Is Bitcoin BIP-324 v2 P2P transport distinguishable from random traffic under passive traffic analysis?
Question
BIP 324 adds an encrypted v2 transport for Bitcoin P2P connections and removes the cleartext framing and magic bytes used before.
This is often described as making Bitcoin P2P traffic go dark. I want to understand what that actually means in practice for someone observing the network.
Assume a passive network adversary with no protocol break and no active probing but full visibility into packet sizes timing and flow behavior.
Under these assumptions…
Under what conditions if any would Bitcoin v2 P2P traffic be indistinguishable from other encrypted TCP traffic
What remaining properties of the v2 transport such as packet sizes handshake structure or message timing still allow traffic classification
Does BIP 324 meaningfully approach traffic obfuscation or does it mainly defeat simple protocol signatures while remaining classifiable through traffic analysis
No answers available yet.
Read Original ← Back to Home