MIME-Version: 1.0
From: Antoine Riard <antoine.riard@gmail.com>
Date: Mon, 13 Jun 2022 20:25:11 -0400
Message-ID: <CALZpt+GOh-7weEypT9JrzcwthZJqHOfj7sf9FMuqi5_FZv0g7w@mail.gmail.com>
To: Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Content-Type: multipart/alternative; boundary="000000000000a9011405e15d7093"
Subject: [bitcoin-dev] Playing with full-rbf peers for fun and L2s security
Precedence: list

--000000000000a9011405e15d7093
Content-Type: text/plain; charset="UTF-8"

Hi list,

Recent discussions among LN devs have brought back on the surface concerns
about the security of multi-party funded transactions (coinjoins,
dual-funded LN channels, on-chain DLCs, ...). It turns out there is a
low-fruit, naive DoS vector playable against the funding flow of any such
construction due to the lack of existent full-rbf transaction-relay
topology on today's p2p network [0] [1]. While it does not consist in a
direct loss of funds, if exploited well I think it's annoying enough to
inflict significant timevalue loss or fee-bumping waste
to the future providers or distributed swarm of users doing multi-party
funded transactions. Of course, it can be fixed one layer above by
introducing either fidelity bonds or a reliable centralized coordinator,
though at the price of an overhead per-participant ressources cost and loss
in system openness [1].

For that reason, I believe it would be beneficial to the flourishing of
multi-party funded transactions to fix the Dos vector by seeing a subset of
the network running full-rbf and enabling propagation of honest multi-party
transactions to the interested miners, replacing potential non-signaling
double-spend from a malicious counterparty. Moving towards that direction,
I've submitted a small patch against Bitcoin Core enabling it to turn on
full-rbf as a policy, still under review [3]. The default setting stays
**false**, i.e keeping opt-in RBF as a default replacement policy. I've
started to run the patch on a public node at 146.190.224.15.

If you're a node operator curious to play with full-rbf, feel free to
connect to this node or spawn up a toy, public node yourself. There is a
##uafrbf libera chat if you would like information on the settings or
looking for full-rbf friends (though that step could be automated in the
future by setting up a dedicated network bit and reserving a few outbound
slots for them).

If you're a mining operator looking to increase your income, you might be
interested to experiment with full-rbf as a policy. Indeed, in the future I
believe the multi-party transactions issuers who need full-rbf to secure
their funding flow should connect by default to full-rbf peers. One can
conjecture that their transactions are likely to be more compelling in
their feerate as their liquidity needs are higher than the simple
transaction. For today, I think we have really few standards and bitcoin
softwares relying on multi-party funded transactions [4].

If you're a Bitcoin user or business and you don't like full-rbf, please
express an opinion on how it might affect your software/operations. I'm
always interested to learn more about mempool and transaction-relay
interactions with upper-layers and applications and to listen to feedback
in those areas, and I guess a lot of other Bitcoin researchers/devs too. I
know there have been a lot of concerns about full-rbf in the past, however
I believe the Bitcoin ecosystem has matured a lot since then.

Any mistakes or missing context is my own.

Cheers,
Antoine

[0] For more info about replace-by-fee, see
https://bitcoinops.org/en/topics/replace-by-fee/

[1] For more details about the DoS vector, see
https://lists.linuxfoundation.org/pipermail/lightning-dev/2021-May/003033.html

[2] E.g I think it does not affect the Lightning Pool service, as there is
a preliminary step where the participant funds are locked first in a 2-of-2
with the coordinator before being committed in the multi-party batch
transaction.

