Introduction

If you want to check the amount of crypto you're holding, your wallet will initiate an RPC call to a full node server (e.g. Infura) or API (blockexplorer) server with a query containing your crypto address. Thus the server will learn the connection between your IP address and your wallet address.

This will cause some security risks.

Since some machine located in your IP address has private key in some way, you will be a victim of targeted attacks. Hackers will try to penetrate into your local network and will steal your coins.

Your physical location roughly can be determined by your IP address. Someone may come to your physical address and try to rob your coins with a five dollar wrench. Your option is to endure until your death to protect your wealth or surrender all of your coins.

The happy news is that while your wallet endpoint server's access log is protected against hackers, the connection between the IP addresses and wallet addresses the server learned won't be leaked. However, Ledger, the one of the largest hardware wallet company, reported they suffered a data breach in July, 2020. You need to trust wallet providers you use in some way. If you are a crypto nerd, why you can trust your wallet provider?

Solution

To protect against the above situation, the crypto industry should shift not to collect the connection between IP addresses and wallet addresses, not in an operational way, but in a cryptographic security. Wallet providers can discard access logs to secure their customers, but how can you verify your wallet provider is doing so?

The ultimate solution is cryptographically secure way to access wallet providers. EllipticPIR is the answer. Wallet providers can offer a completely privacy-preserving endpoints to the customers using our implementation.

We have already built a sample implementation of a Bitcoin's UTXOs server using EllipticPIR. As we tested, it can reply to queries in 10 secs or so with single consumer GPU which is within practical limits. Please note that execution time can be shortened by offloading workload into multiple GPUs for better latency.