Return-Path: Received: from smtp2.osuosl.org (smtp2.osuosl.org [140.211.166.133]) by lists.linuxfoundation.org (Postfix) with ESMTP id A5EE6C002D for ; Fri, 13 Jan 2023 23:37:17 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp2.osuosl.org (Postfix) with ESMTP id 64ABE400D3 for ; Fri, 13 Jan 2023 23:37:17 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org 64ABE400D3 Authentication-Results: smtp2.osuosl.org; dkim=pass (2048-bit key, unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.a=rsa-sha256 header.s=fm3 header.b=GCSWWDvD X-Virus-Scanned: amavisd-new at osuosl.org X-Spam-Flag: NO X-Spam-Score: -2.602 X-Spam-Level: X-Spam-Status: No, score=-2.602 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from smtp2.osuosl.org ([127.0.0.1]) by localhost (smtp2.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Kk_Ap3adI6Ho for ; Fri, 13 Jan 2023 23:37:15 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0 DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org 87997400C8 Received: from wout3-smtp.messagingengine.com (wout3-smtp.messagingengine.com [64.147.123.19]) by smtp2.osuosl.org (Postfix) with ESMTPS id 87997400C8 for ; Fri, 13 Jan 2023 23:37:15 +0000 (UTC) Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.west.internal (Postfix) with ESMTP id 85C1F3200927; Fri, 13 Jan 2023 18:37:09 -0500 (EST) Received: from mailfrontend2 ([10.202.2.163]) by compute5.internal (MEProxy); Fri, 13 Jan 2023 18:37:09 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:date:date:feedback-id :feedback-id:from:from:in-reply-to:in-reply-to:message-id :mime-version:references:reply-to:sender:subject:subject:to:to :x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm3; t=1673653029; x=1673739429; bh=rHyHXbAqGHCaZSx3VFm8/xE+lbCE nbrdwujDAbN4dIU=; b=GCSWWDvDCAoDC0pdsAY9BIFjlMmW6SYKCEFf05hE+ogd meT5LT1Pf2axqD1sXSGeoxOYtghNt3x0KnTIUTcW9KWlwpNNygXxAuC4sKA/0qAy iS2iEJBCvGW2okY/cC5PWEuXHpaaOWISnCToVs15mVO/2DVa/TaICfUjbj6rnYUW Fps3DaJ5bSsjqg6REUHMAm/J8M5hzFyHVB27JrU1x/7/Xtz+cvX5a4HRAwJMFWpO z7en2+KTCAUWAOJYpy3p5gp8Y1j1bTtnniUaz2EWI3lonOaPQPLig7/3VGwA+zQW 6RxP+rS1yINY4nJ4lkMXIn+zzKom0CD3elzQW535oQ== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvhedrleelgdduvdcutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhepfffhvfevuffkfhggtggujgesghdtre ertddtvdenucfhrhhomheprfgvthgvrhcuvfhougguuceophgvthgvsehpvghtvghrthho uggurdhorhhgqeenucggtffrrghtthgvrhhnpeelvdellefftddukeduffejgfefjeeuhe eileeftdfgteduteeggeevueethfejtdenucffohhmrghinhepphgvthgvrhhtohguugdr ohhrghenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpe hpvghtvgesphgvthgvrhhtohguugdrohhrgh X-ME-Proxy: Feedback-ID: i525146e8:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Fri, 13 Jan 2023 18:37:08 -0500 (EST) Received: by localhost (Postfix, from userid 1000) id 5AA9C5F82C; Fri, 13 Jan 2023 18:37:04 -0500 (EST) Date: Fri, 13 Jan 2023 18:37:04 -0500 From: Peter Todd To: "David A. Harding" Message-ID: References: <6089e1f0140684435bf5e87b0c13d561@dtrt.org> <6cebd312ca960e634729cc574c2e97b0@dtrt.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="V0vev2iJbgUJXWrn" Content-Disposition: inline In-Reply-To: <6cebd312ca960e634729cc574c2e97b0@dtrt.org> Cc: Bitcoin Protocol Discussion Subject: Re: [bitcoin-dev] Why Full-RBF Makes DoS Attacks on Multiparty Protocols Significantly More Expensive X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 Jan 2023 23:37:17 -0000 --V0vev2iJbgUJXWrn Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Jan 10, 2023 at 10:14:47AM -1000, David A. Harding wrote: > On 2023-01-10 00:06, Peter Todd wrote: > > Remember, we'd like decentralized coinjoin implementations like > > Joinmarket to > > work. How does a decentralized coinjoin implement "conflict monitoring"? >=20 > 1. Run a relay node with a conflict-detection patch. Stock Bitcoin Core > with -debug=3Dmempoolrej will tell you when it rejects a transaction > for conflicting with