zcash
Research Spike: Private Memo Support
As a wallet developer, I would like to be able to provide shielded memo support to my users in their shielded wallet without compromising their privacy.
Currently, the wallet SDKs do not download memos as part of the compact blocks to help save on bandwidth. We would like to be able to retrieve memos associated with a wallet without disclosing to lightwalletd which transactions the wallet is interested in.
This research will heavily involve core and wallet team collaborating on a solution.
Time Box: 40 hours (pending further conversations with security and core)
As part of this research, consider the impact of traffic analysis attacks. If the wallet simply downloads more stuff as a result of receiving a transaction, whatever that stuff is, it informs any network MITM that the wallet just received a transaction. This can be used to confirm if a human user is the owner of an address or not.
The threat model for the MVP dogfood app just notes that these attacks are possible and that we aren't trying to defend against them. Users of production-launched app will probably expect and rely on the app to not be vulnerable to such attacks.
