Delivery-date: Fri, 19 Jul 2024 07:23:14 -0700 Received: from mail-oa1-f56.google.com ([209.85.160.56]) by mail.fairlystable.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from ) id 1sUoVt-00046F-Sx for bitcoindev@gnusha.org; Fri, 19 Jul 2024 07:23:14 -0700 Received: by mail-oa1-f56.google.com with SMTP id 586e51a60fabf-26113393a45sf510934fac.0 for ; Fri, 19 Jul 2024 07:23:13 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1721398988; cv=pass; d=google.com; s=arc-20160816; b=MR3b/unxvtr/A35DRYMByqLQNAf8m06eeufqcx3uSGkD20/XHvhpptd7RNYmdN7qlz qn4AvC3wKSkKz1GW7NuedThR12zAkilVzsJm7cvT62MVIrbVM3MWMZUom4kGiaUCgHEd CFPDvgNdZMWzpYlCaMqR8Dj2LOBq+A1lf9Bn07Xoj+1nwteVAzC6xDkTKjWJxxq0BlW+ xsD+W6i6I/EymCHn1ZEFucZLUs2yWpQxKhp5H1WONrEmGGf+OMF+h97HItKWrq2OQ9D6 olOeV+f76ZXFT0Vnus2mQirUbg9iEHB0sp+ZWi5vkGCATIKmWKoVVBflXO5zs7S6vE07 18Gg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:sender:dkim-signature :dkim-signature; bh=sP7If7zmsKo7lVWAmwjX5FLV8W4pQTIH+I9VxFazmuM=; fh=NiEwrWKe7f7m3PQzbfm5gS9Qt/woj9AugI0m+f+CqgM=; b=APhY9JrYXYB2k8KRmn8TDvHC/WgaIeYplSMHAgxbOvGu/+pjMs8vR1aWtPIoX8eqbO ln52JcZJAX3fSxO+q4tvLvfsFgQlD1XYOoV8L4QFzeuFAKHclc9BNU6cKtz+Ds/azify b3gKZVL2PQGLrvhKAv97bje+8BMveMlqXm+52V1jwUo+cWl61ECdRkM4vaZ9AkV2aLGC WEr5IRWVWtJKb9ZqAThd/K9olWZWBPkHz44cPf8YteYbBiItH7of02shEWat5FqeUD9l /VJs7Fr/DWqXHrZAEZnHjh8oMdlpMyir8LqE+lv2jrRzH+r5GtI5/khvb1+M2v68T26C V2bQ==; darn=gnusha.org ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=f4mdQ9zl; spf=pass (google.com: domain of antoine.riard@gmail.com designates 2607:f8b0:4864:20::d36 as permitted sender) smtp.mailfrom=antoine.riard@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com; dara=pass header.i=@googlegroups.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1721398988; x=1722003788; darn=gnusha.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:sender:from:to:cc:subject:date:message-id :reply-to; bh=sP7If7zmsKo7lVWAmwjX5FLV8W4pQTIH+I9VxFazmuM=; b=CLq577aau/h0PqUZ2ySYfemTiy8FM9AmGNFvKD4gx7WKo/W8kHbz/fCowtWg8TFvdi dboO88FPZpbvwCGlKYYLeaj3PMbXF4sP3XTP4/ld3pFYjUlw7weVKanYn7yyERY6zCxq gA+iPozakgViz5obtlR914xrixQT+2ievHuqTkfg+i98GTFUmij+2mye0Isc3eECOmck OStmRJFFeZ4Lc9BFp9AQMwh8/OdXlz/jMB0JSUBnVwEt2tm11Fjm1bJ7PjKR6eSLMMNI c4eagWVZRMnCVDCIl09mgIRK17qXBICPGCiXmjdyAZXRpBHS/yfNQCWgMMfaiyu6z9/4 9rQw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1721398988; x=1722003788; darn=gnusha.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:from:to:cc:subject:date:message-id:reply-to; bh=sP7If7zmsKo7lVWAmwjX5FLV8W4pQTIH+I9VxFazmuM=; b=kgXQgO2rQPuYM97EP6bSmHVre8cZs219ydLQNR6iKC/LhJG6Ur9P2M167DuaXDeMZf gL2+WzfF+A6sYJp9rBa1c6Z9fefc1+AydOtee9KbWkDKCXueWYkbb15R4IpscvZJ7qCG b7aDzIIGDJ5+SRdcZaZHqu0y/MMwO8g9gdCIXLfpAt3qbJMAJAP3pOVccmnGzxeC7oDN bG6a7ezAihX+F4R7w5DAHUrfghnJe6qN169IPoGGnIJ2ogTRmmg0vUtkeL3OSGrf+cnF iYs+u8xOVMhi0d8ic4TeNVVRKk72W4nXU8Ng7ccqrkf80IIFo6vh0apS8o7p/att2J4f D+Cw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1721398988; x=1722003788; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:x-beenthere:x-gm-message-state:sender:from :to:cc:subject:date:message-id:reply-to; bh=sP7If7zmsKo7lVWAmwjX5FLV8W4pQTIH+I9VxFazmuM=; b=Z+J76PL8tupgDc6CEsrkkm3ilhH5UAuhDBikinIIkx7BoPhe5xoPCJF3rcq4qRBeG7 H13N8+5fR5NCEglcheD6cXunqPleKj8IQ7GupLNfgkgWO9LKJyHO0WIGjIhzcIM6HbZ4 nvwedGCI0ir8HFQN8htVn4C0Wq1wHgNBWWHWJe2CRqk6ToDifGvc/jpFeNVgwBS7l30G k+CQnVn7B4mAxw7bZmaedq+aloc3bwi83SlWzTgSTtDS5OZEA79dmzmgXcqPd+q/rtp+ avCOrOdyHedTLGPvSJngjbvIF8nirNZS/8Z1PKdwA5Nv19TgEoxkK/wXGkMMvoOt85Ji 0WQg== Sender: bitcoindev@googlegroups.com X-Forwarded-Encrypted: i=2; AJvYcCWV98yvfbiJPnxQbq+tz2/9CLRY76HI6b2z35ld86yXs3rVvyPl3qngjyXiZ7T/xhSuL9SNhSPak2qD2fJ4lKv+ase83jQ= X-Gm-Message-State: AOJu0YxmCA/5yeo5X29ea6hk6gOnBVMZBBeJo0bXzteFQM2GKaaEQkbW WPRI3L/yWmvyoWOX9+ljW/pvDrlVAsvgdViAubla8kr11U2nsEJh X-Google-Smtp-Source: AGHT+IFubtSe5ocoIf1iyfgwj3qazQ5uXK2/UsvY+eWzKvij22b+ger739KRLlhVeyFwGqEEBaatRw== X-Received: by 2002:a05:6870:210e:b0:25e:b839:cf06 with SMTP id 586e51a60fabf-260ef212c8bmr3065938fac.11.1721398987456; Fri, 19 Jul 2024 07:23:07 -0700 (PDT) X-BeenThere: bitcoindev@googlegroups.com Received: by 2002:a05:6870:bb0d:b0:25d:f93b:9be0 with SMTP id 586e51a60fabf-260ec481411ls2704839fac.1.