Published on: 2018-05-17T07:47:34+00:00
The Bitcoin network is currently facing issues with BIP37, a lightweight wallet that connects to nodes and requests an arbitrary bloom filter on their block files and mempool. Unfortunately, this system poses significant denial of service problems and places undue load on the network by default. Moreover, it fails to provide an acceptable level of security and reliability to lightweight wallets.In addition to these concerns, there are major privacy and load-distribution issues associated with BIP37. This raises the risk of breaking existing SPV (Simplified Payment Verification) client models and pushing users towards centralized validation solutions. Such a shift could potentially worsen privacy and security concerns even further.Recognizing these problems, Caius Cosades suggests that NODE_BLOOM services should be defaulted to zero in the next major release. Furthermore, any software relying on BIP37 should consider moving to alternative filtering options or utilizing another dedicated software to serve their requests. To fully address the issue, future releases of reference software should completely remove BIP37 commands.Developers are increasingly reaching a consensus on disabling BIP37 in network nodes due to the significant denial of service issues it presents. BIP37 allows lightweight wallets to connect to nodes and request the loading of an arbitrary bloom filter onto their block files and mempool. Unfortunately, this puts unnecessary strain on the network and fails to offer sufficient security and reliability to lightweight wallets.Moreover, BIP37 was intended to provide stronger privacy than it actually does. Any node capable of capturing `filterload` and `filteradd` responses can easily de-anonymize an entire wallet, regardless of the amount of noise added to the filters. While this can be countered by having multiple peers simultaneously return filter results, it compromises privacy and increases network load.To support the argument against BIP37, several links to mailing lists, GitHub issues, and research papers have been provided. These resources highlight the concerns surrounding BIP37 and further reinforce the need for its removal from future releases of reference software.Overall, there is a growing consensus among developers to disable BIP37 in network nodes due to significant denial of service issues and its inadequate security and reliability for lightweight wallets. Moving forward, it is recommended that alternative filtering options or dedicated software be utilized instead, and that future releases of reference software no longer include BIP37 commands.
Updated on: 2023-08-01T23:08:33.468260+00:00