1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
|
Return-Path: <antoine.riard@gmail.com>
Received: from smtp1.osuosl.org (smtp1.osuosl.org [140.211.166.138])
by lists.linuxfoundation.org (Postfix) with ESMTP id 480C0C002D
for <bitcoin-dev@lists.linuxfoundation.org>;
Tue, 14 Jun 2022 00:25:24 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
by smtp1.osuosl.org (Postfix) with ESMTP id 11CA381AF6
for <bitcoin-dev@lists.linuxfoundation.org>;
Tue, 14 Jun 2022 00:25:24 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001,
HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: smtp1.osuosl.org (amavisd-new);
dkim=pass (2048-bit key) header.d=gmail.com
Received: from smtp1.osuosl.org ([127.0.0.1])
by localhost (smtp1.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id jarah8UErlhU
for <bitcoin-dev@lists.linuxfoundation.org>;
Tue, 14 Jun 2022 00:25:23 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.8.0
Received: from mail-il1-x12b.google.com (mail-il1-x12b.google.com
[IPv6:2607:f8b0:4864:20::12b])
by smtp1.osuosl.org (Postfix) with ESMTPS id E54D581A1C
for <bitcoin-dev@lists.linuxfoundation.org>;
Tue, 14 Jun 2022 00:25:22 +0000 (UTC)
Received: by mail-il1-x12b.google.com with SMTP id s1so5537281ilj.0
for <bitcoin-dev@lists.linuxfoundation.org>;
Mon, 13 Jun 2022 17:25:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;
h=mime-version:from:date:message-id:subject:to;
bh=Z9AyOVWAvx7OFPF9C0fhWivqt6InT23eB4d9HE7b+0s=;
b=Fi4MOhHHKINF+04MLD2up4oAKelvISSzZTLJpqnWnu5HdqNrH0EO138g015O9hYC8b
JZ9PJgPBakfs7CWTbS6BDXUJmf6tqHaEl3LPALmsh8WwIghIPSk8kaohFZsf6KkSzp4+
IjdDlsv19mjSSb9MZviTZtgYVxfjAdwIIQS9IJnf7snXyoI7xXpWE/AXP1sQ8F5YFZsI
EyGgjTsWpYyY+XaQAv0YX/b4g8gHiJNeoizyqLlwSw09fgQvo+QSryEJlzJKsyYGhjdO
maOXL4U+lPaOdtWQauURFmAi8DsrXwdZjagMZlppZkPig91IJbSfJx8orYSODKtJOhBd
1Oag==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=x-gm-message-state:mime-version:from:date:message-id:subject:to;
bh=Z9AyOVWAvx7OFPF9C0fhWivqt6InT23eB4d9HE7b+0s=;
b=3Pfi68ED8ysq4kOCX8AX4houUCE1AweZE1yX9SYbsOinxqXt4Iv0X+3WLqb2K/4ZGT
N0GgaIuLYqFYbyC+yfPzOVcDwHikVlcs7vad2j+QC5tX3e+q+8wQQWc+6JRKhJUcsJHg
+4OlOPs58eGHyM9jt5f+LRA5dbUeHbRSQGm5nuqOS3D6GLHUP/f2eWFl8Rjl49GUtIE6
nLzPOMgkbgYGkqJKd86eaE3q0dwHZFDzUHBHYMQqruZL+y8i+jTplPTPYTPNnR05aE2m
pONPXq68npB4TOPQW2J+vm2MNzk+1aTI9H85gqGrAlL4zu4TbhSmf1gBm0zcEF7/feUI
33Bw==
X-Gm-Message-State: AJIora+dfX8dRjdOCexUrvHESTHyRiW0HSKv377l1zCSoqZv6645JZ8v
O4RVtsO/Q6ZUZ4rCW602tbDeKJzX4VwzP5l2Rdix4b7Zd7g=
X-Google-Smtp-Source: AGRyM1tZSr/9G2X0hoxCCH2lRCcEUeWWbRNd7AL8oIlnwT5tAcov6aU6/zdWXAZcWHY6rOJ8rkiUuAc/nLQbEeAV39A=
X-Received: by 2002:a05:6e02:1b87:b0:2d6:5e74:217a with SMTP id
h7-20020a056e021b8700b002d65e74217amr1376108ili.74.1655166321883; Mon, 13 Jun
2022 17:25:21 -0700 (PDT)
MIME-Version: 1.0
From: Antoine Riard <antoine.riard@gmail.com>
Date: Mon, 13 Jun 2022 20:25:11 -0400
Message-ID: <CALZpt+GOh-7weEypT9JrzcwthZJqHOfj7sf9FMuqi5_FZv0g7w@mail.gmail.com>
To: Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Content-Type: multipart/alternative; boundary="000000000000a9011405e15d7093"
X-Mailman-Approved-At: Tue, 14 Jun 2022 02:51:29 +0000
Subject: [bitcoin-dev] Playing with full-rbf peers for fun and L2s security
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Jun 2022 00:25:24 -0000
--000000000000a9011405e15d7093
Content-Type: text/plain; charset="UTF-8"
Hi list,
Recent discussions among LN devs have brought back on the surface concerns
