Applying Private Information Retrieval to Lightweight Bitcoin Clients

TL;DR

This paper introduces a Private Information Retrieval (PIR) based protocol for lightweight Bitcoin clients, providing deterministic privacy with acceptable bandwidth and latency, improving privacy over Bloom filter methods.

Contribution

The paper presents a novel PIR-based SPV protocol that offers fully private, efficient, and practical verification for lightweight cryptocurrency clients.

Findings

PIR protocol incurs 33.54 MB bandwidth for 100 transactions.

Latency for PIR protocol is approximately 4.8 minutes.

Compared to Bloom filters, PIR provides deterministic privacy with modest overhead.

Abstract

Lightweight Bitcoin clients execute a Simple Payment Verification (SPV) protocol to verify the validity of transactions related to a particular user. Currently, lightweight clients use Bloom filters to significantly reduce the amount of bandwidth required to validate a particular transaction. This is despite the fact that research has shown that Bloom filters are insufficient at preserving the privacy of clients' queries. In this paper we describe our design of an SPV protocol that leverages Private Information Retrieval (PIR) to create fully private and performant queries. We show that our protocol has a low bandwidth and latency cost; properties that make our protocol a viable alternative for lightweight Bitcoin clients and other cryptocurrencies with a similar SPV model. In contract to Bloom filters, our PIR-based approach offers deterministic privacy to the user. Among our results, we show that in the worst case, clients who would like to verify 100 transactions occurring in the past week incurs a bandwidth cost of 33.54 MB with an associated latency of approximately 4.8 minutes, when using our protocol. The same query executed using the Bloom-filter-based SPV protocol incurs a bandwidth cost of 12.85 MB; this is a modest overhead considering the privacy guarantees it provides.