Return-Path: <bitcoin-dev@wuille.net>
Received: from smtp3.osuosl.org (smtp3.osuosl.org [IPv6:2605:bc80:3010::136])
 by lists.linuxfoundation.org (Postfix) with ESMTP id A1E5CC0012
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Sat, 11 Dec 2021 16:21:38 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by smtp3.osuosl.org (Postfix) with ESMTP id 7B14961B3A
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Sat, 11 Dec 2021 16:21:38 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
X-Spam-Flag: NO
X-Spam-Score: -2.102
X-Spam-Level: 
X-Spam-Status: No, score=-2.102 tagged_above=-999 required=5
 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
 DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_PASS=-0.001,
 SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: smtp3.osuosl.org (amavisd-new);
 dkim=pass (2048-bit key) header.d=wuille.net
Received: from smtp3.osuosl.org ([127.0.0.1])
 by localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id Zf03sythD-Rv
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Sat, 11 Dec 2021 16:21:37 +0000 (UTC)
X-Greylist: from auto-whitelisted by SQLgrey-1.8.0
Received: from mail-4321.protonmail.ch (mail-4321.protonmail.ch [185.70.43.21])
 by smtp3.osuosl.org (Postfix) with ESMTPS id EF8A461B39
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Sat, 11 Dec 2021 16:21:36 +0000 (UTC)
Received: from mail-0201.mail-europe.com (mail-0201.mail-europe.com
 [51.77.79.158])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits))
 (No client certificate requested)
 by mail-4321.protonmail.ch (Postfix) with ESMTPS id 4JBChG4GTdz4wy9b
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Sat, 11 Dec 2021 16:21:33 +0000 (UTC)
Authentication-Results: mail-4321.protonmail.ch;
 dkim=pass (2048-bit key) header.d=wuille.net header.i=@wuille.net
 header.b="OOsQxhza"
Date: Sat, 11 Dec 2021 16:21:21 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=wuille.net;
 s=protonmail; t=1639239684;
 bh=zkNH37sAc/yxz6CuhTjAEqU0kPdgG5deuFHVKSjrhZI=;
 h=Date:To:From:Reply-To:Subject:Message-ID:In-Reply-To:References:
 From:To:Cc;
 b=OOsQxhzaTT31APuiQB6YndDu1+XLgr1xhVGb6+aSlTeQ1S82i4kvhUUIMI2AzsSzS
 ytsgvryYoFvwqI8ikNOCwgVtm8R6/ZED8xnAgMc5jJOAOuBvHIN2cZCClCoJmm1gt4
 artXSZiVbQNnWal3unl1KUM8poDdkAK4U+pZ6oD+ZdscXsFJa3+d8LwtKyMR49dc78
 6y5LcEywWD1CF8+hbwxIzSa4V6Tb1gvaPfSvJQMtOcspONavkAr//TI9ECnQ7FXDDJ
 AjpnCt2okSq9b4EyGOskcLrW6Za56x1vfj1zSEr4JqrWgGviKCVjfM5ty2EZV+ywsf
 lggYDqEGbUO4w==
To: Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
From: Pieter Wuille <bitcoin-dev@wuille.net>
Reply-To: Pieter Wuille <bitcoin-dev@wuille.net>
Message-ID: <dSBrti8VFr0lMNgTHw8pD-mAPLm0E4auJa234o0FNY67EUuEy1Dfb93INNIzoUb3j2dWSJjZtG7qncci1LhKAHOXzAzbEWOtXjnggr19J6w=@wuille.net>
In-Reply-To: <1fbf0ef8b1b42979361b5df0b09c2dcd@willtech.com.au>
References: <MqZttWy--3-2@tutanota.de>
 <1fbf0ef8b1b42979361b5df0b09c2dcd@willtech.com.au>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Mailman-Approved-At: Sat, 11 Dec 2021 17:20:15 +0000
Subject: Re: [bitcoin-dev] Rebroadcast mechanism in Bitcoin P2P network
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>, 
 <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>, 
 <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Sat, 11 Dec 2021 16:21:38 -0000

> It is that the solution to privacy is to use privacy-enhancing network
> communications, such as TOR. I am not against a mechanism to rebroadcast
> transactions more robustly if the mempool of adjoining nodes has
> forgotten about them, but the truth is, all transactions originate from
> some node, and there are methods that allow an individual node to be
> identified as the likely source of a transaction unless privacy-enabled
> networks are utilised. Having a different method to cause rebroadcast
> does not obfuscate the origin.

You're talking about distinct aspects of transaction privacy.

The rebroadcasting approach as it exists on the network, where wallets are =
responsible for their own rebroadcasting, directly reveals to your peers a =
relation between nodes and transactions: whenever any node relays the same =
transaction twice, it almost certainly implies they are the origin.

This is just a node-transaction relation, and not necessarily IP-transactio=
n relation. The latter can indeed be avoided by only connecting over Tor, o=
r using other privacy networks, but just hiding the relation with IP addres=
ses isn't sufficient (and has its own downsides; e.g. Tor-only connectivity=
 is far more susceptible to partition/Eclipse/DoS attacks). For example see=
ing the same node (even without knowing its IP) rebroadcast two transaction=
 lets an observe infer a relation between those transactions, and that too =
is a privacy leak.

I believe moving to a model where mempools/nodes themselves are responsible=
 for rebroadcasting is a great solution to improving this specific problem,=
 simply because if everyone rebroadcasts, the original author doing it too =
does not stand out anymore. It isn't "fixing privacy", it's fixing a specif=
ic leak, one of many, but this isn't a black and white property.

Cheers,

--
Pieter