Return-Path: Received: from smtp4.osuosl.org (smtp4.osuosl.org [IPv6:2605:bc80:3010::137]) by lists.linuxfoundation.org (Postfix) with ESMTP id 04AE7C000B for ; Tue, 22 Mar 2022 19:57:32 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id DF51F417C2 for ; Tue, 22 Mar 2022 19:57:31 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org X-Spam-Flag: NO X-Spam-Score: -2.099 X-Spam-Level: X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: smtp4.osuosl.org (amavisd-new); dkim=pass (2048-bit key) header.d=protonmail.com Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id j55Eis4Yu2Xg for ; Tue, 22 Mar 2022 19:57:30 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0 Received: from mail-4319.protonmail.ch (mail-4319.protonmail.ch [185.70.43.19]) by smtp4.osuosl.org (Postfix) with ESMTPS id DE48741746 for ; Tue, 22 Mar 2022 19:57:29 +0000 (UTC) Date: Tue, 22 Mar 2022 19:57:23 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail; t=1647979046; bh=HytvPx/FHPwK9GtL7q49APKnwB5TPXBHM8omOy/5v0g=; h=Date:To:From:Reply-To:Subject:Message-ID:In-Reply-To:References: From:To:Cc:Date:Subject:Reply-To:Feedback-ID:Message-ID; b=0mH++HazEScRspqp/pJjab+iruDp7lgNUEV73kLvsj2B09qBh47S3yfakgeXoEkWu 966EutXYR0x9lh8KzCHk7iJ7I1tnCGhRskI5M1h6WVsLrVaQt5IWFIbl9Tc8s7eTQy BB35qzwOa89WNS+35n+s172EHjk1MKk5VHiB0yNMrLjtpF6aN0b5zWRrPVilwcDVIX wjSbCUFAPiNI3Th4WeBFwdJXRlBZ1POBKLh3SzbkROkYXI9QpdkkImbSvZfCE6Y/Ge eM2mSUak0tP305WyR+gNsJAVsuRJuPh+O7+tPbp3Fj2xCrZU7EV2CSc8qqLVVe0I9r cgHJUX3VkkmTw== To: Larry Ruane , Bitcoin Protocol Discussion From: darosior Reply-To: darosior Message-ID: In-Reply-To: References: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Mailman-Approved-At: Tue, 22 Mar 2022 21:14:33 +0000 Subject: Re: [bitcoin-dev] mempool transaction witness-replacement X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 Mar 2022 19:57:32 -0000 Hi Larry, Thanks for bringing this up. I'm curious to know if this is helpful for pin= ning as long as you have a way to statically analyze Script to prevent witness stuffing [0]. I agree it *coul= d* still be useful for miners, but subject to all the complications of RBF. > An advantage of this mempool-accept policy change is that it's > miner-incentive compatible (miners would prefer to mine a transaction > with a higher feerate). There is more to be "miner-incentive compatible" than increasing feerate. F= or instance, the latest RBF discussions made the miner incentive to maximize absolute fees more well kn= own. I think the same goes for witness replacement: if you don't have as many MBs of transaction you are c= omfortable with in your mempool, you don't want it to shrink further. Antoine [0] See the 'Malleability' section of https://bitcoin.sipa.be/miniscript/. = Note however this currently only applies to third party malleability (in pinning attacks the aversary is= internal to the contract). On the other hand Miniscript already allows you to get the maximum satisfactio= n size, so you can cover for the worst case scenario already. ------- Original Message ------- Le mardi 22 mars 2022 =C3=A0 8:04 PM, Larry Ruane via bitcoin-dev a =C3=A9crit : > Greetings list, > > This is my first time posting here. > > Question for you: > > Should the Bitcoin Core mempool replace an existing transaction with one > > that has the same txid (having the same effect, same spends and outputs) > > but a sufficiently smaller witness (different wtxid) and thus a higher > > feerate? This is what https://github.com/bitcoin/bitcoin/pull/24007 > > proposes, and I'd like to get opinions on two questions: > > 1. Is this a beneficial change? Specifically, is anyone creating an > > application that would broadcast transactions with the same txid but > > different witnesses as an earlier transaction? > > 2. If this change has benefit, what should be considered a sufficiently > > better feerate or reduction in witness size? > > An advantage of this mempool-accept policy change is that it's > > miner-incentive compatible (miners would prefer to mine a transaction > > with a higher feerate). But there is of course a code complexity cost, > > and transaction-relay DoS concern. > > Being miner-incentive compatible is good, but is that sufficient > > justification for merging? I'm posting to the mailing list in hopes that > > there are use-cases that we (the PR authors) aren't aware of. Please > > reply here or on the PR if you can think of any. > > A perhaps subtle advantage: This PR may provide a defense against a > > mempool pinning attack: if you have a transaction shared with other > > parties, and one of them broadcasts the transaction with a bloated > > witness (thus intentionally reducing the feerate in hopes of delaying > > or preventing confirmation), you currently have no way to change it. > > If there is an application out there that uses same-txid-different-witnes= s > > transactions shared between counterparties, this PR would help make > > those applications safe. > > Question 2 gets at a DoS tradeoff: If the new transaction may have > > only a very slightly smaller witness, an attacker might re-broadcast it > > many times, consuming a lot of relay bandwidth, and CPU to update > > the mempool. On the other hand, if the new transaction must have a much > > smaller witness, then it wouldn't be possible to replace a transaction wi= th > > a beneficially-smaller one. > > This could be a per-node setting, but it's desirable for the node > > network to largely agree on relay policies (although a configuration > > option might be useful for testing and experimentation). > > Background: > > Bip125 (Replace-by-fee) allows an incoming transaction to replace one > > or more existing conflicting transactions if certain DoS-mitigation > > conditions are met: > > https://github.com/bitcoin/bitcoin/blob/master/doc/policy/mempool-replace= ments.md > > Witness-replacement is similar to RBF, but differs in a few ways: > > - RBF rule 4 requires an absolute fee increase, which is not possible if > > the txid isn't changing (since the inputs, outputs, and amounts must be > > the same). So if transaction witness-replacement (same txid but different > > wtxid) is allowed, it can't be considered just a special case of an RBF, > > although it may have some similar policies (and for the same reasons). > > - With witness-replacement, it's not necessary to evict mempool > > descendant transactions because their inputs' txid references to their > > parent (who is being replaced) remain valid. > > - The new transaction replaces exactly one existing transaction since > > the inputs are the same. (In general, with RBF, the new transaction may > > conflict-out multiple existing mempool transactions, namely, all that > > spend the same outputs as the new transaction.) > > - RBF requires the original transaction to signal replaceability > > (rule 1). This is so that recipients are warned that their payment may > > disappear if the transaction is replaced. But signaling isn't required > > by witness-replacement since the outputs can't change (the descendants > > remain valid). > > Thanks for your time! > > Larry Ruane (with lots of help from Gloria Zhao) > > _______________________________________________ > > bitcoin-dev mailing list > > bitcoin-dev@lists.linuxfoundation.org > > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev