Bitcoin Forum

Hello all,

I am offering a personal bounty of $2K USD $250 USD for the following features to be added into Bitcoin. I'd code them myself, but time restraints won't permit me to. Let me hire you. :)

1. Bitcoin should run its P2P operations in straight SSL. It should look like FF talking to Apache to any DPI. See the Tor source code. Most of the work is done already. REPEALED - See discussion.

2. On first run Bitcoin should select a random high TCP port (>1024) and save it to the bitcoin.conf. (something like "listenerport=8972"). This port should contain the new SSL-only listener. Do we need to keep the old port 8333 listener running for compatibility for a while? REPEALED - The port number should be selectable by the user; not random. See discussion.

3. UPnP support. Bitcoin should port forward the chosen high TCP port automatically. (Possibly port 8333/tcp too, if the answer to the question above is "Yes"). The GUI/command line should have a UPnP off/on toggle. It should be "on" by default. $250 Bounty still offered. UPnP should be off by default on the Linux build.

It's just a matter of time before Bitcoin is blocked in all of "those" countries that have oppressive regimes. We need to resist stuff now before Bitcoin gains traction. I'm not looking to reinvent the wheel here (Tor). I just want to make it more resistant to DPI blocking-related attacks. Better off with a distribution of Bitcoin with Tor included. Hopefully those under repressive regimes already know about/use Tor. Having Tor installed offers other benefits besides Bitcoin.

If these 3 features are implemented in the next 30 days, I'll throw in an additional $500 USD. Payable in Bitcoin or in pre-loaded VISA cards from Bitcoin2CC - your choice.

The Madhatter

1) SSL would require all clients to upgrade.

2) Random TCP ports could be annoying for users running other services on their computers on certain ports when Bitcoin decides to use them.

3) UPnP would really be useful with all those NAT gateways.

Bitcoin is entirely different. Tor has a few centralized servers that can distribute certificates, but Bitcoin does not. You could use encryption without authentication, but this would not prevent men-in-the-middle from intercepting your traffic: it would just be obfuscation. Including secure encryption might be impossible without some sort of friend-to-friend system.


The official client won't make outgoing connections to non-standard ports, so this would not be good for the network.


Just use Tor with Bitcoin, then. They've already got this stuff solved.

This is a deficiency in the official client, and should be fixed.

We should identify what core functionality bitcoin needs and use existing tools to extend how we use it, the way Unix tools do.

OT: I am interested to know how you can claim "20+ years of experience with Linux and FreeBSD," since Torvalds didn't even begin to work on Linux until 1991 and FreeBSD wasn't released until late 1993.

Bear in mind that quite a few oppressive regimes actually own or can probably obtain SSL root certificates. I don't think of SSL as protecting me from governments and I'd suggest nobody else does either.

I understand and agree with what you're trying to do here. I also give you massive credit for being willing to put money where your mouth is. But beating an adversary with DPI isn't going to be easy - at the very least, somebody should put together a design doc or paper explaining their threat model and solution before you pay for it.

UPnP support on the other hand is a no brainer. I'd also be willing to contribute some coin (dollars/bits) towards implementation of that in the official client. The P2P network needs to be as dense as possible and using UPnP to reconfigure WiFi NATs is the best way to achieve a quick boost.

Fair enough. I haven't heard of fidonet for a long, long time.

Random ports might be a problem if they conflict with other services, but UPnP never hurt anyone. What do you mean Windows-specific? UPnP is implemented by all the major Linux router platforms, and is a very nice way to avoid manual setup of port forwarding.

It seems fair to discuss the merits of UPnP inclusion here. I tend to agree with you, just because of potential security issues.

The point of UPnP is to help users who are running the software at home. It's got nothing to do with server deployments of bitcoind. I guess the command line UI would have it switched off by default the and Win/Mac GUIs would have it switched on.

UPnP is only a "security" issue if you're treating hacks like NAT as some kind of a firewall (which it's not intended to be). NAT is a hack to allow multiple computers/devices to access the WAN from a single WAN address. It isn't supposed to block anything. Blocking incoming connections has merely been a bug in the NAT implementations. UPnP fixes this bug by giving endpoints the ability to tell the router what ports it expects a connection on, so the router can correctly pass that traffic through.

