1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
|
Delivery-date: Sat, 20 Jul 2024 08:12:40 -0700
Received: from mail-oa1-f57.google.com ([209.85.160.57])
by mail.fairlystable.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
(Exim 4.94.2)
(envelope-from <bitcoindev+bncBDRYHVHZTUGRBYFH562AMGQEYUSY2GA@googlegroups.com>)
id 1sVBlH-0003tp-PM
for bitcoindev@gnusha.org; Sat, 20 Jul 2024 08:12:40 -0700
Received: by mail-oa1-f57.google.com with SMTP id 586e51a60fabf-26435434d25sf122639fac.0
for <bitcoindev@gnusha.org>; Sat, 20 Jul 2024 08:12:39 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1721488353; cv=pass;
d=google.com; s=arc-20160816;
b=Z8LnprHkPTBsAJco45IW3K4nnrg+qIlYNfMgNv0R7mkwCzgQjOkBNVU9TzMQQF2mYT
BaXyIRKmB/270ubqmgwnEIL/0crhXFtWpuiNBfOQxc+0Q1mEsC7DXKqzdTZu/pKvXbXG
lQ6zzCTaF8KJZgP5aaY2dYhi5dw7WxO0yr/HHXWDPcDEYBTRRosLxc3NsQF4t+eVihhV
twKM3AZiT/c3JEiBHhX+3svqT8BUtbAdNTbriufUKK9H0TguTdg8EHScyImFq+Bf7R7p
ntqp71DnjG8wjF3LygJcwtePw+WKxTs7w13+3ShjcWY4Cw79nLqSgbwJA0H6MvFWv+4w
XtbQ==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:in-reply-to:content-disposition
:mime-version:references:message-id:subject:cc:to:from:date
:feedback-id:sender:dkim-signature;
bh=XQeWNDpTaD4NQTIimt1xv+k24Ja07Ri6IE0aULWmWNQ=;
fh=wO38tayyCMmZN2Vkjk9cnOb+mIJPOLCPAkwsbP1Zw1Q=;
b=jW9RFOqey5OufWrksby07HnFx94c4sF7HdKxxiuEd6Ew+Mg4jPkNFjRRWuV6XBSn5k
3JVJqS4x55+whBlZAo6sJDYVZCooR5wjSlpcknp49Qep6FnJ/2Wkbz3Y3OXzXTIELKVK
mAh4X9NpzwfJWS5A1NMRXTbZgSWXbC/7kW2RMYpyn/doLDgQoGseCCuI0iLaOwZIkda9
4wjAE9CiLZ09VIPpquJSiQUddMocjmMmfZFoivcaWPoQKzNq9bKwWVkqHhqcfomHuf86
0eMJ5dxlxppVcgvxHqEJRZYIgzztfnJHUsQzdg8KtfeOcB8xCVQDHLUcps6o9wf+Y1TZ
xHIw==;
darn=gnusha.org
ARC-Authentication-Results: i=2; gmr-mx.google.com;
dkim=pass header.i=@messagingengine.com header.s=fm3 header.b=dBWVdTaC;
spf=pass (google.com: domain of pete@petertodd.org designates 103.168.172.152 as permitted sender) smtp.mailfrom=pete@petertodd.org
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=googlegroups.com; s=20230601; t=1721488353; x=1722093153; darn=gnusha.org;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:x-original-authentication-results
:x-original-sender:in-reply-to:content-disposition:mime-version
:references:message-id:subject:cc:to:from:date:feedback-id:sender
:from:to:cc:subject:date:message-id:reply-to;
bh=XQeWNDpTaD4NQTIimt1xv+k24Ja07Ri6IE0aULWmWNQ=;
b=TlqRJ+Dt+ylNc9fCVoml7kNutTc2PR90E8b156ugMNy8Vcf2hWOiEnk3i4sblAJlJ3
uKR19V9ehUszYLDCRXLYRY9dp1MblkO4Y7GXolvFFHTvfAPtDOdj29RnY2v84tTA2vpa
iWZJpiwPFTqkLELZ1lvn9vjt3xzMg45A2oxx42QkEmz6le7iFVHgevYE/5MarcJzBkJI
ElILgna24vaT3QXyFE4VoOo7gnYTjvX0JJSTJGbhZ9eI2OdTP7Nb4q7TM0owS39ALecX
38d61X6Hss+CcssQHThbnDow+ySta9RpfaofJ/UxW6QlKfugWEl0g4r3pOgrOZ0HC2cQ
YRiA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1721488353; x=1722093153;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:x-original-authentication-results
:x-original-sender:in-reply-to:content-disposition:mime-version
