Hi Jeremy,

If I understand correctly your concern, you're worried that change would ease discovery of the node's tx-relay topology ? I don't scope transaction origin inference, if you suppose the
unrequested-tx peer sending is the attacker it must have learnt the transaction from somewhere else which is more likely to be the tx owner rather than the probed node.

As far I can think of this change, a peer might send an unrequested transaction to this node and observe that it's either a) processed, the node has learnt about the txid from another peer or b) rejected, the node has never learnt about the txid. The outcome can be queried by sending a GETDATA for the "is-unrequested" txid.

I think the same result can already be achieved by sending an INV and observing if a GETDATA is replied back to guess the presence of another peer with already the knowledge of the txid. Or alternatively, just connect to this other peer and wait for an announcement.

What else can we think of ?

From my side, compared to the already-existing heuristics, I don't see how this change is easing attackers' work. That said, I don't deny our transaction announcements/requests logic is worthy of more study about its privacy properties, especially when you acknowledge the recent overhaul of the transaction request and the upcoming Erlay changes.

Cheers,
Antoine

Le jeu. 11 févr. 2021 à 16:15, Pieter Wuille <bitcoin-dev@wuille.net> a écrit :

I'm not sure of the existing behavior is of when we issue a getdata request, but noting that there could be a privacy implication of this sort of change. Could you (or someone else) expand on why this is not a concern here?

What kind of privacy concern are you talking about? I'm not sure I see how this could matter.

Cheers,

--
Pieter