In what follows, we analyze the privacy provisions of SPV clients and show that the reliance on Bloom filters within existing SPV clients leaks considerable information about the addresses of Bitcoin users. We also show that this information leakage is further exacerbated when users restart their SPV clients and/or when the adversary has access to more than one Bloom filter pertaining to the same SPV client. Motivated by these findings, we also describe an efficient countermeasure introduced in  in order to enhance the privacy of users that rely on SPV clients; this countermeasure can be directly integrated within existing SPV client implementations.
In our analysis, we assume that the adversary can compromise one or more full Bitcoin nodes and eavesdrop on communication links in order to acquire one or more Bloom filters pertaining to an SPV client. Here, the goal of the adversary is to identify the Bitcoin addresses that are inserted within a Bloom filter created by a particular SPV client. The addresses inserted in the Bloom filter typically correspond to addresses that the SPV client is interested in receiving information about (e.g., these addresses typically belong to the wallet of the SPV client). For example, the adversary might be connected to the node that generated the Bloom filter or might try to assign an identity to nodes according to their addresses. Note that since the Bitcoin network provides currently less than 10,000 reachable full Bitcoin nodes, it is likely that regular nodes receive one or more filter pertaining to each SPV client over a sufficiently long period of time.