a transaction already in the mempool, e.g.: >=20 > 2022-11-01T02:53:17Z > 867b85d68d7a7244c1d65c4797006b56973110ac243ab5ee15a8c4d220060c58 from > peer=3D58 was not accepted: txn-mempool-conflict >=20 > I think it would be easy to extend this facility to list the inputs > which conflicted. So if Alice sees a conflict created by Mallory, > she can create a new coinjoin transaction without Mallory. This > method has the advantage of being fast and attributing fault, > although it does require Alice's node be online at the time Mallory's > conflict is propagated. So for something as simple as reliable coinjoining - an important privacy feature that we'd like all wallets to use - you expect people to run well-connected 24/7 nodes running specialty software? Even if you run a node as you suggest, there's certainly no guarantee that you'd learn about any double-spend without doing a severe sybil attack agai= nst the network; the 8 outgoing nodes a typical node has samples a tiny fractio= n of the network. And *even if* you sybil attack to try to detect conflicts ther= e's still no guarantee as attackers can use all kinds of special techniques to = get transactions into miner mempools and not others. > 2. Simply assume a conflict exists for otherwise unexplainable failures. > For example, if Alice sees several new blocks whose bottom feerates > are well below the feerates of an unconfirmed coinjoin transaction > that Alice helped create and broadcast, she can assume it's a > conflict that is preventing preventing confirmation of the coinjoin. > She can find an entirely different set of collaborators and create a > non-conflicting transaction without ever needing to know which inputs > from the original transaction conflicted. This method has the > disadvantage of being slow (on the order of hours) and not attributing > fault, although it doesn't require Alice has any information beyond > copies > of recent blocks. You're suggesting that to avoid enabling full-rbf, coinjoin's and other decentralized multi-party protocols risk getting coins tied up for hours tr= ying to do conflict resolution rather than just fixing the underlying problem wi= th what's literally a one-line code change that 17% of the v24.x nodes have decided to enable. > I didn't list these methods or others before because the specific method > used to > detect conflicts doesn't matter to the realization that software which > uses conflict detection and evasion to defeat the $17.00 attack also > defeats the $0.05 attack without any need for full-RBF. Fact is, full-rbf defeats those attacks much better. And I'm amazed that you don't consider raising the cost of attacks on coinjoins and similar decentralized protocols by almost three orders of magnitude to be important: why are you prioritizing a few highly centralized, often AML/KYC'd, unconfi= rmed tx acceptance services over decentralized protocols which provide privacy a= nd security to a lot more users? --=20 https://petertodd.org 'peter'[:-1]@petertodd.org --V0vev2iJbgUJXWrn Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE0RcYcKRzsEwFZ3N5Lly11TVRLzcFAmPB6x8ACgkQLly11TVR LzeAuBAArPiq6tF53SMPKYvaTtWAIB4bptWJkw+a+1YpQZNi2Z2M12ECyun2lVIu x04xYuanmgHDZ2D7fNiK58pMQjVp73Q9ZSc/EYAr67/S/AuSLo9IWh3NaLnaZVtE +4yuJiJlREV3b6hIaQmqoog/LYsDEYJLW/pv5C+NMqmsi2c5TIEX9AtozOWGcNqG lPNYggJBFx9Lm0jMmoLECYXBfICZbgJulJNKSl8aZoCTB1bbK2LSYz7tE4WNNgyA C2NyDSKDG0I1/ltEhz0fXP1bXCZYmjMzRC2CwUlrIxwgzTfbabQpBGi+T0JQAEYL rpL9/LENZgY/3puoU9/MY43/6Bhdh5lIls/J0f/PxSW5zp14qflmm61ZYJu1qZne WUqs4ySoPxf4I5xIdz4llfHEJP7X6i5GYBIoM+zD08yJbyOHfxNQbKn0MC0aok76 X/ncpMpNBe3MJT1nEeQrkqiG1D9ErLV2/vR6y+KYXuqIcj6Zbcx52alxZLoaKXq2 4xFw1Q8LUH8CU6bGhf0onqJFNlcB5L+LVdTHEbuFe80qlwfvEOumz1V9OJvfTfiN mv/DhFD2rT8MvxrtqraU2qhN81y9Jrx7JKUy04HIOp+XqwOZKk4bdPXQ15MdY+Hx nN8tLR03Ro7+Ru34obaRTbGoXRWPO8dj7rsollyTJgUExdB9vXc= =g6ko -----END PGP SIGNATURE----- --V0vev2iJbgUJXWrn--