Published on: 2014-06-06T10:45:43+00:00
In a discussion thread, Adam Back and Peter Todd engaged in a debate regarding the privacy tradeoffs of prefix filters in Bitcoin. While Adam expressed concerns about the questionable privacy tradeoffs of prefix filters, Peter argued that they offer better scalability than bloom filters and allow efficient querying of multiple servers for blockchain data. Both agreed that prefixes weaken privacy by providing extra correlation hooks for elimination from the network graph of payments with mismatched prefixes.The discussion also touched upon the two types of privacy involved: privacy from the full node an SPV client is relying on to find its payments, and privacy from analysis of the public transaction graph. They acknowledged that the latter type of privacy is more damaging, and recent changes in Tor reflect this concern. Additionally, they emphasized the importance of designing for privacy against future analysis of public information rather than relying on privacy by argument to select non-hostile nodes.Adam Back raised concerns about the privacy tradeoffs involved with prefix filters in relation to stealth addresses, stating that prefix filters have the same privacy issues since they affect everyone, not just the user. Gregory Maxwell suggested that the use of ECDH addresses for all transactions, as seen in Bytecoin, Monero, and Fantom systems, has made prefixes unnecessary. Furthermore, the efficiency of Obelisk's indexing allowed Dark Wallet to not store transaction information between sessions until recently. Although prefix brute-forcing is not yet implemented, prefix filters are being implemented for lookups, offering server operators plausible deniability.The email conversation between Adam Back and Peter Todd revolved around the privacy tradeoffs of prefix filters compared to bloom filters. While prefix filters provide better scalability and efficiency, they also compromise user privacy. However, it was noted that prefix brute forcing is an engineering tradeoff that can be implemented using existing technology. The conversation concluded by suggesting that if someone can come up with a better solution and write code for it, it would be welcomed. Additionally, the design of stealth addresses allows for future blockchain filter upgrades to be added in a backwards compatible manner.Adam Back expressed his concerns regarding the privacy tradeoffs of prefix filters in Bloom filters, highlighting that they pose similar problems as stealth addresses and can have a cumulative effect on privacy for all users. While he supports scalability, efficiency, and decentralization, he believes it should not come at the expense of compromising privacy. Notably, the performance of systems like Bytecoin, Monero, and Fantom, which utilize ECDH addresses for all transactions, suggests that prefixes may not be necessary under current system rules.The idea of advertising NODE BLOOM as a service was deemed attractive, but the use of prefix filters raises privacy concerns. It was emphasized that while scalability, efficiency, and decentralization are important, they should not be prioritized over privacy. The impact on privacy is cumulative and affects everyone, not just individual users. This analogy was drawn to the issue of reused addresses, where local decisions can have global effects. Additionally, bloom filters were criticized for their high IO loads, which make them vulnerable to DoS attacks, making them less ideal for nodes that are IO constrained rather than bandwidth constrained. VPS setups were suggested as a potential solution to better serve the network by serving full blocks.The proposed update in the Bitcoin Improvement Proposal (BIP) aims to add NODE_BLOOM as a service bit, allowing nodes to announce their support for bloom filters. This update would bump the network protocol version number, and nodes that do not support bloom filters would be recommended to disconnect peers who send filter messages regardless. However, it is important to note that bloom filters are not universally supported and have poor scaling properties, which can result in high IO loads and susceptibility to DoS attacks. In the long term, prefix-based filtering is expected to replace bloom filters, with implementations already underway in electrum and obelisk. The proposal has been successfully deployed on Litecoin, Dogecoin, and other alternative cryptocurrencies without any issues. Gregory Maxwell also requested the assignment of a BIP number for the proposal.
Updated on: 2023-08-01T09:27:50.401280+00:00