:references:message-id:subject:cc:to:from:date:feedback-id
:x-beenthere:x-gm-message-state:sender:from:to:cc:subject:date
:message-id:reply-to;
bh=XQeWNDpTaD4NQTIimt1xv+k24Ja07Ri6IE0aULWmWNQ=;
b=dYvqnvxgD1f3nj0vggq0/LtIcEHZ3WbJlbBnI8jZkvE1r4G3rNHdyqS8tuXZzZSeM/
dQjF98MTEoYWRoLdX0xdRZlHrGiQRtHAHRNpaLvHjQFr0dVdovwzehiD5rIBWxRhhTF/
p2+COn1ntnKROUW0amh1gdZ7cE9XgK+0FZIwbmf7ajJomN2QlezuSvurgwZUxPc5Gp6f
OKdYCyPUTDVqTwqMllbmQrIY8LWM4IgRU7Tt3gAcbiAXni1Owml1gxxsaUnBCGDVfRR5
wDigjNEIm0KaBf5yHH0QADCJBcKNhc/HtAnsqRmi5ZjNRaCWinvobjEZjIRys8ol5eFS
tcxA==
Sender: bitcoindev@googlegroups.com
X-Forwarded-Encrypted: i=2; AJvYcCUdjfrDt5dGPvtmitviLrkwZOO8Qqs0fioSdfXTDfRbr3qgx8FK3PBm7Lia2Vi5NCScVDbQl5TyPU7/eiOZZFjwHJrbNbI=
X-Gm-Message-State: AOJu0Yw5j51Xa2SYoMQ65C19T9PyNF4wbHyvoIP2WT9guCu5QZ/we/Bv
lzcuwZBWvMVQ7MA080f5evZfFe+k999FMi5BHcoTMVbttJbl1Jlc
X-Google-Smtp-Source: AGHT+IF/hppa76Lrw38njL1ndzJ7L03kkktgsnfawoM/31H5MiVjfL1aLpDWEMqXlMy+NB94Q95WyQ==
X-Received: by 2002:a05:6870:638d:b0:25e:ba6f:a93f with SMTP id 586e51a60fabf-260ef222693mr4470337fac.13.1721488353521;
Sat, 20 Jul 2024 08:12:33 -0700 (PDT)
X-BeenThere: bitcoindev@googlegroups.com
Received: by 2002:a05:6870:d85:b0:259:f021:752d with SMTP id
586e51a60fabf-260ebdf6a96ls531805fac.0.-pod-prod-07-us; Sat, 20 Jul 2024
08:12:32 -0700 (PDT)
X-Received: by 2002:a05:6870:5254:b0:25e:118e:ce7e with SMTP id 586e51a60fabf-26121359ca5mr136721fac.3.1721488352032;
Sat, 20 Jul 2024 08:12:32 -0700 (PDT)
Received: by 2002:a05:6808:df4:b0:3d9:3291:87dc with SMTP id 5614622812f47-3dadf2fa4camsb6e;
Sat, 20 Jul 2024 08:03:36 -0700 (PDT)
X-Received: by 2002:a17:90a:b003:b0:2c8:8bf8:4e24 with SMTP id 98e67ed59e1d1-2cd16d4226dmr4318464a91.8.1721487815178;
Sat, 20 Jul 2024 08:03:35 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1721487815; cv=none;
d=google.com; s=arc-20160816;
b=gS+D/OQSy+BSOFp9jX9fLl/Oapsskmd/uThy4Zjxc9ZFxHOvJMG6IxLFJuvsvOME7M
jHEdoA3TYrj5Z4yNth9GumcjVooajpJxACWsg8SqA96b+AXEd2Hi8WSJQiEa7S4LIVfz
GUv6C6LuVuyq4vesUGWNhllYrUUFs+CWR6NjX/Zv5OXtwCIoAf5BvOtIHVmP7DHgPb82
Mu4fcf0nc2rr5vDI4RmXLmIq8dJTEkRJenyTmYvAUlHZuZ8AXgh3zXlHbTdyNvmKz+tu
+1F3uqIVfnk1h9qs/eFsWuKJgzNrMQnvHOXm4nRyPGLGuFMu3qiQwYnEVw+v7GVagxNC
wpbw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
h=in-reply-to:content-disposition:mime-version:references:message-id
:subject:cc:to:from:date:feedback-id:dkim-signature;
bh=xLa8j/W1vXkTqsy/akVERuBRGGLN7dXTuggyEIREMh0=;
fh=qAkUFgesXJOBZlEhHhc6qjOrC9x9vwcQK9K5cSmyNz0=;
b=FX4XkeqMH/7gFgtsZtlwS78QzkO8+V6/N5fsnZmo1eXuCo5kPprhOFpzhkFEZrdZS8
4yxVbfQj5q29PUzghdc1cyGm1cbvraghVd8kYgB/G3ArpJi/NwPa0M9P4b24y/87UFMa
8E81jGid3jQDLIjjQ4kDNUFqHdKoW0r0LiWbWwqDgg874CkjHqVj3vNkOTC98VCQz2Vh
sLnEgU2hjk0oaUpZtQsp6RGoXbPAtwMawrT8FkP5WPDUrPlrF8Zk93lU6yT/oDXHl2qD
Hxpq6PcySd6j7w3MgJKsNMFxGmVoLid3uia7pNShofZjq6Mv1tO6Glnpuv7EMUqmRiCV
f7UA==;
dara=google.com
ARC-Authentication-Results: i=1; gmr-mx.google.com;
dkim=pass header.i=@messagingengine.com header.s=fm3 header.b=dBWVdTaC;
