1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
|
Return-Path: <dario@muun.com>
Received: from smtp3.osuosl.org (smtp3.osuosl.org [140.211.166.136])
by lists.linuxfoundation.org (Postfix) with ESMTP id E9725C002D
for <bitcoin-dev@lists.linuxfoundation.org>;
Fri, 21 Oct 2022 21:13:55 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
by smtp3.osuosl.org (Postfix) with ESMTP id B01D660E6B
for <bitcoin-dev@lists.linuxfoundation.org>;
Fri, 21 Oct 2022 21:13:55 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org B01D660E6B
Authentication-Results: smtp3.osuosl.org;
dkim=pass (2048-bit key) header.d=muun-com.20210112.gappssmtp.com
header.i=@muun-com.20210112.gappssmtp.com header.a=rsa-sha256
header.s=20210112 header.b=bXgJ+t6B
X-Virus-Scanned: amavisd-new at osuosl.org
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from smtp3.osuosl.org ([127.0.0.1])
by localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id w8qJ84dPF0u5
for <bitcoin-dev@lists.linuxfoundation.org>;
Fri, 21 Oct 2022 21:13:54 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.8.0
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org 47998605A6
Received: from mail-wr1-x430.google.com (mail-wr1-x430.google.com
[IPv6:2a00:1450:4864:20::430])
by smtp3.osuosl.org (Postfix) with ESMTPS id 47998605A6
for <bitcoin-dev@lists.linuxfoundation.org>;
Fri, 21 Oct 2022 21:13:54 +0000 (UTC)
Received: by mail-wr1-x430.google.com with SMTP id a14so4035744wru.5
for <bitcoin-dev@lists.linuxfoundation.org>;
Fri, 21 Oct 2022 14:13:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=muun-com.20210112.gappssmtp.com; s=20210112;
h=cc:to:subject:message-id:date:from:in-reply-to:references
:mime-version:from:to:cc:subject:date:message-id:reply-to;
bh=0rWnS0gjVo/IMXAZhIRT9c66/lSDkY0IXtUN5KA9tqw=;
b=bXgJ+t6BcxDZwLxT776h7rSuGivBp2qKNMCNRZjsy4GL/JxTJd1sMOkRJeJj21xFIC
9qrBxoeRkQwLc9XDoZJJVqvKUpWXtWUeisbfiu1WXTBWnzeIknq+NSIBBkZY8uDSuDza
P8ULyiLArYoRCfYbXXU32UOUeHEF61YjvCDgzNfqfq26/GgoTTVyflmotbHcgWanHjLx
8xE5Te2GRe1H6pzbMoDFUkPOLOBAhLacBXV+5umBLNzcRsriGp1p8uKP+Q37lNIrCh7K
m0fSOXY+15rnI33w+mkSnns2AfNlaUunfYi5tepgm42LoQ/ijz3JCcjNCNHjIXYWT0g4
COBQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=cc:to:subject:message-id:date:from:in-reply-to:references
:mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
:reply-to;
bh=0rWnS0gjVo/IMXAZhIRT9c66/lSDkY0IXtUN5KA9tqw=;
b=oWWOh/QvZydGWTtScAiDW824gAbprLXNP9ApGfYAzT7UDaDdp8Ceg6Fy0dC71w+b5z
O7TSMJBuz4gr+wLbvgXCLAbHsJUqPjwDXUFXzUlbEBLka+Q8awdqwT2tgk+75deCbBgJ
LEsrJkn6PKeYD+bt8ZqSl1VLMel4KGBD6+okoYKY0lfU022bWzAu/jmIRHkJ1aNscWQi
Lw9X2FghINJjOdyA/ejx4avplVBDKU8NsYrCgMhKV2yybq75szgQggZOUh6UiU5rvmys
enLh/0vsUYJ4pJjmzzTUwMLpGWmvAhuAgHQF4VsvCcqAIjDa/BO+njzHvmO9K/uiuky5
ojfQ==
X-Gm-Message-State: ACrzQf20eRzNiYWgpxHwUCnyYz7NpAzBs7hDT2Yxt/J6DfDNvJFFFSHH
U5zrBdLp8SR2KGEfxtvnvKrP2eu4USdedgrcpAqQ5PDo7eIeRw==
X-Google-Smtp-Source: AMsMyM6UB0kXiQpL3yPotuMrxnIH0L8A+ggAH8/0FoRD3laufvP7wG/JdxYrJKo1NXKecvuwe3M1Uk6UQD855j5tjhk=
X-Received: by 2002:a05:6000:1a85:b0:230:f238:a48c with SMTP id
f5-20020a0560001a8500b00230f238a48cmr13141032wry.92.1666386832384; Fri, 21
Oct 2022 14:13:52 -0700 (PDT)
MIME-Version: 1.0
References: <CAKiPDnSsKPhL9-0pJBNav6SYJ45qiuxB6X-NMa1i65vHrxK2bA@mail.gmail.com>
<CALZpt+FPWSFbr6r-5J0YO1o3SvMQC4Gyj-QWTJ4yA3ZbJtOUxQ@mail.gmail.com>
In-Reply-To: <CALZpt+FPWSFbr6r-5J0YO1o3SvMQC4Gyj-QWTJ4yA3ZbJtOUxQ@mail.gmail.com>
From: Dario Sneidermanis <dario@muun.com>
Date: Fri, 21 Oct 2022 18:13:41 -0300
Message-ID: <CAKiPDnQ68HgVYxB5nyJ+XQzs1L1KBqiuxFpnk3eqv3egEWziaA@mail.gmail.com>
To: Antoine Riard <antoine.riard@gmail.com>
