Tor, Bitcoin nodes and Gossip

Todays newsletter continues chapter 2 from Bitcoin: A Work in Progress.

Running a Bitcoin Node behind Tor

For various reasons you might not want the rest of the world to know that your IP address is running a Bitcoin node. In particular, you may not want your Bitcoin addresses associated with your IP address, since the former says how much money you have, and the latter can often be tied directly to your name and address — not just by governments, but also by someone with access to e.g. a hacked e-commerce database with the IP addresses and home addresses of its customers. This can lead to bad outcomes.

Bitcoin nodes already try to behave in ways that make them look indistinguishable from other nodes. Ideally, a node doesn’t reveal to other nodes which coins it controls. A node downloads the entire blockchain and keeps track of all transactions in the mempool (the mempool is a queue of transactions that have not yet been confirmed in a block. See Bitcoin, Explained episode 50)

Unfortunately the system isn’t perfect. Especially when you’re sending and receiving transactions from your IP address, careful network analysis by an adversary can sometimes reveal where those transactions originated. This type of analysis is a billion-dollar business, where companies don’t always behave ethically.

Therefore, using Bitcoin from behind Tor (here’s how may improve your privacy by severing the link between your IP address and any information about you that your node may accidentally reveal.

Some years ago a new type of onion address was introduced as a result of an update in the Tor protocol: Tor V3. These new Tor addresses are longer, which makes them more secure. However, this increased length required an upgrade to Bitcoin Core to support.

Bitcoin Nodes and Gossip

Why did the longer Tor V3 address require a Bitcoin Core upgrade? This has to do with how Bitcoin nodes spread the word about where they are. Nodes communicate with each other in a gossip network: They send each other lists of known nodes, and they ask each other, “Hey, which Bitcoin nodes do you know?” In return, they get a list of IP addresses, which are usually IPv4 or IPv6 addresses.

IPv6 addresses were formalized in 1998 with the intention of replacing IPv4, because the number of IPv4 addresses was limited. There are nearly 4.3 billion potential unique IPv4 addresses, whereas there are enough IPv6 addresses for every molecule in the universe.

Bitcoin nodes keep lists of other Bitcoin nodes and their IP addresses, both IPv4 and IPv6. Now the way they communicate a Tor address is to piggyback on IPv6. If an “address” starts with fd87::d87e::eb43, then Bitcoin Core knows that what follows should be interpreted as a Tor address. RFC-4193 ensures that such addresses won’t clash with any computer in the real world.

The problem with Tor V3 addresses is they’re 32 bytes, which is twice as long as an IPv6 address. That doesn’t fit in the RFC-4193 piggyback mechanism, so nodes had no way to communicate those addresses.

Fortunately in 2019, Wladimir van der Laan wrote a new standard — BIP155 — for how to communicate addresses. It introduces the new ADDRv2 message, which nodes can use to gossip those new Tor addresses (among other things). A major improvement is that each message specifies the type of address along with the address itself. This removes the need to piggyback. There are various address types, including the new Tor one, and each address type can have a different length. So, in the future, if a new address format comes along, it’s not going to be a problem.

The nice thing about this new peer-to-peer message is that old nodes just ignore it. And if your node knows it’s talking to an old node, it won’t use ADDRv2. So newer nodes will know this new message and can communicate all these new address types, and old the nodes carry on like nothing happened. Unless you want to use Tor V3, you’re not required to upgrade.

However, since the Tor project is centralized, it can and did force users to — with a long grace period — upgrade from Tor V2 to V3. So if you relied on Tor V2 for the privacy of your Bitcoin node, you’ll have no choice but to upgrade your node.