The v2 Transport: Bitcoin P2P Traffic Goes Dark
Bitcoin's P2P traffic is now largely encrypted via the optional BIP 324 v2 transport protocol, obscuring metadata from passive surveillance.Summary
For nearly 15 years, Bitcoin node communication was unencrypted, but this changed with the adoption of BIP 324, introducing the v2 transport protocol in 2024. This protocol features opportunistic encryption, making traffic unreadable to passive adversaries, and now handles the majority of global Bitcoin P2P traffic after being enabled by default in Bitcoin Core 27.0.
The encryption protects valuable metadata, such as inferring transaction originators or identifying nodes belonging to specific entities, which was previously exposed by unencrypted traffic patterns. While the original P2P protocol remained largely unchanged since 2009, BIP 324 was a fundamental, optional change that did not require consensus, falling back to the old 'v1' protocol when communicating with non-supporting nodes.
The v2 protocol achieves its stealth through a fully pseudorandom bytestream, unlike TLS which reveals connection metadata. This was made possible by using ElligatorSwift to encode elliptic curve public keys during the handshake in a random-looking manner, avoiding easily blockable patterns. Although it raises the cost for large-scale passive surveillance without relying on networks like Tor, the encryption is non-authenticated, meaning active adversaries can still perform man-in-the-middle attacks by decrypting and re-encrypting traffic.
(Source:Bitcoin Magazine)