Transcript for #bitcoin-dev 2017/09/02

13:25 RealM9 Bitcoin network is easy to monitor right now for state-level or ISP level actors. They can 1)see IPs of lightweight node/SPV node users, because when they announce TX, it's unencrypted 2)monitor Full node traffic and determine which TXes are created by them 3)monitor Full nodes and see which TXes are announced to them by lighweight/SPV nodes, thus identify them by IP.
13:25 RealM9 After that, this state level actor can associate names with bitcoin addresses
13:27 RealM9 Currently,U.S agency like NSA can do it easily, because they intercept all U.S network traffic for 24h (iirc), so they can create specific apps for blockchain monitoring and identify a huge part of bitcoin network
13:28 RealM9 The problem is that TXes are unencrypted. I read BIP151 (it encryots communications between nodes) and it's a great idea, that will make bitcoin network more private. But as i understand, it will be optional for everybody to use
13:30 esotericnonsense RealM9: you can run bitcoin over tor if you like
13:30 esotericnonsense RealM9: LN connections are encrypted also
13:30 RealM9 To make bitcoin network private, first of all, all full node TX data should be encrypted when relayed BY DEFAULT. Block data should stay unencrypted, because it's faster and there is no need for it to be encrypted. But all TX data should be encrypted
13:31 RealM9 Yes, i understand. TOR can make your tx private. But what i'm thinking is that all TXes should be private at protocol level. ISPs shouldn't see your TX data, if it's not over tor
13:31 RealM9 I think most of network TX data should be encrypted, when sent
13:32 RealM9 Everyone should have some privacy by default.
13:32 RealM9 Sure, gov can operate many full nodes, but that's harder. If every connection is open and not encrypted, it's so easy to perform mass surveillance
13:33 RealM9 Think about it
13:34 esotericnonsense RealM9: unauthenticated encryption is a problem wrt mitm as well if you want to do this for everyone
13:34 esotericnonsense however
13:34 esotericnonsense additionally I think 'by default' is a bit of a strange bar, your problem is that there are so many different implementations of wallets
13:35 esotericnonsense at the moment a bunch of them use centralised block explorer sites to show details about transactions
13:35 RealM9 Bitcoin core at least
13:36 RealM9 I think there was some BIP, how to protect against MITM, but i don't know much about it
13:38 RealM9 I mean, use encrytion whenever is possible
13:42 bytting RealM9: The question becomes, how much is enough, and what goes into the core protocol layer, and what should go into the second layer. ANd what is the goals, fungibility, personal security...
13:42 Megumiin
13:44 RealM9 I think all TX data should be encrypted at the protocol layer
13:45 RealM9 Think about websites. They use HTTPS, to stop ISPs and attackers from monitoring traffic
13:45 Megumiin websites are not peer-to-peer
13:45 RealM9 And what problems does p2p create?
13:46 Megumiin Authentication
13:46 RealM9 Are there any solutions?
13:46 Megumiin How do you know you're talking to another peer instead of a MITM setup by your ISP?
13:46 Megumiin No
13:46 Megumiin Short of accepting encryption without authentication
13:46 Megumiin but that doesn't prevent your ISP from listening
13:46 Megumiin It just makes it slightly harder and noticible
13:47 RealM9 iirc there was some BIP for authentication, no?
13:47 Megumiin no, only unauthenticated encryption
13:47 Megumiin (BIP151, which I just linked)
13:47 esotericnonsense think about what you are typing :)
13:47 esotericnonsense authenticated communication to nodes makes no sense
13:48 esotericnonsense the point is that they are unknown entities
13:48 esotericnonsense at best you could do something like ssh TOFU
13:49 Megumiin esotericnonsense: ips change, having pinned keys to ips could quickly isolate yourself from valid nodes
13:50 Megumiin TOFU only works when you're directly aware of when keys would change and to no longer expect previous keys
13:50 RealM9 What abiu
13:50 esotericnonsense Megumiin: yeah, i kind of feel like this is just an intractable problem by definition, but i can see some degraded security mode vaguely, it's just hard to pin down
13:50 RealM9 What about BIP150?
13:51 esotericnonsense i genuinely think this is a waste of time though. protect against ISP = vpn or tor (if you're not doing that anyway you've already lost in various other ways)
13:51 esotericnonsense protect against state level = ha
13:51 esotericnonsense ho ho ho he he he
13:51 RealM9 Well, state can't hack any node. And if you use some good encryption...
13:52 Megumiin RealM9: that is an opt-in equivilent which only works if you directly add autheticated nodes.
