Return-Path: Received: from smtp3.osuosl.org (smtp3.osuosl.org [140.211.166.136]) by lists.linuxfoundation.org (Postfix) with ESMTP id 2DDFDC002D for ; Tue, 10 Jan 2023 08:47:57 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp3.osuosl.org (Postfix) with ESMTP id CF7BE60D4D for ; Tue, 10 Jan 2023 08:47:56 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org CF7BE60D4D Authentication-Results: smtp3.osuosl.org; dkim=pass (2048-bit key, unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.a=rsa-sha256 header.s=fm3 header.b=cOzSTh4R X-Virus-Scanned: amavisd-new at osuosl.org X-Spam-Flag: NO X-Spam-Score: -2.601 X-Spam-Level: X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, LOTS_OF_MONEY=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from smtp3.osuosl.org ([127.0.0.1]) by localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6vuhAnq4N0ts for ; Tue, 10 Jan 2023 08:47:55 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0 DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org 1412B60D7B Received: from wout5-smtp.messagingengine.com (wout5-smtp.messagingengine.com [64.147.123.21]) by smtp3.osuosl.org (Postfix) with ESMTPS id 1412B60D7B for ; Tue, 10 Jan 2023 08:47:54 +0000 (UTC) Received: from compute2.internal (compute2.nyi.internal [10.202.2.46]) by mailout.west.internal (Postfix) with ESMTP id DA53E3200985; Tue, 10 Jan 2023 03:47:51 -0500 (EST) Received: from mailfrontend2 ([10.202.2.163]) by compute2.internal (MEProxy); Tue, 10 Jan 2023 03:47:52 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:date:date:feedback-id :feedback-id:from:from:in-reply-to:in-reply-to:message-id :mime-version:references:reply-to:sender:subject:subject:to:to :x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm3; t=1673340471; x=1673426871; bh=9aWSLdVLOQJEu9mEQ/MOvN/Xs2Jz oHRhfVe07x2hDY8=; b=cOzSTh4Ro7zr1Ty0qlW9Xb0SEmDWIHmV8iigm6hpk3Am thdDwZJD24IJZcsVVQj/8gAdHbmkywiPEi5ZOzZU0qBDbDlwZeVDfY6MFFxM4VM9 TQB8Nbdum3n5jaRLdHdxaO3FIGOPyeDn424++NutM04JAw3Wqq0E1khX+5dSAGED oixV0iuv4vg84sIm24qnLSLwnmlMLDv79GP9DA1JQ5oIHRYdQWYR8erDyOkWVlh5 PR1YVkyj5Mz+hdkpB3n8xys7d4mEede0awGxlT9Fhm5H11Lhqm7pvdFxROwVSBHi 8/wMnVMl8sw4pc5bQl7fIAmf0L2q5sw8lMqToIrblw== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvhedrkeejgdduvdeiucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpeffhffvvefukfhfgggtuggjsehgtd erredttddvnecuhfhrohhmpefrvghtvghrucfvohguugcuoehpvghtvgesphgvthgvrhht ohguugdrohhrgheqnecuggftrfgrthhtvghrnhepledvleelffdtudekudffjefgfeejue ehieelfedtgfetudetgeegveeutefhjedtnecuffhomhgrihhnpehpvghtvghrthhouggu rdhorhhgnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomh epphgvthgvsehpvghtvghrthhouggurdhorhhg X-ME-Proxy: Feedback-ID: i525146e8:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Tue, 10 Jan 2023 03:47:50 -0500 (EST) Received: by localhost (Postfix, from userid 1000) id 30A8C5F823; Tue, 10 Jan 2023 03:47:48 -0500 (EST) Date: Tue, 10 Jan 2023 03:47:48 -0500 From: Peter Todd To: "David A. Harding" Message-ID: References: MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="eXFKUwX/XF0SKWEr" Content-Disposition: inline In-Reply-To: Cc: Bitcoin Protocol Discussion Subject: Re: [bitcoin-dev] Why Full-RBF Makes DoS Attacks on Multiparty Protocols Significantly More Expensive X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Jan 2023 08:47:57 -0000 --eXFKUwX/XF0SKWEr Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Jan 09, 2023 at 09:11:46PM -1000, David A. Harding wrote: > On 2023-01-09 12:18, Peter Todd via bitcoin-dev wrote: > > [The quote:] > >=20 > > "Does fullrbf offer any benefits other than breaking zeroconf > > business > > practices?" > >=20 > > ...has caused a lot of confusion by implying that there were no > > benefits. [...] > >=20 > > tl;dr: without full-rbf people can intentionally and unintentionally DoS > > attack > > multi-party protocols