dev

[-- Attachment #1: Type: text/plain, Size: 1540 bytes --]

It would be very useful to not only be able to switch filtering on and off
globally...but to be able to switch on a per-connection basis. But then
again, perhaps it would be smarter to ditch the whole bloom filter thing in
favor of an actual client/server architecture with proper authentication
and access controls.

The RPC was supposed to be this client/server architecture...but in
practice it sucks so bad for doing anything beyond administering a node
instance you fully control yourself that I eschewed it entirely in my
wallet design.

On Mon, Aug 24, 2015, 11:07 AM Matt Corallo via bitcoin-dev <
bitcoin-dev@lists•linuxfoundation.org> wrote:

> BIP 111 was assigned, pull request (with the proposed changes) available
> at https://github.com/bitcoin/bips/pull/183
>
> Matt
>
> On 08/24/15 18:00, Peter Todd wrote:
> > On Mon, Aug 24, 2015 at 05:37:51PM +0000, Matt Corallo via bitcoin-dev
> wrote:
> >> Its more of a statement of "in the future, we expect things to happen
> >> which would make this an interesting thing to do, so we state here that
> >> it is not against spec to do so". Could reword it as "NODE_BLOOM is
> >> distinct from NODE_NETWORK, and it is legal to advertise NODE_BLOOM but
> >> not NODE_NETWORK (though there is little reason to do so now, some
> >> proposals may make this more useful in the future)"?
> >
> > ACK
> >
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists•linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>

[-- Attachment #2: Type: text/html, Size: 2219 bytes --]

^ permalink raw reply	[flat|nested] 30+ messages in thread

* Re: [bitcoin-dev] Revisiting NODE_BLOOM: Proposed BIP
  2015-08-24 18:15         ` Eric Lombrozo
@ 2015-08-24 18:28           ` Matt Corallo
  2015-08-24 18:30           ` Wladimir J. van der Laan
  1 sibling, 0 replies; 30+ messages in thread
From: Matt Corallo @ 2015-08-24 18:28 UTC (permalink / raw)
  To: Eric Lombrozo, Peter Todd; +Cc: bitcoin-dev



On 08/24/15 18:15, Eric Lombrozo wrote:
> It would be very useful to not only be able to switch filtering on and
> off globally...but to be able to switch on a per-connection basis.

I'm not sure what your reasoning for this is? If your concern is that
someone starts DoS attacking you with bloom-based attacks, you should
just disconnect them as an attacker, and announce that you support bloom
filtering globally. If you want to serve your own nodes, then I dont
think this BIP doesnt allow you to do so, just needs an implementation.

> But
> then again, perhaps it would be smarter to ditch the whole bloom filter
> thing in favor of an actual client/server architecture with proper
> authentication and access controls.

Trustless (and non-privacy-losing) proposals welcome :)

> The RPC was supposed to be this client/server architecture...but in
> practice it sucks so bad for doing anything beyond administering a node
> instance you fully control yourself that I eschewed it entirely in my
> wallet design.
> 
> 
> On Mon, Aug 24, 2015, 11:07 AM Matt Corallo via bitcoin-dev
> <bitcoin-dev@lists•linuxfoundation.org
> <mailto:bitcoin-dev@lists•linuxfoundation.org>> wrote:
> 
>     BIP 111 was assigned, pull request (with the proposed changes) available
>     at https://github.com/bitcoin/bips/pull/183
> 
>     Matt
> 
>     On 08/24/15 18:00, Peter Todd wrote:
>     > On Mon, Aug 24, 2015 at 05:37:51PM +0000, Matt Corallo via
>     bitcoin-dev wrote:
>     >> Its more of a statement of "in the future, we expect things to happen
>     >> which would make this an interesting thing to do, so we state
>     here that
>     >> it is not against spec to do so". Could reword it as "NODE_BLOOM is
>     >> distinct from NODE_NETWORK, and it is legal to advertise
>     NODE_BLOOM but
>     >> not NODE_NETWORK (though there is little reason to do so now, some
>     >> proposals may make this more useful in the future)"?
>     >
>     > ACK
>     >
>     _______________________________________________
>     bitcoin-dev mailing list
>     bitcoin-dev@lists•linuxfoundation.org
>     <mailto:bitcoin-dev@lists•linuxfoundation.org>
>     https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
> 