13:52 esotericnonsense without authentication they can actively mitm it
13:52 esotericnonsense or they can just sybil you
13:52 Megumiin If using tor isn't a viable alternative, this is not either
13:52 RealM9 Hm...shit...
13:53 esotericnonsense also 'state can't hack any node' is kind of an odd view to have
13:53 RealM9 Every
13:53 esotericnonsense mass surveillance protection is one thing, targeted attacks = give up
13:53 RealM9 Sorry, typo
13:53 esotericnonsense sure
13:53 RealM9 That's what i think. We need to fight mass surveillance
13:54 RealM9 If gov want to deanonymise someone it's a one thing. But if they monitor everybody, that's a problem
13:54 Megumiin If your only goal is to prevent passive surveillance bip151 is probably suffecient
13:55 RealM9 Well, yeah, but it's very vulnerable...yeah
13:55 RealM9 Hm, btw, how does the TOR protect against MITM?
13:56 bytting States could certainly need some protection against themself
13:56 Megumiin It doesn't, it just makes it extremely difficult to link the transaction back to you
13:56 RealM9 I mean tor protocol. How does it protect against MITM
13:56 RealM9 It's p2p too
13:57 Megumiin It doesn't really
13:57 Megumiin Any exit node is a defacto MITM
13:57 RealM9 What about entry nodes?
13:57 Megumiin Any entry/relay node is a MITM, but they only get encrypted packets which they can't read
13:58 RealM9 But when tor user tries to reach all nodes, entry, relay, exit. Could ISP mitm all these connections?
13:59 RealM9 Oh, right now i understand. It doesnt work because tor goes trough various ISPs/countries...
14:00 RealM9 Mitm attack*
14:01 RealM9 Wait but no... fuck, now i fucking don't understand it. Could they?
14:01 Megumiin If every single entry/relay/exit node you used cooperated, they could fully track and MITM your connection.
14:02 Megumiin Tor only attempts to make that unlikely
14:02 Megumiin This is getting offtopic
14:04 RealM9 Yeah... But if i understand correctly, a tor user first receives public keys of entry,relay,exit node no? ISP could possibly mitm these connections and insert his pubkeys, no?
14:04 RealM9 Maybe i don't understand it well enough
14:07 Megumiin I couldn't tell you the speciffics, but I assume the tor clients trust tor's authenticaed list of nodes
14:08 Megumiin
14:09 Megumiin
14:23 RealM9 What if biggest full-node peer IP seed servers would use encrypted communication and their pubkey would be hard coded into full node softwares? Then they would receive peer IP info with their PubKeys? Then node could connect other peers and request their peer info+peer pubkeys. All pubkeys would be saved and wheny later used again, do it won't need to connect
14:24 RealM9 *...when used again, it will have their pubkeys saved, so no more authentication needed
14:24 RealM9 Problem would be if keys would be changed
14:24 RealM9 All trust would start at the seeds
14:24 RealM9 What do you think about something like this?
14:25 esotericnonsense centralized seeds kill the idea
14:25 RealM9 But there are centralized seeds already, no?
14:26 RealM9 Also, node will need to use them only once. At the first connection
14:27 RealM9 Then it can just connect to other encrypted nodes and if needed, receive other encrypted peer info from them
14:27 RealM9 Seed is just the start of the trust
14:28 RealM9 Sure, if seed gets hacked and it's private key exposed AND if it's world level attacker, it could MITM everybody
14:29 Megumiin RealM9: It could also lie, and split the network, lie and make people unaware to find other nodes
14:30 RealM9 But it already can, no?
14:30 Megumiin no
14:30 RealM9 There are seeds already
14:30 Megumiin They only point you in the right direction
14:30 Megumiin They don't tell you who you can/can't trust
14:31 RealM9 Hm, i don't understand
14:31 RealM9 They send you other full node IPs, no?
14:31 Megumiin Yes, but they aren't authenticated
14:31 RealM9 Now they would send you full node IPs+their pubkeys
14:31 Megumiin There are a few ways which you can find peers
14:31 Megumiin What if they lie about their public keys?
14:32 RealM9 who?
14:32 RealM9 K...
14:32 Megumiin The "trusted" person who tells you the list
14:32 Megumiin What if that list is down?
14:32 Megumiin What if that list is compromised by some government?
14:33 RealM9 If that list is down, new nodes couldn't connect
14:33 RealM9 Hm...
14:33 RealM9 Yeah
14:33 Megumiin It becomes a centralized point of failure
14:33 RealM9 You're right... fck
15:36 RealM9 Is there any possible way how to solve this authentication problem?