[Bitcoin-development] Outbound connections rotation
Ivan Pustogarov
ivan.pustogarov at uni.lu
Mon Aug 18 18:37:21 UTC 2014
Yes, I agree that if a client rotates its outbound connections then
sooner or later he will connect to a malicious peer. This case considers
an attacker which has some peers in the network. E.g. renting 500 IP addresses
for 0.01 USD per IP per hour will cost 3600 USD per month: doable but
still not for free.
I think that revealing the origin (or rather public IP) of a distinct
transaction is tolerable. The learned public IP can be shared by several
users. So a big ISP can server as a anonymyzer which prevents from linking
tx of the same user.
Rotation will help against low-resource attackers with no peers at all.
The reason for rotation is that if client's 8 outbound connections stay
the same for a long time, an attacker which does not have any peers at all
but just listens the Bitcoin network can link together differed BC addresses
and learn the IP of the client. The 8 entry peers are unique per client so if two
users share the same IP, they can be distinguished.
In order to protect himself from this specific attack, a client can also
set only 3-4 outbound connections, so the proposed modification is just
another potential defence. If it is useful for other things, it' great.
> If you rotate where you send out your transactions then with
> very high probability a sybil pretending to be many nodes will observe
> you transmitting directly.
Outbound connections are still rotated from time to time due to remote side
disconnections. Plus outbound connections do not survive BC client restarts
(unlike Tor Guard nodes).
On Mon, Aug 18, 2014 at 10:21:07AM -0700, Gregory Maxwell wrote:
> On Mon, Aug 18, 2014 at 9:46 AM, Ivan Pustogarov <ivan.pustogarov at uni.lu> wrote:
> > Hi there,
> > I'd like to start a discussion on periodic rotation of outbound connections.
> > E.g. every 2-10 minutes an outbound connections is dropped and replaced
> > by a new one.
>
> Connection rotation would be fine for improving a node's knoweldge
> about available peers and making the network stronger against
> partitioning.
>
> I haven't implemented this because I think your motivation is
> _precisely_ opposite the behavior. If you keep a constant set of
> outbound peers only those peers learn the origin of your transactions,
> and so it is unlikely that any particular attacker will gain strong
> evidence. If you rotate where you send out your transactions then with
> very high probability a sybil pretending to be many nodes will observe
> you transmitting directly.
>
> Ultimately, since the traffic is clear text, if you expect to have any
> privacy at all in your broadcasts you should be broadcasting over tor
> or i2p.
--
Ivan
More information about the bitcoin-dev
mailing list