Skip to content

p2p: Always serialize local timestamp for version msg #23695

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Dec 17, 2021
Merged

p2p: Always serialize local timestamp for version msg #23695

merged 1 commit into from
Dec 17, 2021

Conversation

maflcko
Copy link
Member

@maflcko maflcko commented Dec 7, 2021
edited
Loading

Currently we serialize the local time when connecting to outbound connections and the "adjusted network" time when someone connects to us.

I presume the reason is to avoid a fingerprint in case the local time is misconfigured. However, the fingerprint still exits when:

  • The local time goes out-of-sync after timedata is filled up, in which case the adjusted time is not adjusted. See comment in src/timedata.cpp. (In practise I expect no adjustment to happen after timedata is filled up by one entry more than half its size).
  • The local time is off by more than 70 minutes. See DEFAULT_MAX_TIME_ADJUSTMENT. While there is a warning in this case, the warning might be missed by the node operator.
  • The adjusted time is poisoned by an attacker. This is only a theoretical concern after commit e457513.

Using the adjusted time does help in a the case where the local time is off by a constant less than 70 minutes and the node quickly connects to 5 outbound peers to retrieve the adjusted time.

Still, I think using GetAdjustedTime here gives a false sense of security. It will be better for node operators to instead set the correct time.

@maflcko
Copy link
Member Author

maflcko commented Dec 7, 2021

This is the first step toward #4521 (comment) , but might even make sense on its own.

@mzumsande
Copy link
Contributor

Concept ACK (to this change, not getting rid of AdjustedTime entirely)

The timestamp a node sends to their inbounds will influence their adjusted time, and I think it makes sense to use the local time for that - this also counteracts non-local phenomena, where a wrong Adjusted Time is passed from A to B, affects B's adjusted time and is passed along to B's future peers and so on.

I presume the reason is to avoid a fingerprint in case the local time is misconfigured.

It seems impossible to know for sure (this inbound/outbound distinction seems to be a Satoshi thing that was never touched). But it makes little sense to me, for the reasons stated above. It seems much more easy to do fingerprinting if you can influence the adjusted time of your target, than if you would have to hope that the peer's local time happens to be wrong in order to do anything.
Maybe there is another reason?

The local time is off by more than 70 minutes. See DEFAULT_MAX_TIME_ADJUSTMENT. While there is a warning in this case, the warning might be missed by the node operator.

Also, according to the logic here the warning not even always issued in this case - only if we have no timedata sample within 5 minutes of our local time. Otherwise, we'd silently go back to using local time.

@maflcko
Copy link
Member Author

maflcko commented Dec 8, 2021

It seems much more easy to do fingerprinting if you can influence the adjusted time of your target

I don't think this is trivially possible anymore after your commit e457513. If someone controls most of the nodes' outbound connections, any fingerprint concerns by the node operator should be nullified.

Also, according to the logic here the warning not even always issued in this case - only if we have no timedata sample within 5 minutes of our local time. Otherwise, we'd silently go back to using local time.

I think it should rarely happen in practise that one of your outbounds has misconfigured its time in the same way, so I didn't mention this in OP. Also, this doesn't affect the adjusted time. It only affects whether a warning is issues if the adjusted time is set back to the local time, right?

@DrahtBot
Copy link
Contributor

DrahtBot commented Dec 8, 2021
edited
Loading

The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

Conflicts

No conflicts as of last run.

@mzumsande
Copy link
Contributor

I don't think this is trivially possible anymore after your commit e457513.

Agree, I was just mentioning this because I doubt that avoiding fingerprinting really was the original motivation to add the inbound/outbound distinction - but then again, I don't know what else.

It only affects whether a warning is issues if the adjusted time is set back to the local time, right?

Yes, that's my understanding too.

This was referenced Dec 8, 2021
Merged
Merged
Merged
@laanwj
Copy link
Member

laanwj commented Dec 13, 2021
edited
Loading

Concept ACK. Both on this and eventually getting rid of network-adjusted time completely.
(after that, we can even stop sending our local time in the version message, also removing that fingerprinting vector)

@maflcko
Copy link
Member Author

maflcko commented Dec 13, 2021

(after that, we can even stop sending our local time in the version message, also removing that fingerprinting vector)

Are you sure on that? I am thinking that this might drop previous releases of Bitcoin Core out of consensus?

@sipa
Copy link
Member

sipa commented Dec 13, 2021

@MarcoFalke I think @laanwj means that after dropping network-adjusted time completely, we could stop reporting local time to peers. I assume that's a long time out.

Concept ACK

@maflcko
Copy link
Member Author

maflcko commented Dec 13, 2021

Oh, I see. At that point we might also make the "cleanup version message" p2p change 😅

@naumenkogs
Copy link
Member

ACK fa1dc9b

@laanwj
Copy link
Member

laanwj commented Dec 16, 2021
edited
Loading

Are you sure on that? I am thinking that this might drop previous releases of Bitcoin Core out of consensus?

Right. It's too bad that it doesn't explicitly ignore obviously invalid values like 0 for the timestamp. It still computes a timedelta and adds it. For some reason I thought it didn't (It only compares the eventual delta median to -maxtimeadjustment, not individual contributions).

w0xlt
w0xlt approved these changes Dec 17, 2021
View reviewed changes
Copy link
Contributor

@w0xlt w0xlt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

crACK fa1dc9b

This change makes the code simpler.
I agree that it seems much more easier to do fingerprinting if the peers can influence the adjusted time of the target node and that the network-adjusted time should eventually be dropped.

@w0xlt w0xlt mentioned this pull request Dec 17, 2021
Closed
@laanwj
Copy link
Member

laanwj commented Dec 17, 2021
edited
Loading

Code review ACK fa1dc9b

@laanwj laanwj merged commit 14ba286 into bitcoin:master Dec 17, 2021
sidhujag pushed a commit to syscoin/syscoin that referenced this pull request Dec 18, 2021
@laanwj
Merge bitcoin#23695: p2p: Always serialize local timestamp for versio…
1fe8852 
…n msg

fa1dc9b p2p: Always serialize local timestamp for version msg (MarcoFalke)

Pull request description:

  Currently we serialize the local time when connecting to outbound connections and the "adjusted network" time when someone connects to us.

  I presume the reason is to avoid a fingerprint in case the local time is misconfigured. However, the fingerprint still exits when:
  * The local time goes out-of-sync after timedata is filled up, in which case the adjusted time is *not* adjusted. See comment in `src/timedata.cpp`. (In practise I expect no adjustment to happen after timedata is filled up by one entry more than half its size).
  * The local time is off by more than 70 minutes. See `DEFAULT_MAX_TIME_ADJUSTMENT`. While there is a warning in this case, the warning might be missed by the node operator.
  * The adjusted time is poisoned by an attacker. This is only a theoretical concern after commit e457513.

  Using the adjusted time does help in a the case where the local time is off by a constant less than 70 minutes and the node quickly connects to 5 outbound peers to retrieve the adjusted time.

  Still, I think using `GetAdjustedTime` here gives a false sense of security. It will be better for node operators to instead set the correct time.

ACKs for top commit:
  naumenkogs:
    ACK fa1dc9b
  laanwj:
    Code review ACK fa1dc9b
  w0xlt:
    crACK fa1dc9b

Tree-SHA512: 70a0f4ab3500e6ddcde291620e35273018cefd1d9e94b91ad333e360139ed18862718bb1a9854af2bf79990bf74b05d95492f77d0747c7b9bdd276c020116dcb
@maflcko maflcko deleted the 2112-p2pTime branch December 18, 2021 09:09
@bitcoin bitcoin locked and limited conversation to collaborators Dec 18, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
1 more reviewer

@w0xlt w0xlt w0xlt approved these changes

Reviewers whose approvals may not affect merge requirements
Assignees
No one assigned
Labels
P2P
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@maflcko @mzumsande @DrahtBot @laanwj @sipa @naumenkogs @w0xlt