spf=pass (google.com: domain of pete@petertodd.org designates 103.168.172.152 as permitted sender) smtp.mailfrom=pete@petertodd.org
Received: from fhigh1-smtp.messagingengine.com (fhigh1-smtp.messagingengine.com. [103.168.172.152])
by gmr-mx.google.com with ESMTPS id 98e67ed59e1d1-2cb7694a545si363545a91.0.2024.07.20.08.03.35
for <bitcoindev@googlegroups.com>
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Sat, 20 Jul 2024 08:03:35 -0700 (PDT)
Received-SPF: pass (google.com: domain of pete@petertodd.org designates 103.168.172.152 as permitted sender) client-ip=103.168.172.152;
Received: from compute6.internal (compute6.nyi.internal [10.202.2.47])
by mailfhigh.nyi.internal (Postfix) with ESMTP id EC543114012B;
Sat, 20 Jul 2024 11:03:33 -0400 (EDT)
Received: from mailfrontend2 ([10.202.2.163])
by compute6.internal (MEProxy); Sat, 20 Jul 2024 11:03:33 -0400
X-ME-Sender: <xms:xdGbZr-zdG2B3wOHlHBQVivVPTlxzaZ69yggC7LNXCcKQSvhkOhhlw>
<xme:xdGbZns-OBKUGoWEpJ-rE6iQHksnr9up-332xYFKqSnA2KiBrudxM6VIWkf1JUuku
jN9EFAOdQlC5jU7EmM>
X-ME-Received: <xmr:xdGbZpB02YRrVFsZyfi5wtbSfI64W-X2hyGhE8TxydsRFxxlTlL6xEDdFt4>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeeftddrheefgdekfecutefuodetggdotefrodftvf
curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu
uegrihhlohhuthemuceftddtnecunecujfgurhepfffhvfevuffkfhggtggujgesghdtro
ertddtvdenucfhrhhomheprfgvthgvrhcuvfhougguuceophgvthgvsehpvghtvghrthho
uggurdhorhhgqeenucggtffrrghtthgvrhhnpeevueekudegvdfgheetheegueekteekud
dtteefudevvedvtdehjeevjeefhffhkeenucffohhmrghinhepphgvthgvrhhtohguugdr
ohhrghdpuggvlhhvihhnghgsihhttghoihhnrdhorhhgnecuvehluhhsthgvrhfuihiivg
eptdenucfrrghrrghmpehmrghilhhfrhhomhepphgvthgvsehpvghtvghrthhouggurdho
rhhg
X-ME-Proxy: <xmx:xdGbZndt84grV_KkqcTELSi_CkZa8n_RayydBmdcRYxs40J3OJQfBw>
<xmx:xdGbZgNK9lsF3OWV5eY6tB0ztXBzH6T09d3oo2711GEZV648gEHpEQ>
<xmx:xdGbZpnRBsTguTOOflxqykhY4QBX5S51aitP8zwFMsfrWR1KUQFRMQ>
<xmx:xdGbZqtF4PBGmFPHSuPn7ozv28Ihx6-B2RjlB5_A_MPLhkXj5GQe9g>
<xmx:xdGbZv0UKPPbt_l_qJOQZWvTaBJSjSfPzAaFK2VtEJ-gz3tcj1puXuOb>
Feedback-ID: i525146e8:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Sat,
20 Jul 2024 11:03:32 -0400 (EDT)
Received: by localhost (Postfix, from userid 1000)
id 3B4905F83F; Sat, 20 Jul 2024 15:03:25 +0000 (UTC)
Date: Sat, 20 Jul 2024 15:03:25 +0000
From: Peter Todd <pete@petertodd.org>
To: "David A. Harding" <dave@dtrt.org>
Cc: bitcoindev@googlegroups.com
Subject: Re: [bitcoindev] A "Free" Relay Attack Taking Advantage of The Lack
of Full-RBF In Core
Message-ID: <ZpvRvRybauFFnhQV@petertodd.org>
References: <Zpk7EYgmlgPP3Y9D@petertodd.org>
<c6593662694f9d4a4fe999dd432f87ff@dtrt.org>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature"; boundary="ktO3e0ikvpuqSwWI"
Content-Disposition: inline
In-Reply-To: <c6593662694f9d4a4fe999dd432f87ff@dtrt.org>
X-Original-Sender: pete@petertodd.org
X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass
header.i=@messagingengine.com header.s=fm3 header.b=dBWVdTaC; spf=pass
(google.com: domain of pete@petertodd.org designates 103.168.172.152 as
