wallet: do not backdate locktime if it may lead to fingerprinting #26902

pull rodentrabies wants to merge 2 commits into bitcoin:master from rodentrabies:avoid-locktime-backdating changing 2 files +43 −4

rodentrabies commented at 8:27 pm on January 16, 2023: contributor

This is a draft implementation for #26526 and #26527. As suggested by 0xB10C, back-dating locktime in transactions that are RBF replacements or spend unconfirmed UTXOs may be used as a fingerprint of Bitcoin Core wallet.
DrahtBot commented at 8:27 pm on January 16, 2023: contributor
The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

Reviews

See the guideline for information on the review process.

Type Reviewers

Concept ACK 0xB10C

If your review is incorrectly listed, please react with 👎 to this comment and the bot will ignore it on the next update.

Conflicts

Reviewers, this pull request conflicts with the following ones:
- #28944 (wallet, rpc: add anti-fee-sniping to send and sendall by ishaanam)
- #25273 (wallet: Pass through transaction locktime and preset input sequences and scripts to CreateTransaction by achow101)
- #24128 (wallet: BIP 326 sequence based anti-fee-snipe for taproot inputs by maflcko)
If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first.
DrahtBot added the label Wallet on Jan 16, 2023
rodentrabies force-pushed on Jan 16, 2023
rodentrabies marked this as ready for review on Jan 17, 2023
0xB10C commented at 2:39 pm on January 17, 2023: contributor

Concept ACK. Thanks for picking this up!

(Please drop the @ from the @0xB10C mention from the PR description. This creates notifications if software-forks of Bitcoin Core include this commit too. )
S3RK commented at 8:29 am on January 19, 2023: contributor

Do we want to align the implementation with Electrum? https://github.com/spesmilo/electrum/issues/8073

I’m not sure if that could be a source of further fingerprinting

Type	Reviewers
Concept ACK	0xB10C

in src/wallet/spend.cpp:977 in 613942d494 outdated

969@@ -969,7 +970,21 @@ static util::Result<CreatedTransactionResult> CreateTransactionInternal(
970     for (const auto& coin : selected_coins) {
971         txNew.vin.push_back(CTxIn(coin.outpoint, CScript(), nSequence));
972     }
973-    DiscourageFeeSniping(txNew, rng_fast, wallet.chain(), wallet.GetLastBlockHash(), wallet.GetLastBlockHeight());
974+
975+    // `DiscourageFeeSniping` may backdate locktime, but we prohibit
976+    // it if this transaction spends an unconfirmed output or is an
977+    // RBF replacement, in order to avoid leaking information that may
978+    // serve as a fingerprint of a wallet being used.

petertodd commented at 5:18 pm on February 4, 2023:

It’d be helpful if you explained in more detail here what exactly is the fingerprinting we’re concerned about. There’s a lot of possible fingerprinting attacks and it’s not clear what you’re referring to exactly here.

rodentrabies commented at 10:49 am on March 13, 2023:

Thanks! ~~Will do.~~ Done, I think.

rodentrabies force-pushed on Mar 19, 2023
rodentrabies force-pushed on Mar 20, 2023
rodentrabies force-pushed on Mar 20, 2023
in src/wallet/spend.cpp:989 in e979f2ebc8 outdated
985+ // broadcast now" explanation will become unrealistic, and this locktime 986+ // discrepancy may serve as a fingerprint of the wallet being used. 987+ bool locktime_backdate_allowed = true; 988+ for (const auto& coin: selected_coins) { 989+ const CWalletTx* coin_wtx{wallet.GetWalletTx(coin->outpoint.hash)}; 990+ if (wallet.IsSpent(coin->outpoint) || (coin_wtx && !wallet.IsTxInMainChain(*coin_wtx))) {
achow101 commented at 7:26 pm on April 20, 2023:

In e979f2ebc8a74474d2bdfee61fd64472e4c4b873 “wallet: do not backdate locktime if it may help wallet fingerprinting”

Each coin already has a depth member which will be 0 if it is an unconfirmed coin. We can use this instead of having to lookup the parent CWalletTx.

rodentrabies commented at 7:35 pm on April 23, 2023:

Thanks, that’s a great simplification! Done.
wallet: do not backdate locktime if it may help wallet fingerprinting 3ed9768c42
rodentrabies force-pushed on Apr 23, 2023
DrahtBot added the label CI failed on Apr 23, 2023
test: test that locktime backdating is not used for fee-bumping txs 0303616daa
rodentrabies force-pushed on Apr 24, 2023
DrahtBot removed the label CI failed on Apr 24, 2023
ishaanam commented at 3:05 pm on July 10, 2023: contributor
This is a good start, but I think that these transactions would be harder to fingerprint if the following modifications were made:
1. For RBF transactions: the nLockTime is set to the same value as the transaction being replaced.
2. For spending unconfirmed utxos: Use the same behavior as before, but make sure that the nLockTIme value is greater than or equal to the highest nLockTIme of the inputs.
For convenience I’ve implemented this here: https://github.com/ishaanam/bitcoin/commit/eb92a9a6b7b31bac3a149a07b79b6dca024822f2
achow101 requested review from 0xB10C on Sep 20, 2023
achow101 commented at 5:03 pm on September 20, 2023: member

Are you still working on this?
DrahtBot added the label Needs rebase on Dec 11, 2023
DrahtBot commented at 5:20 pm on December 11, 2023: contributor

🐙 This pull request conflicts with the target branch and needs rebase.
fanquake commented at 1:56 pm on March 6, 2024: member

Closing for now. Can be reopened if picked back up etc. Looks like the user is no-longer on GH.
fanquake closed this on Mar 6, 2024
jgabarda commented at 12:59 pm on August 4, 2024: none

hello world sorry for being sleep, the universe is slightly not on my side before, but maybe when GOD is silent maybe he is doing something great much better😌🙂🙂🙂🙏
bitcoin locked this on Aug 5, 2025

Contributors
rodentrabies DrahtBot 0xB10C S3RK petertodd achow101 ishaanam fanquake jgabarda

Review Requested
0xB10C

Labels
Wallet Needs rebase

wallet: do not backdate locktime if it may lead to fingerprinting #26902

Reviews

Conflicts