Re: [bitcoin-dev] Proposal to stop processing of unrequested transactions in Bitcoin Core

[Antoine Riard via bitcoin-dev]

Hi Jeremy,

If I understand correctly your concern, you're worried that change would
ease discovery of the node's tx-relay topology ? I don't scope transaction
origin inference, if you suppose the
unrequested-tx peer sending is the attacker it must have learnt the
transaction from somewhere else which is more likely to be the tx owner
rather than the probed node.

As far I can think of this change, a peer might send an unrequested
transaction to this node and observe that it's either a) processed, the
node has learnt about the txid from another peer or b) rejected, the node
has never learnt about the txid. The outcome can be queried by sending a
GETDATA for the "is-unrequested" txid.

I think the same result can already be achieved by sending an INV and
observing if a GETDATA is replied back to guess the presence of another
peer with already the knowledge of the txid. Or alternatively, just connect
to this other peer and wait for an announcement.

What else can we think of ?

>From my side, compared to the already-existing heuristics, I don't see how
this change is easing attackers' work. That said, I don't deny our
transaction announcements/requests logic is worthy of more study about its
privacy properties, especially when you acknowledge the recent overhaul of
the transaction request and the upcoming Erlay changes.

Cheers,
Antoine

Le jeu. 11 févr. 2021 à 16:15, Pieter Wuille  a
écrit :

>
> I'm not sure of the existing behavior is of when we issue a getdata
> request, but noting that there could be a privacy implication of this sort
> of change. Could you (or someone else) expand on why this is not a concern
> here?
>
>
> What kind of privacy concern are you talking about? I'm not sure I see how
> this could matter.
>
> Cheers,
>
> --
> Pieter
>
>
___
bitcoin-dev mailing list
bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev

Re: [bitcoin-dev] Proposal to stop processing of unrequested transactions in Bitcoin Core

[Pieter Wuille via bitcoin-dev]

> I'm not sure of the existing behavior is of when we issue a getdata request, 
> but noting that there could be a privacy implication of this sort of change. 
> Could you (or someone else) expand on why this is not a concern here?

What kind of privacy concern are you talking about? I'm not sure I see how this 
could matter.

Cheers,

--
Pieter___
bitcoin-dev mailing list
bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev

Re: [bitcoin-dev] Proposal to stop processing of unrequested transactions in Bitcoin Core

[Jeremy via bitcoin-dev]

I'm not sure of the existing behavior is of when we issue a getdata
request, but noting that there could be a privacy implication of this sort
of change. Could you (or someone else) expand on why this is not a concern
here?
--
@JeremyRubin 



On Wed, Feb 10, 2021 at 6:29 AM Antoine Riard via bitcoin-dev <
bitcoin-dev@lists.linuxfoundation.org> wrote:

> Hi,
>
> I'm proposing to stop the processing of unrequested transactions in
> Bitcoin Core 22.0+ at TX message reception. An unrequested transaction is
> one defined by which a "getdata" message for its specific identifier
> (either txid or wtxid) has not been previously issued by the node [0].
>
> This change is motivated by reducing the CPU DoS surface of Bitcoin Core
> around mempool acceptance. Currently, an attacker can open multiple inbound
> connections to a node and send expensive to validate, junk transactions.
> Once the canonical INV/GETDATA sequence is enforced on the network, a
> further protection would be to deprioritize bandwidth and validation
> resources allocation, or even to wither connections with such DoSy peers. A
> permissioned peer (PF_RELAY) will still be able to bypass such restrictions.
>
> Raw TX message processing has always been tolerated by Core and as such
> some Bitcoin clients aren't bothering with an INV/GETDATA sequence. Such
> change will break their tx-relay capabilities on the p2p network and
> require adaptation from them. Given deployment time of any release, I hope
> it provides a window time wide enough before the old tx-processing behavior
> becomes the minority.
>
> Eager to gather feedback on this proposal, especially if such change is
> deemed as too much constraining or fast on any Bitcoin software.
>
> Cheers,
> Antoine
>
> [0] See https://github.com/bitcoin/bitcoin/pull/20277
> ___
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>
___
bitcoin-dev mailing list
bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev

[bitcoin-dev] Proposal to stop processing of unrequested transactions in Bitcoin Core

[Antoine Riard via bitcoin-dev]

Hi,

I'm proposing to stop the processing of unrequested transactions in Bitcoin
Core 22.0+ at TX message reception. An unrequested transaction is one
defined by which a "getdata" message for its specific identifier (either
txid or wtxid) has not been previously issued by the node [0].

This change is motivated by reducing the CPU DoS surface of Bitcoin Core
around mempool acceptance. Currently, an attacker can open multiple inbound
connections to a node and send expensive to validate, junk transactions.
Once the canonical INV/GETDATA sequence is enforced on the network, a
further protection would be to deprioritize bandwidth and validation
resources allocation, or even to wither connections with such DoSy peers. A
permissioned peer (PF_RELAY) will still be able to bypass such restrictions.

Raw TX message processing has always been tolerated by Core and as such
some Bitcoin clients aren't bothering with an INV/GETDATA sequence. Such
change will break their tx-relay capabilities on the p2p network and
require adaptation from them. Given deployment time of any release, I hope
it provides a window time wide enough before the old tx-processing behavior
becomes the minority.

Eager to gather feedback on this proposal, especially if such change is
deemed as too much constraining or fast on any Bitcoin software.

Cheers,
Antoine

[0] See https://github.com/bitcoin/bitcoin/pull/20277
___
bitcoin-dev mailing list
bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev