Received: from sog-mx-2.v43.ch3.sourceforge.com ([172.29.43.192] helo=mx.sourceforge.net) by sfs-ml-4.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1YxLDU-0007DF-DF for bitcoin-development@lists.sourceforge.net; Tue, 26 May 2015 20:12:48 +0000 Received-SPF: pass (sog-mx-2.v43.ch3.sourceforge.com: domain of gmail.com designates 209.85.223.169 as permitted sender) client-ip=209.85.223.169; envelope-from=allen.piscitello@gmail.com; helo=mail-ie0-f169.google.com; Received: from mail-ie0-f169.google.com ([209.85.223.169]) by sog-mx-2.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1YxLDS-0001rU-UZ for bitcoin-development@lists.sourceforge.net; Tue, 26 May 2015 20:12:48 +0000 Received: by iebgx4 with SMTP id gx4so100973540ieb.0 for ; Tue, 26 May 2015 13:12:41 -0700 (PDT) MIME-Version: 1.0 X-Received: by 10.42.28.135 with SMTP id n7mr31231968icc.41.1432671161522; Tue, 26 May 2015 13:12:41 -0700 (PDT) Received: by 10.79.79.151 with HTTP; Tue, 26 May 2015 13:12:41 -0700 (PDT) In-Reply-To: References: Date: Tue, 26 May 2015 15:12:41 -0500 Message-ID: From: Allen Piscitello To: Raystonn Content-Type: multipart/alternative; boundary=f46d0421a997a9a416051701bf7c X-Spam-Score: -0.6 (/) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (allen.piscitello[at]gmail.com) -0.0 SPF_PASS SPF: sender matches SPF record 1.0 HTML_MESSAGE BODY: HTML included in message -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-Headers-End: 1YxLDS-0001rU-UZ Cc: Bitcoin Dev Subject: Re: [Bitcoin-development] Cost savings by using replace-by-fee, 30-90% X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 May 2015 20:12:48 -0000 --f46d0421a997a9a416051701bf7c Content-Type: text/plain; charset=UTF-8 I am not the one presenting this as some kind of novel attack on transactions in general. On Tue, May 26, 2015 at 1:43 PM, Raystonn wrote: > Trust, regulation, law, and the threat of force. Are you serious? > On 26 May 2015 11:38 am, Allen Piscitello > wrote: > > What prevents you from writing a bad check using today's systems? > > On Tue, May 26, 2015 at 1:22 PM, Danny Thorpe > wrote: > > What prevents RBF from being used for fraudulent payment reversals? > > Pay 1BTC to Alice for hard goods, then after you receive the goods > broadcast a double spend of that transaction to pay Alice nothing? Your > only cost is the higher network fee of the 2nd tx. > > Thanks, > -Danny > > On Mon, May 25, 2015 at 5:10 PM, Peter Todd wrote: > > On Tue, May 26, 2015 at 12:03:09AM +0200, Mike Hearn wrote: > > CPFP also solves it just fine. > > CPFP is a significantly more expensive way of paying fees than RBF, > particularly for the use-case of defragmenting outputs, with cost > savings ranging from 30% to 90% > > > Case 1: CPFP vs. RBF for increasing the fee on a single tx > ---------------------------------------------------------- > > Creating an spending a P2PKH output uses 34 bytes of txout, and 148 > bytes of txin, 182 bytes total. > > Let's suppose I have a 1 BTC P2PKH output and I want to pay 0.1 BTC to > Alice. This results in a 1in/2out transaction t1 that's 226 bytes in size. > I forget to click on the "priority fee" option, so it goes out with the > minimum fee of 2.26uBTC. Whoops! I use CPFP to spend that output, > creating a new transaction t2 that's 192 bytes in size. I want to pay > 1mBTC/KB for a fast confirmation, so I'm now paying 418uBTC of > transaction fees. > > On the other hand, had I use RBF, my wallet would have simply > rebroadcast t1 with the change address decreased. The rules require you > to pay 2.26uBTC for the bandwidth consumed broadcasting it, plus the new > fee level, or 218uBTC of fees in total. > > Cost savings: 48% > > > Case 2: Paying