[3] https://github.com/bitcoin/bitcoin/pull/25353

[4] E.g DLCs :
https://github.com/discreetlogcontracts/dlcspecs/blob/master/Transactions.md
; Lightning dual-funded channel :
https://github.com/lightning/bolts/pull/851

--000000000000a9011405e15d7093
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">Hi list,<br><br>Recent discussions among LN devs have brou=
ght back on the surface concerns about the security of multi-party funded t=
ransactions (coinjoins, dual-funded LN channels, on-chain DLCs, ...). It tu=
rns out there is a low-fruit, naive DoS vector playable against the funding=
 flow of any such construction due to the lack of existent full-rbf transac=
tion-relay topology on today&#39;s p2p network [0] [1]. While it does not c=
onsist in a direct loss of funds, if exploited well I think it&#39;s annoyi=
ng enough to inflict significant timevalue loss or fee-bumping waste <br>to=
 the future providers or distributed swarm of users doing multi-party funde=
d transactions. Of course, it can be fixed one layer above by introducing e=
ither fidelity bonds or a reliable centralized coordinator, though at the p=
rice of an overhead per-participant ressources cost and loss in system open=
ness [1].<br><br>For that reason, I believe it would be beneficial to the f=
lourishing of multi-party funded transactions to fix the Dos vector by seei=
ng a subset of the network running full-rbf and enabling propagation of hon=
est multi-party transactions to the interested miners, replacing potential =
non-signaling double-spend from a malicious counterparty. Moving towards th=
at direction, I&#39;ve submitted a small patch against Bitcoin Core enablin=
g it to turn on full-rbf as a policy, still under review [3]. The default s=
etting stays **false**, i.e keeping opt-in RBF as a default replacement pol=
icy. I&#39;ve started to run the patch on a public node at 146.190.224.15.<=
br><br>If you&#39;re a node operator curious to play with full-rbf, feel fr=
ee to connect to this node or spawn up a toy, public node yourself. There i=
s a ##uafrbf libera chat if you would like information on the settings or l=
ooking for full-rbf friends (though that step could be automated in the fut=
ure by setting up a dedicated network bit and reserving a few outbound slot=
s for them).<br><br>If you&#39;re a mining operator looking to increase you=
r income, you might be interested to experiment with full-rbf as a policy. =
Indeed, in the future I believe the multi-party transactions issuers who ne=
ed full-rbf to secure their funding flow should connect by default to full-=
rbf peers. One can conjecture that their transactions are likely to be more=
 compelling in their feerate as their liquidity needs are higher than the s=
imple transaction. For today, I think we have really few standards and bitc=
oin softwares relying on multi-party funded transactions [4].<br><br>If you=
&#39;re a Bitcoin user or business and you don&#39;t like full-rbf, please =
express an opinion on how it might affect your software/operations. I&#39;m=
 always interested to learn more about mempool and transaction-relay intera=
ctions with upper-layers and applications and to listen to feedback in thos=
e areas, and I guess a lot of other Bitcoin researchers/devs too. I know th=
ere have been a lot of concerns about full-rbf in the past, however I belie=
ve the Bitcoin ecosystem has matured a lot since then.<br><br>Any mistakes =
or missing context is my own.<br><br>Cheers,<br>Antoine<br><br>[0] For more=
 info about replace-by-fee, see <a href=3D"https://bitcoinops.org/en/topics=
/replace-by-fee/">https://bitcoinops.org/en/topics/replace-by-fee/</a><br><=
br>[1] For more details about the DoS vector, see <a href=3D"https://lists.=
linuxfoundation.org/pipermail/lightning-dev/2021-May/003033.html">https://l=
ists.linuxfoundation.org/pipermail/lightning-dev/2021-May/003033.html</a><b=
r><br>[2] E.g I think it does not affect the Lightning Pool service, as the=
re is a preliminary step where the participant funds are locked first in a =
2-of-2 with the coordinator before being committed in the multi-party batch=
 transaction.<br><br>[3] <a href=3D"https://github.com/bitcoin/bitcoin/pull=
/25353">https://github.com/bitcoin/bitcoin/pull/25353</a><br><br>[4] E.g DL=
Cs : <a href=3D"https://github.com/discreetlogcontracts/dlcspecs/blob/maste=
r/Transactions.md">https://github.com/discreetlogcontracts/dlcspecs/blob/ma=
ster/Transactions.md</a> ; Lightning dual-funded channel : <a href=3D"https=
://github.com/lightning/bolts/pull/851">https://github.com/lightning/bolts/=
pull/851</a><br></div>

--000000000000a9011405e15d7093--