1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
|
Return-Path: <darosior@protonmail.com>
Received: from smtp4.osuosl.org (smtp4.osuosl.org [IPv6:2605:bc80:3010::137])
by lists.linuxfoundation.org (Postfix) with ESMTP id 04AE7C000B
for <bitcoin-dev@lists.linuxfoundation.org>;
Tue, 22 Mar 2022 19:57:32 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
by smtp4.osuosl.org (Postfix) with ESMTP id DF51F417C2
for <bitcoin-dev@lists.linuxfoundation.org>;
Tue, 22 Mar 2022 19:57:31 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001,
RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001,
SPF_HELO_PASS=-0.001, SPF_PASS=-0.001]
autolearn=ham autolearn_force=no
Authentication-Results: smtp4.osuosl.org (amavisd-new);
dkim=pass (2048-bit key) header.d=protonmail.com
Received: from smtp4.osuosl.org ([127.0.0.1])
by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id j55Eis4Yu2Xg
for <bitcoin-dev@lists.linuxfoundation.org>;
Tue, 22 Mar 2022 19:57:30 +0000 (UTC)
X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0
Received: from mail-4319.protonmail.ch (mail-4319.protonmail.ch [185.70.43.19])
by smtp4.osuosl.org (Postfix) with ESMTPS id DE48741746
for <bitcoin-dev@lists.linuxfoundation.org>;
Tue, 22 Mar 2022 19:57:29 +0000 (UTC)
Date: Tue, 22 Mar 2022 19:57:23 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com;
s=protonmail; t=1647979046;
bh=HytvPx/FHPwK9GtL7q49APKnwB5TPXBHM8omOy/5v0g=;
h=Date:To:From:Reply-To:Subject:Message-ID:In-Reply-To:References:
From:To:Cc:Date:Subject:Reply-To:Feedback-ID:Message-ID;
b=0mH++HazEScRspqp/pJjab+iruDp7lgNUEV73kLvsj2B09qBh47S3yfakgeXoEkWu
966EutXYR0x9lh8KzCHk7iJ7I1tnCGhRskI5M1h6WVsLrVaQt5IWFIbl9Tc8s7eTQy
BB35qzwOa89WNS+35n+s172EHjk1MKk5VHiB0yNMrLjtpF6aN0b5zWRrPVilwcDVIX
wjSbCUFAPiNI3Th4WeBFwdJXRlBZ1POBKLh3SzbkROkYXI9QpdkkImbSvZfCE6Y/Ge
eM2mSUak0tP305WyR+gNsJAVsuRJuPh+O7+tPbp3Fj2xCrZU7EV2CSc8qqLVVe0I9r
cgHJUX3VkkmTw==
To: Larry Ruane <larryruane@gmail.com>,
Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
From: darosior <darosior@protonmail.com>
Reply-To: darosior <darosior@protonmail.com>
Message-ID: <dsYqg51rjma__su9a8-7oZD8f5NkNMfKCYwjTvYkzwgvFS1qarplsi9UToewZLbZ6lCWdLrHSs7-88KBkocBy_mKCztF_Y683ELvirVERpw=@protonmail.com>
In-Reply-To: <CAEpYn+eOv7xRkTA2RfpC+ps2ykyvjfZ-iY8-4z9nHov-dNLimw@mail.gmail.com>
References: <CAEpYn+eOv7xRkTA2RfpC+ps2ykyvjfZ-iY8-4z9nHov-dNLimw@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Mailman-Approved-At: Tue, 22 Mar 2022 21:14:33 +0000
Subject: Re: [bitcoin-dev] mempool transaction witness-replacement
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Mar 2022 19:57:32 -0000
Hi Larry,
Thanks for bringing this up. I'm curious to know if this is helpful for pin=
ning as long as you have a way to
statically analyze Script to prevent witness stuffing [0]. I agree it *coul=
d* still be useful for miners, but
subject to all the complications of RBF.
> An advantage of this mempool-accept policy change is that it's
> miner-incentive compatible (miners would prefer to mine a transaction
> with a higher feerate).
There is more to be "miner-incentive compatible" than increasing feerate. F=
or instance, the latest RBF
discussions made the miner incentive to maximize absolute fees more well kn=
own. I think the same goes for
witness replacement: if you don't have as many MBs of transaction you are c=
omfortable with in your mempool,
you don't want it to shrink further.
