Current state and the future of wallets Building On Bitcoin 3th of July 2018 dev@ jonasschnelli .ch PGP: CA1A2908DCE2F13074C62CDE1EB776BB03C7922D
Privacy Security Trust
Privacy Transaction / scripts privacy Security Trust No-trust required Keystorage Chain-Validation Cold-Storage Consensus
Privacy ✓ No scripts sharing Security Trust ✓ ✓ ❌ Full validation Missing cold storage Consensus
Privacy ❌ Scripts sharing Security Trust ❌ ❌ ❌ No control over keys Central validation
Privacy ❌ Scripts sharing Security ✓ Trust ❌ Cold storage Central validation
BreadWallet Privacy ❌ Scripts sharing Android Wallet Security Trust ✓ ❌ SPV validation Exposed keys
Electrum Privacy ❌ Scripts sharing Security Trust ✓ ❌ SPV validation Missing cold storage
Centralized validation
Current state: New/novice users tend to use centralised validation.
Current state: New/novice users tend to use centralised validation. X Required validation device X Validation lead time X Bandwidth and CPU requirements
Centralized validation in practice • ~200GB+ disk space (large indexes) • Heavy disk I/O through indexing • Full validation „underneath“ (Bitcoin Core)
Downsides of centralized validation X Fake transactions / transaction omission X No control over the consensus layer X Abandons privacy completely
Advantages of centralized validation ✓ Immediately ready to use ✓ Fast wallet recovery ✓ Very low bandwidth costs ✓ Can serve large amount of wallets
Centralized key-storage
Centralized key-storage ✓ No security setup required X „Owns“ no Bitcoins X „Owns“ only the right to eventually access and move Bitcoins Users are often not aware !
SPV
SPV ❌ ✓ ✓ Can check some Verify headers Weak 0-conf handling consensus rules ❌ ❌ ❌ Fee estimation is Network „ leeches“ Rely on a „ free service “ probably impossible ❌ Often rely on DNS seeds
SPV ✓ ✓ Acceptable Bandwidth Acceptable amount of consumption decentralization
SPV privacy?
SPV privacy ✓ ❌ ❌ BIP158 - Compact BIP37 - Bloom Filters Electrum SPV Block Filters Low bandwidth „more“ bandwidth ๏ Low bandwidth ✓ ✓ MITM protection Privacy (?) Can filter mempool ✓ ✓ ✓ through SSL Widely useful filter No privacy ✓ X (No privacy) structures Personal filtering X X Personal filtering Committable through (incentive model) X ✓ (incentive model) soft-fork not (widely) deployed X no (useful) technique X to filter mempool
SPV privacy ✓ Full block SPV „high“ bandwidth costs X ✓ Can „migrate" to full validation ✓ Privacy ✓ Reduced consensus checks
SPV understanding filtering BIP37 - Bloom Filters PEER WITH BLOOM FILTER | NODE_BLOOM SPV Filters transactions BF for the client RELEVANT TRANSACTIONS (FALSE POSITIVES)
SPV understanding filtering BIP37 - Bloom Filters PEER WITH BLOOM FILTER | NODE_BLOOM INTERNET TRAFFIC SPV BF Filters transactions for the client MEN IN THE MIDDLE ISP, WIFI PROVIDER, STATE ACTORS RELEVANT TRANSACTIONS (FALSE POSITIVES)
SPV understanding filtering BIP158 - Client Side Filtering BLOCK FILTERS NODE SUPPORTING BIP158 SPV Client finds relevant BF Blocks BLOCKS
SPV understanding filtering BIP158 - Client Side Filtering 144 blocks ~= 144MB — Filtersize: ~2% 1 day = ~2.88MB 7 days = ~20.16 MB 30 days = ~86.4 MB 90 days = ~259.2 MB
SPV understanding filtering FULL BLOCK / HYBRID 144 blocks ~= 144MB 1 day = ~144MB 7 days = ~1’008 MB 30 days = ~4.32 GB 90 days = ~12.96 GB
Resource costs Core / full node SPV Electrum (SPV) Centralized validation solutions Decentralization
FUTURE OF WALLETS? The future of wallets
Privacy ✓ Transaction / scripts privacy ✓ Security ✓ Trust Keystorage No-trust required Cold-Storage Chain-Validation Consensus / p2p
Catching up a month of blocks ( 45min; consumer system) Acceptable CPU / memory rates once in-sync
Hybrid SPV Download relevant blocks Use SPV Sync and check headers (use BIP158) Wallet is ready to use Upgrade transactions once Download missing blocks Full- Validation they are fully validated Throttled Throttled
Privacy and self- verification (no trust) is not an opt-in model
Keep users away from trusted third parties
UTXO set commitments { "height": 530075, "bestblock": " 0000000000000000002fe10af166937d506ece7fad4381fda6cb86e9e1404be2 ", "transactions": 24567998, "txouts": 50460119, "bogosize": 3798659787, "hash_serialized_2": " 090c1276fe42f98246840fabac42dfa0e8b89b428f81ab16d53d69ae669bec4b ", "disk_size": 2921681465, "total_amount": 17125767.33401612 }
BIP 174 P artially S igned B itcoin T ransaction Format (PSBT) BIP32 PATHS PREV -INPUT PARTIAL SIGNATURES RAW TX PREV -INPUT PARTIAL SIGNATURES REDEEM SCRIPT BIP32 PATHS WITNESS SCRIPT
0.17 PRUNED Fundrawtransaction ( Enforce WatchOnly ) Multiwallet Dynamic creation and PROXY BRIDGE ( Scan TxOutSet ) loading of wallets HTTPS TOR STRATUM (TCP/TLS) NODE_NETWORK_LIMITED
+ = Chris Belcher’s Personal Electrum Server
OWN FEE ESTIMATIONS OWN VALIDATION USE CPU & BANDWIDTH MULTIPLE FACTORS WHEN AVAILABLE (HARDWARE WALLET) PRIVACY FEATURES MULTISIG BY DEFAULT CoinJoins Broadcast obfuscation WALLET OF THE FUTURE INTEGRATED L2 MIXED HARDWARE SOFTWARE SOLUTION EASY TO USE RELIABLE BACKUP SOLUTION
Thanks, Q&A ? dev@ jonasschnelli .ch PGP: CA1A2908DCE2F13074C62CDE1EB776BB03C7922D _jonasschnelli_ github.com /jonasschnelli
Recommend
More recommend