Return-Path: <dave@dtrt.org>
Received: from smtp3.osuosl.org (smtp3.osuosl.org [140.211.166.136])
 by lists.linuxfoundation.org (Postfix) with ESMTP id 41C21C002D
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Tue, 10 Jan 2023 07:11:51 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by smtp3.osuosl.org (Postfix) with ESMTP id 0F39B606E6
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Tue, 10 Jan 2023 07:11:51 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org 0F39B606E6
X-Virus-Scanned: amavisd-new at osuosl.org
X-Spam-Flag: NO
X-Spam-Score: -1.7
X-Spam-Level: 
X-Spam-Status: No, score=-1.7 tagged_above=-999 required=5
 tests=[BAYES_00=-1.9, LOTS_OF_MONEY=0.001, MONEY_NOHTML=2.499,
 RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=0.001,
 RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001]
 autolearn=no autolearn_force=no
Received: from smtp3.osuosl.org ([127.0.0.1])
 by localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id Wy0dBoSEYQNt
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Tue, 10 Jan 2023 07:11:49 +0000 (UTC)
X-Greylist: from auto-whitelisted by SQLgrey-1.8.0
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org D94EE606BF
Received: from smtpauth.rollernet.us (smtpauth.rollernet.us [208.79.240.5])
 by smtp3.osuosl.org (Postfix) with ESMTPS id D94EE606BF
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Tue, 10 Jan 2023 07:11:49 +0000 (UTC)
Received: from smtpauth.rollernet.us (localhost [127.0.0.1])
 by smtpauth.rollernet.us (Postfix) with ESMTP id 12C792800861;
 Mon,  9 Jan 2023 23:11:47 -0800 (PST)
Received: from webmail.rollernet.us (webmail.rollernet.us
 [IPv6:2607:fe70:0:14::a])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client did not present a certificate)
 by smtpauth.rollernet.us (Postfix) with ESMTPSA;
 Mon,  9 Jan 2023 23:11:46 -0800 (PST)
MIME-Version: 1.0
Date: Mon, 09 Jan 2023 21:11:46 -1000
From: "David A. Harding" <dave@dtrt.org>
To: Peter Todd <pete@petertodd.org>, Bitcoin Protocol Discussion
 <bitcoin-dev@lists.linuxfoundation.org>
In-Reply-To: <Y7ySzDjzx5eDjOH9@petertodd.org>
References: <Y7ySzDjzx5eDjOH9@petertodd.org>
User-Agent: Roundcube Webmail/1.4.10
Message-ID: <aaaeda2950e61127a3218c523927a0d8@dtrt.org>
X-Sender: dave@dtrt.org
Content-Type: text/plain; charset=US-ASCII;
 format=flowed
Content-Transfer-Encoding: 7bit
X-Rollernet-Abuse: Contact abuse@rollernet.us to report. Abuse policy:
 http://www.rollernet.us/policy
X-Rollernet-Submit: Submit ID 6b43.63bd0fb2.79399.0
Subject: Re: [bitcoin-dev] Why Full-RBF Makes DoS Attacks on Multiparty
 Protocols Significantly More Expensive
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>, 
 <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>, 
 <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Jan 2023 07:11:51 -0000

On 2023-01-09 12:18, Peter Todd via bitcoin-dev wrote:
> [The quote:]
> 
>     "Does fullrbf offer any benefits other than breaking zeroconf 
> business
>      practices?"
> 
> ...has caused a lot of confusion by implying that there were no 
> benefits. [...]
> 
> tl;dr: without full-rbf people can intentionally and unintentionally 
> DoS attack
> multi-party protocols by double-spending their inputs with low-fee txs, 
> holding
> up progress until that low-fee tx gets mined.

Hi Peter,

I'm confused.  Isn't this an easily solvable issue without full-RBF?
Let's say Alice, Bob, Carol, and Mallory create a coinjoin transaction.
Mallory either intentionally or unintentionally creates a conflicting
transaction that does not opt-in to RBF.

You seem to be proposing that the other participants force the coinjoin
to complete by having the coinjoin transaction replace Mallory's
conflicting transaction, which requires a full-RBF world.

But isn't it also possible in a non-full-RBF world for Alice, Bob, and
Carol to simply create a new coinjoin transaction which does not include
any of Mallory's inputs so it doesn't conflict with Mallory's
transaction?  That way their second coinjoin transaction can confirm
independently of Mallory's transaction.

Likewise, if Alice and Mallory attempt an LN dual funding and Mallory
creates a conflict, Alice can just create an alternative dual funding
with Bob rather than try to use full-RBF to force Mallory's earlier dual
funding to confirm.

> ## Transaction Pinning
> 
> Exploiting either rule is expensive.

I think this transaction pinning attack against coinjoins and dual
fundings is also solved in a non-full-RBF world by the honest
participants just creating a non-conflicting transaction.

That said, if I'm missing something and these attacks do actually apply,
then it might be worth putting price figures on the attack in terms most
people will understand.  The conflicting inputs attack you described in
the beginning as being solved by full-RBF costs about $0.05 USD at
$17,000/BTC.  The transaction pinning attack you imply is unsolved by
full-RBF costs about $17.00.  If both attacks apply, any protocol which
is vulnerable to a $17.00 attack still seems highly vulnerable to me, so
it doesn't feel like a stretch to say that full-RBF lacks significant
benefits for those protocols.

Thanks,

-Dave