Content-Type: multipart/alternative; boundary="00000000000033fe0605eb91eb7f"
X-Mailman-Approved-At: Fri, 21 Oct 2022 21:43:02 +0000
Cc: Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] Analysis of full-RBF deployment methods
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Oct 2022 21:13:56 -0000
--00000000000033fe0605eb91eb7f
Content-Type: text/plain; charset="UTF-8"
Hello Antoine,
Thanks for taking the time to answer every email with detailed analysis! I
can
see it's a lot of work. I'll answer inline.
On Thu, Oct 20, 2022 at 10:50 PM Antoine Riard <antoine.riard@gmail.com>
wrote:
> Personally, I still think deferring full-rbf deployment, while it sounds
> reasonable to let existing services and applications adapt their software
and
> business models, doesn't come risk-free for the contracting protocols and
> multi-party applications affected by the pinning DoS vector. Deferring ad
> vitam aeternam left them exposed to disruptions when their traffic volume
> would start to be significant. While those use-cases
> (splicing/dual-channels/collaborative constructions) were mostly
vaporware a
> year ago when I raised the issue, it turns out they have become a far more
> tangible reality today. Beyond the 3 coinjoins services
> (Wasabi/Joinmarket/Whirlpool), we have new things like ln-vortex, or
Phoenix
> wallet and some LDK users planning to use dual-funded soon.
To solve the attack you described in [0], collaborative transaction
protocols
(such as dual-funded channels) need a *reliable* way to replace
transactions.
Otherwise, protocol parties using full-RBF may see replacements succeed in
their
own mempool, only to find out they weren't relayed to a miner once it's too
late
(ie. once the replacement that won is mined).
I'm calling a full-RBF deployment reliable to the point at which any
full-RBF-enabled node can broadcast a replacement and get it relayed all
the way
to a miner in a reliable manner (ie. with high-enough probability).
Even if we deployed opt-out (or mandatory!) full-RBF now and miners adopted
it
immediately, it would take almost a year (assuming normal deployment times)
for
it to be sufficiently deployed in the relaying layer to be considered
reliable.
An opt-in full-RBF deployment, as currently proposed (ie. without #25600),
has
very little chance of getting us nowhere near that kind of adoption.
Notice that #26323 (option 5 in the OP) has the advantage of getting us to a
reliable full-RBF network the fastest (in particular, much faster than the
current opt-in deployment) while not threatening zero-conf applications
until
the activation time. That is, #26323 gives us a way in which we don't need
to
choose between the security of one use case versus the other. We can have
both.
> I'm still looking forward to having more forums and communication channels
> between business/services operators and protocol developers, it sounds
like
> functional responsibilities between protocol and application layers could
be
> better clarified. However, I don't know if it should be the
responsibility of
> developers to solve every operational risk encumbered by a Bitcoin
business,
> like FX risk. I don't deny the interdependency between network policy
rules
> and business risk, I'm just saying Bitcoin protocol developers have
already
> heavily loaded engineering priorities between solving the half of dozen of
> Lightning vulnerabilities, working on the next consensus changes or
reviewing
> modularity refactoring of Bitcoin Core to extend the feature set in a
soft way
> (among tons of other examples).
