Network Level Privacy

Terminology

V. Stands for Verification or Validation. They are used interchangeably, but I’m pretty sure one of it is correct. Veridation?

Zooming Out

It is worth pointing out that network level privacy is just half of the battle. The other half is the blockchain level privacy, which is outside of the scope of this article.

  1. Private UTXO Retrieval
  2. Private Transaction Broadcasting

Bitcoin Core

Private UTXO Retrieval

Bitcoin Core downloads all the blocks ever created and establishes your wallet balances locally.

Private Transaction Broadcasting

Bitcoin Core broadcasts transactions to other peers on the clearnet, unencrypted.
Other peers cannot figure out which transaction originates from a specific node, because Core does not only broadcast its own transactions, but also propagates every other transaction that hits its mempool.
However some papers note it’s not bulletproof:

Adversaries Identified

  • Malicious Peer
  • Supernode

Bitcoin Core + Tor

You can use Bitcoin Core with Tor, which solves the above mentioned issue. In this case a supernode cannot track back transactions to your IP address.

Adversaries Identified

  • Tor Breaker

Wasabi Wallet

Private Transaction Broadcasting

Wasabi previously did not maintain its P2P connections over Tor. Since Wasabi is a non-listening node, broadcasting transactions through other P2P nodes over the clearnet would’ve let the peer to link your IP address to the transaction. This is why we were broadcasting our transactions to our backend server over Tor.

  • We did it in a way that we only connect to onion nodes, so end to end encryption is now enforced between us and our peers. All this without involving any exit node.
  • We connect to each peer through a different Tor stream.
  • This enabled us to replace our transaction broadcasting mechanism. Now, we broadcast transactions to only one peer over Tor and immediately after that we disconnect the peer.

Private UTXO Retrieval

Finally we arrived to the interesting part. Before the P2P Tor implementation Wasabi was doing the following:
The backend server served a constant filter table to all the clients over Tor. From those filters the clients could figure out which blocks they are interested in and downloaded these blocks and some false-positive blocks from peers. One block per peer. When a block was acquired, the peer was disconnected.
There were two issues with this.
What if all the peers Wasabi connected to was the same entity for an extended period of time? Then the Sybil attacking entity would know all the blocks a client is interested in, of which some information could’ve been obtained. The question arises? How do you make sure you are the only peer a client connects to for en extended period of time?
The second issue is, what if your ISP is spying on you for an extended period of time? This is more plausible. In fact Wasabi’s privacy rating on Bitcoin.org listing was almost scored down to be the same as Bread wallet, because of this, which of course would’ve been ridiculous, since Bread is a BIP37 wallet. What saved the rating was that I noted, if ISP is an adversary, then Bitcoin Core would’ve failed that in a more spectacular way, since transactions are broadcasted over the clearnet and even if the node is listening, the only transaction that doesn’t come in, but only goes out of the wallet must be the one that originates from the node.
Anyway, Wasabi does this over Tor now. Because of the end-to-end encryption of the onion network, it immediately defeats an ISP adversary and makes the already impossible job of the Sybil adversary even more impossible. How do Sybil for an extended period of time, all the nodes those connect to Wasabi? Or even just one node? The client is hiding behind Tor. You cannot even tie together two connections of the client, since the client connects to all your Sybils through a different Tor stream.
The only adversary that could possibly overcome this would have to setup thousands of full nodes over onion and also break Tor itself.

Adversaries Identified

  • ISP
  • Tor Breaker Sybil Attacker With Thousands Of Full Nodes Over Onion

Wasabi Wallet + Full Node

Private UTXO Retrieval

If you have a listening full node running in the background (not only Bitcoin Core, any full node) then Wasabi automatically picks it up and instead of asking peers for blocks, it asks blocks from your own node. Using Wasabi this way results in the same privacy model as Bitcoin Core’s regarding Private UTXO Retrieval.

Putting It All Together

Conclusion

To be useful, security metrics should reflect the difficulty an adversary has in overcoming them. — entropist

Because against all reasonable adversaries, a comparison between Bitcoin Core and Wasabi Wallet on network level privacy does not make sense you might think this article was a waste of time. But you are greatly mistaken. This article will surely help me win Internet arguments. And, in the end, isn’t that’s what really matters?

 by the author.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store