From: Eric Voskuil <eric@voskuil•org>
To: Thomas Voegtlin <thomasv@electrum•org>,
bitcoin-dev@lists•linuxfoundation.org
Subject: Re: [bitcoin-dev] Making Electrum more anonymous
Date: Wed, 22 Jul 2015 09:30:36 -0700 [thread overview]
Message-ID: <55AFC52C.3010700@voskuil.org> (raw)
In-Reply-To: <55AFBBE6.3060702@electrum.org>
[-- Attachment #1: Type: text/plain, Size: 2577 bytes --]
Hi Thomas,
The scheme is essentially onion routing. The set of {M} are entry nodes
and the set of {S} are exit nodes. The weaknesses are as you would see
in an analogous TOR implementation:
(1) The lack of relay nodes {R} make collaboration between any subset of
{M} and {S} trivial.
(2) OR is a mixnet, so the size of the network matters a lot.
(3) The directory is a perpetual weakness.
(4) Content is visible to the exit node (or the final service). This
means each address must be passed via a distinct route to prevent
correlation.
e
On 07/22/2015 08:51 AM, Thomas Voegtlin via bitcoin-dev wrote:
> Hello,
>
> Although Electrum clients connect to several servers in order to fetch
> block headers, they typically request address balances and address
> histories from a single server. This means that the chosen server knows
> that a given set of addresses belong to the same wallet. That is true
> even if Electrum is used over TOR.
>
> There have been various proposals to improve on that, but none of them
> really convinced me so far. One recurrent proposal has been to create
> subsets of wallet addresses, and to send them to separate servers. In my
> opinion, this does not really improve anonymity, because it requires
> trusting more servers.
>
> Here is an idea, inspired by TOR, on which I would like to have some
> feedback: We create an anonymous routing layer between Electrum servers
> and clients.
>
> * Each server S publishes a RSA public key, KS
> * Each client receives a list of available servers and their pubkeys
> * For each wallet address, addr_i, a client chooses a server S_i, and a
> RSA keypair (K_addr_i, k_addr_i)
> * The client creates a list of encrypted requests. Each request contains
> addr_i and K_addr_i, and is encrypted with the pubkey KS_i of S_i
> * The client chooses a main server M, and sends the list of encrypted
> requests to M
> * M dispatches the client's requests to the corresponding servers S_i
> (without the client's IP address.)
> * Each server decrypts the requests it receives, performs the request,
> and encrypts the result with K_addr_i
> * M receives encrypted responses, and forwards them to the client.
> * The client decrypts the encrypted response with k_addr_i
>
> What do you think? What are the costs and benefits of such an approach?
>
> (Note: this will not work if all servers, or a large fraction of them,
> are controlled by the same entity that controls M)
>
>
> Thomas
> _______________________________________________
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 473 bytes --]
next prev parent reply other threads:[~2015-07-22 16:30 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-07-22 15:51 Thomas Voegtlin
2015-07-22 16:04 ` Natanael
2015-07-22 16:30 ` Eric Voskuil [this message]
2015-07-22 22:20 ` Eric Voskuil
2015-07-22 23:07 ` Joseph Gleason ⑈
2015-07-22 16:41 ` Joseph Gleason ⑈
2015-07-22 21:18 ` Mike Hearn
2015-07-22 23:11 ` gb
2015-07-23 0:07 ` Eric Voskuil
[not found] ` <114b2a76-ebc7-461a-b4bc-10873574d6c4@HUB2.rwth-ad.de>
2015-07-23 12:23 ` Stefan Richter
2015-07-24 2:26 ` Eric Voskuil
2015-07-24 3:42 ` Slurms MacKenzie
2015-07-24 4:44 ` Eric Voskuil
2015-07-24 9:38 ` Slurms MacKenzie
2015-07-24 11:12 ` s7r
2015-07-24 21:20 ` Slurms MacKenzie
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=55AFC52C.3010700@voskuil.org \
--to=eric@voskuil$(echo .)org \
--cc=bitcoin-dev@lists$(echo .)linuxfoundation.org \
--cc=thomasv@electrum$(echo .)org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox