Return-Path: Received: from smtp1.osuosl.org (smtp1.osuosl.org [IPv6:2605:bc80:3010::138]) by lists.linuxfoundation.org (Postfix) with ESMTP id 4F138C002D for ; Mon, 11 Jul 2022 21:53:42 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp1.osuosl.org (Postfix) with ESMTP id 1164F83F5C for ; Mon, 11 Jul 2022 21:53:42 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp1.osuosl.org 1164F83F5C Authentication-Results: smtp1.osuosl.org; dkim=pass (2048-bit key, unprotected) header.d=petertodd.org header.i=@petertodd.org header.a=rsa-sha256 header.s=fm1 header.b=B8veyIMF; dkim=pass (2048-bit key, unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.a=rsa-sha256 header.s=fm3 header.b=Yp7CwWfX X-Virus-Scanned: amavisd-new at osuosl.org X-Spam-Flag: NO X-Spam-Score: -2.789 X-Spam-Level: X-Spam-Status: No, score=-2.789 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, LOTS_OF_MONEY=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_MONEY_PERCENT=0.01] autolearn=ham autolearn_force=no Received: from smtp1.osuosl.org ([127.0.0.1]) by localhost (smtp1.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7-vDnSD1tMtq for ; Mon, 11 Jul 2022 21:53:41 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0 DKIM-Filter: OpenDKIM Filter v2.11.0 smtp1.osuosl.org EB5DE83F56 Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) by smtp1.osuosl.org (Postfix) with ESMTPS id EB5DE83F56 for ; Mon, 11 Jul 2022 21:53:40 +0000 (UTC) Received: from compute2.internal (compute2.nyi.internal [10.202.2.46]) by mailout.nyi.internal (Postfix) with ESMTP id E05665C0182; Mon, 11 Jul 2022 17:53:39 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute2.internal (MEProxy); Mon, 11 Jul 2022 17:53:39 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=petertodd.org; h=cc:content-type:date:date:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:sender:subject :subject:to:to; s=fm1; t=1657576419; x=1657662819; bh=Z2ly0//J/J vBKBMOvOZybrVx47npsgAafYS/77liurg=; b=B8veyIMF6mHzvMYP2w8TpJ43uL PjmYL4b75RhQgjvS76Uc5ZAG45oh3rPlUt8/1EKXtcBgXdf7Im7Wh9/LXpcqa7Vq b70jeLgLeQtIcj/adpcd20x3UrErKRSJou0aczqjiFPyfMs8E40lIH+eenyjKhcz 3Lmfm2pQUsHdYcOrWhg+mv8qCvKHVzeQuXJCQjDLX3D4G8y2Ia5oBdLkwISUyJeM sCQ1pDFdV/oGvbsTM2WsEjERZhpaCujT034fnZ9+Dv32hsQVjE1RvhnVkfaAOt6c Y51uIe0vI59Pm6NpTV3SLwPvork4GA2BOabzi3HDp/yvbb3a3UQoyu+WboVA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:date:feedback-id :feedback-id:from:from:in-reply-to:in-reply-to:message-id :mime-version:references:reply-to:sender:subject:subject:to:to :x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm3; t=1657576419; x=1657662819; bh=Z2ly0//J/JvBKBMOvOZybrVx47np sgAafYS/77liurg=; b=Yp7CwWfXejFjN35Za6ymggd76cB2tcja1A8C7+9IYBKQ V2yF34DSpXpePWqSm36KGRPktgAvUEGimG9o0Kz5bGBSNhSXFuYuQe1yvv4r1Ph8 UA++y/N9aaRtBqlH4W4yy5OuDEy/MEBqCJNveu+5FpU/K1iTjp4x1AUcXPO5aPlY E4fu9tW0lOIu06RgABiAYTQ8wmFjr9wX6Ft+yEQLIq8CTNHQyFWrY4YRE4tweQdm VgHiT9P9pSstnFEleWdA9GLAUxrOhpiAmC1wJ6wsYmAT3YGYsxJj1u5FYlTPTM1n zfaY4ostiTxw2U26e0YAkB2LlyvSuG7dAw7BfvHU4A== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvfedrudejgedgtdegucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepfffhvffukfhfgggtuggjsehgtderredttddvnecuhfhrohhmpefrvghtvghr ucfvohguugcuoehpvghtvgesphgvthgvrhhtohguugdrohhrgheqnecuggftrfgrthhtvg hrnhepiedvvdelieekjeeukefgtdelfeegheehleffueehteeghfelveejfeelgeevffef necuffhomhgrihhnpehpvghtvghrthhouggurdhorhhgnecuvehluhhsthgvrhfuihiivg eptdenucfrrghrrghmpehmrghilhhfrhhomhepuhhsvghrsehpvghtvghrthhouggurdho rhhg X-ME-Proxy: Feedback-ID: i525146e8:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Mon, 11 Jul 2022 17:53:39 -0400 (EDT) Received: by localhost (Postfix, from userid 1000) id 1BBB35F7C1; Mon, 11 Jul 2022 17:53:37 -0400 (EDT) Date: Mon, 11 Jul 2022 17:53:37 -0400 From: Peter Todd To: Bram Cohen , Bitcoin Protocol Discussion Message-ID: References: MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="eqlpffpinTU5x1UZ" Content-Disposition: inline In-Reply-To: Subject: Re: [bitcoin-dev] Security problems with relying on transaction fees for security X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Jul 2022 21:53:42 -0000 --eqlpffpinTU5x1UZ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Jul 11, 2022 at 11:12:52AM -0700, Bram Cohen via bitcoin-dev wrote: > If transaction fees came in at an even rate over time all at the exact sa= me > level then they work fine for security, acting similarly to fixed block > rewards. Unfortunately that isn't how it works in the real world. There's= a > very well established day/night cycle with fees going to zero overnight a= nd > even longer gaps on weekends and holidays. If in the future Bitcoin is > entirely dependent on fees for security (scheduled very strongly) and this > pattern keeps up (overwhelmingly likely) then this is going to become a > serious problem. >=20 > What's likely to happen is that at first there will simply be no or very > few blocks mined overnight. There are likely to be some, as miners at fir= st > turn off their mining rigs completely overnight then adopt the more > sophisticated strategy of waiting until there are enough fees in the > mempool to warrant attempting to make a block and only then doing it. > Unfortunately the gaming doesn't end there. Eventually the miners with > lower costs of operation will figure out that they can collectively reorg > the last hour (or some time period) of the day overnight and this will be > profitable. That's likely to cause the miners with more expensive > operations to stop attempting mining the last hour of the day preemptivel= y. >=20 > What happens after that I'm not sure. There are a small enough number of > miners with a quirky enough distribution of costs of operation and > profitability that the dynamic is heavily dependent on those specifics, b= ut > the beginnings of a slippery slope to a mining cabal which reorgs everyone > else out of existence and eventually 51% attacks the whole thing have > begun. It even gets worse than that because once there's a cabal > aggressively reorging anyone else out when they make a block other miners > will shut down and rapidly lose the ability to quickly spin up again, so > the threshold needed for that 51% attack will keep going down. >=20 > In short, relying completely on transaction fees for security is likely to > be a disaster. What we can say from existing experience is that having > transaction fees be about 10% of rewards on average works well. It's enou= gh > to incentivize collecting fees but not so much that it makes incentives g= et > all weird. 90% transaction fees is probably very bad. 50% works but runs > the risk of spikes getting too high. >=20 > There are a few possible approaches to fixes. One would be to drag most of > east asia eastward to a later time zone thus smoothing out the day/night > cycle but that's probably unrealistic. Another would be to hard fork in > fixed rewards in perpetuity, which is slightly less unrealistic but still > extremely problematic. >=20 > Much more actionable are measures which smooth out fees over time. Note that a tricky thing here is that smoothing out fees is made difficult = by the fact that users can by-pass the fee system by including anyone-can-spend outputs in their transactions. Or worse, by simply paying large miners out-of-band to get their txs confirmed. So any smothing scheme that tries to smooth the market-based fees we already have will fail. The only type of fee-smoothing scheme that is feasible is to smooth an enti= rely separate category of fees that are made mandatory. For example, you could achieve the economic impact of inflation by having a fixed value*time based= fee that goes to timelocked anyone-can-spend outputs in the coinbase to push the fee forward to other miners. Doing this is of course a gigantic accounting headache, and problematic for existing L2 protocols, because you are reducing the value of txouts as they= age (demurrage). But at least it's a soft-fork. Interestingly, if you look at transaction fees in blocks right now, people regularly pay far higher transaction fees than necessary. There seem to be a bunch of high value users, eg $1 million txs, without terrible fee estimati= on. And I suspect the reason why this happens is simply that for a $1 million t= x, overpaying 100x with a $100 tx fee is irrelevant. Of course, this is also a problem from the re-org point of view... > Having > wallets opportunistically collect their dust during times of low > transaction fees would help and would save users on fees. You're assuming wallets will even have dust to collect. With widespread use= of Lightning that will likely not be true. Indeed, with sufficiently efficient= L2 solutions it's really unclear as to how much demand there will be for block space. --=20 https://petertodd.org 'peter'[:-1]@petertodd.org --eqlpffpinTU5x1UZ Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE0RcYcKRzsEwFZ3N5Lly11TVRLzcFAmLMm94ACgkQLly11TVR LzdbCRAAqqVksSkLJNycAb9/nbVLx7vjVv+zhd7txqiQp+urPQirQrx9NtDCEI8t 51x/XuVKXQvdN+uaIVcDB6jhK+3bFklSKB5Bv2a28czyJvaiynqkiZTGnZh2mULW jA4veGrrplVA97QDxWalp2C6S1EO4HFYDEgHXFDm86/TjZHxf1aLaxFl+zr+9pe9 SXxeA42kCARSefcd+347Z5hAKg60+6kn7GZP4x/5SO7e+TjANddpzGdVw4j5ILbZ RwaIn9JD8IKQA+A5OiP8pBKQ0jnJcQyfYI5dtUiPPZ1PSo/nMU1rCxsgDlV3cbUg WSgePWIHNFL9L/Ua1KR3+hfwuUMOUH8/T7E4aSGQ8YGQRcwrlaIlTF7w9CdHjEAH OLHEh9PW3efun8UmFcAqccsuB8bf8HRKWr/sAYeY5GsNaR5jIAY6MuUuS2lALyBW gsZaMwgzMoxVHerQBGSWgDEPALU2l/ci1yD1Ei7UvGbcdyLcE8pHHPXSOUDjpQ81 z6/PyzIQLGfPozciU/U+5T6ZVKgkhqaDHimCwcvzm03KuROeYIjMyHCaYZmkmXlR WzZlx6VMsP9Ial08UXNalPIglRhUI/B4bWZSvzXl25XbOueqFTGnxU5QB2dWinaV Q8bZiPXYShiPeRH1K0rNc8bRgTWmfCTKSh/Htw1iXQZuJKeioE4= =Ehd6 -----END PGP SIGNATURE----- --eqlpffpinTU5x1UZ--