If you want a firewall, go ahead and get one (or install it as software). But that is unrelated to the bug that UPnP fixes.

On my networks, one of the first things I do when setting up a router is disable UPnP due to security concerns (malware often likes to open ports on UPnP enabled routers to further expose the network and help keep their botnet alive).  However, I think UPnP support would be great for non-techie home users that don't know enough to disable UPnP on their router's in the first place...If they're going to have UPnP enabled, we might as well take advantage of it.

I think some sort of built-in encryption would be really good to have, but obviously a central authority is obviously out of the question...hmmm...unless that central authority happens to be Bitcoin (or a similar system).  IDEA: User/node generates a key pair for encryption between nodes, the node creates a special transaction to "register" the public key, user pays a transaction fee or 0 or more, and then if/when it gets added to a block, the entire network has your public key for encrypted communications.  Obviously there's a lot more details to work out on this, and barriers for non-technical users, etc, but it's something to start brainstorming around.  (This is very similar to what's been on my list of things to think about for a Bitcoin-based DNS to have SSL certs associated with domains as well so people don't need to buy them from a "trusted" third-party like Verisign, etc.)  (EDIT: For communication between nodes, just generating key pairs for encryption and sharing the public keys upon first contact with the network and then spreading them via the 'addr' message (assuming a sufficiently bootstrapped Bitcoin network) would probably be enough for encrypting the traffic, and a central public key registry is probably unnecessary for this purpose.)

I would like ports other than 8333 to be supported, as well.  Also IPv6.

May I ask why do you want public data to be exchanged through encrypted connections? I don't see the gain in that. If it's anonymity you want, encryption won't help you...

So ISP's can't target and block Bitcoin as easily?

As long as businesses need to run VPNs and SSL websites, I think crypto will remain legal. Mimicking traffic patters in another matter, though.

What's the incentive for ISPs to do that, despite government pressure?
Because if it's the government who's after you, they can do just like hadopi in France. Encryption alone won't help you, you need something like Tor.

Maybe a better thing would be to offer a bundle Bitcoin client + tor proxy with everything already configured, for those who aren't geek enough to configure it by themselves. Just like the firefox bundle that torproject offers.

I don't see a need to add encryption to the core bitcoin software.

How so? The current build links against openssl already. Preserving the existing port 8333 listener thread would maintain backward compatibility for some time.


It's random selection upon install. The user can, of course, change the port. Look at how I2P works upon first install.


Uh huh. :)

Ahem.. Key exchange. Generate a cert upon install.


I want this bundled with the official client. I'm not looking for a fork.


99.99% of average people have no clue how to setup Bitcoin to use Tor.

Assuming that other people know as much as you/I/us know will kill this project. If we want mass adoption this software has to be robust, simple to use, and "just work". This includes when China/North Korea/"Insert bad government" blocks it.

We need to be proactive here. Not reactive. Telling people to install another program and educate them on how to chain them together is not a fix. It's a giant ugly "hack".

Edit: A key cache similar to how SSH handles keys could be added to Bitcoin to prevent MITM attacks.

+1

I'd like to run bitcoind on port 443. I want it to look like Apache/SSL.

It should choose a random port upon install. If you have a port specified in the bitcoin.conf, it will use that explicitly. Us smarter folks would likely specify a port. (I'd use 443). :)

Think about the average Joe. They never toy with the defaults. If we want the network to be resistant to DPI filtering we need this.

Less than 0.25% of the population uses *NIX. If we want mass adoption we need to focus more on the end user operating systems.

Yes. I understand what you are saying here. We should be at least obfuscating Bitcoin connections as FF+Apache connections. China, for example, can easily block Bitcoin at the moment - just filter one port: 8333. How sad.

China can't block every SSL connection. Commerce relies on SSL connections too heavily.


Check out the newer videos by Roger Dingledine. They explain the lessons they learned about keeping Tor from being blocked in China/Iran.


Totally. I think that UPnP should be on by default.

So is the bounty for these features to be added to the official client, or would an alternate client that's 100% compatible with the official client while having these additional features count?

