wallet: Avoid leaking nLockTime fingerprint when anti-fee-sniping #15039
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
maflcko
force-pushed
the
Mf1812-walletLocktimeFingerprint
branch
from
fa2b064 to
fae5f61
Compare
luke-jr
reviewed
Dec 26, 2018
maflcko
force-pushed
the
Mf1812-walletLocktimeFingerprint
branch
2 times, most recently
from
fa5a339 to
fa7c5c7
Compare
Empact
reviewed
Dec 27, 2018
maflcko
force-pushed
the
Mf1812-walletLocktimeFingerprint
branch
from
fa7c5c7 to
fa6addf
Compare
maflcko
force-pushed
the
Mf1812-walletLocktimeFingerprint
branch
from
fa6addf to
fa48baf
Compare
Contributor
|
The following sections might be updated with supplementary metadata relevant to reviewers and maintainers. ConflictsReviewers, this pull request conflicts with the following ones:
If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first. |
Member
|
Concept ACK
I remember this was one of the remarks back then too. Anti-fee sniping only makes sense if it's catched up with the chain. |
meshcollider
reviewed
Jan 3, 2019
| if (IsInitialBlockDownload()) { | ||
| return false; | ||
| } | ||
| constexpr int64_t MAX_ANTI_FEE_SNIPING_TIP_AGE = 8 * 60 * 60; // in seconds |
Contributor
There was a problem hiding this comment.
Any rationale on why 8 hours was chosen? Seems sane though
laanwj
reviewed
Jan 4, 2019
| // that transactions that are delayed after signing for whatever reason, | ||
| // e.g. high-latency mix networks and some CoinJoin implementations, have | ||
| // better privacy. | ||
| if (GetRandInt(10) == 0) |
Member
There was a problem hiding this comment.
This if needs {} but I understand if you prefer to keep this move-only.
Member
|
utACK fa48baf |
pull bot
pushed a commit
to jaschadub/bitcoin
that referenced
this pull request
Jan 10, 2019
… anti-fee-sniping fa48baf wallet: Avoid leaking locktime fingerprint when anti-fee-sniping (MarcoFalke) 453803a [test] wallet_txn_clone: Correctly clone txin sequence (MarcoFalke) Pull request description: The wallet sets the locktime to the current height of our active chain. This is fine, as long as our node is connected to other nodes. However, when we fall back and get stuck at a particular height (e.g. taking the wallet offline), the same (potentially unique) locktime is used for all transactions. This makes it easier for passive observers to cluster transactions by wallet. For reference, I visualized "locktime-reuse" with the data: * blocks 545k-555k (both inclusive) * locktimes<=60k * excluding coinbase txs  Tree-SHA512: 2af259dd8f9f863312e2732d80ca8ba6a20c8d6d1c486b10a48479e1c85ccf13b0c38723740ebadde0f28d321cd9c133ad3e5d1e925472eb27681143bda2d0e7
Member
Author
|
Unrelated also the same dataset (blocks 545k-555k (both inclusive), excl. coinbase) in a different representation:
|
Contributor
|
Thanks for fixing this. My analysis from 2017 is here, although the full output text file is no longer online. I had looked at all blocks to mid-2017. At that time there were 33 old locktimes in the blockchain in 94 transactions. |
deadalnix
pushed a commit
to Bitcoin-ABC/bitcoin-abc
that referenced
this pull request
Mar 26, 2020
Summary: ``` The wallet sets the locktime to the current height of our active chain. This is fine, as long as our node is connected to other nodes. However, when we fall back and get stuck at a particular height (e.g. taking the wallet offline), the same (potentially unique) locktime is used for all transactions. This makes it easier for passive observers to cluster transactions by wallet. ``` Backport of core [[bitcoin/bitcoin#15039 | PR15039]]. Test Plan: ninja check check-functional-extended Reviewers: #bitcoin_abc, deadalnix Reviewed By: #bitcoin_abc, deadalnix Differential Revision: https://reviews.bitcoinabc.org/D5560
ftrader
pushed a commit
to bitcoin-cash-node/bitcoin-cash-node
that referenced
this pull request
Aug 17, 2020
Summary: ``` The wallet sets the locktime to the current height of our active chain. This is fine, as long as our node is connected to other nodes. However, when we fall back and get stuck at a particular height (e.g. taking the wallet offline), the same (potentially unique) locktime is used for all transactions. This makes it easier for passive observers to cluster transactions by wallet. ``` Backport of core [[bitcoin/bitcoin#15039 | PR15039]]. Test Plan: ninja check check-functional-extended Reviewers: #bitcoin_abc, deadalnix Reviewed By: #bitcoin_abc, deadalnix Differential Revision: https://reviews.bitcoinabc.org/D5560
kwvg
added a commit
to kwvg/dash
that referenced
this pull request
Oct 31, 2021
This was referenced Oct 31, 2021
kwvg
added a commit
to kwvg/dash
that referenced
this pull request
Nov 4, 2021
kwvg
added a commit
to kwvg/dash
that referenced
this pull request
Nov 14, 2021
kwvg
added a commit
to kwvg/dash
that referenced
this pull request
Nov 14, 2021
UdjinM6
added a commit
to dashpay/dash
that referenced
this pull request
Nov 15, 2021
merge bitcoin#10973, bitcoin#15039, bitcoin#15288: separate wallet from node
pravblockc
pushed a commit
to pravblockc/dash
that referenced
this pull request
Nov 18, 2021
pravblockc
pushed a commit
to pravblockc/dash
that referenced
this pull request
Nov 18, 2021
This was referenced Dec 8, 2021
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
7 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The wallet sets the locktime to the current height of our active chain. This is fine, as long as our node is connected to other nodes. However, when we fall back and get stuck at a particular height (e.g. taking the wallet offline), the same (potentially unique) locktime is used for all transactions. This makes it easier for passive observers to cluster transactions by wallet.
For reference, I visualized "locktime-reuse" with the data: