Transaction origin privacy is the ability to hide the origin of a transaction from network surveillance.
If an eavesdropper can see every transaction relayed by every node, they can assume that the first node to send a transaction is the node where that transaction originated. This implies that someone at that node’s IP address created that transaction. Whether that implication is correct or not, this capability is harmful to user privacy.
Even when surveillance of the entire Bitcoin network is not possible, there are many methods for attempting to locate which node originated a transaction. Developers have expended significant effort on improving transaction origin privacy. Some previous and ongoing efforts include:
● Lightning Network: although onchain LN transactions still need transaction origin privacy, offchain LN payments that are routed through onion-encrypted messages are more resistant to many of the techniques applied against onchain Bitcoin transactions.
● Anonymity networks: support has been added to Bitcoin Core for encrypted relay of transaction and other data over Tor, I2P, and CJDNS. Several other Bitcoin programs support some or all of these protocols. Encryption makes it much more difficult for an eavesdropper to reliably determine the origin of a transaction.
● Dandelion: this protocol will allow a node which did not originate a transaction to be the first to publicly broadcast it, potentially making it much more difficult to determine the actual origin. Dandelion will be much more effective if it is combined with encryption, either naively or through anonymity networks.
● Mempool rebroadcast: the Bitcoin protocol can’t provide any assurance to wallets that their unconfirmed transactions have been received by honest nodes and miners. This means wallets may need to periodically rebroadcast unconfirmed transactions. Every rebroadcast increases the opportunity for a surveillant to determine which IP address originated the transaction. Bitcoin Core developers have been working on having all nodes periodically rebroadcast some unconfirmed transactions from their mempools so that it won’t be clear whether a rebroadcast was initiated by a wallet involved in the transaction or just some random node. Rebroadcast may also have other beneficial effects beyond privacy.
Primary code and documentation
Optech newsletter and website mentions
- Replacement cycle mitigation of frequent transaction rebroadcasting with potential privacy reduction
- Bitcoin Core #19109 adds a per-peer rolling bloom filter to track recent tx announcements
- Bitcoin Core #18861 only allows a peer to request a tx if it informed that peer about the tx
- Transcript: ‘TxProbe: discovering Bitcoin’s network topology using orphan transactions’
- Bitcoin Core #15834 fixes a bug introduced in #14897 semi-random order for requesting transactions
- Bitcoin Core #14897 introduces a semi-random order when requesting transactions