-pod-prod-05-us; Fri, 19 Jul 2024 07:23:06 -0700 (PDT) X-Received: by 2002:a05:6870:658d:b0:25c:ba98:286 with SMTP id 586e51a60fabf-260eea50d8cmr409750fac.9.1721398985867; Fri, 19 Jul 2024 07:23:05 -0700 (PDT) Received: by 2002:a05:6808:329a:b0:3da:a27f:25ca with SMTP id 5614622812f47-3dadf206240msb6e; Fri, 19 Jul 2024 06:52:42 -0700 (PDT) X-Received: by 2002:a05:6e02:b2e:b0:377:3b34:17f with SMTP id e9e14a558f8ab-3964e83ec4amr43766235ab.13.1721397161941; Fri, 19 Jul 2024 06:52:41 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1721397161; cv=none; d=google.com; s=arc-20160816; b=cxxm9dXk2iRmgNPlIR79X1zFFhwx15vRfH/VHRhwP0FjMXQdF6sZ7btL2gq8uYkfZU 3A2S1e7JWnbkj8EF+b+b/4dmoAYD7WQaJNpZA5V80szetV6FxsxLL2vpo/Ym5O7rvCyf rlDJi7or5boi4qyzxH5YdSHd+xSAHHf26wGbj2Yx8xt6Qxnmtux8sGMF/jik9iZySCJL vU1wgOMv/I12hv2oiT3Abjq4hqjjUx4YbaIJbbhLdH8PtLa70oHJsFHk2Fme3SrkXR8Z DE+CkRP5hZFgNDw4w/q6g+vMkVlZhRWUkuwwNgK4mERdkW0NCSrCDiFvEhOiIC0myCrJ FY0Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:dkim-signature; bh=DwfS58qZ6191FOupUqTd6Zm+ZP0BYL/0EIc9umPi/tc=; fh=yPd8HNyAt94w6+9mawPnFhKq8crEnOt8R5D/kg3m3ro=; b=sHeJ+mAzwwcaTfBvZ845v3UYxt1M3AN10SqVZ98YlbEx7g1IXsC3PFJ2hVh9B2aW3S Npuc4YpsJ6C6H2RBgtDN/MxXNz0Os2p/mRhscwKhZbRb13WZQNzii6A8E464+dIAk0lG z1Ix8+EPIq+eZhisS0GH0gd9ti5fqf1Yz2FROutQN1Qum1mhI1NU7pDa0ltpLX7MYQAa QHMwUhJOIxE3wRtB3M5a2vHgvZW6eo7FzInZ8auWcO9hDIeu5JT+AM0n1puDAhbIyd0t p5crwsfqzAuKA2bXHE8jaE7aqgX/zQofnHNn0XR9L/t4oOwIH4nzu7P8dGU8V4I0jkVS Y80w==; dara=google.com ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=f4mdQ9zl; spf=pass (google.com: domain of antoine.riard@gmail.com designates 2607:f8b0:4864:20::d36 as permitted sender) smtp.mailfrom=antoine.riard@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com; dara=pass header.i=@googlegroups.com Received: from mail-io1-xd36.google.com (mail-io1-xd36.google.com. [2607:f8b0:4864:20::d36]) by gmr-mx.google.com with ESMTPS id e9e14a558f8ab-397f1f38a98si605565ab.0.2024.07.19.06.52.41 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Fri, 19 Jul 2024 06:52:41 -0700 (PDT) Received-SPF: pass (google.com: domain of antoine.riard@gmail.com designates 2607:f8b0:4864:20::d36 as permitted sender) client-ip=2607:f8b0:4864:20::d36; Received: by mail-io1-xd36.google.com with SMTP id ca18e2360f4ac-7f684710ff5so56637439f.1 for ; Fri, 19 Jul 2024 06:52:41 -0700 (PDT) X-Received: by 2002:a6b:ea19:0:b0:806:3dac:5081 with SMTP id ca18e2360f4ac-8180f91af2fmr396042039f.7.1721397161346; Fri, 19 Jul 2024 06:52:41 -0700 (PDT) MIME-Version: 1.0 References: <18fc443d-c347-4a84-94fe-81308ae20b76n@googlegroups.com> In-Reply-To: From: Antoine Riard Date: Fri, 19 Jul 2024 14:52:29 +0100 Message-ID: Subject: Re: [bitcoindev] Re: A "Free" Relay Attack Taking Advantage of The Lack of Full-RBF In Core To: Peter Todd Cc: Bitcoin Development Mailing List Content-Type: multipart/alternative; boundary="00000000000051cd21061d9a02e5" X-Original-Sender: antoine.riard@gmail.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=f4mdQ9zl; spf=pass (google.com: domain of antoine.riard@gmail.com designates 2607:f8b0:4864:20::d36 as permitted sender) smtp.mailfrom=antoine.riard@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com; dara=pass header.i=@googlegroups.com Precedence: list Mailing-list: list bitcoindev@googlegroups.com; contact bitcoindev+owners@googlegroups.com List-ID: X-Google-Group-Id: 786775582512 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Score: -0.5 (/) --00000000000051cd21061d9a02e5 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi Peter, > I think you need to re-read the attack carefully before we discuss this > further. The % of hash power mining full-rbf does not significantly change the > cost efficiency of the attack as long as the fee-rate of the B transaction(s) > is below the minimum economic fee-rate necessary for miners to mine a > transaction. Above the minimum economic fee-rate, the cost efficiency is an > essentially linear function of % of full-rbf miners. This is not the % of hash power mining _full-rbf_ I was pointing to, just the indistinct total % of hash power mining. In my understanding, this is the scenario: - Alice broadcasts small size, low-feerate transaction opt-in disabled A to 99% of the miners+network nodes mempools - Alice broadcasts a double-spend of A, a high-feerate transaction A2 to Mark, a single miner - Network nodes does not relay transaction A to Mark and vice-versa Mark does not relay transaction A2 to network nodes - Alice broadcasts a child B of transaction A to 99% of the miners+network nodes mempools - Mark, the single miner confirms in a block A2, rendering as a waste A+B network bandwidth Correct if I'm wrong with this scenario and if it does not match the attack vector you're describing. The child B can be extended with a full chain of useless children within max mempool limits. The attack efficiency (i.e the total vB of bandwidth network waste) is dependent on the delay by which transaction A2 is included in Mark's block template and subsequently mined. Back to my observation, higher are Mark hashrate ressources, less there is latency to let transaction B spontaneously propagate on the network, or for Alice to (re)-broadcast in cycle. All that said, I think my open question to you at the beginning of my answer is still there, i.e how much time has been left between the private report of this issue to the sec mailing list and the public disclosure of your email. Best, Antoine ots hash: 001081aba5b44bf98f8774090fcd62109061e1623965ab8ec71068274b46aaf8 Le ven. 19 juil. 2024 =C3=A0 02:05, Peter Todd a =C3= =A9crit : > On Thu, Jul 18, 2024 at 04:04:47PM -0700, Antoine Riard wrote: > > Hi Peter, > > > > In my understanding, the attack efficiency varies widely in function of > the > > hashrate ressources > > of the miner getting the high-feerate double-spend A2 transaction. I > think > > higher are the hashrate > > ressources, lower would have been the transaction B (re)-broadcast > > bandwidth waste. > > I think you need to re-read the attack carefully before we discuss this > further. The % of hash power mining full-rbf does not significantly chang= e > the > cost efficiency of the attack as long as the fee-rate of the B > transaction(s) > is below the minimum economic fee-rate necessary for miners to mine a > transaction. Above the minimum economic fee-rate, the cost efficiency is = an > essentially linear function of % of full-rbf miners. > > -- > https://petertodd.org 'peter'[:-1]@petertodd.org > --=20 You received this message because you are subscribed to the Google Groups "= Bitcoin Development Mailing List" group. To unsubscribe from this group and stop receiving emails from it, send an e= mail to bitcoindev+unsubscribe@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/= bitcoindev/CALZpt%2BHJvBXM_geK7JC8umrt1goq8bc%2BpnY0mk%2Bo%2Br_%2Bbjrtew%40= mail.gmail.com. --00000000000051cd21061d9a02e5 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi Peter,

