Leakage under Multiple Bloom Filters
We now describe the information leakage due to multiple Bloom filters as analyzed in . For that purpose, we assume that the adversary can acquire b > l Bloom filters pertaining to different users. For example, the adversary might be connected to SPV clients for a long period of time and receive their updated Bloom filter. Alternatively, the adversary can acquire additional Bloom filters by compromis- ing/colluding with other full Bitcoin nodes. Similar to Section 6.2.5, we assume that SPV clients do not embed public keys and their corresponding addresses in the same filter; we also assume that these clients connect to regular nodes using an anonymizing network in order to avoid obvious leakage due to network layer information.
Two Bloom Filters
We start by analyzing the case where the adversary acquires two different Bloom filters Bi and B2 .In the sequel, we focus on computing Ph(} corresponding to filter Bi, which we assume to be the smallest of the two filters (in size). In analyzing the information leakage due to the acquisition of two Bloom filters, we distinguish two cases.