1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
|
Return-Path: <alicexbt@protonmail.com>
Received: from smtp2.osuosl.org (smtp2.osuosl.org [140.211.166.133])
by lists.linuxfoundation.org (Postfix) with ESMTP id 0DF00C002D
for <bitcoin-dev@lists.linuxfoundation.org>;
Tue, 10 Jan 2023 17:10:50 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
by smtp2.osuosl.org (Postfix) with ESMTP id D761540393
for <bitcoin-dev@lists.linuxfoundation.org>;
Tue, 10 Jan 2023 17:10:49 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org D761540393
Authentication-Results: smtp2.osuosl.org;
dkim=pass (2048-bit key) header.d=protonmail.com header.i=@protonmail.com
header.a=rsa-sha256 header.s=protonmail3 header.b=Jkaj1dxb
X-Virus-Scanned: amavisd-new at osuosl.org
X-Spam-Flag: NO
X-Spam-Score: -2.102
X-Spam-Level:
X-Spam-Status: No, score=-2.102 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001,
RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001,
SPF_HELO_PASS=-0.001, SPF_PASS=-0.001]
autolearn=ham autolearn_force=no
Received: from smtp2.osuosl.org ([127.0.0.1])
by localhost (smtp2.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id ZohccEkZLjOO
for <bitcoin-dev@lists.linuxfoundation.org>;
Tue, 10 Jan 2023 17:10:48 +0000 (UTC)
X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org BFD9040104
Received: from mail-40130.protonmail.ch (mail-40130.protonmail.ch
[185.70.40.130])
by smtp2.osuosl.org (Postfix) with ESMTPS id BFD9040104
for <bitcoin-dev@lists.linuxfoundation.org>;
Tue, 10 Jan 2023 17:10:47 +0000 (UTC)
Date: Tue, 10 Jan 2023 17:10:37 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com;
s=protonmail3; t=1673370645; x=1673629845;
bh=lPgSPW4vtPIQeVDzUCf5EmSSYoTfcbQg4wjCnZoPzFk=;
h=Date:To:From:Subject:Message-ID:In-Reply-To:References:
Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID:
Message-ID:BIMI-Selector;
b=Jkaj1dxbZddHFGfaAT3s2FpeDGK3/fNNVQ9PfxjLzV3KcvUZAyHK8QkfWy+jQJ1/i
B95Mot96ljv7Ua3b3XDDJmmfzGAVze10UTMN2e6V5LHlb9T96VTzjSPtK0Rj9lIwqG
UrxPxjGRFxQ5D7jvXAXs2N0pR4JQMupNLv2fYbYyWWuGZQXdBRsnzXrrAp+cv4Ex+G
NiXYqw2Pk8fo2mYqFN82S0ZJaZEFMpXpK9SAmfa8MaGtfqfgaxAw2ouPmH05P5FobP
MdlSC2u6LuRqLYGPUiAiyFCXgjykzOBcIwD0ZLpe4fxg41G6YJ+XTM/PMmhJf0EkZ0
BcR9hzqEdyScA==
To: Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
From: alicexbt <alicexbt@protonmail.com>
Message-ID: <b3dDOCk8uf5GYtk12iN_EvY9obWchVL-qrNzEJMSf9JqqdcE6uBT8-alz-uK8aNeG_WyUGPLCi1tUxdhjXIPf2uMTbzCaV_5JHUk-FM1wJg=@protonmail.com>
In-Reply-To: <Y7035Edqoq8CK+nl@petertodd.org>
References: <Y7ySzDjzx5eDjOH9@petertodd.org>
<OwgJwjPrZWRtBaIDDZ8g-xbFPlryUXUopqUuKYVUNE-mVHzCWHFXl77YzDlItEjHTHcGjpzIC5alGsnFEsOtSgHLm9We92gcWrLTahzPGFk=@protonmail.com>
<Y7035Edqoq8CK+nl@petertodd.org>
Feedback-ID: 40602938:user:proton
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Mailman-Approved-At: Thu, 12 Jan 2023 09:59:50 +0000
Subject: Re: [bitcoin-dev] Why Full-RBF Makes DoS Attacks on Multiparty
Protocols Significantly More Expensive
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Jan 2023 17:10:50 -0000
Hi Peter,
> Bringing up Whirlpool here is silly. Everyone knows Samourai has made, at=
best,
> some rather insane technical decisions. Quite likely downright malicious =
with
> their xpub collection. Their opinion isn't relevant. Cite reputable sourc=
es.
I didn't want this thread to become a wasabi vs samourai debate instead wan=
ted to focus on full-rbf and how it affects different coinjoin implementati=
ons. Samourai wallet can be used with [dojo][0] that includes full node and=
Whirlpool can be used in [sparrow Wallet][1] as well. There are several re=
asons to not use wasabi and consider their opinion irrelevant. Wasabi has m=
any privacy issues including address reuse and consolidation in a coinjoin =
tx. They completely lost their reputation after deciding to work with chain=
analysis firms that help governments for censorship of some UTXOs.
Even _nothingmuch_ who has contributed to Wasabi's coinjoin implementation =
has [no major issues][2] with whirlpool if used properly. Some [tweets][3] =
in this thread even show their incompetence and major issues with wabisabi.
Anyway thanks for responding to other things I mentioned in last email.
[0]: https://code.samourai.io/dojo/samourai-dojo
[1]: https://sparrowwallet.com/docs/mixing-whirlpool.html
[2]: https://twitter.com/search?lang=3Den&q=3Dwhirlpool%20(from%3AmHaGqnOAC=
yFm0h5)&src=3Dtyped_query
[3]: https://twitter.com/mHaGqnOACyFm0h5/status/1538748210210013184
/dev/fd0
floppy disc guy
Sent with Proton Mail secure email.
------- Original Message -------
On Tuesday, January 10th, 2023 at 3:33 PM, Peter Todd <pete@petertodd.org> =
wrote:
> On Tue, Jan 10, 2023 at 09:19:39AM +0000, alicexbt wrote:
>=20
> > Hi Peter,
> >=20
> > > ## How Full-RBF Mitigates the Double-Spend DoS Attack
> > >=20
> > > Modulo tx-pinning, full-rbf mitigates the double-spend DoS attack in =
a very
> > > straightforward way: the low fee transaction is replaced by the highe=
r fee
> > > transaction, resulting in the latter getting mined in a reasonable am=
ount of
> > > time and the protocol making forward progress.
> >=20
> > Asking this question based on a discussion on twitter. How would you ge=
t extra sats to increase the fees?
>=20
>=20
> You're misunderstanding the issue. There is no need for extra sats to inc=
rease
> fees. Coinjoin transactions already have fees set at a level at which you=
'd
> expect them to be mined in a reasonable amount of time. Full-RBF ensures =
that,
> modulo tx pinning, either the coinjoin gets mined, or any double-spend ha=
s to
> have a high enough feerate that it will be mined in a reasonable amount o=
f time
> as well.
>=20
> > It seems this would be possible with Joinmarket, Wasabi and even joinst=
r although things would get worse for Whirlpool. Whirlpool coinjoin transac=
tions do not signal BIP 125 RBF so they were not replaceable earlier
>=20
>=20
> Bringing up Whirlpool here is silly. Everyone knows Samourai has made, at=
best,
> some rather insane technical decisions. Quite likely downright malicious =
with
> their xpub collection. Their opinion isn't relevant. Cite reputable sourc=
es.
>=20
> Anyway, Wasabi would like to move to making coinjoins opt-in to RBF. Thou=
gh
> full-rbf may come sooner; for technical reasons opt-in RBF is ugly to imp=
lement
> now as activation needs to be coordinated accross all clients:
>=20
> https://github.com/zkSNACKs/WalletWasabi/issues/9041#issuecomment-1376653=
020
>=20
> > however attacker would be able to perform DoS attacks now by double spe=
nding their inputs used in coinjoin.
>=20
>=20
> As I explained, attackers can already do this with or without full-rbf si=
mply
> by picking the right time to broadcast the double spend. It's not an effe=
ctive
> attack anyway: with a UTXO you can already hold up a coinjoin round by si=
mply
> failing to complete stage #2 of the coinjoin. Actually doing a double-spe=
nd
> simply guarantees that you're spending money on it. It's only effective w=
ith
> low-fee double-spends in the absence of full-rbf.
>=20
>=20
> This tweet is nuts. Eg "Gives well connected mining pools an added advant=
age"
> is simply false. Full-RBF does the exact opposite.
>=20
> --
> https://petertodd.org 'peter'[:-1]@petertodd.org
|