Bitcoin Improvement Proposal 324 (BIP-324) would add https-like security to Bitcoin. Specifically, the proposal formalizes a way to prevent private metadata from leaking with regular Bitcoin transactions. If adopted, BIP-324 could improve privacy for millions of people.
Today, Bitcoin users broadcast transactions over unencrypted, unauthenticated connections. Because the data in Bitcoin’s mempool (the way in which information is stored on transactions that have been verified but not yet included in the blockchain) is plain text, eavesdroppers can identify counterparties, detect connections, and even tamper with certain bytes of a connection, such as node flags.
To seal these leaky connections and introduce authenticated connections to Bitcoin, BIP-324 promises to protect users from man-in-the-middle attacks.
Proposed by a class of 2013 Bitcoin Core developer
Jonas Schnelli, a Switzerland-based Bitcoin developer, introduced BIP-324 in March 2019. The proposal addresses some of his long-standing concerns about Bitcoin privacy.
Before BIP-324, Schnelli had been actively contributing to Bitcoin Core since April 2013. Years ago, Schnelli proposed an earlier BIP-151 that would have added some communication encryption to Bitcoin. Later, he withdrew that proposal in favor of BIP-324.
Brief summary of BIP-324’s technical details
- BIP-324 adds encryption for messages sent between Bitcoin peers using the stream cipher ChaCha20 with a Poly 135 MessageAuthenticationCode.
- Under Bitcoin’s current system, messages are sent in plaintext. Obviously, unsecured communications are prone to man-in-the-middle attacks.
- A privacy vulnerability exists at the transport layer of Bitcoin’s seven-layer networking model.
- This transport layer includes the protocols that devices use to connect with other devices over a network.
- For instance, the network standard for IP addresses exists on the transport layer.
Therefore, a man-in-the-middle attacker hijacks a connection that a device makes with another device over transport layers.
Indeed, theoretical man-in-the-middle attacks on the Bitcoin network include active and passive attacks. The former manipulates live data in Bitcoin’s peer-to-peer network. (Usually, an attacker targets a pending transaction in Bitcoin’s mempool.) A passive attacker can always monitor the state of the network — aggregating data for use in a subsequent, active attack.
BIP-324 has garnered supporters
Notably, the Lead Maintainer of Bitcoin Core and second successor to Satoshi Nakamoto, Wladimir van der Laan, has asked for BIP-324 code review assistance.
Mostly, the Bitcoin community seems interested in advancing the BIP-324 draft to a technical audit. They believe that adding https-like encryption represents significant progress for Bitcoin’s security.
For example, Warren Togami praised BIP-324. The Vice President at Blockstream noted that none of Bitcoin’s current IPv4 connections are guaranteed to connect with someone’s requested node. BIP-324 would introduce that guarantee.
Of course, even if the BIP is adopted, attackers could pretend to be a legitimate peer in a pending transaction. Nevertheless, BIP-324 will make it possible for legitimate parties to verify that no malicious man-in-the-middle is present, because the session ID would not match the one used by a legitimate peer.
Indeed, applying encryption will increase an attacker’s risk of being detected. “Peer operators can compare encryption session IDs or use other forms of authentication schemes to identify attack,” the BIP-324 abstract added.