Return-Path: Received: from smtp1.osuosl.org (smtp1.osuosl.org [140.211.166.138]) by lists.linuxfoundation.org (Postfix) with ESMTP id 480C0C002D for ; Tue, 14 Jun 2022 00:25:24 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp1.osuosl.org (Postfix) with ESMTP id 11CA381AF6 for ; Tue, 14 Jun 2022 00:25:24 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org X-Spam-Flag: NO X-Spam-Score: -2.098 X-Spam-Level: X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: smtp1.osuosl.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from smtp1.osuosl.org ([127.0.0.1]) by localhost (smtp1.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jarah8UErlhU for ; Tue, 14 Jun 2022 00:25:23 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.8.0 Received: from mail-il1-x12b.google.com (mail-il1-x12b.google.com [IPv6:2607:f8b0:4864:20::12b]) by smtp1.osuosl.org (Postfix) with ESMTPS id E54D581A1C for ; Tue, 14 Jun 2022 00:25:22 +0000 (UTC) Received: by mail-il1-x12b.google.com with SMTP id s1so5537281ilj.0 for ; Mon, 13 Jun 2022 17:25:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:from:date:message-id:subject:to; bh=Z9AyOVWAvx7OFPF9C0fhWivqt6InT23eB4d9HE7b+0s=; b=Fi4MOhHHKINF+04MLD2up4oAKelvISSzZTLJpqnWnu5HdqNrH0EO138g015O9hYC8b JZ9PJgPBakfs7CWTbS6BDXUJmf6tqHaEl3LPALmsh8WwIghIPSk8kaohFZsf6KkSzp4+ IjdDlsv19mjSSb9MZviTZtgYVxfjAdwIIQS9IJnf7snXyoI7xXpWE/AXP1sQ8F5YFZsI EyGgjTsWpYyY+XaQAv0YX/b4g8gHiJNeoizyqLlwSw09fgQvo+QSryEJlzJKsyYGhjdO maOXL4U+lPaOdtWQauURFmAi8DsrXwdZjagMZlppZkPig91IJbSfJx8orYSODKtJOhBd 1Oag== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=Z9AyOVWAvx7OFPF9C0fhWivqt6InT23eB4d9HE7b+0s=; b=3Pfi68ED8ysq4kOCX8AX4houUCE1AweZE1yX9SYbsOinxqXt4Iv0X+3WLqb2K/4ZGT N0GgaIuLYqFYbyC+yfPzOVcDwHikVlcs7vad2j+QC5tX3e+q+8wQQWc+6JRKhJUcsJHg +4OlOPs58eGHyM9jt5f+LRA5dbUeHbRSQGm5nuqOS3D6GLHUP/f2eWFl8Rjl49GUtIE6 nLzPOMgkbgYGkqJKd86eaE3q0dwHZFDzUHBHYMQqruZL+y8i+jTplPTPYTPNnR05aE2m pONPXq68npB4TOPQW2J+vm2MNzk+1aTI9H85gqGrAlL4zu4TbhSmf1gBm0zcEF7/feUI 33Bw== X-Gm-Message-State: AJIora+dfX8dRjdOCexUrvHESTHyRiW0HSKv377l1zCSoqZv6645JZ8v O4RVtsO/Q6ZUZ4rCW602tbDeKJzX4VwzP5l2Rdix4b7Zd7g= X-Google-Smtp-Source: AGRyM1tZSr/9G2X0hoxCCH2lRCcEUeWWbRNd7AL8oIlnwT5tAcov6aU6/zdWXAZcWHY6rOJ8rkiUuAc/nLQbEeAV39A= X-Received: by 2002:a05:6e02:1b87:b0:2d6:5e74:217a with SMTP id h7-20020a056e021b8700b002d65e74217amr1376108ili.74.1655166321883; Mon, 13 Jun 2022 17:25:21 -0700 (PDT) MIME-Version: 1.0 From: Antoine Riard Date: Mon, 13 Jun 2022 20:25:11 -0400 Message-ID: To: Bitcoin Protocol Discussion Content-Type: multipart/alternative; boundary="000000000000a9011405e15d7093" X-Mailman-Approved-At: Tue, 14 Jun 2022 02:51:29 +0000 Subject: [bitcoin-dev] Playing with full-rbf peers for fun and L2s security X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Jun 2022 00:25:24 -0000 --000000000000a9011405e15d7093 Content-Type: text/plain; charset="UTF-8" Hi list, Recent discussions among LN devs have brought back on the surface concerns about the security of multi-party funded transactions (coinjoins, dual-funded LN channels, on-chain DLCs, ...). It turns out there is a low-fruit, naive DoS vector playable against the funding flow of any such construction due to the lack of existent full-rbf transaction-relay topology on today's p2p network [0] [1]. While it does not consist in a direct loss of funds, if exploited well I think it's annoying enough to inflict significant timevalue loss or fee-bumping waste to the future providers or distributed swarm of users doing multi-party funded transactions. Of course, it can be fixed one layer above by introducing either fidelity bonds or a reliable centralized coordinator, though at the price of an overhead per-participant ressources cost and loss in system openness [1]. For that reason, I believe it would be beneficial to the flourishing of multi-party funded transactions to fix the Dos vector by seeing a subset of the network running full-rbf and enabling propagation of honest multi-party transactions to the interested miners, replacing potential non-signaling double-spend from a malicious counterparty. Moving towards that direction, I've submitted a small patch against Bitcoin Core enabling it to turn on full-rbf as a policy, still under review [3]. The default setting stays **false**, i.e keeping opt-in RBF as a default replacement policy. I've started to run the patch on a public node at 146.190.224.15. If you're a node operator curious to play with full-rbf, feel free to connect to this node or spawn up a toy, public node yourself. There is a ##uafrbf libera chat if you would like information on the settings or looking for full-rbf friends (though that step could be automated in the future by setting up a dedicated network bit and reserving a few outbound slots for them). If you're a mining operator looking to increase your income, you might be interested to experiment with full-rbf as a policy. Indeed, in the future I believe the multi-party transactions issuers who need full-rbf to secure their funding flow should connect by default to full-rbf peers. One can conjecture that their transactions are likely to be more compelling in their feerate as their liquidity needs are higher than the simple transaction. For today, I think we have really few standards and bitcoin softwares relying on multi-party funded transactions [4]. If you're a Bitcoin user or business and you don't like full-rbf, please express an opinion on how it might affect your software/operations. I'm always interested to learn more about mempool and transaction-relay interactions with upper-layers and applications and to listen to feedback in those areas, and I guess a lot of other Bitcoin researchers/devs too. I know there have been a lot of concerns about full-rbf in the past, however I believe the Bitcoin ecosystem has matured a lot since then. Any mistakes or missing context is my own. Cheers, Antoine [0] For more info about replace-by-fee, see https://bitcoinops.org/en/topics/replace-by-fee/ [1] For more details about the DoS vector, see https://lists.linuxfoundation.org/pipermail/lightning-dev/2021-May/003033.html [2] E.g I think it does not affect the Lightning Pool service, as there is a preliminary step where the participant funds are locked first in a 2-of-2 with the coordinator before being committed in the multi-party batch transaction. [3] https://github.com/bitcoin/bitcoin/pull/25353 [4] E.g DLCs : https://github.com/discreetlogcontracts/dlcspecs/blob/master/Transactions.md ; Lightning dual-funded channel : https://github.com/lightning/bolts/pull/851 --000000000000a9011405e15d7093 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi list,