 :D I used to run FidoNet BBSes where I live.

I agree with your concern about people not knowing how to protect themselves, but then, I think that better than adding unnecessary features to the main software, we should just offer preconfigured bundles, as I said on my last post.

An "anonymous bitcoin" bundle to be downloaded from the main project page, that would include the bitcoin software + an embedded tor proxy, everything preconfigured... this is better, imho, than adding SSL support to the bitcoin client.

I agree, and this is more along the Unix "philosophy" that I mentioned earlier. The less code within bitcoin itself, the better. You can't exploit code that doesn't exist.

SSL is (a) a good additional to the bitcoin P2P protocol, even if anonymous, and (b) easy to integrate into the existing protocol.

As others have pointed out, SSL will not give you authentication, because you're still connecting to an untrusted party.  However, it will give you obfuscation, which has value.

Modern protocols implement SSL by including a "start SSL" message in their plaintext, unencrypted protocol.  That eliminates the need for multiple TCP ports as in the HTTP/HTTPS design.  bitcoin can implement SSL obfuscation by adding a start-ssl message immediately after the version message.  The version message will tell us whether or not the node supports SSL, making it easy to integrate SSL in a backwards-compatible manner.

Thus, bitcoin P2P nodes that wish SSL may request it, just like SMTP nodes that wish to use SSL for transiting email between untrusted nodes.

It is a step forward for the Internet, when most protocols use SSL by default, even if obfuscation is the only added value.

+1

I'm also an avid user of djb's daemontools. A foreground command line switch would be very nice.

Exactly. I highly doubt the governments of the world will block banks, for example. :P

Official client. What good would a fork be? So I can run it between me, myself, and I? :P

I suppose that could be done. I guess the user would also get other benefits from Tor as well, such as pseudo-anonymous browsing, etc.

I wonder if the Tor project could be convinced to just include Bitcoin with their bundle. We might be too far away from that. They don't seem to want to even touch Bitcoin. I was instructed to send my donations to the EFF instead of them. :(


It should automatically setup a Tor hidden service with a port forward back to Bitcoin too then. We can leave it up to the user to publish their .onion address/port number. It should also contain a list of "seed" nodes in the torrc. (Public hidden services to bootstrap from.)

Also, Bitcoin should at least let the user select a port other than 8333. It should also have UPnP support. Enabled by default on Windows/Mac, disabled by default on Linux/*NIX. Would that make the *NIX geeks happier about UPnP support? :P

That wouldn't work. DPI gear would just pick out the version string and send out some RST packets. The cops would then be dispatched to break some knee caps. :/

Tor is very dangerous for those that do not know how to protect themselves already.  Using personally identifiable information over Tor defeats the purpose of using it in the first place.  Most things can be MITMed on the Tor exit nodes (even some SSL connections...google Moxie Marlinspike).  But using Bitcoin on Tor while using normal connections to communicate with those you wish to transact with also defeats the purpose of using Tor.  The average person that "does not know how to protect themselves already" is not ready for Tor.

You're preaching to the choir. ;)


Oh sure. Having some protection/obfuscation (to beat DPI stuff) is better than nothing. Wouldn't you agree? There are always other attack vectors that have to be considered. What about physical spying, for example?

Right now, a default installation of Bitcoin is so easily detected/blocked from the network layer. Shouldn't we be concerned? I certainly am. :)

I want Bitcoin to be unstoppable. A crazy spray of garbled packets that hide alongside regular HTTPS connections to banks. I want to make it so that blocking Bitcoin also means blocking "their" existing bank infrastructure as well. ;)

Yes, using Tor for obfuscation would work (for as long as Tor is not blocked), and certainly that's better than not having that obfuscation. 


But the average user won't gain any benefits of using it for privacy, and may even lose privacy (and online accounts, and non-Bitcoin money, etc) without a good understanding of how Tor should be used.

By doing SSL on port 443, it would practically be indistinguishable from "acceptable" (to governments) bank sites, etc., assuming the government doesn't start requiring SSL certs be signed by the government instead of private companies.  The ISP can always check the certs of the nodes your node is connecting to and filter you that way...if it's not government signed, they block it.