multiple recipients in succession > ------------------------------------------------ > > Suppose that after I pay Alice, I also decide to pay Bob for his hard > work demonstrating cryptographic protocols. I need to create a new > transaction t2 spending t1's change address. Normally t2 would be > another 226 bytes in size, resulting in 226uBTC additional fees. > > With RBF on the other hand I can simply double-spend t1 with a > transaction paying both Alice and Bob. This new transaction is 260 bytes > in size. I have to pay 2.6uBTC additional fees to pay for the bandwidth > consumed broadcasting it, resulting in an additional 36uBTC of fees. > > Cost savings: 84% > > > Case 3: Paying multiple recipients from a 2-of-3 multisig wallet > ---------------------------------------------------------------- > > The above situation gets even worse with multisig. t1 in the multisig > case is 367 bytes; t2 another 367 bytes, costing an additional 367uBTC > in fees. With RBF we rewrite t1 with an additional output, resulting in > a 399 byte transaction, with just 36uBTC in additional fees. > > Cost savings: 90% > > > Case 4: Dust defragmentation > ---------------------------- > > My wallet has a two transaction outputs that it wants to combine into > one for the purpose of UTXO defragmentation. It broadcasts transaction > t1 with two inputs and one output, size 340 bytes, paying zero fees. > > Prior to the transaction confirming I find I need to spend those funds > for a priority transaction at the 1mBTC/KB fee level. This transaction, > t2a, has one input and two outputs, 226 bytes in size. However it needs > to pay fees for both transactions at once, resulting in a combined total > fee of 556uBTC. If this situation happens frequently, defragmenting > UTXOs is likely to cost more in additional fees than it saves. > > With RBF I'd simply doublespend t1 with a 2-in-2-out transaction 374 > bytes in size, paying 374uBTC. Even better, if one of the two inputs is > sufficiently large to cover my costs I can doublespend t1 with a > 1-in-2-out tx just 226 bytes in size, paying 226uBTC. > > Cost savings: 32% to 59%, or even infinite if defragmentation w/o RBF > costs you more than you save > > -- > 'peter'[:-1]@petertodd.org > 0000000000000000134ce6577d4122094479f548b997baf84367eaf0c190bc9f > > > ------------------------------------------------------------------------------ > One dashboard for servers and applications across Physical-Virtual-Cloud > Widest out-of-the-box monitoring support with 50+ applications > Performance metrics, stats and reports that give you Actionable Insights > Deep dive visibility with transaction tracing using APM Insight. > http://ad.doubleclick.net/ddm/clk/290420510;117567292;y > _______________________________________________ > Bitcoin-development mailing list > Bitcoin-development@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/bitcoin-development > > > > > ------------------------------------------------------------------------------ > One dashboard for servers and applications across Physical-Virtual-Cloud > Widest out-of-the-box monitoring support with 50+ applications > Performance metrics, stats and reports that give you Actionable Insights > Deep dive visibility with transaction tracing using APM Insight. > http://ad.doubleclick.net/ddm/clk/290420510;117567292;y > _______________________________________________ > Bitcoin-development mailing list > Bitcoin-development@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/bitcoin-development > > > --f46d0421a997a9a416051701bf7c Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
I am not the one presenting this as some kind of novel att= ack on transactions in general.

