From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 83ABD2C for ; Mon, 22 Jul 2019 05:02:10 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from mail.bluematt.me (mail.bluematt.me [69.59.18.99]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id B074FF8 for ; Mon, 22 Jul 2019 05:02:01 +0000 (UTC) Received: from [IPv6:2620:6e:a000:233::100] (unknown [IPv6:2620:6e:a000:233::100]) by mail.bluematt.me (Postfix) with ESMTPSA id 734887CD78; Mon, 22 Jul 2019 05:02:00 +0000 (UTC) To: Andreas Schildbach , Bitcoin Protocol Discussion References: <59fad2b6-9b15-ffec-116e-91d27ce29f80@mattcorallo.com> From: Matt Corallo Message-ID: <72747be0-3760-a602-a540-37be6e4ad94c@mattcorallo.com> Date: Mon, 22 Jul 2019 05:01:58 +0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org X-Mailman-Approved-At: Mon, 22 Jul 2019 15:05:51 +0000 Subject: Re: [bitcoin-dev] Bitcoin Core to disable Bloom-based Filtering by default X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 Jul 2019 05:02:10 -0000 Hey Andreas, I think maybe some of the comments here were misunderstood - I don't anticipate that most people will change their defaults, indeed, but given the general upgrade cycles we've seen on the network over the entire course of Bitcoin's history, there's little reason to believe that many nodes with NODE_BLOOM publicly accessible will be around for at least three or four years to come, though obviously any conscious effort by folks who need those services to run nodes could extend that significantly. As for the DoS issues, a super old Proof-of-Concept of the I/O variant is here: https://github.com/petertodd/bloom-io-attack though CPU DoS attacks are also possible that use high hash counts to fill a node's CPU usage (you can pretty trivially see when a bloom-based peer connects to you just by looking at top...). Finally, regarding alternatives, the filter-generation code for BIP 157/158 has been in Bitcoin Core for some time, though the P2P serving side of things appears to have lost any champions working on it. I presume one of the Lightning folks will eventually, given they appear to be requiring their users connect to a handful of their own servers right now, but if you really need it, its likely not a ton of work to pipe them through. Matt On 7/21/19 10:56 PM, Andreas Schildbach via bitcoin-dev wrote: > An estimated 10+ million wallets depend on that NODE_BLOOM to be > updated. So far, I haven't heard of an alternative, except reading all > transactions and full blocks. > > It goes without saying pulling the rug under that many wallets is a > disastrous idea for the adoption of Bitcoin. > >> well-known DoS vectors > > I asked many people, even some "core developers" at meetings, but nobody > ever was able to explain the DoS vector. I think this is just a myth. > > Yes, you can set an overly blurry filter and thus cause useless traffic, > but it never exceeds just drinking from the full firehose (which this > change doesn't prohibit). So where is the point? An attacker will just > switch filtering off, or in fact has never used it. > >> It is not anticipated that >> this will result in a significant lack of availability of >> NODE_BLOOM-enabled nodes in the coming years > > Why don't you anticipate that? People almost never change defaults, > especially if it's not for their own immediate benefit. At the same > time, release notes in general recommend updating to the latest version. > I *do* anticipate this will reduce the number of nodes usable by a large > enough amount so that the feature will become unstable. > >> clients >> which rely on the availability of NODE_BLOOM-supporting nodes on the >> P2P network should consider the process of migrating >> to a more modern (and less trustful and privacy-violating) alternative >> over the coming years. > > There is no such alternative. > > I strongly recommend postponing this change until an alternative exists > and then give developers enough time to implement, test and roll out. > > I also think as long as we don't have an alternative, we should improve > the current filtering for segwit. E.g. testing the scripts themselves > and each scriptPubKey spent by any input against the filter would do, > and it also fixes the main privacy issue with server-side filtering > (wallets have to add two items per address to the filter). > > _______________________________________________ > bitcoin-dev mailing list > bitcoin-dev@lists.linuxfoundation.org > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev >