Re: [Bitcoin-development] Tor / SPV
Yes correct, using hidden services just as a kind of more complicated, out of process/sandboxable SSL. would the overall transactions/second the Bitcoin network could handle go down? If all nodes talked to each other all the time over Tor, probably yes because Bitcoin is quite sensitive to latency. But what I'm proposing here is less ambitious. It's just about protecting (parts of) end-user-to-network communication, which is a much less risky sort of change. P2P nodes would still talk to each other in the clear. SSL for everything is still an idea I like, but it's true that increasing bitcoind attack surface area is not something to take lightly. Considering that the clearnet sybil protection also relies on scaling up the resource requirements for an attacker, why not require hidden service addresses following a certain pattern, like a fixed prefix? I'm sure we can come up with all kinds of neat anti-sybil techniques, but IMHO they are separate projects. I'm trying to find an upgrade that's small enough to be easily switched on by default for lots of users, today, that is low risk for the network overall. Later on we can add elaborations. The SPV node could connect to the IP using Tor. It would preserve the privacy of the SPV node - hard to see it's running Bitcoin. It also reduces the ability of an attacker to MITM because the routing varies with each exit node. Right so the key question is, to what extent does Tor open you up to MITM attacks? I don't have a good feel for this. I read about exit nodes routinely doing very naughty things, but I don't know how widespread that is. Probably you're right that with random selection of exits you're not excessively likely to get MITMd. How does Tor itself manage anti-sybil? I know they have the directory consensus and they measure nodes to ensure they're delivering the resources they claim to have. Punting anti-sybil up to the Tor people and letting them worry about it is quite an attractive idea. -- CenturyLink Cloud: The Leader in Enterprise Cloud Services. Learn Why More Businesses Are Choosing CenturyLink Cloud For Critical Workloads, Development Environments Everything In Between. Get a Quote or Start a Free Trial Today. http://pubads.g.doubleclick.net/gampad/clk?id=119420431iu=/4140/ostg.clktrk___ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
Re: [Bitcoin-development] Tor / SPV
May need to modify the network address format to include the ability to differentiate IPv6 clearnet vs. Tor addresses sipa already implemented some clever hack where the 80-bit Tor keys are mapped to a subregion of reserved IPv6 space, giving magical IPv6 hidden service addresses. So addr packets can and do already contain onion addresses. but then you remove the implication that a node has to give both public and private IPs to a peer. If it's part of a batch of addrs, it could be my own hidden service ID, but it could also be one that I learned from someone else and is now propagating, for anyone to bootstrap with Tor hidden service peers if they'd like. Hmm. So you mean that we pick a set of peers we believe to not be sybils of each other, but they might give us hidden services run by other people? I need to think about that. If they're getting the hidden services just from addr announcements themselves, then you just punt the issue up a layer - what stops me generating 1 hidden service keys that all map to my same malicious node, announcing them, and then waiting for the traffic to arrive? If clearnet nodes inform of their own hidden service IDs, that issue is avoided. My goal here is not necessarily to hide P2P nodes - we still need lots of clearnet P2P nodes for the forseeable future no matter what. Rather we're just using hidden services as a way to get authentication and encryption. Actually the 6-hop hidden service circuits are overkill for this application, a 3-hop circuit would work just as well for most nodes that aren't Tor-exclusive. -- CenturyLink Cloud: The Leader in Enterprise Cloud Services. Learn Why More Businesses Are Choosing CenturyLink Cloud For Critical Workloads, Development Environments Everything In Between. Get a Quote or Start a Free Trial Today. http://pubads.g.doubleclick.net/gampad/clk?id=119420431iu=/4140/ostg.clktrk___ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
Re: [Bitcoin-development] Tor / SPV
