Return-Path: Received: from smtp3.osuosl.org (smtp3.osuosl.org [140.211.166.136]) by lists.linuxfoundation.org (Postfix) with ESMTP id 41C21C002D for ; Tue, 10 Jan 2023 07:11:51 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp3.osuosl.org (Postfix) with ESMTP id 0F39B606E6 for ; Tue, 10 Jan 2023 07:11:51 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org 0F39B606E6 X-Virus-Scanned: amavisd-new at osuosl.org X-Spam-Flag: NO X-Spam-Score: -1.7 X-Spam-Level: X-Spam-Status: No, score=-1.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, LOTS_OF_MONEY=0.001, MONEY_NOHTML=2.499, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no Received: from smtp3.osuosl.org ([127.0.0.1]) by localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Wy0dBoSEYQNt for ; Tue, 10 Jan 2023 07:11:49 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.8.0 DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org D94EE606BF Received: from smtpauth.rollernet.us (smtpauth.rollernet.us [208.79.240.5]) by smtp3.osuosl.org (Postfix) with ESMTPS id D94EE606BF for ; Tue, 10 Jan 2023 07:11:49 +0000 (UTC) Received: from smtpauth.rollernet.us (localhost [127.0.0.1]) by smtpauth.rollernet.us (Postfix) with ESMTP id 12C792800861; Mon, 9 Jan 2023 23:11:47 -0800 (PST) Received: from webmail.rollernet.us (webmail.rollernet.us [IPv6:2607:fe70:0:14::a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) by smtpauth.rollernet.us (Postfix) with ESMTPSA; Mon, 9 Jan 2023 23:11:46 -0800 (PST) MIME-Version: 1.0 Date: Mon, 09 Jan 2023 21:11:46 -1000 From: "David A. Harding" To: Peter Todd , Bitcoin Protocol Discussion In-Reply-To: References: User-Agent: Roundcube Webmail/1.4.10 Message-ID: X-Sender: dave@dtrt.org Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit X-Rollernet-Abuse: Contact abuse@rollernet.us to report. Abuse policy: http://www.rollernet.us/policy X-Rollernet-Submit: Submit ID 6b43.63bd0fb2.79399.0 Subject: Re: [bitcoin-dev] Why Full-RBF Makes DoS Attacks on Multiparty Protocols Significantly More Expensive X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Jan 2023 07:11:51 -0000 On 2023-01-09 12:18, Peter Todd via bitcoin-dev wrote: > [The quote:] > > "Does fullrbf offer any benefits other than breaking zeroconf > business > practices?" > > ...has caused a lot of confusion by implying that there were no > benefits. [...] > > tl;dr: without full-rbf people can intentionally and unintentionally > DoS attack > multi-party protocols by double-spending their inputs with low-fee txs, > holding > up progress until that low-fee tx gets mined. Hi Peter, I'm confused. Isn't this an easily solvable issue without full-RBF? Let's say Alice, Bob, Carol, and Mallory create a coinjoin transaction. Mallory either intentionally or unintentionally creates a conflicting transaction that does not opt-in to RBF. You seem to be proposing that the other participants force the coinjoin to complete by having the coinjoin transaction replace Mallory's conflicting transaction, which requires a full-RBF world. But isn't it also possible in a non-full-RBF world for Alice, Bob, and Carol to simply create a new coinjoin transaction which does not include any of Mallory's inputs so it doesn't conflict with Mallory's transaction? That way their second coinjoin transaction can confirm independently of Mallory's transaction. Likewise, if Alice and Mallory attempt an LN dual funding and Mallory creates a conflict, Alice can just create an alternative dual funding with Bob rather than try to use full-RBF to force Mallory's earlier dual funding to confirm. > ## Transaction Pinning > > Exploiting either rule is expensive. I think this transaction pinning attack against coinjoins and dual fundings is also solved in a non-full-RBF world by the honest participants just creating a non-conflicting transaction. That said, if I'm missing something and these attacks do actually apply, then it might be worth putting price figures on the attack in terms most people will understand. The conflicting inputs attack you described in the beginning as being solved by full-RBF costs about $0.05 USD at $17,000/BTC. The transaction pinning attack you imply is unsolved by full-RBF costs about $17.00. If both attacks apply, any protocol which is vulnerable to a $17.00 attack still seems highly vulnerable to me, so it doesn't feel like a stretch to say that full-RBF lacks significant benefits for those protocols. Thanks, -Dave