Return-Path: Received: from smtp1.osuosl.org (smtp1.osuosl.org [140.211.166.138]) by lists.linuxfoundation.org (Postfix) with ESMTP id 48432C0012 for ; Sun, 12 Dec 2021 12:07:45 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp1.osuosl.org (Postfix) with ESMTP id 35DE7859B9 for ; Sun, 12 Dec 2021 12:07:45 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org X-Spam-Flag: NO X-Spam-Score: -2.017 X-Spam-Level: X-Spam-Status: No, score=-2.017 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.117, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from smtp1.osuosl.org ([127.0.0.1]) by localhost (smtp1.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id H0ynx_GXWK56 for ; Sun, 12 Dec 2021 12:07:44 +0000 (UTC) X-Greylist: delayed 00:19:19 by SQLgrey-1.8.0 Received: from smtpout1.mo529.mail-out.ovh.net (smtpout1.mo529.mail-out.ovh.net [178.32.125.2]) by smtp1.osuosl.org (Postfix) with ESMTPS id D1752859B8 for ; Sun, 12 Dec 2021 12:07:43 +0000 (UTC) Received: from mxplan6.mail.ovh.net (unknown [10.109.146.249]) by mo529.mail-out.ovh.net (Postfix) with ESMTPS id B15E5D167E65; Sun, 12 Dec 2021 12:48:21 +0100 (CET) Received: from peersm.com (37.59.142.98) by DAG6EX1.mxp6.local (172.16.2.51) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.17; Sun, 12 Dec 2021 12:48:21 +0100 Authentication-Results: garm.ovh; auth=pass (GARM-98R00277faca00-cdd3-449d-9d04-7aa3c9dc7306, 0162D8E0E18B0A35B3A43025BCC48F53E5557781) smtp.auth=aymeric@peersm.com X-OVh-ClientIp: 92.184.100.131 To: Pieter Wuille , Bitcoin Protocol Discussion References: <1fbf0ef8b1b42979361b5df0b09c2dcd@willtech.com.au> From: Aymeric Vitte Message-ID: <86d49c80-2f8f-245c-5fdb-17c6ca6b5f2b@peersm.com> Date: Sun, 12 Dec 2021 12:48:18 +0100 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.4.0 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/alternative; boundary="------------35852C7439EE128664E0EF4B" X-Originating-IP: [37.59.142.98] X-ClientProxiedBy: DAG5EX1.mxp6.local (172.16.2.41) To DAG6EX1.mxp6.local (172.16.2.51) X-Ovh-Tracer-GUID: 172242ae-58db-455e-aec2-2b5a3b78739b X-Ovh-Tracer-Id: 16250394831654839194 X-VR-SPAMSTATE: OK X-VR-SPAMSCORE: 0 X-VR-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgedvuddrkeeigdeffecutefuodetggdotefrodftvfcurfhrohhfihhlvgemucfqggfjpdevjffgvefmvefgnecuuegrihhlohhuthemucehtddtnecunecujfgurhepuffvfhfhkffffgggjggtihesrgdtreertdefheenucfhrhhomhepteihmhgvrhhitgcugghithhtvgcuoegrhihmvghrihgtsehpvggvrhhsmhdrtghomheqnecuggftrfgrthhtvghrnhepveeutedvgefhhfeftdefffdvtdfgfeeuheehvedvffejkeefueeludejteekvddvnecuffhomhgrihhnpehgihhthhhusgdrtghomhdplhhinhhugihfohhunhgurghtihhonhdrohhrghenucfkpheptddrtddrtddrtddpfeejrdehledrudegvddrleeknecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmohguvgepshhmthhpohhuthdphhgvlhhopehmgihplhgrnheirdhmrghilhdrohhvhhdrnhgvthdpihhnvghtpedtrddtrddtrddtpdhmrghilhhfrhhomheprgihmhgvrhhitgesphgvvghrshhmrdgtohhmpdhrtghpthhtohepsghithgtohhinhdquggvvhesfihuihhllhgvrdhnvght X-Mailman-Approved-At: Sun, 12 Dec 2021 12:41:47 +0000 Subject: Re: [bitcoin-dev] Rebroadcast mechanism in Bitcoin P2P network X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 12 Dec 2021 12:07:45 -0000 --------------35852C7439EE128664E0EF4B Content-Type: text/plain; charset="windows-1252" Content-Transfer-Encoding: quoted-printable Indeed, I reiterate that using the Tor network for Bitcoin or whatever protocol not related to the Tor Browser (ie browsing and HS) does not make sense, for plenty of reasons But using the Tor protocol outside of the Tor network (and inside browsers for wallets for example) does: https://github.com/Ayms/node-Tor#presentation and https://github.com/Ayms/node-Tor#phase-4-and-phase-5, anonymizing nodes can just be already existing bitcoin nodes, example: https://github.com/bitcoin/bitcoin/pull/18988#issuecomment-646564853 Le 11/12/2021 =E0 17:21, Pieter Wuille via bitcoin-dev a =E9crit : >> It is that the solution to privacy is to use privacy-enhancing network= >> communications, such as TOR. I am not against a mechanism to rebroadca= st >> transactions more robustly if the mempool of adjoining nodes has >> forgotten about them, but the truth is, all transactions originate fro= m >> some node, and there are methods that allow an individual node to be >> identified as the likely source of a transaction unless privacy-enable= d >> networks are utilised. Having a different method to cause rebroadcast >> does not obfuscate the origin. > You're talking about distinct aspects of transaction privacy. > > The rebroadcasting approach as it exists on the network, where wallets = are responsible for their own rebroadcasting, directly reveals to your pe= ers a relation between nodes and transactions: whenever any node relays t= he same transaction twice, it almost certainly implies they are the origi= n. > > This is just a node-transaction relation, and not necessarily IP-transa= ction relation. The latter can indeed be avoided by only connecting over = Tor, or using other privacy networks, but just hiding the relation with I= P addresses isn't sufficient (and has its own downsides; e.g. Tor-only co= nnectivity is far more susceptible to partition/Eclipse/DoS attacks). For= example seeing the same node (even without knowing its IP) rebroadcast t= wo transaction lets an observe infer a relation between those transaction= s, and that too is a privacy leak. > > I believe moving to a model where mempools/nodes themselves are respons= ible for rebroadcasting is a great solution to improving this specific pr= oblem, simply because if everyone rebroadcasts, the original author doing= it too does not stand out anymore. It isn't "fixing privacy", it's fixin= g a specific leak, one of many, but this isn't a black and white property= =2E > > Cheers, > > -- > Pieter > > _______________________________________________ > bitcoin-dev mailing list > bitcoin-dev@lists.linuxfoundation.org > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev --------------35852C7439EE128664E0EF4B Content-Type: text/html; charset="windows-1252" Content-Transfer-Encoding: 8bit

