[tor-dev] Per-peer stream isolation for Bitcoin clients

Jeremy Rand jeremyrand at airmail.cc
Thu Jun 27 20:35:08 UTC 2019

Hash: SHA512

Hi Tor-Dev,

I'm trying to gauge the consensus (or lack thereof) in the Tor
development community on whether it's desirable for Bitcoin clients
(e.g. Bitcoin Core) to use stream isolation such that each peer is
accessed over a different circuit.

Some random thoughts on the matter:

1. Bitcoin Core accesses 8 peers by default, so per-peer stream
isolation would use 8 circuits instead of 1.
2. Per-peer stream isolation prevents a single exit relay from feeding
the user a chain that's not the longest chain, so it's desirable from a
Bitcoin security point of view.
3. Per-peer stream isolation would mean more potential for one of the
circuits being deanonymizable, via traffic analysis etc.  It's not clear
to me whether this amount of increased circuits is harmful, or how it
compares to other common usage of Tor such as Tor Browser (which uses
first-party stream isolation, so a user with a lot of tabs open may very
well have 8 or more circuits in use at once).
4. Per-peer stream isolation puts more load on the Tor network.  It's
not clear to me whether this increased load (8 circuits instead of 1) is
so much that it's harmful.
5. Bitcoin Core does do per-peer stream isolation by default.  The
relevant PR is https://github.com/bitcoin/bitcoin/pull/5911
6. Whonix's tor-service-defaults-torrc chooses to disable automatic
per-peer stream isolation for Bitcoin's SOCKS port, and states "Makes
too many connections to different servers.  Should not hurt if they get
through the same circuit."  No citation was given for either claim.
7. The behavior in Bitcoin Core's PR was ACKed by Isis Lovecruft, and an
unspecified Tor developer whom Greg Maxwell talked to.

So, it sounds like there is apparently some disagreement between the two
Tor devs who ACKed this behavior, and the Whonix devs who decided not to
enable it.

Curious what the general feeling in the community is.

(I understand that Isis no longer is active in Tor, so I'm not CC'ing
them.  I am CC'ing Patrick from Whonix in case he wants to weigh in.)

- -- 
- -Jeremy Rand
Lead Application Engineer at Namecoin
Mobile email: jeremyrandmobile at airmail.cc
Mobile OpenPGP: 2158 0643 C13B B40F B0FD 5854 B007 A32D AB44 3D9C
Send non-security-critical things to my Mobile with OpenPGP.
Please don't send me unencrypted messages.
My business email jeremy at veclabs.net is having technical issues at the


More information about the tor-dev mailing list