Topic: Electrum & EPS tests - Master Public Key & Lightning Network wonderings (Read 132 times)

Hi guys !

Thanks again for your replies.

@vjudeu:
I learned a lot about clearing all my traffic with my windows Firewall. I also learned that whonix and other OS exists, but i wanna continue to do it with windows for the moment.
I also decided to disable all the in-bound traffic, and disabled all out-bound traffic too.
Then I created a rule in order to open the 443 TCP port. All net traffic is also encrypted, through TOR.
The only weird thing is that I still had a weird ip that were sending and receiving things from / to my computer. After a few researchs, i guess it's the TOR node output.
I also think that, now, all my clearnet traffic is disabled and all my net traffic is encrypted, through TOR (this PC doesn't use an other browser / is especially for my node & ESP).


If you've any advice, it would be with pleasure Thanks again !


[EDIT] After lots of reflexions, i created video tutorials to help people having a Bitcoin Core node linked to their Electrum Personal Server through TOR (+ with all the clearnet traffic disabled). The goal is only to help the next wave of geeks who want to improve their privacy:
Link 1: youtube. com/watch?v=wxiH8hG9G-4
Link 2: youtube. com/watch?v=58RXxG9MArs

I'm not using it so I can't give elaborate answers
but that's a payment processor, not an Electrum server implementation like ElectrumX, electrs, Esplora or Fulcrum.

The connection of Electrum wallet to BTCPayserver isn't the same as the connection between Electrum client to a server (Network setting).
It requires your master public key since it needs it to generate new addresses for you.

Hello guys,

Thanks for your answers, which are really clear.

@nc50lc: does that mean that BTC Pay server (i didn't use it for the moment) do not use the master private key, but only the scriptHash?


@vjudeu: i used Wireshark as i did few months ago and i can confirm that my EPS & Electrum wallet used TOR. Moreover, i will learn about clearing my all clearnet traffic on my node computer, which is something i don't know how to do.
Thanks for your clever answer

It's specifically required in EPS' config to circumvent the full transaction index requirement,
but even if your server knows all of you future addresses, there wont be any issue since it's for personal use.

For other server implementations, servers only acquire the scriptHash (addresses) from the connected Electrum clients (rather, Electrum client asks the server).
Read the comment/code: github.com/spesmilo/electrum/blob/master/electrum/synchronizer.py#L131

It's a 2-of-2 MultiSig address created from your and the other party's public key.

If the connection icon is 'blue' instead of 'green', it means that you're connected through Tor.

Yes. Unless you create a non-deterministic wallet, and manually paste child keys, one-by-one. Which 99% of people won't do. In general: if you have HD wallet, then master public key is shared. If you have non-HD wallet, or if you manually grab some keys from HD wallet, and put them in non-HD wallet, then only those public keys are shared.

For that reason, I usually avoid all SPV wallets, unless I am forced to use them. And even in those cases, first I load my HD wallet offline, then generate only those child keys I want to check, and then put them into non-HD SPV wallet. But it is safe to assume that most people are unaware, and share their master public keys, and then their funds can be easily traced, if you run any Electrum Server, and listen carefully.

It was created by Electrum wallet. Probably, if you look at your settings, there are options, where you can choose, how change addresses should be derived. If you use default settings, it is possible that your change address will be derived in a different way than your regular addresses. Both address types can use HD wallets, maybe even both use the same master public key, but then, if derivation path will be different, then you will reach different addresses. One little change can easily destroy your flow, so check your settings, or use commands similar to "getaddressinfo", and check, which HD wallet was used to derive that, and what derivation path was present there.

For that reason, I always use "coin control", and manually pick all of my inputs and outputs. There were people who lost a lot of coins, when they used a different change address than they wanted. The earliest problem of that kind happened even before HD wallets were introduced. But even with them, a different derivation path can cause a lot of confusion.