permitted sender) smtp.mailfrom=pete@petertodd.org
Precedence: list
Mailing-list: list bitcoindev@googlegroups.com; contact bitcoindev+owners@googlegroups.com
List-ID: <bitcoindev.googlegroups.com>
X-Google-Group-Id: 786775582512
List-Post: <https://groups.google.com/group/bitcoindev/post>, <mailto:bitcoindev@googlegroups.com>
List-Help: <https://groups.google.com/support/>, <mailto:bitcoindev+help@googlegroups.com>
List-Archive: <https://groups.google.com/group/bitcoindev
List-Subscribe: <https://groups.google.com/group/bitcoindev/subscribe>, <mailto:bitcoindev+subscribe@googlegroups.com>
List-Unsubscribe: <mailto:googlegroups-manage+786775582512+unsubscribe@googlegroups.com>,
<https://groups.google.com/group/bitcoindev/subscribe>
X-Spam-Score: -0.7 (/)
--ktO3e0ikvpuqSwWI
Content-Type: text/plain; charset="UTF-8"
Content-Disposition: inline
On Fri, Jul 19, 2024 at 08:41:07PM -1000, David A. Harding wrote:
> On 2024-07-18 05:56, Peter Todd wrote:
> > I disclosed it to the bitcoin-security mailing list as a test: does
> > Bitcoin Core actually care about free relay attacks?
>
> They do. Several free relay attacks that were present in earlier
> versions of Bitcoin were eliminated in later versions.
I can think of two such eliminated attacks, both significantly more "free" than
anything we're discussing here, and interestingly, both attacks that I
participated in discovering or fixing:
1) The fact that non-final transactions were accepted into the mempool, even if
they wouldn't be valid for thousands of years (IIRC I exploited the
mempool.space mixer with this).
2) nSequence replacement, which replace-by-fee ultimately fixed.
What other "free" relay attacks can you think of that were fixed?
> New proposals
> are evaluated for their potential to create new permanent free relay
> vectors. The discovery of free relay is almost always reason enough to
> reject a proposal.
Yet even though Murch (I think quite accurately) said that the full-rbf "free"
relay attack was a fairly obvious attack, my pull-req to enable it sat for over
a year without any comment from Core... Surely, if Core was genuinely concerned
about these attacks, Core would rush to quietly fix them; we could have shipped
full-RBF by default something like six months ago.
And in spite of this apparent concern about "free" relay, I don't see anyone
trying to mitigate the "free" relay attack that the introduction of TRUC/V3
transactions will cause.
It's also notable that Core *introduced* a new form of "free" relay a few years
back with mempool expiration.
> The free relay attack you describe in your email and the type of free
> relay enabled by your replace-by-feerate (RBFr) proposal can allow an
> attacker to 10x to 100x the amount of bandwidth used network wide by
> relay nodes for a cost of $10,000 to $50,000 a day (or, as you mention,
> effectively for free if they were going to send a bunch of transactions
> anyway).