about the security of multi-party funded transactions (coinjoins,
dual-funded LN channels, on-chain DLCs, ...). It turns out there is a
low-fruit, naive DoS vector playable against the funding flow of any such
construction due to the lack of existent full-rbf transaction-relay
topology on today's p2p network [0] [1]. While it does not consist in a
direct loss of funds, if exploited well I think it's annoying enough to
inflict significant timevalue loss or fee-bumping waste
to the future providers or distributed swarm of users doing multi-party
funded transactions. Of course, it can be fixed one layer above by
introducing either fidelity bonds or a reliable centralized coordinator,
though at the price of an overhead per-participant ressources cost and loss
in system openness [1].
For that reason, I believe it would be beneficial to the flourishing of
multi-party funded transactions to fix the Dos vector by seeing a subset of
the network running full-rbf and enabling propagation of honest multi-party
transactions to the interested miners, replacing potential non-signaling
double-spend from a malicious counterparty. Moving towards that direction,
I've submitted a small patch against Bitcoin Core enabling it to turn on
full-rbf as a policy, still under review [3]. The default setting stays
**false**, i.e keeping opt-in RBF as a default replacement policy. I've
started to run the patch on a public node at 146.190.224.15.
If you're a node operator curious to play with full-rbf, feel free to
connect to this node or spawn up a toy, public node yourself. There is a
##uafrbf libera chat if you would like information on the settings or
looking for full-rbf friends (though that step could be automated in the
future by setting up a dedicated network bit and reserving a few outbound
slots for them).
If you're a mining operator looking to increase your income, you might be
interested to experiment with full-rbf as a policy. Indeed, in the future I
believe the multi-party transactions issuers who need full-rbf to secure
their funding flow should connect by default to full-rbf peers. One can
conjecture that their transactions are likely to be more compelling in
their feerate as their liquidity needs are higher than the simple
transaction. For today, I think we have really few standards and bitcoin
softwares relying on multi-party funded transactions [4].
If you're a Bitcoin user or business and you don't like full-rbf, please
express an opinion on how it might affect your software/operations. I'm
always interested to learn more about mempool and transaction-relay
interactions with upper-layers and applications and to listen to feedback
in those areas, and I guess a lot of other Bitcoin researchers/devs too. I
know there have been a lot of concerns about full-rbf in the past, however
I believe the Bitcoin ecosystem has matured a lot since then.
Any mistakes or missing context is my own.
Cheers,
Antoine
[0] For more info about replace-by-fee, see
https://bitcoinops.org/en/topics/replace-by-fee/
[1] For more details about the DoS vector, see
https://lists.linuxfoundation.org/pipermail/lightning-dev/2021-May/003033.html
[2] E.g I think it does not affect the Lightning Pool service, as there is
a preliminary step where the participant funds are locked first in a 2-of-2
with the coordinator before being committed in the multi-party batch
transaction.