I don't think asking for a predictable deployment timeline for a change that
would put some applications at increased risk could be described as
burdening
the developers with solving every operational risk. This deployment method
comparison's goal was precisely to soften the burden on core devs.
Cheers,
Dario
[0]
https://lists.linuxfoundation.org/pipermail/lightning-dev/2021-May/003033.html
--00000000000033fe0605eb91eb7f
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr">Hello Antoine,<br><br>Thanks for taking the time to answer=
every email with detailed analysis! I can<br>see it's a lot of work. I=
'll answer inline.<br><br>On Thu, Oct 20, 2022 at 10:50 PM Antoine Riar=
d <<a href=3D"mailto:antoine.riard@gmail.com">antoine.riard@gmail.com</a=
>> wrote:<br>> Personally, I still think deferring full-rbf deploymen=
t, while it sounds<br>> reasonable to let existing services and applicat=
ions adapt their software and<br>> business models, doesn't come ris=
k-free for the contracting protocols and<br>> multi-party applications a=
ffected by the pinning DoS vector. Deferring ad<br>> vitam aeternam left=
them exposed to disruptions when their traffic volume<br>> would start =
to be significant. While those use-cases<br>> (splicing/dual-channels/co=
llaborative constructions) were mostly vaporware a<br>> year ago when I =
raised the issue, it turns out they have become a far more<br>> tangible=
reality today. Beyond the 3 coinjoins services<br>> (Wasabi/Joinmarket/=
Whirlpool), we have new things like ln-vortex, or Phoenix<br>> wallet an=
d some LDK users planning to use dual-funded soon.<br><br>To solve the atta=
ck you described in [0], collaborative transaction protocols<br>(such as du=
al-funded channels) need a *reliable* way to replace transactions.<br>Other=
wise, protocol parties using full-RBF may see replacements succeed in their=
<br>own mempool, only to find out they weren't relayed to a miner once =
it's too late<br>(ie. once the replacement that won is mined).<br><br>I=
'm calling a full-RBF deployment reliable to the point at which any<br>=
full-RBF-enabled node can broadcast a replacement and get it relayed all th=
e way<br>to a miner in a reliable manner (ie. with high-enough probability)=
.<br><br>Even if we deployed opt-out (or mandatory!) full-RBF now and miner=
s adopted it<br>immediately, it would take almost a year (assuming normal d=
eployment times) for<br>it to be sufficiently deployed in the relaying laye=
r to be considered reliable.<br>An opt-in full-RBF deployment, as currently=
proposed (ie. without #25600), has<br>very little chance of getting us now=
here near that kind of adoption.<br><br>Notice that #26323 (option 5 in the=
OP) has the advantage of getting us to a<br>reliable full-RBF network the =
fastest (in particular, much faster than the<br>current opt-in deployment) =
while not threatening zero-conf applications until<br>the activation time. =
That is, #26323 gives us a way in which we don't need to<br>choose betw=
een the security of one use case versus the other. We can have both.<br><br=
>> I'm still looking forward to having more forums and communication=
channels<br>> between business/services operators and protocol develope=
rs, it sounds like<br>> functional responsibilities between protocol and=
application layers could be<br>> better clarified. However, I don't=
know if it should be the responsibility of<br>> developers to solve eve=
ry operational risk encumbered by a Bitcoin business,<br>> like FX risk.=
I don't deny the interdependency between network policy rules<br>> =
and business risk, I'm just saying Bitcoin protocol developers have alr=
eady<br>> heavily loaded engineering priorities between solving the half=
of dozen of<br>> Lightning vulnerabilities, working on the next consens=
us changes or reviewing<br>> modularity refactoring of Bitcoin Core to e=
xtend the feature set in a soft way<br>> (among tons of other examples).=
<br><br>I don't think asking for a predictable deployment timeline for =
a change that<br>would put some applications at increased risk could be des=
cribed as burdening<br>the developers with solving every operational risk. =
This deployment method<br>comparison's goal was precisely to soften the=
burden on core devs.<br><br>Cheers,<br>Dario<br><br>[0] <a href=3D"https:/=
/lists.linuxfoundation.org/pipermail/lightning-dev/2021-May/003033.html">ht=
tps://lists.linuxfoundation.org/pipermail/lightning-dev/2021-May/003033.htm=
l</a><br></div>
--00000000000033fe0605eb91eb7f--
|