Recent discussions among LN devs have brou= ght back on the surface concerns about the security of multi-party funded t= ransactions (coinjoins, dual-funded LN channels, on-chain DLCs, ...). It tu= rns out there is a low-fruit, naive DoS vector playable against the funding= flow of any such construction due to the lack of existent full-rbf transac= tion-relay topology on today's p2p network [0] [1]. While it does not c= onsist in a direct loss of funds, if exploited well I think it's annoyi= ng enough to inflict significant timevalue loss or fee-bumping waste
to= the future providers or distributed swarm of users doing multi-party funde= d transactions. Of course, it can be fixed one layer above by introducing e= ither fidelity bonds or a reliable centralized coordinator, though at the p= rice of an overhead per-participant ressources cost and loss in system open= ness [1].

For that reason, I believe it would be beneficial to the f= lourishing of multi-party funded transactions to fix the Dos vector by seei= ng a subset of the network running full-rbf and enabling propagation of hon= est multi-party transactions to the interested miners, replacing potential = non-signaling double-spend from a malicious counterparty. Moving towards th= at direction, I've submitted a small patch against Bitcoin Core enablin= g it to turn on full-rbf as a policy, still under review [3]. The default s= etting stays **false**, i.e keeping opt-in RBF as a default replacement pol= icy. I've started to run the patch on a public node at 146.190.224.15.<= br>
If you're a node operator curious to play with full-rbf, feel fr= ee to connect to this node or spawn up a toy, public node yourself. There i= s a ##uafrbf libera chat if you would like information on the settings or l= ooking for full-rbf friends (though that step could be automated in the fut= ure by setting up a dedicated network bit and reserving a few outbound slot= s for them).

If you're a mining operator looking to increase you= r income, you might be interested to experiment with full-rbf as a policy. = Indeed, in the future I believe the multi-party transactions issuers who ne= ed full-rbf to secure their funding flow should connect by default to full-= rbf peers. One can conjecture that their transactions are likely to be more= compelling in their feerate as their liquidity needs are higher than the s= imple transaction. For today, I think we have really few standards and bitc= oin softwares relying on multi-party funded transactions [4].

If you= 're a Bitcoin user or business and you don't like full-rbf, please = express an opinion on how it might affect your software/operations. I'm= always interested to learn more about mempool and transaction-relay intera= ctions with upper-layers and applications and to listen to feedback in thos= e areas, and I guess a lot of other Bitcoin researchers/devs too. I know th= ere have been a lot of concerns about full-rbf in the past, however I belie= ve the Bitcoin ecosystem has matured a lot since then.

Any mistakes = or missing context is my own.

Cheers,
Antoine

[0] For more= info about replace-by-fee, see https://bitcoinops.org/en/topics/replace-by-fee/
<= br>[1] For more details about the DoS vector, see https://l= ists.linuxfoundation.org/pipermail/lightning-dev/2021-May/003033.html
[2] E.g I think it does not affect the Lightning Pool service, as the= re is a preliminary step where the participant funds are locked first in a = 2-of-2 with the coordinator before being committed in the multi-party batch= transaction.

[3] https://github.com/bitcoin/bitcoin/pull/25353

[4] E.g DL= Cs : https://github.com/discreetlogcontracts/dlcspecs/blob/ma= ster/Transactions.md ; Lightning dual-funded channel : https://github.com/lightning/bolts/= pull/851
--000000000000a9011405e15d7093--