Return-Path: Received: from smtp3.osuosl.org (smtp3.osuosl.org [IPv6:2605:bc80:3010::136]) by lists.linuxfoundation.org (Postfix) with ESMTP id 6D85FC002A for ; Sat, 6 May 2023 02:51:45 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp3.osuosl.org (Postfix) with ESMTP id 3373660B57 for ; Sat, 6 May 2023 02:51:45 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org 3373660B57 Authentication-Results: smtp3.osuosl.org; dkim=pass (2048-bit key) header.d=protonmail.com header.i=@protonmail.com header.a=rsa-sha256 header.s=protonmail3 header.b=pFsBBOyp X-Virus-Scanned: amavisd-new at osuosl.org X-Spam-Flag: NO X-Spam-Score: -1.602 X-Spam-Level: X-Spam-Status: No, score=-1.602 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, FROM_LOCAL_NOVOWEL=0.5, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from smtp3.osuosl.org ([127.0.0.1]) by localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QJM9pfEaiR0O for ; Sat, 6 May 2023 02:51:44 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0 DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org ECD5460B1E Received: from mail-4318.protonmail.ch (mail-4318.protonmail.ch [185.70.43.18]) by smtp3.osuosl.org (Postfix) with ESMTPS id ECD5460B1E for ; Sat, 6 May 2023 02:51:43 +0000 (UTC) Date: Sat, 06 May 2023 02:51:33 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail3; t=1683341500; x=1683600700; bh=nVvRr1jtENb/RuePz0xGEsj9te+hC2SolXs2QdECThE=; h=Date:To:From:Cc:Subject:Message-ID:In-Reply-To:References: Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID: Message-ID:BIMI-Selector; b=pFsBBOypPfFdL99pqYjD1s4KggL/0yvNCXXRlm6ndaEOa8xfOjTBFkekGa687JQQS a3N08Upoj1KDArpBhJ7wcKANFMuEnRzx8hoBD0WoqAh1P2Xq1hEQhdqH65grED+DwX u4Wtay/eGyHPnvVMTUJ32BI7uGEi9/HyC/jwh+vcGhXmHcVI0KpmmbwQ22T/oW3eGx eKj3/e46jCU66hTf853zkF21fwA2R+kg48E/uoAqTgQCt+DJMlQraDA4wQLomXoj0C XEmCqZZIzDeTMaqmmpWuwdhvt1FV14X6xVAcNc97pWPol8CQunHzI3bp+mI/0Yt8ui daTiQtRjf9hYw== To: Weiji Guo From: ZmnSCPxj Message-ID: <-ZXduH8kzOVdK_FBE0VvMtuKDAFSU0Z4joKeIqM7CFnHO9kymMHfVwGjlwEHLzAnFWXLd_jVtNrkdeQGVobYUqjwASXEQ2w8BHh5FtEMJzs=@protonmail.com> In-Reply-To: References: Feedback-ID: 2872618:user:proton MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Cc: Bitcoin Protocol Discussion Subject: Re: [bitcoin-dev] proposal: new opcode OP_ZKP to enable ZKP-based spending authorization X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 06 May 2023 02:51:45 -0000 Good Morning Weiji, > Hi ZmnSCPxy, > > As the network is pseudonymous, an anonymous attacker can flood the ful= lnode mempool network with large numbers of non-aggregated transactions, th= en in cooperation with a miner confirm a single aggregated transaction with= lower feerate than what it put in the several non-aggregated transactions. >=20 > Arguably this is hardly a feasible attack. Let's suppose the attacker cre= ates 1000 such transactions, and attaches each transaction with a small amo= unt of transaction fee X. The total fee will be 1000*X collectible by the a= ggregation vendor, who pays the miner a fee Y. We can reasonably assume tha= t 1000*X is much larger than Y, yet X is much smaller than Y. Note that Y i= s already much larger than the regular fee for other transactions as the ag= gregated transaction should contain many inputs and many outputs, thus very= large in size. >=20 > Now, the attacker will have to generate proofs for these 1000 transaction= s, which is non-trivial; and pay for 1000*X upfront. The aggregation vendor= has to spend more computing power doing the aggregation (or recursive veri= fication) and take (1000*X - Y) as profit. Miner gets Y. The entire point is that there has to be a separate, paid aggregator, in or= der to ensure that the free mempool service is not overloaded. Basically, keep the aggregation outside the mempool, not in the mempool. If aggregation is paid for, that is indeed sufficient to stop the attack, a= s you noted. Regards, ZmnSCPxj