Author: Mike Hearn 2014-01-15 22:51:21
Published on: 2014-01-15T22:51:21+00:00
The Bitcoin community has been discussing the use of SSL on peer-to-peer (P2P) connections to prevent passive wiretapping and sybil attacks. While OpenSSL is a large piece of code that could expose the internet to wallets, Tor is not a viable option as it is susceptible to bugs, breaks anti-sybil heuristics for hidden services, often results in MITM, and cannot be used as a library. However, a pure Java implementation of the Tor protocol called Orchid was discovered, which could allow MultiBit, the Android Bitcoin Wallet app, Hive and other bitcoinj based wallets to utilize Tor by default. The main problem with this approach is that SPV wallets cannot verify unconfirmed transactions and rely on counting peers, which can increase the probability of being MITMd. Therefore, a proposal has been made to upgrade the P2P protocol by introducing a new service flag and tor? message to identify nodes on the clearnet via their addr announcements+service flag, allowing SPV wallets to bypass Tor entirely. If the mapping is recorded on disk, the wallet will skip straight to using Tor the next time it starts. This idea is implementable and secure, and Tor runs as a separate process that can be easily sandboxed to protect against exploits.
Updated on: 2023-06-08T00:06:37.372450+00:00