[Bitcoin-development] Proposal: Encrypt bitcoin messages
pete at petertodd.org
Wed Aug 20 00:41:27 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
On 19 August 2014 20:21:35 GMT-04:00, Jeff Garzik <jgarzik at bitpay.com> wrote:
>On Tue, Aug 19, 2014 at 8:16 PM, Peter Todd <pete at petertodd.org> wrote:
>> That is simply incorrect. The resources required to do that kind of
>monitoring are very high; even the NSA can't pull it off consistently
>Hardly. For example, when a new block arrives on the network, a
>single observer at a single location may obtain a binary "likely|not
>bitcoin protocol" decision from a spike in usage correlated with
>sudden, global network activity after a period of inactivity. I'll
>not detail all such metrics.
Emphasis on "likely", at best. Forcing you adversary to rely on uncertain statistics is a huge improvement over the status quo. Secondly your example is of a new block; the more general concern is determining where a given transaction originated. In the best of circumstances determining the origin of a few hundred bytes of days interspersed in dozens of kB/s of buffered data streams is very difficult and expensive even without padding and/or random delay features.
Again, I've spoken to people like Jacob Applebaum about this who have a solid understanding of what the NSA is actually capable of, and they've confirmed the above. Don't let perfect be the enemy of good.
Of course, that's not to say we shouldn't cost-benefit analysis the implementation; not using straight OpenSSL for this is a wise decision. Hence the suggestion of using the existing and tested Tor support to encrypt by default.
-----BEGIN PGP SIGNATURE-----
Version: APG v1.1.1
-----END PGP SIGNATURE-----
More information about the bitcoin-dev