I hope this is the case. But when it comes to Tor configuration, people often handle it incorrectly, and they sometimes leak their real IP address. For that reason, when I am connected through Tor, then the whole system is connected only through Tor, and I disable all clearnet traffic. In this way, I can be sure that everything goes through Tor, because all other connections are killed on OS level. But you can always run Wireshark or other tool, and check, if there is any traffic that goes outside Tor.

Also, if you explore it further with tools like Wireshark, you will probably notice, which parts are encrypted, and which parts are sent as a plaintext. And then, you will understand, how important some BIPs are, that propose pushing everything through end-to-end encrypted channels. Because if you have unencrypted Bitcoin messages, then Wireshark can even deserialize it, and tell everything, what is inside, which transactions are sent, what IPs are in the packets, and so on.

Hi fellows,

In the last few weeks, i worked a lot with Electrum Personal Server, set-uping my full node Bitcoin Core with my electurm 4.4.5 wallet. Everything had been done on Windows, 'cause i wanna try this instead of using Umbrel / Linux. I achieved that with some researchs, and did a video tutorial about it in order to help people to do the same: https://www.youtube.com/watch?v=wxiH8hG9G-4

My electrum wallet is also only connected to my own node through TOR; and my full node is connected to the network through TOR too. It also enables me to have a private wallet which is not linked to my IP address, nor my identity IRL (via my Internet Service Provider).



During all those tests and set-ups, i achieved to understand how Electrum Personal Server works; and how a wallet works too.
However, something kinda shocked me: when you connect your Electrum wallet to your ESP, the ESP sends the master public key (from which all adresses are created) to node(s); enabling them to find all the UTXOs from all the adresses of your wallet (even the ones you never used). Once they find them, node(s) send them to the wallet, which shows transactions then calculates how much sats/BTC are available.

My first question is: is the master public key always used to update the wallet balance? Or is it only with ESP?



I also tried to use Lightning Network with this Electrum 4.4.5 wallet, connected to my full node with ESP. Everything worked fine, and my wallet was synchronised.

I also created a LN channel with 0.01 BTC (let's say i had 0.05 BTC in the UTXO before). The network found the transaction and added it in the next bloc: almost 0.04 BTC had been sent to an other address of my Electrum wallet due to miner fees (everything's fine also), and 0.01 BTC had been sent to an other on-chain Bitcoin address.
Quickly, after 3 confirmations, my channel was written as « Opened » whereas my wallet and my ESP started to bug: the synchronisation stopped, and couldn't go further. Indeed, my ESP was telling me that i had to check my master public key, and i should check all my addresses.

The explanation is that, when i opened the LN channel, the 0.01 BTC i've talked about had been sent to an on-chain address which hadn't been created from my master public key. It was like a « sleeping address », waiting something to send the 0.01 BTC to the Lightning Network.
I also checked on the internet and found that it's currently not possible to use the LN with ESP. I also force-closed the channel; and after 6 blocks and a resync' of my ESP / master public key, everything was okay. I only « lost » miner fees, which is nothing.

However, my second question is: where does come this address, at which my 0,01 BTC had been sent? I mean: this address wasn't a hash from my master public key. How had it been created?



To finish, i decided to understand by myself how in-bound and out-bound liquidity worked. It's kinda simple.
To use the LN, i also had to stop using ESP with this wallet; deleting « --oneserver –server 127.0.0.1:50002:s » in my Electrum wallet 'set-up'. It also didn't connect my wallet to my own full node (as expected), and leaked my master public key (i guess, as expected). This also means that all the addresses of this wallet are now linked together for – at least – some nodes; decreasing the privacy of this wallet.

As expected, LN worked perfectly. A new channel had been created, with out-bound liquidity.
In the network parameters of my wallet, it's now connected to 10 nodes automaticaly. About the proxy, the « Use TOR proxy at port 9150 » is stilled checked, and the SOCKS5 proxy configuration i used with ESP is still check too.

My third and last question is a bit stupid, but i wanna check: considering the last paragraph, does my Electrum wallet now use TOR to connect to nodes; hiddening my IP to them?



Thanks for your answers