[3] https://github.com/bitcoin/bitcoin/pull/25353
[4] E.g DLCs :
https://github.com/discreetlogcontracts/dlcspecs/blob/master/Transactions.md
; Lightning dual-funded channel :
https://github.com/lightning/bolts/pull/851
--000000000000a9011405e15d7093
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr">Hi list,<br><br>Recent discussions among LN devs have brou=
ght back on the surface concerns about the security of multi-party funded t=
ransactions (coinjoins, dual-funded LN channels, on-chain DLCs, ...). It tu=
rns out there is a low-fruit, naive DoS vector playable against the funding=
flow of any such construction due to the lack of existent full-rbf transac=
tion-relay topology on today's p2p network [0] [1]. While it does not c=
onsist in a direct loss of funds, if exploited well I think it's annoyi=
ng enough to inflict significant timevalue loss or fee-bumping waste <br>to=
the future providers or distributed swarm of users doing multi-party funde=
d transactions. Of course, it can be fixed one layer above by introducing e=
ither fidelity bonds or a reliable centralized coordinator, though at the p=
rice of an overhead per-participant ressources cost and loss in system open=
ness [1].<br><br>For that reason, I believe it would be beneficial to the f=
lourishing of multi-party funded transactions to fix the Dos vector by seei=
ng a subset of the network running full-rbf and enabling propagation of hon=
est multi-party transactions to the interested miners, replacing potential =
non-signaling double-spend from a malicious counterparty. Moving towards th=
at direction, I've submitted a small patch against Bitcoin Core enablin=
g it to turn on full-rbf as a policy, still under review [3]. The default s=
etting stays **false**, i.e keeping opt-in RBF as a default replacement pol=
icy. I've started to run the patch on a public node at 146.190.224.15.<=
br><br>If you're a node operator curious to play with full-rbf, feel fr=
ee to connect to this node or spawn up a toy, public node yourself. There i=
s a ##uafrbf libera chat if you would like information on the settings or l=
ooking for full-rbf friends (though that step could be automated in the fut=
ure by setting up a dedicated network bit and reserving a few outbound slot=
s for them).<br><br>If you're a mining operator looking to increase you=
r income, you might be interested to experiment with full-rbf as a policy. =
Indeed, in the future I believe the multi-party transactions issuers who ne=
ed full-rbf to secure their funding flow should connect by default to full-=
rbf peers. One can conjecture that their transactions are likely to be more=
compelling in their feerate as their liquidity needs are higher than the s=
imple transaction. For today, I think we have really few standards and bitc=
oin softwares relying on multi-party funded transactions [4].<br><br>If you=
're a Bitcoin user or business and you don't like full-rbf, please =
express an opinion on how it might affect your software/operations. I'm=
always interested to learn more about mempool and transaction-relay intera=
ctions with upper-layers and applications and to listen to feedback in thos=
e areas, and I guess a lot of other Bitcoin researchers/devs too. I know th=
ere have been a lot of concerns about full-rbf in the past, however I belie=
ve the Bitcoin ecosystem has matured a lot since then.<br><br>Any mistakes =
or missing context is my own.<br><br>Cheers,<br>Antoine<br><br>[0] For more=
info about replace-by-fee, see <a href=3D"https://bitcoinops.org/en/topics=
/replace-by-fee/">https://bitcoinops.org/en/topics/replace-by-fee/</a><br><=
br>[1] For more details about the DoS vector, see <a href=3D"https://lists.=
linuxfoundation.org/pipermail/lightning-dev/2021-May/003033.html">https://l=
ists.linuxfoundation.org/pipermail/lightning-dev/2021-May/003033.html</a><b=
r><br>[2] E.g I think it does not affect the Lightning Pool service, as the=
re is a preliminary step where the participant funds are locked first in a =
2-of-2 with the coordinator before being committed in the multi-party batch=
transaction.<br><br>[3] <a href=3D"https://github.com/bitcoin/bitcoin/pull=
/25353">https://github.com/bitcoin/bitcoin/pull/25353</a><br><br>[4] E.g DL=
Cs : <a href=3D"https://github.com/discreetlogcontracts/dlcspecs/blob/maste=
r/Transactions.md">https://github.com/discreetlogcontracts/dlcspecs/blob/ma=
ster/Transactions.md</a> ; Lightning dual-funded channel : <a href=3D"https=
://github.com/lightning/bolts/pull/851">https://github.com/lightning/bolts/=
pull/851</a><br></div>
--000000000000a9011405e15d7093--
|