[Bitcoin-development] Deanonymisation of clients in Bitcoin P2P network paper

Isidor Zeuner cryptocurrencies at quidecco.de
Mon Dec 1 10:42:58 UTC 2014


Hi Gregory,

response below quote:
> > Since this attack vector has been discussed, I started making some
> > measurements on how effective it is to connect to Bitcoin using Tor,
> > and I found that the number of connections dropping to near-zero is
> > a situation which occurs rather frequently, which suggests that there
> > is still room to improve on the DoS handling.
>
> I'm confused by this, I run quite a few nodes exclusively on tor and
> chart their connectivity and have seen no such connection dropping
> behaviour.
>
> Can you tell me more about how you measured this?
>

When you say "running exclusively on Tor", what do you mean exactly?
Do you also connect or allow connections through hidden services?

I made outbound connections through Tor exit points the only way to
connect to Bitcoin, and increased the number of allowed outbound
connection in order to get more meaningful values.

Lately, I could see unusual behaviour at:

* 2014-11-28 13:14 UTC
* 2014-11-25 07:32 UTC
* 2014-11-24 13:06 UTC

Anything I should look into?

> [As an aside I agree that there are lots of things to improve here,
> but the fact that users can in theory be forced off of tor via DOS
> attacks is not immediately concerning to me because its a conscious
> choice users would make to abandon their privacy (and the behaviour of
> the system here is known and intentional). There are other mechanisms
> available for people to relay their transactions than connecting
> directly to the bitcoin network; so their choice isn't just abandon
> privacy or don't use bitcoin at all.]
>

I think this issue is more important than it seems.

Firstly, when running Tor-only, there are still attack vectors which
make use of the DoS protection deficiencies.

Secondly, if we tell people not to connect directly if they want
privacy, how do we ensure that these indirect methods will not come
with implications for their privacy?

Best regards,

Isidor




More information about the bitcoin-dev mailing list