Indeed, I reiterate that using the Tor network for Bitcoin or whatever protocol not related to the Tor Browser (ie browsing and HS) does not make sense, for plenty of reasons

But using the Tor protocol outside of the Tor network (and inside browsers for wallets for example) does: https://github.com/Ayms/node-Tor#presentation and https://github.com/Ayms/node-Tor#phase-4-and-phase-5, anonymizing nodes can just be already existing bitcoin nodes, example: https://github.com/bitcoin/bitcoin/pull/18988#issuecomment-646564853


Le 11/12/2021 à 17:21, Pieter Wuille via bitcoin-dev a écrit :
It is that the solution to privacy is to use privacy-enhancing network
communications, such as TOR. I am not against a mechanism to rebroadcast
transactions more robustly if the mempool of adjoining nodes has
forgotten about them, but the truth is, all transactions originate from
some node, and there are methods that allow an individual node to be
identified as the likely source of a transaction unless privacy-enabled
networks are utilised. Having a different method to cause rebroadcast
does not obfuscate the origin.
You're talking about distinct aspects of transaction privacy.

The rebroadcasting approach as it exists on the network, where wallets are responsible for their own rebroadcasting, directly reveals to your peers a relation between nodes and transactions: whenever any node relays the same transaction twice, it almost certainly implies they are the origin.

This is just a node-transaction relation, and not necessarily IP-transaction relation. The latter can indeed be avoided by only connecting over Tor, or using other privacy networks, but just hiding the relation with IP addresses isn't sufficient (and has its own downsides; e.g. Tor-only connectivity is far more susceptible to partition/Eclipse/DoS attacks). For example seeing the same node (even without knowing its IP) rebroadcast two transaction lets an observe infer a relation between those transactions, and that too is a privacy leak.

I believe moving to a model where mempools/nodes themselves are responsible for rebroadcasting is a great solution to improving this specific problem, simply because if everyone rebroadcasts, the original author doing it too does not stand out anymore. It isn't "fixing privacy", it's fixing a specific leak, one of many, but this isn't a black and white property.

Cheers,

--
Pieter

_______________________________________________
bitcoin-dev mailing list
bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev


--------------35852C7439EE128664E0EF4B--