On Tue, May 26, 2015 at 1:43 PM, Raystonn <raystonn= @hotmail.com> wrote:

Trust, regulation, law, and the threat of force.=C2=A0 Are you ser= ious?

On 26 May 2015 11:38 am, Allen = Piscitello <allen.piscitello@gmail.com> wrote:
What prevents you from writing= a bad check using today's systems?
=

On Tue, May 26, 2015 at 1:22 PM, Danny Thorpe <danny.th= orpe@gmail.com> wrote:
What pre= vents RBF from being used for fraudulent payment reversals? =C2=A0

=
Pay 1BTC to Alice for hard goods, then after you receive the goo= ds broadcast a double spend of that transaction to pay Alice nothing? Your = only cost is the higher network fee of the 2nd tx.

Thanks,
-Danny

On Mon, May 25= , 2015 at 5:10 PM, Peter Todd <pete@petertodd.org> wrote:
On Tue, May 26, 2015 at 12:03:09AM +0200,= Mike Hearn wrote:
> CPFP also solves it just fine.

CPFP is a significantly more expensive way of paying fees than RBF,
particularly for the use-case of defragmenting outputs, with cost
savings ranging from 30% to 90%


Case 1: CPFP vs. RBF for increasing the fee on a single tx
----------------------------------------------------------

Creating an spending a P2PKH output uses 34 bytes of txout, and 148
bytes of txin, 182 bytes total.

Let's suppose I have a 1 BTC P2PKH output and I want to pay 0.1 BTC to<= br> Alice. This results in a 1in/2out transaction t1 that's 226 bytes in si= ze.
I forget to click on the "priority fee" option, so it goes out wi= th the
minimum fee of 2.26uBTC. Whoops! I use CPFP to spend that output,
creating a new transaction t2 that's 192 bytes in size. I want to pay 1mBTC/KB for a fast confirmation, so I'm now paying 418uBTC of
transaction fees.

On the other hand, had I use RBF, my wallet would have simply
rebroadcast t1 with the change address decreased. The rules require you
to pay 2.26uBTC for the bandwidth consumed broadcasting it, plus the new fee level, or 218uBTC of fees in total.

Cost savings: 48%


Case 2: Paying multiple recipients in succession
------------------------------------------------

Suppose that after I pay Alice, I also decide to pay Bob for his hard
work demonstrating cryptographic protocols. I need to create a new
transaction t2 spending t1's change address. Normally t2 would be
another 226 bytes in size, resulting in 226uBTC additional fees.

With RBF on the other hand I can simply double-spend t1 with a
transaction paying both Alice and Bob. This new transaction is 260 bytes in size. I have to pay 2.6uBTC additional fees to pay for the bandwidth
consumed broadcasting it, resulting in an additional 36uBTC of fees.

Cost savings: 84%


Case 3: Paying multiple recipients from a 2-of-3 multisig wallet
----------------------------------------------------------------

The above situation gets even worse with multisig. t1 in the multisig
case is 367 bytes; t2 another 367 bytes, costing an additional 367uBTC
in fees. With RBF we rewrite t1 with an additional output, resulting in
a 399 byte transaction, with just 36uBTC in additional fees.

Cost savings: 90%


Case 4: Dust defragmentation
----------------------------

My wallet has a two transaction outputs that it wants to combine into
one for the purpose of UTXO defragmentation. It broadcasts transaction
t1 with two inputs and one output, size 340 bytes, paying zero fees.

Prior to the transaction confirming I find I need to spend those funds
for a priority transaction at the 1mBTC/KB fee level. This transaction,
t2a, has one input and two outputs, 226 bytes in size. However it needs
to pay fees for both transactions at once, resulting in a combined total fee of 556uBTC. If this situation happens frequently, defragmenting
UTXOs is likely to cost more in additional fees than it saves.

With RBF I'd simply doublespend t1 with a 2-in-2-out transaction 374 bytes in size, paying 374uBTC. Even better, if one of the two inputs is
sufficiently large to cover my costs I can doublespend t1 with a
1-in-2-out tx just 226 bytes in size, paying 226uBTC.

Cost savings: 32% to 59%, or even infinite if defragmentation w/o RBF
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 costs you more than you sa= ve

--
'peter'[:-1]@pet= ertodd.org
0000000000000000134ce6577d4122094479f548b997baf84367eaf0c190bc9f

----------------------------------------------------= --------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
= _______________________________________________
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-de= velopment



-----------------------------------------------------------------------= -------
One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
= _______________________________________________
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-de= velopment



--f46d0421a997a9a416051701bf7c--