Author: Wendell 2013-12-20 06:52:51
Published on: 2013-12-20T06:52:51+00:00
The email written by Peter Todd after the DarkWallet Hackathon in 2013 discusses general principles and privacy in regards to Bitcoin. Todd assumed a worst-case sophisticated state-level attacker with the goal of deanonymizing and otherwise subverting Bitcoin users. He suggested that wallet software should avoid address re-use, implement basic two-party mix functionality, and encourage trade-offs between absolute privacy and usability. Todd also discussed the use of Tor for privacy enhancement.Regarding decentralization, wallets should provide users with the ability to set fees, both when a transaction is created initially and after initial broadcast, to respond to attacks. Wallets should give users the ability to change their fee per KB after the fact via transaction replacement, and may additionally implement fee estimation techniques.The article discusses various aspects related to the security and integrity of Bitcoin wallet software. The use of Bloom filters for SPV nodes is explained along with their limitations for archival blockchain data due to high IO load on the node relative to the client, which enables easy DoS attacks. Prefix filters are suggested as an alternative that should be implemented by wallet software whenever available.The article emphasizes the need for source-code and binary integrity using revision control systems and PGP signatures, respectively. Developers are urged to make use of PGP and participate in the web-of-trust, and advertise their PGP fingerprint widely. SSL/Certificate authorities and multi-factor spend authorization (multisig wallets) are also discussed.Payment integrity through a payment protocol such as BIP70 is highlighted as important, although its dependence on the certificate authority system is a concern that needs to be addressed. Finally, the article acknowledges the challenges of making PGP more user-friendly and calls for efforts to improve the user experience.In summary, the email and article discuss various measures that should be implemented in Bitcoin wallet software to enhance privacy, decentralization, security, and integrity. These include avoiding address re-use, implementing two-party mix functionality, using Tor for privacy enhancement, allowing users to set and change fees, implementing prefix filters instead of Bloom filters, ensuring source-code and binary integrity using revision control systems and PGP signatures, using SSL/Certificate authorities and multisig wallets, and promoting payment integrity through BIP70. The article also acknowledges the challenges of making PGP more user-friendly and calls for efforts to improve the user experience.
Updated on: 2023-06-07T22:36:42.772298+00:00