> I think you need to re-read the atta= ck carefully before we discuss this
> further. The % of hash power mi= ning full-rbf does not significantly change the
> cost efficiency of = the attack as long as the fee-rate of the B transaction(s)
> is below= the minimum economic fee-rate necessary for miners to mine a
> trans= action. Above the minimum economic fee-rate, the cost efficiency is an
&= gt; essentially linear function of % of full-rbf miners.

This is not= the % of hash power mining _full-rbf_ I was pointing to, just the indistin= ct
total % of hash power mining.

In my understanding, this is th= e scenario:
- Alice broadcasts small size, low-feerate transaction opt-i= n disabled A to 99% of the miners+network nodes mempools
- Alice broadca= sts a double-spend of A, a high-feerate transaction A2 to Mark, a single mi= ner
- Network nodes does not relay transaction A to Mark and vice-versa = Mark does not relay transaction A2 to network nodes
- Alice broadcasts a= child B of transaction A to 99% of the miners+network nodes mempools
- = Mark, the single miner confirms in a block A2, rendering as a waste A+B net= work bandwidth

Correct if I'm wrong with this scenario and if it= does not match the attack vector you're describing.

The child = B can be extended with a full chain of useless children within max mempool = limits.

The attack efficiency (i.e the total vB of bandwidth network= waste) is dependent on the delay
by which transaction A2 is included in= Mark's block template and subsequently mined. Back to
my observatio= n, higher are Mark hashrate ressources, less there is latency to let transa= ction B
spontaneously propagate on the network, or for Alice to (re)-bro= adcast in cycle.

All that said, I think my open question to you at t= he beginning of my answer is still there,
i.e how much time has been lef= t between the private report of this issue to the sec mailing
list and t= he public disclosure of your email.

Best,
Antoine
ots hash: 00= 1081aba5b44bf98f8774090fcd62109061e1623965ab8ec71068274b46aaf8

Le= =C2=A0ven. 19 juil. 2024 =C3=A0=C2=A002:05, Peter Todd <pete@petertodd.org> a =C3=A9crit=C2=A0:
On Thu, Jul 18, 2024 at 04:04:47PM -0700, Antoine Riard= wrote:
> Hi Peter,
>
> In my understanding, the attack efficiency varies widely in function o= f the
> hashrate ressources
> of the miner getting the high-feerate double-spend A2 transaction. I t= hink
> higher are the hashrate
> ressources, lower would have been the transaction B (re)-broadcast > bandwidth waste.

I think you need to re-read the attack carefully before we discuss this
further. The % of hash power mining full-rbf does not significantly change = the
cost efficiency of the attack as long as the fee-rate of the B transaction(= s)
is below the minimum economic fee-rate necessary for miners to mine a
transaction. Above the minimum economic fee-rate, the cost efficiency is an=
essentially linear function of % of full-rbf miners.

--
http= s://petertodd.org 'peter'[:-1]@petertodd.org

--
You received this message because you are subscribed to the Google Groups &= quot;Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an e= mail to bitcoind= ev+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://g= roups.google.com/d/msgid/bitcoindev/CALZpt%2BHJvBXM_geK7JC8umrt1goq8bc%2Bpn= Y0mk%2Bo%2Br_%2Bbjrtew%40mail.gmail.com.
--00000000000051cd21061d9a02e5--