Antoine
[0] See the 'Malleability' section of https://bitcoin.sipa.be/miniscript/. =
Note however this currently only
applies to third party malleability (in pinning attacks the aversary is=
internal to the contract). On the
other hand Miniscript already allows you to get the maximum satisfactio=
n size, so you can cover for the worst
case scenario already.
------- Original Message -------
Le mardi 22 mars 2022 =C3=A0 8:04 PM, Larry Ruane via bitcoin-dev <bitcoin-=
dev@lists.linuxfoundation.org> a =C3=A9crit :
> Greetings list,
>
> This is my first time posting here.
>
> Question for you:
>
> Should the Bitcoin Core mempool replace an existing transaction with one
>
> that has the same txid (having the same effect, same spends and outputs)
>
> but a sufficiently smaller witness (different wtxid) and thus a higher
>
> feerate? This is what https://github.com/bitcoin/bitcoin/pull/24007
>
> proposes, and I'd like to get opinions on two questions:
>
> 1. Is this a beneficial change? Specifically, is anyone creating an
>
> application that would broadcast transactions with the same txid but
>
> different witnesses as an earlier transaction?
>
> 2. If this change has benefit, what should be considered a sufficiently
>
> better feerate or reduction in witness size?
>
> An advantage of this mempool-accept policy change is that it's
>
> miner-incentive compatible (miners would prefer to mine a transaction
>
> with a higher feerate). But there is of course a code complexity cost,
>
> and transaction-relay DoS concern.
>
> Being miner-incentive compatible is good, but is that sufficient
>
> justification for merging? I'm posting to the mailing list in hopes that
>
> there are use-cases that we (the PR authors) aren't aware of. Please
>
> reply here or on the PR if you can think of any.
>
> A perhaps subtle advantage: This PR may provide a defense against a
>
> mempool pinning attack: if you have a transaction shared with other
>
> parties, and one of them broadcasts the transaction with a bloated
>
> witness (thus intentionally reducing the feerate in hopes of delaying
>
> or preventing confirmation), you currently have no way to change it.
>
> If there is an application out there that uses same-txid-different-witnes=
s
>
> transactions shared between counterparties, this PR would help make
>
> those applications safe.
>
> Question 2 gets at a DoS tradeoff: If the new transaction may have
>
> only a very slightly smaller witness, an attacker might re-broadcast it
>
> many times, consuming a lot of relay bandwidth, and CPU to update
>
> the mempool. On the other hand, if the new transaction must have a much
>
> smaller witness, then it wouldn't be possible to replace a transaction wi=
th
>
> a beneficially-smaller one.
>
> This could be a per-node setting, but it's desirable for the node
>
> network to largely agree on relay policies (although a configuration
>
> option might be useful for testing and experimentation).
>
> Background:
>
> Bip125 (Replace-by-fee) allows an incoming transaction to replace one
>
> or more existing conflicting transactions if certain DoS-mitigation
>
> conditions are met:
>
> https://github.com/bitcoin/bitcoin/blob/master/doc/policy/mempool-replace=
ments.md
>
> Witness-replacement is similar to RBF, but differs in a few ways:
>
> - RBF rule 4 requires an absolute fee increase, which is not possible if
>
> the txid isn't changing (since the inputs, outputs, and amounts must be
>
> the same). So if transaction witness-replacement (same txid but different
>
> wtxid) is allowed, it can't be considered just a special case of an RBF,
>
> although it may have some similar policies (and for the same reasons).
>
> - With witness-replacement, it's not necessary to evict mempool
>
> descendant transactions because their inputs' txid references to their
>
> parent (who is being replaced) remain valid.
>
> - The new transaction replaces exactly one existing transaction since
>
> the inputs are the same. (In general, with RBF, the new transaction may
>
> conflict-out multiple existing mempool transactions, namely, all that
>
> spend the same outputs as the new transaction.)
>
> - RBF requires the original transaction to signal replaceability
>
> (rule 1). This is so that recipients are warned that their payment may
>
> disappear if the transaction is replaced. But signaling isn't required
>
> by witness-replacement since the outputs can't change (the descendants
>
> remain valid).
>
> Thanks for your time!
>
> Larry Ruane (with lots of help from Gloria Zhao)
>
> _______________________________________________
>
> bitcoin-dev mailing list
>
> bitcoin-dev@lists.linuxfoundation.org
>
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
|