Did you actually read my One-Shot RBFR proposal? I covered DoS attacks:
https://petertodd.org/2024/one-shot-replace-by-fee-rate#denial-of-service-attacks
The *status quo* is that free relay attacks are unavoidable, because, at
minimum, you can always pull them off by simultaneous broadcast of
contradictory transactions (especially if you, eg, need to do consolidation
transactions anyway). RBFR does not change that.
> I cannot imagine what would make you think that protocol developers are
> not concerned about attacks that could drive large numbers of relay
> nodes off the network for a cost easily affordable to any well-funded
> adversary.
>
> In this case, you've found a specific instance (full-RBF vs signaled
> RBF) of a well-known general problem (optional policies leading to
> mempool inconsistencies, allowing free relay) and appear to be arguing
> that devs don't care about free relay because they refused to reverse a
> previous decision (to not change the RBF configuration default) that has
> been hotly debated multiple times.
...and your point is? Are you saying that Core developers put politics above
security, by refusing to fix a known "free" relay attack simply because it was
"hotly debated"?
> > I believe the authors of that BIP are fully aware of the fact that
> > "free" relay is an unavoidable problem, making their rational for
> > TRUC/V3 bogus
>
> Differences in node policy leading to mempool inconsistencies (which
> allows free relay) is a well known problem that's the result of Bitcoin
> being an open protocol based on free/libre software (two things I think
> we all want). Many protocol developers have attempted to address the
> problem over the years, most recently just a few months ago with an
> updated proposal for using weak blocks as a first step to address
> "diverging mempool policies".[1]
Weak blocks are not a solution to any of the "free" relay attacks I've
disclosed, and your source, https://delvingbitcoin.org/t/second-look-at-weak-blocks/805,
does not claim that they are a "free" relay solution.
Weak blocks simply aren't relevant until a miner has received a transaction and
found a weak block. By that point the "free" relay has already happened.
Anyway, before I spend time replying to the rest of your email, I think it'd be
helpful if you confirm two things to make sure we're actually on the same page:
1) Have you've read my One Shot RBFR proposal? In particular, my analysis of
DoS attacks *including* existing DoS attacks like simultaneous broadcast.
2) Do you agree or disagree with me that these existing DoS attacks are real?
--
https://petertodd.org 'peter'[:-1]@petertodd.org
--
You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/bitcoindev/ZpvRvRybauFFnhQV%40petertodd.org.
--ktO3e0ikvpuqSwWI
Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE0RcYcKRzsEwFZ3N5Lly11TVRLzcFAmab0bkACgkQLly11TVR
LzfXwBAAuRQnu+0QVsTrAFPU9s0Py0ylk9F+thfDfqmR0/os31z042zz7EVhXTNN
P0U0hAPkNQK/mE5R/SZGqgMjb2lNrCsxBsP4fH1CFWB18BTC2vgp8xryHqy6BdRF
hYTAl/VgFawSVWLnQLsRgS7yXRgci1fsPuAsSVj1dE+5Nv0FwXVfdp+m4fACrHUO
DO6zkTZlb9jrxQVfVhL3k0B2jEHiPQC1VPIbNVbuAC4cKc8NTLuAOljR4o0D4IuU
uKYkCSZE317cOXgu4wefL7KkhtBvSIp5p/ZGgXGYOarZk+Y3QXVQqb+SiM3bWpjQ
UxPe2WIc86DMHfm5HRsGHq85K9n9WSOQZCIkQh+FZ0yKEOctdlPpaDPOlZvLBbr3
bvrrJEoWgjU9+5HXJzsBfEzc5gD4NDc5j+CJ9s4mJg8w0Q8ZsXkIW7GOahyA+xxE
JxSDecJ0ZYDcr7ONZEczKZVmQ+JZcFxI0/d0pmKaM6CFpuU1AQ95j8nOfFpq/Kde
8Wzg5GdcIx7WIxrXIy4g72PUlJIq/ssqfZPLc5VKePkEA7cTYRbemLfcXiOmCr8H
qZM+QLCy4qZiBTHP0hhugHNN2SMfc9XsYavbwE6v7DJ71C9U9W6AGlekQfeEcOly
sECaDgyeisqYyE1ovPbETeqyGKsHWbU9NUHSMqbR/J1YxOFgwTY=
=tkhg
-----END PGP SIGNATURE-----
--ktO3e0ikvpuqSwWI--
|