Using EPS and Electrum with a smartphone

[chris-belcher]

It would be great if users could have a full node + electrum personal server running in their home, and then connect their smartphone electrum wallet to it. (Or any other computer running elsewhere, but smartphone wallet is the most obvious application)

Electrum Personal Server shouldn't have other people connecting to it, because an adversary could in theory request every address ever used on the blockchain and so figure out which wallet(s) are monitored by EPS.

Also any packet sniffers could easily decrypt the Electrum-EPS connection and spy on the wallet, although this could be remedied by having users generate their own SSL certificate instead of using the default one in the EPS repository.

This issue is about ideas for improving this situation.

Right now probably the safest way is to have the smartphone connect to the EPS computer using SSH and open a SSH tunnel, which provides encryption and authentication. Then the smartphone wallet connects through the tunnel. Unfortunately some smartphones don't have SSH tunnel apps and also this is kind of hard to set up for non-technical users.

[suvayu]

I have been thinking about this since I started using EPS.

Electrum Personal Server shouldn't have other people connecting to it ...

I guess the obvious solution, authentication (e.g. user id, password), doesn't work because the electrum server protocol does not support it. So I have been thinking somewhat differently, would a TOR hidden service be a good option here?

Points in favour

1. Home networks are often setup behind a NAT, making it tedious to expose a service running on the home network. Using a TOR hidden service would trivially circumvent this issue.

2. As long as the user keeps the onion address of the service secret, it is difficult (not sure how difficult) for an adversary to discover the service and uncover the addresses being monitored by EPS.

Points against

1. Asking the user to setup TOR is a hurdle; that said, it is quite common to run bitcoind, lightningd, etc behind TOR, they have out of the box support. I have tried this myself, and it is rather straightforward, so probably not a big hurdle.

2. This scheme relies on keeping the onion address secret, I am not familiar enough with TOR to know the difficulty associated with finding a hidden service without knowing the address beforehand.

3. I'm not sure if Electrum on Android supports using a TOR hidden service as the server.

Thoughts on implementation

1. TOR is setup separately on the system by the user.

2. The stem library allows convenient interaction with TOR. Nyx, the TOR monitor, is built using stem.

3. While creating the hidden service, one can save the private key, so that on subsequent instances, the service can be recreated at the same onion address. This ensures that the user does not need to repeatedly update the wallet network settings on the client side.

Thoughts?

[chris-belcher]

I believe it's not possible to keep onion addresses secret, because tor Introductory Points (IPs) learn the onion's public key. I think I've seen websites that list the .onion addresses out there.

But yes using tor is very good as long as you authenticate. My own setup has a full node running at home with a tor hidden service. I connect to it on SSH via tor, and create a SSH tunnel which is used by Electrum to connect to Electrum Personal Server. It doesn't matter that my .onion address is knowable because nobody knows my SSH credentials. I use Electrum on desktop so it's not very hard to have tor and ssh running.

A nice way would be if in the Electrum wallet interface there was a way to authenticate the server, and to have the server authenticate the client. (Maybe the way OTR does it; ask for a shared secret or ask to check the fingerprints). This requires code to be written and merged in Electrum though.

[shesek]

I believe it's not possible to keep onion addresses secret, because tor Introductory Points (IPs) learn the onion's public key.

This is no longer the case with v3 hidden services; Addresses are now considered entirely private and won't leak through the network. My understanding is that v3 hidden services addresses can be used safely as an authentication mechanism.

https://blog.torproject.org/tors-fall-harvest-next-generation-onion-services

On the cryptography side, we are looking at cutting-edge crypto algorithms and improved authentication schemes. On the protocol end, we redesigned the directory system to defend against info leaks and reduce the overall attack surface. For example, did you know that in the legacy onion system, the network could learn about your onions? However, with this next-generation design, your onion address is completely private and only known to you and whoever you choose to disclose it to.

[jleute]

There is also HidServAuth for v2 addresses:

HiddenServiceAuthorizeClient auth-type client-name,client-name,… If configured, the hidden service is accessible for authorized clients only. The auth-type can either be 'basic' for a general-purpose authorization protocol or 'stealth' for a less scalable protocol that also hides service activity from unauthorized clients. Only clients that are listed here are authorized to access the hidden service. Valid client names are 1 to 16 characters long and only use characters in A-Za-z0-9+-_ (no spaces). If this option is set, the hidden service is not accessible for clients without authorization any more. Generated authorization data can be found in the hostname file. Clients need to put this authorization data in their configuration file using HidServAuth. This option is only for v2 services.

[0xbytes]

I have been using my Samsung with electrum and EPS using a VPN on my phone. The VPN is NordVPN. To prevent other people from connecting to my EPS, I use ip_whitelist in config.cfg. For example: ip_whitelist=192.168.1.0/24 38.111.23.98 186.213.3.121 .......

The 1st ip is my home network if my phone is connected thru wifi at home. The other IPs are a list of VPNs I connect to. For example, I have a list of NordVPNs for Iceland. I include the ips for Iceland in ip_whitelist. If I want to use electrum on my phone, I connect to VPNs in Iceland.

I believe that using a VPN on ones phone is less technical than SSH channels. It costs about $3/month for NordVPN if you get the 3 year plan. Also, if you love privacy, you should have a vpn anyways. NordVPN takes Bitcoin.

Thank you Chris for an awesome job with EPS.

[jleute]

So I was able to connect the electrum android app via a stealth tor hidden service (with HidServAuth configured in orbot) to my eps. I couldn't find the oneserver option in the electrum app though, so it is still downloading headers from other servers for SPV.

[suvayu]

@chris-belcher, I wrote this script. It creates an ephemeral hidden service with "basic authentication". I could not test the script with V3 hidden service because the latest released version of stem doesn't support it yet, but I believe it should work without changes. Also, I'm not entirely sure if V3 services can be ephemeral yet (it worked when configured from torrc). The script saves the private key corresponding to the onion address and the auth cookie in a pickle file (quick hack for now) for subsequent runs.

I then successfully configured Orbot, and accessed the SSH daemon on my workstation. So I know the hidden service is working as expected. But unlike @jleute, I couldn't really figure out how to configure the Electrum app to connect to my EPS.

If you think this is a good start, I can workup a patch against server.py, and open a PR. WDYT?

[MrHash]

It's possible to setup a VPN to your node using this convenient script https://github.com/Angristan/OpenVPN-install which generates a portable .ovpn config. Then your phone OpenVPN software can connect directly to the node and access the EPS on the local subnet.

[chris-belcher]

I think that's an excellent idea @suvayu. I believe Bitcoin Core has something similar where it can automatically create a HS, if it detects tor is running on the same machine. For EPS there could be an option in config.cfg where the user could control whether to create the HS or not.

[suvayu]

@chris-belcher, thanks for the vote of confidence. I was in fact inspired by Bitcoin Core's feature ;).

Before I get on this though, I would like to make things easier for myself by resolving #40. I have made some commits to that effect on my fork of EPS. I'll submit a pull request in a few days.

[suvayu]

If someone wants to try out EPS with Tor hidden service support before #40 is merged, you can test the tor branch on my fork. You will need to install stem; see doc/tor.md for instructions.