Blockchain and Tor

In the beginning of the linked article, Noah implies that IP address obfuscation is not all that important:

Not a single case has ever involved someone revealing their IP address when sending a transaction.

but then later on says:

Knowing the IP address of full-nodes is a security risk for those full-node operators, and not obscuring IP addresses is a security problem.

Which is it? IP obfuscation is very important for reasons I explained above and the Verge dev team believes that Tor is the right tool for the job (maybe also I2P).

To mine and Sunerok’s knowledge, the Tor protocol has not been broken and has been used widely outside of blockchain for quite a while now with great success. Directly from the Tor website the only known theoretical exploit remaining is an entry and exit node attack.

Let me explain this briefly:

An exit node is when traffic goes from a Tor protected node on the network to a non-protected Tor node (ie. a clear node). An entry node is when you go from a clear node to a Tor node. If you can watch traffic at both ends of the network then you can perform sophisticated attacks to profile a user’s behavior.

The publication that Noah linked to explains that you can inject malicious Tor nodes into the Bitcoin network and spam the network causing all the “good” ones to be kicked and thereby the malicious nodes take over the network. This Coindesk article explains it in a more digestible format. The key piece of this exploit is exit nodes:

They explained that, when a Tor user connects to the bitcoin network, his or her IP address is not revealed. Instead, the bitcoin server sees the address of the connected Tor ‘exit node’, a type of server. As a result, an attacker could send enough bad transactions over Tor to get all the exit nodes banned by the bitcoin network

The difference with Verge is that with the next release there won’t be any entry or exit nodes. Once upgraded, every node on the network will be transacting over Tor because when you start a network node it will also be a Tor node.

The dev team is looking at adding safeguards to ensure that a node cannot participate in the network unless it is communicating over Tor.

Verge has had wallets that communicate over Tor for a while and have had hosted blockchain nodes that can be connected via Tor but the entire Verge network is not using Tor yet. The Android and Electrum wallets already communicate over Tor.

This core blockchain node is last and key piece.

After the next release, every node on the network will be able to use Tor seamlessly. The Verge team would love to have some constructive peer review here. If you are inclined please come on over to Discord and/or Github.

Noah also mentions that:

You don’t need Verge to run your cryptocurrency over Tor

While this is true, in order for it be secure you would need everyone that is running a blockchain node in the network to also be using Tor. Otherwise you are vulnerable to entry and exit node attacks. This is impossible to ensure and coordinate without it being built into the code of the core blockchain node and hence the point of the next release.