Also, are there any other reasons besides fetching a memo why users would need to download all transactions? Or are we just talking about memos here?
Just memos.
@sarahjamielewis is there any mathematical grounding for thinking about the protection to user privacy offered by downloading all blocks with less than n transactions?
This analysis is based on the current distribution of transactions in the zcash network and the current behavior of the zecwallet light client (which downloads all transactions in interesting blocks in an attempt to avoid disclosing which transaction is the interesting one). As such it is specifically intended to address privacy risks that already exist in the ecosystem.
A significant number of zcash transactions end up alone in a block, so a user downloading âallâ transactions in that block from a light client reveals interest in that transaction in light clients that exist today (queue network monitoring, t-addresses, and all the pre-existing research in analyzing the zcash network here) this is likely bad. As block sizes increase the anonymity set increases (as does bandwidth).
As such this thread was originally meant to offer a discussion on providing paths for light clients to start respecting privacy and security as fundamental features - with bandwidth being the main constraint. Given the discussion across threads the last few days it is clear that the priorities are not there and different teams have different ideas about what the constraints should actually be.
As such Iâm going to summarize:
The zecwallet-lite strategy doesnât currently offer any practical anonymity for transaction/block privacy for the reasons stated above. Changing the protocol as Iâve outlined in this thread to force all light clients with less than n transactions increases the anonymity set of light clients interested in those transactions, protecting smaller blocks, and also provides a way of probabilisticly tuning such a defense as the zcash network matures.
Eventually it should be "*safe (see below) to revert back to the current zecwallet strategy
As I see it there are now 4 strategies on the table, 1 protocol tweak, and 1 existential risk to the entire concept of memo based applications in the zcash ecosystem:
- Make the user download memos manually themselves and warn them about the privacy risk (i.e. do nothing to actively protect privacy).
- The current block-based behavior which will probably be âOKâ in the future if small blocks go away with use, but right now isnât statistically sound.
- Probabilistic downloading of transactions in smaller blocks in an attempt to improve privacy *given the current stated bandwidth trade-offs.
- Download all transactions in all blocks, improve privacy while sacrificing bandwidth (and computationally trending towards just running a full node minus the consensus protections).
Most of these can be combined with the 1-byte tweak which allows the detection of a memo or not as outlined.
All can likely be offered on a sliding scale and not impact the privacy of individual users too much in the short term i.e. these are not mutually exclusive from a privacy perspective these are gradients in protection that can compliment each other if designed properly.
Tor onion services also exist and as I mentioned at the start of the thread it might just be worth rolling those out for light service communication and calling it day, especially given the existential risk:
A. Memos donât scale, this conversation about making them scalable and safe for light clients is meaningless on a foreseeable future time frame so do the minimum amount of work to ship and hope that someone invests in workable mixnet before the all the apps zcash has founded itâs ecosystem strategy on are rendered useless.
Iâm inclined to respect @secparam analysis of the situation and think there should be some clarity from ZF and ECC on what they see as a likely roadmap for memo support as it really does have a critical input on the kinds of apps that are being funded and built right now and the priorities going forward.
If funding a mixnet is necessary for the future of many of current stars in the zcash ecosystem then that needs to be a high funding priority for the MGRC (if not ZF and ECC).