On Wed, 15 Jan 2014 23:51:21 +0100, Mike Hearn wrote: The goal of all that is that we get to keep our existing IPv4 based anti-sybil heuristics, so we can’t possibly make anything worse, only better. Plus, we’ve now set things up so in future if/when we come up with a better anti-sybil system based on anonymous identities or other fancy crypto, we can take out the “connect via clearnet” step and go straight to using hidden services with only a very small set of code changes and no new protocol work. I think it might be ok to use proof-of-stake on as an anti-sybil scheme on tor.. people would obviously not want to associate their wallet with their IP address, but is there any harm in associating it with a (temporary) tor service id (especially one that isn't used for anything other than relaying bitcoin transactions)? If each node you connect too can sign some challenge with a key that controls some BTC (and your client node verifies that the funds are different) then that might be useful.. even if it were only a small 0.01BTC stake that would be similar to the cost of obtaining another IP through a cheap VPS or VPN and significantly higher than the cost to an attacker who is able to MITM everything and operate on any IP anyway. Rob -- CenturyLink Cloud: The Leader in Enterprise Cloud Services. Learn Why More Businesses Are Choosing CenturyLink Cloud For Critical Workloads, Development Environments Everything In Between. Get a Quote or Start a Free Trial Today. http://pubads.g.doubleclick.net/gampad/clk?id=119420431iu=/4140/ostg.clktrk ___ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
Re: [Bitcoin-development] Tor / SPV
My goal here is not necessarily to hide P2P nodes - we still need lots of clearnet P2P nodes for the forseeable future no matter what. Rather we're just using hidden services as a way to get authentication and encryption. Actually the 6-hop hidden service circuits are overkill for this application, a 3-hop circuit would work just as well for most nodes that aren't Tor-exclusive. Ah, I see, so you're intending to use the Tor hidden services not for their original purpose (hiding), but rather as as authentication (someone may spoof my clearnet IP, but only I have the private key that makes this Tor hidden service connect to me, so you can trust when you connect to it it's really me). So if you trust the clearnet IP to be a friendly node, that makes a more secure connection, but if you're already talking to a bad node, moving the communication to Tor doesn't change that. I agree the six-hop circuits would be overkill for that; I wonder if the network slowdown you get on Tor will be worth the increased security? Yes, you'll be more protected from MITM, but if this is widely adopted, would the overall transactions/second the Bitcoin network could handle go down? Brooks -- CenturyLink Cloud: The Leader in Enterprise Cloud Services. Learn Why More Businesses Are Choosing CenturyLink Cloud For Critical Workloads, Development Environments Everything In Between. Get a Quote or Start a Free Trial Today. http://pubads.g.doubleclick.net/gampad/clk?id=119420431iu=/4140/ostg.clktrk___ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
Re: [Bitcoin-development] Tor / SPV
On Wed, 2014-01-15 at 23:51 +0100, Mike Hearn wrote: ... 3) SPV wallets that want to get a good mix of nodes for measuring pending transactions identify nodes on the clearnet via their addr announcements+service flag, in the normal way. They select some of these nodes using the standard clearnet anti-sybil heuristics and connect without using Tor. They proceed to query them for their hidden The SPV node could connect to the IP using Tor. It would preserve the privacy of the SPV node - hard to see it's running Bitcoin. It also reduces the ability of an attacker to MITM because the routing varies with each exit node. -- CenturyLink Cloud: The Leader in Enterprise Cloud Services. Learn Why More Businesses Are Choosing CenturyLink Cloud For Critical Workloads, Development Environments Everything In Between. Get a Quote or Start a Free Trial Today. http://pubads.g.doubleclick.net/gampad/clk?id=119420431iu=/4140/ostg.clktrk ___ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
Re: [Bitcoin-development] Tor / SPV
On Wed, 2014-01-15 at 20:29 -0800, Miron wrote: On Wed, 2014-01-15 at 23:51 +0100, Mike Hearn wrote: ... 3) SPV wallets that want to get a good mix of nodes for measuring pending transactions identify nodes on the clearnet via their addr announcements+service flag, in the normal way. They select some of these nodes using the standard clearnet anti-sybil heuristics and connect without using Tor. They proceed to query them for their hidden The SPV node could connect to the IP using Tor. It would preserve the privacy of the SPV node - hard to see it's running Bitcoin. It also reduces the ability of an attacker to MITM because the routing varies with each exit node. It would also be good to gossip the mapping of (IP - onion address). This would allow detection of a future MITM, since the MITM can't spoof the onion fingerprint. -- CenturyLink Cloud: The Leader in Enterprise Cloud Services. Learn Why More Businesses Are Choosing CenturyLink Cloud For Critical Workloads, Development Environments Everything In Between. Get a Quote or Start a Free Trial Today. http://pubads.g.doubleclick.net/gampad/clk?id=119420431iu=/4140/ostg.clktrk ___ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
