1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
|
Return-Path: <gsanders87@gmail.com>
Received: from smtp1.osuosl.org (smtp1.osuosl.org [IPv6:2605:bc80:3010::138])
by lists.linuxfoundation.org (Postfix) with ESMTP id AE461C002D
for <bitcoin-dev@lists.linuxfoundation.org>;
Fri, 8 Jul 2022 15:09:46 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
by smtp1.osuosl.org (Postfix) with ESMTP id 72F4B847E1
for <bitcoin-dev@lists.linuxfoundation.org>;
Fri, 8 Jul 2022 15:09:46 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp1.osuosl.org 72F4B847E1
Authentication-Results: smtp1.osuosl.org;
dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com
header.a=rsa-sha256 header.s=20210112 header.b=WUullZQe
X-Virus-Scanned: amavisd-new at osuosl.org
X-Spam-Flag: NO
X-Spam-Score: -1.848
X-Spam-Level:
X-Spam-Status: No, score=-1.848 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001,
HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from smtp1.osuosl.org ([127.0.0.1])
by localhost (smtp1.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id CrZAJK0QzDMX
for <bitcoin-dev@lists.linuxfoundation.org>;
Fri, 8 Jul 2022 15:09:45 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.8.0
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp1.osuosl.org 83D5C847C2
Received: from mail-pl1-x62d.google.com (mail-pl1-x62d.google.com
[IPv6:2607:f8b0:4864:20::62d])
by smtp1.osuosl.org (Postfix) with ESMTPS id 83D5C847C2
for <bitcoin-dev@lists.linuxfoundation.org>;
Fri, 8 Jul 2022 15:09:45 +0000 (UTC)
Received: by mail-pl1-x62d.google.com with SMTP id l12so11229145plk.13
for <bitcoin-dev@lists.linuxfoundation.org>;
Fri, 08 Jul 2022 08:09:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;
h=mime-version:references:in-reply-to:from:date:message-id:subject:to
:cc; bh=kIa+U7nfY+B3X+/RsxgYaHpzdpHQWT8ShYGxS+IhT+4=;
b=WUullZQeAYRDuEQ0kyVkI145FUPiFGAhe92TupVSn+KJbQKwG4NJbu0WbnIzii5KvY
1sMiTpSc653E6Qx6soLo8WT/PGd/eKpJTjBQ/EEyaYGYDQ5Dtvmsw+lclsVSPscS/x2z
w7N21Kn9YtEte4PQhKWUbLwt2D+rlyyLu4f4i0wkGGsb5itzsYcEeP7shaWwmlhxOeza
+SoV5rVyfhtE4Yv1xbf80bmydhb1zgG8ZXSOvY04QG47kce7a6bZNbTXaNy6ZSBIjie6
fHugFKdV4O+G9dgYdtavDhQtYCUFq1bcqRMYJ1nnbn0CpZtcntfA037fRHSIOGOuuEwe
YnGQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=x-gm-message-state:mime-version:references:in-reply-to:from:date
:message-id:subject:to:cc;
bh=kIa+U7nfY+B3X+/RsxgYaHpzdpHQWT8ShYGxS+IhT+4=;
b=xWUFunt0sODSuaeJK+ZiLFGowISLOZFQBuy6+GSCe0FnEGeekn18YkNaZt/VYY2ruN
TGKT3GCPNPuTlAWCgHFA5G082A+p2MhlGiGzLpoAXjnKara1KNTWZNWM/3URuy08i4Hv
zWJZNd3qPxVY2R6GGvcxAdGCI0M+ZMTJ6tWV9o2om6pBNM6pIqH2I5JvbqhupUELIrV7
9I3lQ6C0l7Ty6Nm4nwZktXkpnZTB8RDiED2AKqF7NDFQ/VPplkLvN8w4jj8BVP06oIh0
ujgT6SGrb36ew7G0jF2ZuLMFHByZswgsqWSpNXxARZJYC9690qInZ71iyQXzjhhyPLWL
h+6A==
X-Gm-Message-State: AJIora+Q6FD4B3nNT0mFUUVzHHm1gGvL2IkIR1qiai7tgLV0S0AKsZXb
IKHk6D8cB/wcJwr9BJwzCARiIgPMy/soEzcBsrI=
X-Google-Smtp-Source: AGRyM1sPXLYKXJdE4PCMqRGUK6Y2gukI/tI9aMULQSGu1gcG6p/FFhmKuBejeSzEn+U/wMMF5+a/3sIDnYJOlvR2gVM=
X-Received: by 2002:a17:902:8e85:b0:16a:380b:13a9 with SMTP id
bg5-20020a1709028e8500b0016a380b13a9mr4247739plb.109.1657292984884; Fri, 08
Jul 2022 08:09:44 -0700 (PDT)
MIME-Version: 1.0
References: <CALZpt+GOh-7weEypT9JrzcwthZJqHOfj7sf9FMuqi5_FZv0g7w@mail.gmail.com>
<gmDNbfrrvaZL4akV2DFwCuKrls9SScQjqxeRoEorEiYlv24dPt1j583iOtcB2lFrxZc59N3kp7T9KIM4ycl4QOmGBfDOUmO-BVHsttvtvDc=@protonmail.com>
<CALZpt+FJ-R9yCoMLP=Vcxk1U7n=-LKHUGctFZj0K-vTMsz==ew@mail.gmail.com>
<RJEFmrnjbzKQCBr4L7ebwBLzg7QHGXlaE19zj6jfkxL6xjfodgbfssZBQSYxm783Y4X5awuhL9Gj8IaBc4npE2oh3d1xoudKTrSsJ-dk0VQ=@protonmail.com>
<CALZpt+HXB=xh3qtxJFM7yUzRu1uj-pPtLQmT=5QV0dNfVuTpfQ@mail.gmail.com>
<Pb8H4PbeS-RaNOKfekOPdY8gQo4_Syd3HoTK26AO872f7tCKyGnty56KtcvmvrXFOJdC7nQgNHoQ37M4MNXQ6vqQ9du6BFbvGLbY3BdYVpY=@protonmail.com>
<Yrj9N7k8osWsxhY4@petertodd.org>
<0ikzVrbv3tA2fyv4iW7b_gPJ-qkrJS3x9HzouSqLabK3yHthgigPt9YZhGlr4_nCutAlRREfFSw1JW0k5KhBgSj1aBI2MSDTLqYHGYbqNrg=@protonmail.com>
<YshE2QKBEVnbf+Bg@petertodd.org>
In-Reply-To: <YshE2QKBEVnbf+Bg@petertodd.org>
From: Greg Sanders <gsanders87@gmail.com>
Date: Fri, 8 Jul 2022 11:09:33 -0400
Message-ID: <CAB3F3DtCuEBXo9r+UoS2z8npvVeR0hU-R7ZHcngPNdE6Jr+Zgw@mail.gmail.com>
To: Peter Todd <pete@petertodd.org>,
Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Content-Type: multipart/alternative; boundary="000000000000a723bd05e34c9734"
Subject: Re: [bitcoin-dev] Playing with full-rbf peers for fun and L2s
security
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Jul 2022 15:09:46 -0000
--000000000000a723bd05e34c9734
Content-Type: text/plain; charset="UTF-8"
The attacker isn't guaranteed to spend *any* funds to disrupt the protocol
indefinitely, that's the issue here. In this scenario, her input double
spend is at an impractical feerate, and is never included in a block,
sitting at the bottom of the mempool.
The other users' only practical choice is to double-spend their own input
to get their money back(at competitive rates much higher than the
attacker), or wait and hope you win a propagation race somewhere.
On Fri, Jul 8, 2022 at 10:53 AM Peter Todd via bitcoin-dev <
bitcoin-dev@lists.linuxfoundation.org> wrote:
> On Tue, Jul 05, 2022 at 08:46:51PM +0000, alicexbt wrote:
> > Hi Peter,
> >
> > > Note that Wasabi already has a DoS attack vector in that a participant
> can stop
> > > participating after the first phase of the round, with the result that
> the
> > > coinjoin fails. Wasabi mitigates that by punishing participating in
> future
> > > rounds. Double-spends only create additional types of DoS attack that
> need to
> > > be detected and punished as well - they don't create a fundamentally
> new
> > > vulerability.
> >
> > I agree some DoS vectors are already mitigated however punishment in
> this case will be difficult because the transaction is broadcasted after
> signing and before coinjoin tx broadcast.
> >
> > Inputs are already checked multiple times for double spend during
> coinjoin round: https://github.com/zkSNACKs/WalletWasabi/pull/6460
> >
> > If all the inputs in the coinjoin transaction that failed to relay are
> checked and one or more are found to be spent later, what will be punished
> and how does this affect the attacker with thousands of UTXOs or normal
> users?
>
> Point is, the attacker is thousands of UTXOs can also DoS rounds by simply
> failing to complete the round. In fact, the double-spend DoS attack
> requires
> more resources, because for a double-spend to be succesful, BTC has to be
> spent
> on fees.
>
> It's just a fact of life that a motivated attacker can DoS attack Wasabi by
> spending money. That's a design choice that's serving them well so far.
>
> --
> https://petertodd.org 'peter'[:-1]@petertodd.org
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>
--000000000000a723bd05e34c9734
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><div>The attacker isn't guaranteed=C2=A0to spend *any*=
funds to disrupt the protocol indefinitely, that's the issue here. In =
this scenario, her input double spend is at an impractical feerate, and is =
never included in a block, sitting at the bottom of the mempool.<br></div><=
div><br></div><div>The other users' only practical choice is to double-=
spend their own input to get their money back(at competitive rates much hig=
her than the attacker), or wait and hope you win a propagation race somewhe=
re.</div><div><br></div><div>=C2=A0</div></div><br><div class=3D"gmail_quot=
e"><div dir=3D"ltr" class=3D"gmail_attr">On Fri, Jul 8, 2022 at 10:53 AM Pe=
ter Todd via bitcoin-dev <<a href=3D"mailto:bitcoin-dev@lists.linuxfound=
ation.org">bitcoin-dev@lists.linuxfoundation.org</a>> wrote:<br></div><b=
lockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-le=
ft:1px solid rgb(204,204,204);padding-left:1ex">On Tue, Jul 05, 2022 at 08:=
46:51PM +0000, alicexbt wrote:<br>
> Hi Peter,<br>
> <br>
> > Note that Wasabi already has a DoS attack vector in that a partic=
ipant can stop<br>
> > participating after the first phase of the round, with the result=
that the<br>
> > coinjoin fails. Wasabi mitigates that by punishing participating =
in future<br>
> > rounds. Double-spends only create additional types of DoS attack =
that need to<br>
> > be detected and punished as well - they don't create a fundam=
entally new<br>
> > vulerability.<br>
> <br>
> I agree some DoS vectors are already mitigated however punishment in t=
his case will be difficult because the transaction is broadcasted after sig=
ning and before coinjoin tx broadcast.<br>
> <br>
> Inputs are already checked multiple times for double spend during coin=
join round: <a href=3D"https://github.com/zkSNACKs/WalletWasabi/pull/6460" =
rel=3D"noreferrer" target=3D"_blank">https://github.com/zkSNACKs/WalletWasa=
bi/pull/6460</a><br>
> <br>
> If all the inputs in the coinjoin transaction that failed to relay are=
checked and one or more are found to be spent later, what will be punished=
and how does this affect the attacker with thousands of UTXOs or normal us=
ers?<br>
<br>
Point is, the attacker is thousands of UTXOs can also DoS rounds by simply<=
br>
failing to complete the round. In fact, the double-spend DoS attack require=
s<br>
more resources, because for a double-spend to be succesful, BTC has to be s=
pent<br>
on fees.<br>
<br>
It's just a fact of life that a motivated attacker can DoS attack Wasab=
i by<br>
spending money. That's a design choice that's serving them well so =
far.<br>
<br>
-- <br>
<a href=3D"https://petertodd.org" rel=3D"noreferrer" target=3D"_blank">http=
s://petertodd.org</a> 'peter'[:-1]@<a href=3D"http://petertodd.org"=
rel=3D"noreferrer" target=3D"_blank">petertodd.org</a><br>
_______________________________________________<br>
bitcoin-dev mailing list<br>
<a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org" target=3D"_blank">=
bitcoin-dev@lists.linuxfoundation.org</a><br>
<a href=3D"https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev" =
rel=3D"noreferrer" target=3D"_blank">https://lists.linuxfoundation.org/mail=
man/listinfo/bitcoin-dev</a><br>
</blockquote></div>
--000000000000a723bd05e34c9734--
|
