search

clifordsymack / Electron-Cash

Electrum; Bitcoin thin client
MIT License
6 stars 3 forks source link

Investigate feasibility of subscribing to 1 scripthash (address) per ElectrumX server #7

Open cculianu opened 5 years ago

cculianu commented 5 years ago

It occurred to Mark Lundeberg and me that 1 "achilles heel" to privacy in the entire Electron Cash architecture is that the ElectrumX server knows all the addresses in your wallet because they all "subscribe" to be notified on new tx's with only 1 server.

We should investigate how much of a code change would be required to make the mapping 1 scripthash (address) per server.

So rather than you connecting to an ElectrumX server and sending it the "subscribe" command for ALL your addresses, you connect to 20 ElectrumX servers (if available) and then you "subscribe" to just 1 address on each server.

This can be combined with Tor so that you actually get a unique IP address (from the ElectrumX server's point of view) each time you do this.

In installations lacking Tor -- ideally this would be "sticky" in that you would try and reconnect to the same server from the same IP you are on with the same addresses -- to give the server as little information about yourself as possible.

There could even be various paranoia settings in some future version of EC about how strict to keep this scheme and whether to give up or not if certain privacy criteria cannot be attained via connecting to ElectrumX servers. (Say, for example, you have 20 addresses but only 15 servers are online and you are on "strict" mode, thereby EC gives up or notifies you it cannot meet your privacy criteria given the state of the network).

This needs to be fleshed out more. I'm opening this issue here to "keep it on the table" as a possible privacy enhancement going forward.

fyookball commented 5 years ago

Will not be fixed for the initial release.

cculianu commented 5 years ago

yeah.. this was more a pie in the sky fantasy.

This is also not needed if using tor.. so maybe never?

zquestz commented 5 years ago

I think this is unrelated to cashshuffle specifically. This issue should probably be opened on the main ElectronCash repo for tracking.

imaginaryusername commented 5 years ago

Just for clarification: I checked the Electrumx docs and it seems like all the methods there are single-scripthash only. Does that mean they are only grouped by session on electrumx proper by IP/port, and become indistinguishable if routed via Tor? Or are there any obvious means (aside from timing) for servers to identify and group source when requests are routed through Tor?