Connecting to the internet through Tor is a core component of a bitcoin privacy wallet. Along with block filters, it’s the answer to bitcoin network privacy.
As expected, Wasabi Wallet comes with Tor bundled in and enabled by default (you can opt out, but it’s not recommended), but how exactly does Wasabi Wallet implement Tor?
Wasabi Wallet makes all of its requests through Tor, but it alternates the connection (circuit) modes so that for super-private things like coordinating a coinjoin, its circuit is updated after each operation. This allows the user to have privacy from both the coordinator, the Bitcoin network and the Tor network.
This article will define what Tor is, how Wasabi Wallet implements Tor exactly, what are the operations that require an immediate circuit update, why the coordinator doesn’t use an onion service anymore, and how Conflux could be a future solution to improve reliability.
First, it’s important to understand that using the Internet without Tor (or alternative protocols) reveals your IP address to the server you’re connecting to. The goal is to protect a user’s IP address from their Internet peers and the public.
How Does Tor (The Onion Network) Work?
Tor is a free and open source software that enables anonymous communication for online activities by encrypting and routing Internet traffic through a network of servers, making it difficult to trace the origin or destination of data.
In other words, Tor is a peer-to-peer network that anyone can join to hide their IP address from the destination server. Here’s a simple illustration of how Tor works:
Tor is used in Wasabi Wallet for all communication purposes by default, i.e. to connect to the bitcoin network to download blocks and broadcast transactions, and to the coinjoin coordinator to receive block filters and the state of the coinjoin rounds when loading the wallet, and most importantly, for all the communication steps of the coinjoin transaction such as input selection, output selection, transaction signing. (Read about how a coinjoin transaction works in detail).
Now let’s take a closer look at Wasabi Wallet’s Tor implementation.
How Exactly Does Wasabi Wallet Implement Tor?
First off, we want to make sure that all communication happens through Tor. Each time we communicate we create an HttpClient (software used to send and receive responses from a server) and we set it up with Tor.
In addition, Wasabi enables Tor’s control port to manage and switch connection (circuit) modes. There are three circuit modes:
- For DefaultCircuit, on every session, we set up a default circuit that we will use when we don’t use other modes, usually for operations that are not too sensitive.
- For SingleCircuitPerLifetime, we create a new circuit just for this HttpClient, which we will reuse throughout the lifetime of the component that created the HttpClient.
- NewCircuitPerRequest is the most private mode. We use it when we want each request to have its own unique circuit, such as during the coinjoin coordination process.
It’s important to note that Tor circuits are slow and hard to create, which is why we try to avoid creating new ones when it’s not necessary. Here’s an example to understand better circuit mode management.
When a component needs to communicate on the Internet, it requests a new HttpClient configured with the mode it needs. When we use the RoundStateUpdater (to get the state of the coinjoin round), privacy is not critical. This is because every Wasabi client polls this endpoint, whether it’s actively participating in a coinjoin or not.
Since this query does not reveal client uniqueness, we create the HttpClient for the component with the SingleCircuitPerLifetime mode.
Now what are the operations that require the highest level of privacy with the circuit mode NewCircuitPerRequest?
What are the Operations that Require Tor Circuit Updates (NewCircuitPerRequest) in Wasabi Wallet?
As mentioned above, Tor is used for all communication when enabled, and a Wasabi Wallet client only communicates with Bitcoin Network peers and the coinjoin coordinator server. Let’s look at the operations that require circuit updates, starting with the coinjoin coordinator process.
For the coinjoin communication, it works separately in two parts:
- Inputs Registration + Inputs Confirmation phases: In this case, it makes sense to use one circuit for all requests related to one input, so we use the SingleCircuitPerLifetime mode, and we create a new HttpClient per input.
- Everything else: For the rest of the critical phase, we shouldn’t link any requests with each other. So we can use a single HttpClient, but we have to use the NewCircuitPerRequest mode.
For Bitcoin network communication, we use NBitcoin and its own Tor implementation so it works very differently. To protect privacy additionally on the block download step, we disconnect from a network peer every time we download a block.
We’ve explained in detail how the Wasabi Wallet client Tor implementation works, now let’s answer a common question regarding the abandoned use of an onion service for the coordinator server.
Why The Wasabi Coordinator Doesn’t Use an Onion Service Anymore
An onion service is a server configured to only receive incoming connections through Tor, providing privacy and censorship resistance to servers by bypassing DNS.
It used to be the case that the coordinator would run an onion service and clients would connect to it. However, this is no longer the case due to reliability issues inherent in onion services. In addition, the coordinator server doesn’t need privacy from the public so there’s not too much incentive.
For Wasabi’s coinjoin coordination process to work properly, the standard deviation of the request time must be small. Each request has to happen in a few seconds, and this time frame can’t vary much from request to request. Reliability is a major issue for Tor.
However, a solution seems to have arised…
Conflux as a Potential Reliability Solution for Tor
Conflux is a new Tor project that aims to solve Tor’s inherent reliability problems. If you need bandwidth reliability: you use Conflux, and it duplicates your request and sends each one through different circuits. Since reliability failure is a low-probability event, it’s extremely unlikely to happen with two different requests (e.g., 0.1 * 0.1 = 0.01),
Since Wasabi’s use of Tor varies depending on the action, sometimes we would use Conflux and sometimes we wouldn’t. Unfortunately, this isn’t possible with our current implementation. An alternative implementation called Arti would allow us to solve the Conflux management problem.
In this article, we’ve explored how Tor works, how it’s implemented in Wasabi Wallet through the alternative circuit modes depending on the action, which operations require the most private mode, why the coordinator no longer uses an onion service, and how Conflux is a solution to the reliability issues inherent in Tor.
This article, among other technical content, demonstrates that Wasabi Wallet is the superior bitcoin wallet for network privacy. To learn more about all the benefits of Wasabi Wallet, check out the Coinjoins.org review.