Published on: 2014-01-16T10:25:18+00:00
The discussion revolves around using hidden services as a more secure method of authentication and encryption for SPV wallets. One suggestion is to connect SPV nodes through Tor, which would preserve privacy and reduce the risk of MITM attacks. However, concerns are raised about the potential slowdown of the Bitcoin network if all nodes communicate over Tor. The use of anti-sybil techniques and hidden service addresses following a certain pattern are proposed to address these issues.In January 2014, different methods for identifying nodes in SPV wallets were discussed. These included querying hardcoded seed nodes, DNS lookups, and selecting nodes based on clearnet anti-sybil heuristics. Connecting to IP addresses using Tor was also suggested as a way to enhance privacy and security. The idea of nodes giving both public and private IPs to peers was questioned, and alternatives such as clearnet nodes informing about their own hidden service IDs were proposed.The goal of using Tor hidden services is not to hide P2P nodes but to provide authentication and encryption. It is suggested that 6-hop hidden service circuits may not be necessary for most nodes, and a 3-hop circuit would suffice. The use of Tor may result in network slowdowns and could potentially decrease transactions per second on the Bitcoin network. IPv4-based anti-sybil heuristics and proof-of-stake schemes on Tor are also discussed as possible improvements.A clever hack has been implemented to map Tor keys to reserved IPv6 space, allowing for hidden service addresses that can be included in addr packets. Concerns are raised about malicious nodes generating multiple hidden service keys, and suggestions are made to avoid this issue, such as clearnet nodes informing about their own hidden service IDs. The proposal to introduce a new P2P protocol command "tor?" with a service flag is made to include IPv6-ified hidden service addresses in addr messages. This would eliminate the need for nodes to give both public and private IPs to peers.The use of SSL on P2P connections to prevent passive wiretapping and sybil attacks is also discussed. While OpenSSL is considered risky, a pure Java implementation of the Tor protocol called Orchid is discovered, which could enable wallets like MultiBit and Hive to utilize Tor by default. However, the limitations of SPV wallets in verifying unconfirmed transactions and relying on peer counts are highlighted. A proposal is made to upgrade the P2P protocol with a new service flag and tor? message to identify nodes on the clearnet, allowing SPV wallets to bypass Tor if necessary. The idea is deemed implementable and secure, as Tor runs as a separate process that can be sandboxed.
Updated on: 2023-08-01T07:16:05.112231+00:00