From: Eric Voskuil <eric@voskuil•org>
To: Stefan Richter <richter@cs•rwth-aachen.de>, gb <kiwigb@yahoo•com>,
Thomas Voegtlin <thomasv@electrum•org>
Cc: bitcoin-dev@lists•linuxfoundation.org
Subject: Re: [bitcoin-dev] Making Electrum more anonymous
Date: Thu, 23 Jul 2015 19:26:28 -0700 [thread overview]
Message-ID: <55B1A254.6070806@voskuil.org> (raw)
In-Reply-To: <CAH+=Z+Xt4mja348Rg5Ot0u1VeCnVxm0wkVUA3GVgryZ4Yp4QNw@mail.gmail.com>
[-- Attachment #1: Type: text/plain, Size: 4319 bytes --]
I've looked at IT-PIR for Libbitcoin. It's certainly more elegant than
onion routing for query privacy, but doesn't improve on the collusion
problem. As a result the related directory problem would also remain.
"This protocol sacrifices some level of privacy to gain robustness.
Because of this we need to assume that there is no collusion between
some number of servers. In some settings, it is unclear how this
requirement can be enforced or detected. This uncertainty may make this
protocol less desirable than others with different privacy guarantees."
http://www.cypherpunks.ca/~iang/pubs/hybridpir-pets.pdf
From the same source, regarding aforementioned options:
"An assumption used in many PETs, including mix networks, secret
sharing, onion routing and some voting protocols, is that no more than
some threshold of agents are colluding against the user to discover the
private information."
Another option is computationally-bounded CPIR, but from the same source:
"The main problem with the CPIR protocols already discussed is that
they do not generally perform queries faster than the trivial protocol."
Where the "trivial protocol" in our problem is full blockchain download.
WRT an alternative CPIR proposed in 2007:
"The idea behind their protocol is to add noise to the query in a way
that the server cannot discover which record the client is interested
in, but with the secret information that the client has, she can remove
the noise from the server’s response."
This is the idea behind stealth prefix queries:
https://github.com/libbitcoin/libbitcoin-explorer/wiki/bx-fetch-stealth
From our perspective, another important objective of query privacy is
allowing the caller make the trade-off between the relative levels of
privacy and performance - from absolute to non-existent. In some cases
privacy is neither required nor desired.
Prefix filtering accomplishes the client-tuning objective. It also does
not suffer server collusion attacks nor is it dependent on computational
bounds. The primary trade-off becomes result set (download) size against
privacy.
e
On 07/23/2015 05:23 AM, Stefan Richter wrote:
> This looks like a prime application for this PIR
> library: http://percy.sourceforge.net/apidocs/index.html
>
> Eric Voskuil via bitcoin-dev <bitcoin-dev@lists•linuxfoundation.org
> <mailto:bitcoin-dev@lists•linuxfoundation.org>> schrieb am Do., 23. Juli
> 2015 um 02:07 Uhr:
>
> This is a good point. I didn't delve into the specifics of
> implementation due to the larger issues that I raised. Libbitcoin Server
> uses CurveZMQ, an implementation of CurveCP.
>
> http://curvecp.org
> http://curvezmq.org
> https://en.bitcoin.it/wiki/Libbitcoin_Server
>
> e
>
> On 07/22/2015 04:11 PM, gb via bitcoin-dev wrote:
> > Why RSA?
> >
> >>
> >> Here is an idea, inspired by TOR, on which I would like to have some
> >> feedback: We create an anonymous routing layer between Electrum
> servers
> >> and clients.
> >>
> >> * Each server S publishes a RSA public key, KS
> >> * Each client receives a list of available servers and their pubkeys
> >> * For each wallet address, addr_i, a client chooses a server S_i,
> and a
> >> RSA keypair (K_addr_i, k_addr_i)
> >> * The client creates a list of encrypted requests. Each request
> contains
> >> addr_i and K_addr_i, and is encrypted with the pubkey KS_i of S_i
> >> * The client chooses a main server M, and sends the list of encrypted
> >> requests to M
> >> * M dispatches the client's requests to the corresponding servers S_i
> >> (without the client's IP address.)
> >> * Each server decrypts the requests it receives, performs the
> request,
> >> and encrypts the result with K_addr_i
> >> * M receives encrypted responses, and forwards them to the client.
> >> * The client decrypts the encrypted response with k_addr_i
>
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists•linuxfoundation.org
> <mailto:bitcoin-dev@lists•linuxfoundation.org>
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 473 bytes --]
next prev parent reply other threads:[~2015-07-24 2:26 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-07-22 15:51 Thomas Voegtlin
2015-07-22 16:04 ` Natanael
2015-07-22 16:30 ` Eric Voskuil
2015-07-22 22:20 ` Eric Voskuil
2015-07-22 23:07 ` Joseph Gleason ⑈
2015-07-22 16:41 ` Joseph Gleason ⑈
2015-07-22 21:18 ` Mike Hearn
2015-07-22 23:11 ` gb
2015-07-23 0:07 ` Eric Voskuil
[not found] ` <114b2a76-ebc7-461a-b4bc-10873574d6c4@HUB2.rwth-ad.de>
2015-07-23 12:23 ` Stefan Richter
2015-07-24 2:26 ` Eric Voskuil [this message]
2015-07-24 3:42 ` Slurms MacKenzie
2015-07-24 4:44 ` Eric Voskuil
2015-07-24 9:38 ` Slurms MacKenzie
2015-07-24 11:12 ` s7r
2015-07-24 21:20 ` Slurms MacKenzie
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=55B1A254.6070806@voskuil.org \
--to=eric@voskuil$(echo .)org \
--cc=bitcoin-dev@lists$(echo .)linuxfoundation.org \
--cc=kiwigb@yahoo$(echo .)com \
--cc=richter@cs$(echo .)rwth-aachen.de \
--cc=thomasv@electrum$(echo .)org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox