Return-Path: <ZmnSCPxj@protonmail.com>
Received: from smtp3.osuosl.org (smtp3.osuosl.org [IPv6:2605:bc80:3010::136])
 by lists.linuxfoundation.org (Postfix) with ESMTP id 6D85FC002A
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Sat,  6 May 2023 02:51:45 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by smtp3.osuosl.org (Postfix) with ESMTP id 3373660B57
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Sat,  6 May 2023 02:51:45 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org 3373660B57
Authentication-Results: smtp3.osuosl.org;
 dkim=pass (2048-bit key) header.d=protonmail.com header.i=@protonmail.com
 header.a=rsa-sha256 header.s=protonmail3 header.b=pFsBBOyp
X-Virus-Scanned: amavisd-new at osuosl.org
X-Spam-Flag: NO
X-Spam-Score: -1.602
X-Spam-Level: 
X-Spam-Status: No, score=-1.602 tagged_above=-999 required=5
 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
 DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001,
 FROM_LOCAL_NOVOWEL=0.5, RCVD_IN_MSPIKE_H2=-0.001,
 SPF_HELO_PASS=-0.001, SPF_PASS=-0.001]
 autolearn=ham autolearn_force=no
Received: from smtp3.osuosl.org ([127.0.0.1])
 by localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id QJM9pfEaiR0O
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Sat,  6 May 2023 02:51:44 +0000 (UTC)
X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org ECD5460B1E
Received: from mail-4318.protonmail.ch (mail-4318.protonmail.ch [185.70.43.18])
 by smtp3.osuosl.org (Postfix) with ESMTPS id ECD5460B1E
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Sat,  6 May 2023 02:51:43 +0000 (UTC)
Date: Sat, 06 May 2023 02:51:33 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com;
 s=protonmail3; t=1683341500; x=1683600700;
 bh=nVvRr1jtENb/RuePz0xGEsj9te+hC2SolXs2QdECThE=;
 h=Date:To:From:Cc:Subject:Message-ID:In-Reply-To:References:
 Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID:
 Message-ID:BIMI-Selector;
 b=pFsBBOypPfFdL99pqYjD1s4KggL/0yvNCXXRlm6ndaEOa8xfOjTBFkekGa687JQQS
 a3N08Upoj1KDArpBhJ7wcKANFMuEnRzx8hoBD0WoqAh1P2Xq1hEQhdqH65grED+DwX
 u4Wtay/eGyHPnvVMTUJ32BI7uGEi9/HyC/jwh+vcGhXmHcVI0KpmmbwQ22T/oW3eGx
 eKj3/e46jCU66hTf853zkF21fwA2R+kg48E/uoAqTgQCt+DJMlQraDA4wQLomXoj0C
 XEmCqZZIzDeTMaqmmpWuwdhvt1FV14X6xVAcNc97pWPol8CQunHzI3bp+mI/0Yt8ui
 daTiQtRjf9hYw==
To: Weiji Guo <weiji.g@gmail.com>
From: ZmnSCPxj <ZmnSCPxj@protonmail.com>
Message-ID: <-ZXduH8kzOVdK_FBE0VvMtuKDAFSU0Z4joKeIqM7CFnHO9kymMHfVwGjlwEHLzAnFWXLd_jVtNrkdeQGVobYUqjwASXEQ2w8BHh5FtEMJzs=@protonmail.com>
In-Reply-To: <CA+ydi=KMm6LW7W+NAUfRDESaJCg+smkiGS2WHKtYRWVGmM_0YA@mail.gmail.com>
References: <CA+ydi=LtskFh89TW75=CBwbdZzWR-ZjWS77TnrF4G+xUfm8z+Q@mail.gmail.com>
 <xNzSDtvj-BH4EW9eJMqn_yAiVUEiggnS3WIrvLml6gGAZ6CPADO9pbPV4B30txzSY9laEmX3ckXX8L2Hu18ZrWMUjMH23csL-YK-mDse6DY=@protonmail.com>
 <CA+ydi=K7kePFPXbTP6S63SdddORnc6nVoHqR4gDVoeX3uY-S-Q@mail.gmail.com>
 <s3urNahBotY-aYGaQyY7wz2Sh8UXbqHX2PvZyRcyaMJF6MjUrabv0p_ytE3m1Cu9r79MY649RoulaBPuqGLrSD8qwOfCS-n-HymOEyih5yQ=@protonmail.com>
 <CA+ydi=+6oSQ2oEeuBDQs7fzWL75h4CYb3k4_SS3VbFgxJwDGiA@mail.gmail.com>
 <O8340coA0WBuYzHgkZ6ov7Yp3aqvnGeCeFKHh9bqZdkQTS3xtjEDlW4Hjhc7UgD1XltJyYDOFzDN4JthXq1pdCrMM8cYNfVBIOvLbR8tro8=@protonmail.com>
 <CA+ydi=KMm6LW7W+NAUfRDESaJCg+smkiGS2WHKtYRWVGmM_0YA@mail.gmail.com>
Feedback-ID: 2872618:user:proton
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Cc: Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] proposal: new opcode OP_ZKP to enable ZKP-based
	spending authorization
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>, 
 <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>, 
 <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Sat, 06 May 2023 02:51:45 -0000

Good Morning Weiji,


> Hi ZmnSCPxy,
> > As the network is pseudonymous, an anonymous attacker can flood the ful=
lnode mempool network with large numbers of non-aggregated transactions, th=
en in cooperation with a miner confirm a single aggregated transaction with=
 lower feerate than what it put in the several non-aggregated transactions.
>=20
> Arguably this is hardly a feasible attack. Let's suppose the attacker cre=
ates 1000 such transactions, and attaches each transaction with a small amo=
unt of transaction fee X. The total fee will be 1000*X collectible by the a=
ggregation vendor, who pays the miner a fee Y. We can reasonably assume tha=
t 1000*X is much larger than Y, yet X is much smaller than Y. Note that Y i=
s already much larger than the regular fee for other transactions as the ag=
gregated transaction should contain many inputs and many outputs, thus very=
 large in size.
>=20
> Now, the attacker will have to generate proofs for these 1000 transaction=
s, which is non-trivial; and pay for 1000*X upfront. The aggregation vendor=
 has to spend more computing power doing the aggregation (or recursive veri=
fication) and take (1000*X - Y) as profit. Miner gets Y.

The entire point is that there has to be a separate, paid aggregator, in or=
der to ensure that the free mempool service is not overloaded.
Basically, keep the aggregation outside the mempool, not in the mempool.
If aggregation is paid for, that is indeed sufficient to stop the attack, a=
s you noted.

Regards,
ZmnSCPxj