by double-spending their inputs with low-fee txs, > > holding > > up progress until that low-fee tx gets mined. >=20 > Hi Peter, >=20 > I'm confused. Isn't this an easily solvable issue without full-RBF? > Let's say Alice, Bob, Carol, and Mallory create a coinjoin transaction. > Mallory either intentionally or unintentionally creates a conflicting > transaction that does not opt-in to RBF. >=20 > You seem to be proposing that the other participants force the coinjoin > to complete by having the coinjoin transaction replace Mallory's > conflicting transaction, which requires a full-RBF world. >=20 > But isn't it also possible in a non-full-RBF world for Alice, Bob, and > Carol to simply create a new coinjoin transaction which does not include > any of Mallory's inputs so it doesn't conflict with Mallory's > transaction? That way their second coinjoin transaction can confirm > independently of Mallory's transaction. How do you propose that the participants learn about the double-spend? With= out knowing that it happened, they can't respond as you suggested. > Likewise, if Alice and Mallory attempt an LN dual funding and Mallory > creates a conflict, Alice can just create an alternative dual funding > with Bob rather than try to use full-RBF to force Mallory's earlier dual > funding to confirm. Same issue. And of course, in both cases full-rbf makes Mallory have to actually pay fu= ll price for the attack. Either because the intended transaction goes through.= Or because their double-spending DoS attack had to be much more expensive in t= he first place. > > ## Transaction Pinning > >=20 > > Exploiting either rule is expensive. >=20 > I think this transaction pinning attack against coinjoins and dual > fundings is also solved in a non-full-RBF world by the honest > participants just creating a non-conflicting transaction. >=20 > That said, if I'm missing something and these attacks do actually apply, > then it might be worth putting price figures on the attack in terms most > people will understand. The conflicting inputs attack you described in > the beginning as being solved by full-RBF costs about $0.05 USD at > $17,000/BTC. The transaction pinning attack you imply is unsolved by > full-RBF costs about $17.00. If both attacks apply, any protocol which > is vulnerable to a $17.00 attack still seems highly vulnerable to me, so > it doesn't feel like a stretch to say that full-RBF lacks significant > benefits for those protocols. Coinjoins are an automated process that happens constantly. As I described = in my email, it's totally normal for them to fail constantly - I was told by Wasabi that only ~25% of coinjoin rounds succeed right now, a figure that frankly was much higher than I expected. Being forced to spend $17/round ra= ther than $0.05/round is a huge improvement that adds up to serious money at the scale at which Wasabi and similar protocols operate at. --=20 https://petertodd.org 'peter'[:-1]@petertodd.org --eXFKUwX/XF0SKWEr Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE0RcYcKRzsEwFZ3N5Lly11TVRLzcFAmO9JiYACgkQLly11TVR Lzc0iw//dKF+VNqlAIcu8eDI9aVOcMWBrfdka62pjhkCXym4WI1NIdo92seHPjo1 92K+pfEqq5pUHSNVTbayw3JIiDrh48XsIk/N+jTnMgqA3VZ+lMxhzYTSHhMOAs/F j/YQQIfGqECAsv86z6i/Ow7cHjFfBOpxG2k8XolNBqh6FINrn88Nkw16wO/T2ATO B71V80JV+tUSjfBZ7CrVqoCpARGE3n+huQ4r+QFnLMd/F9PpbXQySo8T9TEuQwCR hSrL9OZwhjLpOAPU6aIGLRgiucOjC2UcImwm/W/OVwUWPFAlKZck6p54bcr2TuSV uwPjmYbtYGVlSr860Tl5pqUSfnf0i0bQGl0F0cAEJRTSwx5ajJnOXITNjGmoHuVo 8CILhK/DpWD6wvV+Xi/C2/hCYxLEMVpHNJCUc1AB01o4HZ7u07RgFYrv6NY4MSK5 Lk4gA/7eVDdfXUVxCSmPjjsVHQ9C2OH53Xxl+WQHDQuKeAX2z7w15W2NLsr5D02T mn5JbRqNPCIzj5xyq15NsEtpNL7IBj7B+zOl93ZiU9/0GiJi9X35tP+hECqGG+tn fjc8SIyHHRbHjql0UZ6ywtHWQIysRuWQUIrZocBA0L68B13Dcr51S7eXSD1241L+ yMKS41n/+nk8EYuUPd9V/8jASepTGCIxd5wbvqtIdzROtSVp1hs= =n7LS -----END PGP SIGNATURE----- --eXFKUwX/XF0SKWEr--