delvingbitcoin

Silent Payments: Light Client Protocol

Silent Payments: Light Client Protocol

Original Postby harding

Posted on: June 5, 2024 02:13 UTC

In the process of enhancing privacy for users using a taproot address, a series of steps are outlined to ensure secure transactions without compromising user identity.

The method involves fetching tweaks and computing possible public keys to compare against a taproot-only filter, as specified in BIP 158. If there’s no match, the procedure iterates with the next block height until a match is found, leading to the collection of simplified Unspent Transaction Outputs (UTXOs). A significant concern arises when clients fetch transaction data based on untrusted tweaks and public keys, potentially exposing their network identity if the server supplying this data is dishonest or colluding with others.

The exposure risk is highlighted through a hypothetical scenario where a malicious server operator, named Mallory, targets a specific user by distributing manipulated tweaks and filters. This manipulation ensures that only the targeted user matches the fake data, revealing their network ID when they proceed to download transaction data. The vulnerability persists even when fetching data from multiple servers, as control over the filter distribution server could lead to forced matches by providing false information.

A proposed solution to safeguard user privacy involves adopting a practice similar to Wasabi Wallet's approach with a custom BIP158 implementation. This includes downloading untrusted tweaks and filters over an ephemeral Tor connection, followed by downloading the full corresponding block from a random full node using a different network identity. This method significantly reduces the risk of connecting to a malicious full node controlled by the server due to the vast number of block-serving nodes and the existing traffic from BIP158 clients. By utilizing full blocks and connections to regular full nodes, users benefit from enhanced privacy, especially when employing protocols like Tor.

While this approach entails increased bandwidth usage due to the need for downloading full blocks, the trade-off for privacy is considered reasonable. For most users receiving sparse taproot payments, the daily bandwidth cost remains below 4 MB. Those experiencing higher transaction volumes might face up to 600 MB/day in bandwidth costs, which is deemed manageable given the privacy benefits.