From fast to secure

The many different approaches to thin clients

Aug 28, 2023

Using crypto currencies is scary, so many new ways things can go wrong and people simply are more afraid of what they don’t understand. Rightfully so!
When it comes to privacy and security in crypto, it is hard to find real information, so we present the understandable guide to using crypto and what keeps your private data actually private!

First of all, if you store your money on an exchange, it is not private and it is not secure. The money isn’t yours, you just have permission to retrieve it, most of the time. Storing your money in a wallet that is under your own control (on your phone, for instance) is much better. But there are still better and worse ways. Lets delve into the wallets!

What makes a wallet private / secure?

This is a post to list the different ways that a wallet can connect to the Bitcoin Cash network which we have researched and what the benefits and downsides are of each of them.

To keep things easy to understand, here are the metrics we judge things on;

  • Speed.
    How the end-user experiences using the wallet.
  • Privacy.
    You wants big tech or government to collect data on everything you do with your money? Well, neither do we.
  • Self-custody.
    Like the exchange, a bank is the custodian of your money. You literally need to ask them to use your money. And they can, and do, say no. For instance if you transfer to some country they don’t like. Giving away custody is thus to be avoided. The better wallets allow you to hold your own custody.
  • Data-usage.
    Repeated usage will cost you data on your mobile. High usage is better to be avoided in places that have worse data cost or availability.

Full node.

This is the overkill option, it works but it is expensive, slow and hard to do.

You end up downloading 100% of all transactions created worldwide every day. And you validate them for correctness. You either store forever, or you prune the node to avoid high disk costs.

This method is simply not viable on a mobile device.

  • speed: slow
  • privacy: excellent
  • Self-custody: full
  • Data-usage: bad

ElectronX / Fulcrum server

A common solution. Many wallets use this approach.

The biggest benefit here is that it enables to use the so called “Simplified Payment Verification” design (SPV) which is outlined in the original Bitcoin Whitepaper from Satoshi Nakamoto.

The advantage of using SPV is that it requires only downloading of block-headers instead of entire blocks and in that way verify the payment with limited data. (Related reading: SPV is secure.)

The downside of this approach is that there is a new heavy server required for your wallet to work. This server holds a list of all addresses ever utilized by all users on the Bitcoin Cash network. There are people running them for you for free. But it is good to never trust free.

The downside here is that you need to supply the server with some wallet details. Your wallet ends up sending all the uniquely identifiable data to the server. The result is that the server instantly can connect your historical payments, even if you use privacy measures. Being anonymous is nearly impossible with this approach.

Second issue is that we already have research showing that the cost to run this server will grow to expensive for anything but big corporations as usage of Bitcoin Cash goes up.
You have to wonder who will supply and maintain servers for free in the future. Today there are probably around a dozen servers available worldwide to connect that are up-to-date.

  • speed: fast
  • privacy: low
  • Self-custody: decent
  • Data-usage: medium

Note on why custody only gets ‘decent’ is because a server can decide to not show you certain coins and that is censorship. Bypassing the censorship is made harder because of the low number of servers.

REST APIs with special server

This approach is used by several very successful wallets. The server is not general purpose like the previous option, but it is more specially geared for the one wallet.

In some cases the server is open source, although the wallet may or may not allow you to configure another server. In practice there simply is no public second instance of the server to choose from so even if the wallet allowed it, you wouldn’t benefit.

This approach can be understood simply as there being a specific back-end server and a front-end client that shows the results from the server.

Special attention should be given to the risk of this setup. This approach can probably not steal your money, but in all other ways the company behind the wallet can control what you can do with your money. This makes them vulnarable to government interference.

You need to make sure that you have a backup of the seed-phrase or private key in order to be able to move to another wallet if it ever becomes needed.

  • speed: fast
  • privacy: non-existent
  • Self-custody: only technically
  • Data-usage: low

Direct connection to the Bitcoin Cash Network

This option does not actually have a server. It simply uses the decentralized nature of Bitcoin Cash and connects to any full node world wide. The number of those nodes is directly connected to how popular the coin is as most merchants and professional companies will be running one. There currently are many hundreds, on BTC there are many thousands.

I’ll be discussing the approach titled: “Bloom-filter based SPV”.

This approach is different in that it only looks at each part of the blockchain once. Every time you connect to the network, you only look at the blocks that have appeared since your last connection.

Hmm, let explain this in a bit more practical matter so you can understand the advantage. First, the approach that all the above systems use is “ask everything, every time”.

Imagine you go to a web-search engine and you ask all the documents on a certain topic, you get a long list. The next day you ask the same question and you get the exact same list. You ignore it since there is nothing new. On day 3 you get the same long list plus 2 entries. This is the way that all the other systems work.

The direct connection, on the other hand, asks only for new things. It uses a timestamp to avoid getting the old data again and again.

The data we request is also not uniquely identifiable, we don’t break privacy by asking the network. Plus there are hundreds of places to connect to, probably thousands when popularity rises. That is good for privacy.

  • speed: fast for weekly usage, slower if you were offline a long time.
  • privacy: excellent
  • Self-custody: full
  • Data-usage: low