Of course, once the number of Bitcoin users is great enough, it won't be in anyone's political interest to try blocking it, but then by that point there's little need for these obfuscation techniques anyway.  I guess the goal is to find a way to get it to that point.  Perhaps Tor can/will play a large role in that, I don't know.  I much prefer configurable ports and encryption for average users before Tor.

Quite true.

I suppose the P2P network could advertise a 'I require SSL' flag, during the normal course of globally propagating the bitcoin P2P node addresses.

And the bitcoin client could be changed to add an option that prefers SSL P2P nodes on TCP port 443.

Still, ultimately you do not need DPI to simply observe bursts of incoming and outgoing traffic behave (a) like bitcoin P2P and (b) unlike HTTP.  Application fingerprinting by packet sniffers is quite advanced.  A lot of information may be deduced even without access to the unencrypted plaintext.

Yes.  I am very surprised that Tor and other VPN solutions do not already employ such obfuscation techniques?

To truly obscure traffic, one must (a) send the same length of data at regular intervals or (b) saturate all available bandwidth with data at all times.  Anything else is vulnerable to statistical analysis.  The "random data at random times" method is not very practical for most modern TCP-like messaging applications; also, "random data" + your app traffic may not equate to random data...

If it's government censors, they don't need DPI nor fingerprinting, it's actually much simpler than that, all they have to do is to connect themselves to the P2P network in question and log the IPs that connect to them. SSL connections (or random obfuscation data) are useless.
This is what Hadopi is supposedly doing in France right now.

Well, I was thinking of an embedded proxy that would be used only for bitcoin. If the user wants to protect his/her other traffics, he should look on how to.
Automatically redirecting user normal traffic to a tor proxy just because s/he installed bitcoin would reasonably piss off some users.


Why would they? It's not like Tor depends on bitcoin to work better, it's more the other way around. :)


This would be nice, integrating the bitcoin protocol with hidden services... I don't know how the protocol currently works, but I suppose there are messages to ask for other nodes, right? These messages could send not only IPs, but Tor hidden services addresses too.
I don't know why leave it up to the user to publish or not a hidden address though... I suppose one maybe have numerous hidden service addresses, right? Why not making it automatic? You connect and publish your hidden service address to your peers so they publish to theirs and so on...

The bitcoin protocol has space for an IPv6 address and port in it's address messages.  Using hostnames/.onion addresses would require a modification to the protocol or maybe an ugly hack.

EDIT: Maybe it wouldn't require a change, as Tor addresses (without the .onion pseudo-TLD) are 16 characters long, which fits in the IPv6 address space.  I don't know what the intentions of the 'services' field in the Network Address structure is for, but it's 8 bytes long and typically/always has the value of 1. Maybe setting another bit in that value to 1 could be used to denote that it's a .onion address, and now you have Tor compatible address messages. (Obviously these would be junk addresses to Bitcoin nodes that don't understand them the Tor 'services' value.)

EDIT 2:
Example for http://axqzzpkfwezf3kku.onion:

Here's a normal Bitcoin Network Address message:

Bitcoin Network Address message for Tor address:

I think if the goal is to avoid detection+blocking then having the ability to run the protocol over HTTP by doing GETS and POSTS would work much better (no ssl).

I have a few issues with the idea of using SSL as obfuscation.

One is that some countries do in fact block or simply forbid encrypted connections. Spotting encrypted connections is easy because the data looks random whereas unencrypted protocols don't.

Examples: Tunisia "solved" SSL on the Google login page by simply hijacking the connection before the SSL connection was established. They solved it on Facebook by just blocking SSL entirely and forcing users to downgrade to the unencrypted version. Chinas GFW has been known to simply terminate connections that look like they're encrypted when they're leaving the country.

To really hide you need to look like regular web traffic as much as possible and you need the ability to rapidly change how the protocol looks. Then nothing but cutting off all web access will work.

