Cryptology ePrint Archive: Report 2014/763
On the Privacy Provisions of Bloom Filters in Lightweight Bitcoin Clients
Arthur Gervais and Ghassan O. Karame and Damian Gruber and Srdjan Capkun
Abstract: Lightweight Bitcoin clients are gaining increasing adoption among Bitcoin users, owing to their reduced resource and bandwidth consumption. These clients support a simplified payment verification (SPV) mode as they are only required to download and verify a part of the block chain — thus supporting the usage of Bitcoin on constrained devices, such as smartphones. SPV clients rely on Bloom filters to receive transactions that are relevant to their local wallet. These filters embed all the Bitcoin addresses used by the SPV clients, and are outsourced to more powerful Bitcoin nodes which then only forward to those clients transactions relevant to their outsourced Bloom filters.
In this paper, we explore the privacy of existing SPV clients. We show analytically and empirically that the reliance on Bloom filters within existing SPV clients leaks considerable information about the addresses of Bitcoin users. Our results show that an SPV client who uses a modest number of Bitcoin addresses (e.g., < 20) risks revealing almost all of his addresses. We also show that this information leakage is further exacerbated when users restart their SPV clients and/or when the adversary has access to more than one Bloom filter pertaining to the same SPV client. Motivated by these findings, we propose an efficient countermeasure to enhance the privacy of users which rely on SPV clients; our proposal can be directly integrated within existing SPV client implementations.
Category / Keywords: applications / anonymity
Original Publication (with minor differences): ACSAC 2014
Date: received 29 Sep 2014, last revised 13 Oct 2014
Contact author: arthur gervais at inf ethz ch
Available format(s): PDF | BibTeX Citation
Version: 20141013:202348 (All versions of this report)
Short URL: ia.cr/2014/763
Discussion forum: Show discussion | Start new discussion
[ Cryptology ePrint archive ]