^ permalink raw reply	[flat|nested] 30+ messages in thread

* Re: [bitcoin-dev] Revisiting NODE_BLOOM: Proposed BIP
  2015-08-24 18:15         ` Eric Lombrozo
  2015-08-24 18:28           ` Matt Corallo
@ 2015-08-24 18:30           ` Wladimir J. van der Laan
  2015-08-24 18:33             ` Eric Lombrozo
  1 sibling, 1 reply; 30+ messages in thread
From: Wladimir J. van der Laan @ 2015-08-24 18:30 UTC (permalink / raw)
  To: Eric Lombrozo; +Cc: bitcoin-dev

On Mon, Aug 24, 2015 at 06:15:39PM +0000, Eric Lombrozo via bitcoin-dev wrote:
> It would be very useful to not only be able to switch filtering on and off
> globally...but to be able to switch on a per-connection basis. But then

You don't necessarily need to send everyone the same nServices bits.
E.g. you could give whitelisted peers special privileges.

But only advertize the intersection of your supported services (eg those you offer to the general public) in `addr` messages.

Wladimir


^ permalink raw reply	[flat|nested] 30+ messages in thread

* Re: [bitcoin-dev] Revisiting NODE_BLOOM: Proposed BIP
  2015-08-24 18:30           ` Wladimir J. van der Laan
@ 2015-08-24 18:33             ` Eric Lombrozo
  0 siblings, 0 replies; 30+ messages in thread
From: Eric Lombrozo @ 2015-08-24 18:33 UTC (permalink / raw)
  To: Wladimir J. van der Laan; +Cc: bitcoin-dev

[-- Attachment #1: Type: text/plain, Size: 665 bytes --]

Indeed, so I don't really have a problem with this proposal.

On Mon, Aug 24, 2015, 11:30 AM Wladimir J. van der Laan <laanwj@gmail•com>
wrote:

> On Mon, Aug 24, 2015 at 06:15:39PM +0000, Eric Lombrozo via bitcoin-dev
> wrote:
> > It would be very useful to not only be able to switch filtering on and
> off
> > globally...but to be able to switch on a per-connection basis. But then
>
> You don't necessarily need to send everyone the same nServices bits.
> E.g. you could give whitelisted peers special privileges.
>
> But only advertize the intersection of your supported services (eg those
> you offer to the general public) in `addr` messages.
>
> Wladimir
>

[-- Attachment #2: Type: text/html, Size: 941 bytes --]

^ permalink raw reply	[flat|nested] 30+ messages in thread

end of thread, other threads:[~2015-08-24 18:33 UTC | newest]

Thread overview: 30+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-08-21  4:46 [bitcoin-dev] Revisiting NODE_BLOOM: Proposed BIP Matt Corallo
2015-08-21  5:38 ` Peter Todd
2015-08-21  5:42   ` Peter Todd
2015-08-21 17:55     ` Matt Corallo
2015-08-21 22:06       ` Peter Todd
2015-08-22  1:08         ` Matt Corallo
2015-08-22  1:48           ` Peter Todd
2015-08-24 15:19         ` Tom Harding
2015-08-24 17:39           ` Matt Corallo
2015-08-22  1:08       ` Matt Corallo
2015-08-21  5:48 ` Jeff Garzik
2015-08-21  5:55   ` Peter Todd
2015-08-21  6:01     ` Jeff Garzik
2015-08-21  6:07       ` Peter Todd
2015-08-21 22:15         ` Chris Pacia
2015-08-21 22:25           ` Peter Todd
2015-08-21 23:08         ` Tom Harding
2015-08-24 15:21           ` Mike Hearn
2015-08-21  8:31     ` Andreas Schildbach
2015-08-21 17:53   ` Matt Corallo
2015-08-24 15:29 ` Wladimir J. van der Laan
2015-08-24 17:37   ` Matt Corallo
2015-08-24 17:41     ` Wladimir J. van der Laan
2015-08-24 17:58       ` Eric Lombrozo
2015-08-24 18:00     ` Peter Todd
2015-08-24 18:07       ` Matt Corallo
2015-08-24 18:15         ` Eric Lombrozo
2015-08-24 18:28           ` Matt Corallo
2015-08-24 18:30           ` Wladimir J. van der Laan
2015-08-24 18:33             ` Eric Lombrozo

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox