pith. sign in

arxiv: 2605.19715 · v1 · pith:BBZ7D26Gnew · submitted 2026-05-19 · 💻 cs.CR · cs.DC· cs.NI

Security Analysis of Bitcoin's V2 Transport Protocol: Exploiting Design Implications for Sustained Eclipse and Downgrade Attacks

Charmaine Ndolo , Florian Tschorsch This is my paper

Pith reviewed 2026-05-20 04:30 UTC · model grok-4.3

classification 💻 cs.CR cs.DCcs.NI
keywords BitcoinP2P transporteclipse attackdowngrade attacknetwork securityencrypted protocolpayload length
0
0 comments X

The pith

Bitcoin's V2 P2P transport still lets network attackers identify messages, eclipse nodes, and downgrade all connections to the unencrypted protocol.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper analyzes Bitcoin's new V2 protocol for encrypting peer-to-peer messages and concludes that it remediates some older attacks but leaves open new paths to the same goals. A network-level attacker can read message types from TCP payload lengths alone, isolate a target node by leveraging properties of the encrypted channels, and force every connection into the older unencrypted mode by exploiting the built-in compatibility negotiation. These weaknesses are design-level rather than coding errors and could apply to other encrypted P2P systems. The authors confirm the attacks through measurements on the live network, controlled emulations, and simulations, then outline both immediate and longer-term fixes.

Core claim

A network-level attacker can identify application messages using the length of TCP payloads, can eclipse a target node by taking advantage of how encrypted communication channels work, and can downgrade all of a node's connections to the unencrypted protocol by using the mechanisms designed for compatibility.

What carries the argument

The V2 transport's combination of fixed-length encryption headers, payload-length visibility on the wire, and backward-compatible negotiation with the unencrypted V1 protocol.

If this is right

  • Message-length leakage enables traffic analysis and targeted disruption without breaking encryption.
  • Eclipse attacks can be sustained because encrypted channels hide connection state from the victim.
  • Downgrade succeeds on every connection because the protocol must support the older unencrypted mode for compatibility.
  • The same conceptual gaps would affect any P2P network that adopts similar length-visible encryption plus fallback negotiation.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • Randomizing or padding message lengths at the transport layer would close the identification vector without changing higher-level logic.
  • Removing the unencrypted fallback entirely after a transition period would eliminate the downgrade path.
  • Other overlay networks using comparable encrypted transports with length metadata exposed should be examined for the same patterns.

Load-bearing premise

The attacker can observe and selectively manipulate TCP connections between Bitcoin nodes, including measuring payload lengths and influencing which peers a node connects to.

What would settle it

A controlled experiment in which an attacker forces a live Bitcoin node to accept only V1 connections while the node is configured to prefer V2.

read the original abstract

Bitcoin recently introduced a new protocol for the encryption of peer-to-peer (P2P) communication. The protocol, known as V2 P2P transport, represents a big step towards securing the overlay network against various previously-known attack vectors. Based on an analysis of V2 P2P transport, this work examines the current viability of said attacks and concludes that while they are now remediated, alternative attacks and paths to similar objectives exist. The identified shortcomings are conceptual (and not implementation bugs) and even applicable to other P2P networks. We show how a network-level attacker can identify application messages using the length of TCP payloads, can eclipse a target node by taking advantage of how encrypted communication channels work and can downgrade all of a node's connections to the unencrypted protocol by using the mechanisms designed for compatibility. We validate our contributions using a combination of network measurements, emulations and simulations. Finally, we propose a series of short-term and long-term countermeasures towards securing Bitcoin's P2P network. To the best of our knowledge, we are the first to study Bitcoin's security under V2 P2P transport.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

0 major / 3 minor

Summary. The paper analyzes Bitcoin's V2 P2P transport protocol for encrypting peer-to-peer communications. It claims that while the protocol remediates several previously known attacks, a network-level attacker can still identify application messages via TCP payload lengths, eclipse target nodes by exploiting properties of encrypted channels, and downgrade all connections to the unencrypted V1 protocol by leveraging built-in compatibility mechanisms. These conceptual shortcomings are validated through network measurements, emulations, and simulations, with short-term and long-term countermeasures proposed. The work positions itself as the first security study of Bitcoin under V2 transport.

Significance. If the attacks hold under the stated model, the results are significant for Bitcoin's P2P security and extend to other encrypted P2P networks. The multi-method validation (measurements, emulations, simulations) provides practical grounding, and the explicit attacker model plus proposed countermeasures add actionable value. The identification of design-level issues rather than implementation bugs strengthens the contribution.

minor comments (3)
  1. Abstract: the phrase 'to the best of our knowledge' is appropriate but could be strengthened by a one-sentence pointer to the most closely related prior V1 analyses for immediate context.
  2. Section 3 (protocol description): the notation distinguishing V1 and V2 message formats and length fields should be made fully consistent across text and figures to avoid reader confusion when tracing the payload-length identification attack.
  3. Validation sections: while the combination of measurements, emulations, and simulations is a strength, the paper should add a short reproducibility note (e.g., repository link or parameter table) so that the eclipse and downgrade simulation scales can be independently verified.

Simulated Author's Rebuttal

0 responses · 0 unresolved

We thank the referee for their positive and accurate summary of our manuscript, as well as for recommending minor revision. We appreciate the recognition of the work's significance, multi-method validation, and focus on conceptual design issues. We have no major points of disagreement with the report.

Circularity Check

0 steps flagged

No significant circularity detected

full rationale

The paper conducts a security analysis of Bitcoin's V2 P2P transport protocol, identifying conceptual attack vectors such as TCP payload length-based message identification, eclipse attacks leveraging encrypted channels, and downgrade attacks via compatibility mechanisms. These results are derived from direct examination of the protocol specification and validated through independent network measurements, emulations, and simulations. No load-bearing steps reduce by construction to self-citations, fitted parameters renamed as predictions, or ansatzes smuggled via prior work; the analysis remains self-contained against external protocol benchmarks and does not invoke uniqueness theorems or self-referential definitions.

Axiom & Free-Parameter Ledger

0 free parameters · 1 axioms · 0 invented entities

The analysis rests on standard network attacker model assumptions and the published V2 protocol design rather than introducing new fitted parameters or invented entities.

axioms (1)
  • domain assumption Network-level attackers can observe TCP payload lengths and influence connection establishment in the Bitcoin P2P overlay.
    This attacker capability is invoked to demonstrate the viability of message identification, eclipse, and downgrade attacks.

pith-pipeline@v0.9.0 · 5739 in / 1357 out tokens · 45948 ms · 2026-05-20T04:30:06.726608+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Lean theorems connected to this paper

Citations machine-checked in the Pith Canon. Every link opens the source theorem in the public Lean library.

What do these tags mean?
matches
The paper's claim is directly supported by a theorem in the formal canon.
supports
The theorem supports part of the paper's argument, but the paper may add assumptions or extra steps.
extends
The paper goes beyond the formal theorem; the theorem is a base layer rather than the whole result.
uses
The paper appears to rely on the theorem as machinery.
contradicts
The paper's claim conflicts with a theorem or certificate in the canon.
unclear
Pith found a possible connection, but the passage is too broad, indirect, or ambiguous to say the theorem truly supports the claim.

Reference graph

Works this paper leans on

51 extracted references · 51 canonical work pages

  1. [1]

    What's in a Downgrade?

    Eman Salem Alashwali and Kasper Rasmussen , editor =. What's in a Downgrade?. Security and Privacy in Communication Networks - 14th International Conference, SecureComm 2018, Singapore, August 8-10, 2018, Proceedings, Part. 2018 , doi =

    work page 2018

  2. [2]

    Maria Apostolaki and Aviv Zohar and Laurent Vanbever , title =. 2017. 2017 , doi =

    work page 2017

  3. [3]

    Financial Cryptography and Data Security - 25th International Conference,

    Maria Apostolaki and Cedric Maire and Laurent Vanbever , title =. Financial Cryptography and Data Security - 25th International Conference,. 2021 , doi =

    work page 2021

  4. [4]

    Theo von Arx and Muoi Tran and Laurent Vanbever , title =. 8th. 2023 , doi =

    work page 2023

  5. [5]

    Bailey and David Dittrich and Erin Kenneally and Douglas Maughan , title =

    Michael D. Bailey and David Dittrich and Erin Kenneally and Douglas Maughan , title =. 2012 , doi =

    work page 2012

  6. [6]

    Terrapin Attack: Breaking

    Fabian B. Terrapin Attack: Breaking. 33rd. 2024 , url =

    work page 2024

  7. [7]

    CoRR , volume =

    Juan Benet , title =. CoRR , volume =. 2014 , url =

    work page 2014

  8. [8]

    Bernstein , editor =

    Daniel J. Bernstein , editor =. Curve25519: New Diffie-Hellman Speed Records , booktitle =. 2006 , doi =

    work page 2006

  9. [9]

    Peer-to-Peer Communication Encryption , url =

    Schnelli, Jonas , year =. Peer-to-Peer Communication Encryption , url =

    work page

  10. [10]

    Version 2 P2P Encrypted Transport Protocol , url =

    Mehta, Dhruv and Ruffing, Tim and Schnelli, Jonas and Wuille, Pieter , year =. Version 2 P2P Encrypted Transport Protocol , url =

    work page

  11. [11]

    2019 , isbn =

    Birge-Lee, Henry and Wang, Liang and Rexford, Jennifer and Mittal, Prateek , title =. 2019 , isbn =. doi:10.1145/3319535.3363197 , booktitle =

    work page doi:10.1145/3319535.3363197 2019

  12. [12]

    2025 , isbn =

    Birge-Lee, Henry and Apostolaki, Maria and Rexford, Jennifer , title =. 2025 , isbn =. doi:10.1007/978-3-031-85960-1_14 , booktitle =

    work page doi:10.1007/978-3-031-85960-1_14 2025

  13. [13]

    Proceedings of the 2014

    Alex Biryukov and Dmitry Khovratovich and Ivan Pustogarov , title =. Proceedings of the 2014. 2014 , doi =

    work page 2014

  14. [14]

    Bitcoin over Tor isn't a Good Idea , year =

    Biryukov, Alex and Pustogarov, Ivan , booktitle =. Bitcoin over Tor isn't a Good Idea , year =

    work page

  15. [15]

    Bitcoin Core 28.x , url =

    work page

  16. [16]

    Bitcoin Core Issue \#31036 , url =

    work page

  17. [17]

    Kroll and Edward W

    Joseph Bonneau and Andrew Miller and Jeremy Clark and Arvind Narayanan and Joshua A. Kroll and Edward W. Felten , title =. 2015. 2015 , doi =

    work page 2015

  18. [18]

    Ethereum: A Next-Generation Smart Contract and Decentralized Application Platform , url =

    Vitalik Buterin , year =. Ethereum: A Next-Generation Smart Contract and Decentralized Application Platform , url =

    work page

  19. [19]

    Dyer and Scott E

    Kevin P. Dyer and Scott E. Coull and Thomas Ristenpart and Thomas Shrimpton , title =. 2012 , doi =

    work page 2012

  20. [20]

    Wenjun Fan and Sang. ConMan:. 2021 , doi =

    work page 2021

  21. [21]

    2022 , doi =

    Federico Franzoni and Vanesa Daza , title =. 2022 , doi =

    work page 2022

  22. [22]

    On the Peer Degree Distribution of the Bitcoin P2P Network , year =

    Grundmann, Matthias and Baumstark, Max and Hartenstein, Hannes , booktitle =. On the Peer Degree Distribution of the Bitcoin P2P Network , year =

    work page

  23. [23]

    Eclipse Attacks on Bitcoin's Peer-to-Peer Network , booktitle =

    Ethan Heilman and Alison Kendler and Aviv Zohar and Sharon Goldberg , editor =. Eclipse Attacks on Bitcoin's Peer-to-Peer Network , booktitle =. 2015 , url =

    work page 2015

  24. [24]

    Financial Cryptography and Data Security - 27th International Conference,

    Jaehyun Ha and Seungjin Baek and Muoi Tran and Min Suk Kang , title =. Financial Cryptography and Data Security - 27th International Conference,. 2023 , doi =

    work page 2023

  25. [25]

    Henningsen and Daniel Teunis and Martin Florian and Bj

    Sebastian A. Henningsen and Daniel Teunis and Martin Florian and Bj. Eclipsing Ethereum Peers with False Friends , booktitle =. 2019 , doi =

    work page 2019

  26. [26]

    Double-spending fast payments in bitcoin , booktitle =

    Ghassan Karame and Elli Androulaki and Srdjan Capkun , editor =. Double-spending fast payments in bitcoin , booktitle =. 2012 , doi =

    work page 2012

  27. [27]

    McDaniel , title =

    Philip Koshy and Diana Koshy and Patrick D. McDaniel , title =. Financial Cryptography and Data Security - 18th International Conference,. 2014 , doi =

    work page 2014

  28. [28]

    Advances in Cryptology -

    Hugo Krawczyk , title =. Advances in Cryptology -. 2010 , doi =

    work page 2010

  29. [29]

    Proceedings of the 9th

    Bob Lantz and Brandon Heller and Nick McKeown , title =. Proceedings of the 9th. 2010 , doi =

    work page 2010

  30. [30]

    Thomas Hou and Wenjing Lou , title =

    Shaoyu Li and Shanghao Shi and Yang Xiao and Chaoyu Zhang and Y. Thomas Hou and Wenjing Lou , title =. Computer Security -. 2023 , doi =

    work page 2023

  31. [31]

    Linux manual page , url =

    work page

  32. [32]

    2018 , url =

    Yuval Marcus and Ethan Heilman and Sharon Goldberg , title =. 2018 , url =

    work page 2018

  33. [33]