How about this strawman proposal. Currently BitCoin travels over TCP port 8333. We can build an HTTP proxy for this such that a GET to

 http://www.some-site.com/bc/random-words?v=1

is equivalent to waiting for a message to arrive and a POST to that same URL is like sending a message. BitCoin is an entirely message based protocol and messages are small, so it will work OK. A cookie is used to keep the individual requests tied together to a logical connection. The proxy site then relays these messages into the p2p network as per usual. The random words could be anything and just pulled from a dictionary.

If you wanted to get really intense you could encode the messages steganographically into JPEGs or random HTML content.

To a DPI engine, this looks just like regular web browsing. There's some GETs, some POSTs, some cookies and the downloads/uploads are just binary. As long as there's no specific signature (like the current protocols beginning of message markers) this is probably quite hard to detect.

At the start, this can be implemented independent of the BitCoin client. Later on it could be integrated. Proxy lists could be distributed via a regular text file that has a signature on the end. A new command could be added that allows for new proxy lists to be downloaded from an existing proxy, to mimic the address discovery of the existing TCP based network.

Anyone who is serious about claiming this bounty should team up with a Snort expert to make sure that whatever solution they come up with is actually difficult to build detection scripts for.

One of my Goals is to get Bitcoin Working on Freenet https://www.bitcoin.org/smf/index.php?topic=2312.0 (https://www.bitcoin.org/smf/index.php?topic=2312.0)

Then one could download, install, and use bitcoin from a darknet. :D

Here is how you would do SSL without needing CA certificates, and without man in the middle attacks.

Bitcoin is already distributed with the IP addresses of some initial seed nodes.
It would be changed so that it would also include the SSL public keys of those seed nodes.
This establishes a chain of trust.

Bitcoin would make a connection to those seed nodes to learn of other peers as it does now.
When the seednode refers a peer to the client, it also includes the peers SSL public key.

A bitcoin server must not accept incoming connections, unless the peer already knows its public key.
This makes it difficult for an attacker to connect to a specific target node it wants to monitor, it would first have to get the certificate referral from another node.

Using this method establishes a chain of trust starting with the public keys in the bitcoin program, and all nodes the client will eventually connect to in its lifetime.
It prevents any man in the middle attacks on the client.

This is the method used by freenet (I may be missing some details, see freenet source code).

As for older clients not supporting SSL there could be a transition period.
Initially the new version would try to make a SSL connection and if that does not work it falls back to the non-ssl method.
Yes this is vulnerable to an MITM attack by pretending a node doesn't do encryption.
After the SSL version has been out for some time and most people have upgraded, future versions would no longer accept unencrypted connections.

I'll split that if someone addes GUI toggle to my current branch and gets miniupnpc to compile properly on windows.  (My branch currently works on Linux/OSX via a command line toggle). 

I take that back, WxGUI stuff is done.  All thats left to do is get miniupnpc to compile on Windows and link properly with bitcoin without causing segfaults or implement MS' own UPnP library in bitcoin for windows.  Ill split the bounty 200/50 for anyone who can get that working.

Current version available at https://github.com/TheBlueMatt/bitcoin/tree/upnp (https://github.com/TheBlueMatt/bitcoin/tree/upnp)

From: http://bitcointalk.org/index.php?topic=4761.0

<spam>
---------------------------

As per this (http://bitcointalk.org/index.php?topic=4543.0) and this (http://bitcointalk.org/index.php?topic=4435.0) post, me & dissipate have setup a new site:

http://bitcoin.cz.cc

You propose features for Bitcoin. The front page shows a mix of the most donated proposals (10) and newest ones (5). Once the feature is implemented in Bitcoin then the bounty goes to the author and the proposal is deleted.

Think of it as an experiment into future methods for bitcoin based free software dev. Right now I'm just putting it out there to see what happens. If it grows then we can think about turning it into a bug tracker type thing with tickets, comments, statuses, assignment of tickets and search.

##############
For this to work, people have to know about it. Add it to your signatures!
"Vote up your favourite ideas to go into Bitcoin"
##############

Source code (http://gitorious.org/btfeature/btfeature/trees/master).

UPnP pulled into mainline (79706a8e48a043b9ca83216ba9cbb7413e81710d) resolving all of the bounties in this thread.  If you want to pay out, a payout in BTC to the address in my signature would be nice :).