    Great Cannon

    An Analysis of China's "Great Cannon" , author =. 5th USENIX Workshop on Free and Open Communications on the Internet (FOCI 15) , year =

    work page

  34. [34]

    Joseph and J

    Brad Miller and Ling Huang and Anthony D. Joseph and J. D. Tygar , title =. Privacy Enhancing Technologies - 14th International Symposium,. 2014 , doi =

    work page 2014

  35. [35]

    Bitcoin: A Peer-to-Peer Electronic Cash System

    Satoshi Nakamoto. Bitcoin: A Peer-to-Peer Electronic Cash System. 2008

    work page 2008

  36. [36]

    6th Conference on Advances in Financial Technologies,

    Charmaine Ndolo and Florian Tschorsch , title =. 6th Conference on Advances in Financial Technologies,. 2024 , doi =

    work page 2024

  37. [37]

    2016 Intl

    Till Neudecker and Philipp Andelfinger and Hannes Hartenstein , title =. 2016 Intl. 2016 , doi =

    work page 2016

  38. [38]

    Characterization of the Bitcoin Peer-to-Peer Network (2015-2018) , doi =

    Neudecker, Till , year =. Characterization of the Bitcoin Peer-to-Peer Network (2015-2018) , doi =

    work page 2015

  39. [39]

    Peuster and H

    M. Peuster and H. Karl and S. van Rossem , booktitle =. MeDICINE: Rapid prototyping of production-ready network services in multi-PoP environments , year =. doi:10.1109/NFV-SDN.2016.7919490 , month =

    work page doi:10.1109/nfv-sdn.2016.7919490 2016

  40. [40]

    The Bitcoin Lightning Network: Scalable Off-Chain Instant Payments , url =

    Poon, Joseph and Dryja, Thaddeus , year =. The Bitcoin Lightning Network: Scalable Off-Chain Instant Payments , url =

    work page

  41. [41]

    Total Eclipse of the Heart – Disrupting the InterPlanetary File System

    Bernd Pr \"u nster and Alexander Marsalek and Thomas Zefferer. Total Eclipse of the Heart – Disrupting the InterPlanetary File System. 31st USENIX Security Symposium. 2022

    work page 2022

  42. [42]

    Traffic Analysis: Protocols, Attacks, Design Issues, and Open Problems , booktitle =

    Jean. Traffic Analysis: Protocols, Attacks, Design Issues, and Open Problems , booktitle =. 2000 , doi =

    work page 2000

  43. [43]

    doi:10.17487/RFC8439 , author =

    work page doi:10.17487/rfc8439

  44. [44]

    Muhammad Saad and David Mohaisen , title =. 44th. 2023 , doi =

    work page 2023

  45. [45]

    Eclipse Attacks on Monero's Peer-to-Peer Network , doi =

    Shi, Ruisheng and Peng, Zhiyuan and Lan, Lina and Ge, Yulian and Liu, Peng and Wang, Qin and Wang, Juan , year =. Eclipse Attacks on Monero's Peer-to-Peer Network , doi =

    work page

  46. [46]

    Yixin Sun and Anne Edmundson and Laurent Vanbever and Oscar Li and Jennifer Rexford and Mung Chiang and Prateek Mittal , title =. 24th. 2015 , url =

    work page 2015

  47. [47]

    Vu and Min Suk Kang , title =

    Muoi Tran and Inho Choi and Gi Jun Moon and Anh V. Vu and Min Suk Kang , title =. 2020. 2020 , doi =

    work page 2020

  48. [48]

    Off-Path TCP Hijacking in Wi-Fi Networks: A Packet-Size Side Channel Attack , doi =

    Wang, Ziqiang and Feng, Xuewei and Li, Qi and Sun, Kun and Yang, Yuxiang and Li, Mengyuan and Du, Ganqiu and Xu, Ke and Wu, Jianping , year =. Off-Path TCP Hijacking in Wi-Fi Networks: A Packet-Size Side Channel Attack , doi =

    work page

  49. [49]

    Proceedings of the Network and Distributed System Security Symposium,

    Nicholas Weaver and Robin Sommer and Vern Paxson , title =. Proceedings of the Network and Distributed System Security Symposium,. 2009 , url =

    work page 2009

  50. [50]

    Cybersecur

    Huashuang Yang and Jinqiao Shi and Yue Gao and Xuebin Wang and Yanwei Sun and Ruisheng Shi and Dongbin Wang , title =. Cybersecur. , volume =. 2023 , doi =

    work page 2023

  51. [51]

    Proceedings of the 19th International Conference on Availability, Reliability and Security,

    Yuwen Zou and Wenjun Fan and Zhen Ma , title =. Proceedings of the 19th International Conference on Availability, Reliability and Security,. 2024 , doi =

    work page 2024