1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
|
Delivery-date: Sun, 31 Mar 2024 11:31:39 -0700
Received: from mail-oo1-f58.google.com ([209.85.161.58])
by mail.fairlystable.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
(Exim 4.94.2)
(envelope-from <bitcoindev+bncBDRYHVHZTUGRBBGYU2YAMGQE427LXFA@googlegroups.com>)
id 1rqzxz-0001ll-Ar
for bitcoindev@gnusha.org; Sun, 31 Mar 2024 11:31:39 -0700
Received: by mail-oo1-f58.google.com with SMTP id 006d021491bc7-5a53b018156sf1647381eaf.1
for <bitcoindev@gnusha.org>; Sun, 31 Mar 2024 11:31:39 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1711909893; cv=pass;
d=google.com; s=arc-20160816;
b=09mYFTAL6DHVBflWXrZczcfUfibR8hxoM2ZI/oiYjFB3MHEV39DZwRsidx2tZDtZBx
mgbqg65QLZh80F/L9LQ6Rq2S6bnXIUGelrPcJh1+unnotoflSxt/od8+JPq23CGjK612
kIC3JgdKT2UWl1s5yqAGp9eCZrVcT6Z5DkDuq5jI4OdD9/KX9Djab2pp8osGNQTSqJ6u
55XurMpURKny5LgY04lpNKYbyv2JGSMA0BKY5X2jPz6oWZKVHXZYe9lyDli/T3Sh02YR
HX7WluUG4dqQba+63i/w33TAmAMNBFy2N6xYtqcoXqUTsWbohxU/lZnk+gJR6cKv4ea6
fDVA==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:content-disposition:mime-version
:message-id:subject:to:from:date:feedback-id:sender:dkim-signature;
bh=W1ajXyL3ZhYcqUMxbM2EMSvUmzxp9UaiZqVkCReLknA=;
fh=LSIILU/bsJ/6cLUxx3aMsUBchjdwWugOZ4VnpESOFyE=;
b=XgYL5NpX1SMNKPWzd3Np545BjFf14ntafS+qFOwD6pZL0fD7nToA85PVcEXzD8rU1F
JM6M282zatCavoWhkJ8AcVe9ehhfERmKsddLThsNSH/n9YYCC4NtGt5qlrsrVMO9aKi2
8rmdf7NYRW2x0AcC4d4XpuItkLzmISa8qMiXEyuo/c13CVqL+iP/aEvlb5d6XitR202j
AzwOT4BXL2xZ7xic7UXcJa5nxuCMBZeXragCB1ffcBbfjDiRooXOq2YauDktcZG2TF8K
EF+tIGi8bgM74c/4oJ1j2RGy/hAkA6UoEcwjINWLADnFpE3pEStIKOGXFUFMOCv1bS+t
1YCw==;
darn=gnusha.org
ARC-Authentication-Results: i=2; gmr-mx.google.com;
dkim=pass header.i=@messagingengine.com header.s=fm2 header.b=EoYJRUiD;
spf=pass (google.com: domain of pete@petertodd.org designates 103.168.172.154 as permitted sender) smtp.mailfrom=pete@petertodd.org
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=googlegroups.com; s=20230601; t=1711909893; x=1712514693; darn=gnusha.org;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:x-original-authentication-results
:x-original-sender:content-disposition:mime-version:message-id
:subject:to:from:date:feedback-id:sender:from:to:cc:subject:date
:message-id:reply-to;
bh=W1ajXyL3ZhYcqUMxbM2EMSvUmzxp9UaiZqVkCReLknA=;
b=m7Y1c22ptGy2xiOPz/A2razRr74hvAhc1KAbsiXKY94JfSAzPe5VeMuoDirZMA48R5
JeLjUZ9NzLVBUhkPWnoy/geQjGxsxaTYsbAKrbkm1tSwNRSRoaLsiriIlL8PBaOV761Y
LrI8K4+/XKpZJgbsollPCtjzJgmMg6i+R4Tl9urrM16PZVBHAKailQNuZFg/7UDoZ1h0
0z3NiKQ1wQOg12DCFcjOX1XAS5DueX1OddPxNTkfO1zzpPD01C+LkoV0Gpzk9ixhO4QP
AjMuegnJmAkcnaXAt++r6GogUEXG8dpTkMqEBHNLHaFdyDO7oDQuAKIdpP6Qh0qv602V
Oltg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1711909893; x=1712514693;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:x-original-authentication-results
:x-original-sender:content-disposition:mime-version:message-id
:subject:to:from:date:feedback-id:x-beenthere:x-gm-message-state
:sender:from:to:cc:subject:date:message-id:reply-to;
bh=W1ajXyL3ZhYcqUMxbM2EMSvUmzxp9UaiZqVkCReLknA=;
b=Gpio5yzqA/rv8FFV+s70+cIwL/6zCaxhOeq+LmRbCFJUhDNxzb1IwVGAZ9a0w9SU+h
Wd/OFzzlz9QY+ZtJSzZwJBp3TBstWiTpIfzyJUoaRvZi0B9np+2Hoy4B3eO/GG4AXyox
wvj6+FF2PCiYQtQFt0b2rLvv9XGHp3Xlx2VY6zHcVEbKrhqXca9dMpRXXKP+WyRNoCaF
TVnJYHhyb2kb4wcO3arKegZZ+kxZrJf3meMiphgMO1dVI5jYxhFb0Yc/5PxSjpKN9bnc
6salKSwWsOCStB+AX1Qvn8U5TonxnWm7XKk3sDQCyGpL5j/O8GGcLgYsMOyr45BLOVUA
aiNg==
Sender: bitcoindev@googlegroups.com
X-Forwarded-Encrypted: i=2; AJvYcCUzo7EcPonj5zUYJ1vvgzs0T1DYsw6v/BmQL5BeEqLgBF2zyKaDvbguSJOdhRxlJPWPygp1vAcgoNYeLtbrGWLN92E8SLg=
X-Gm-Message-State: AOJu0YyhWijeRnGZ29fX/YSyWYVy/P2eUkdWMQPK5xqwHJ3MWsPyqWix
1udT9/d+M/GDtrc6GPa4eSofLJ8b8VymSH3ZdNwoo2C6UJTzf8o4
X-Google-Smtp-Source: AGHT+IEI/SHtkh/PUH+L5P7TMXkN7OhRpznFLphj1wDx9HeUW69MnoRJ0Q1c2BlNpyScwHkS8VCMNA==
X-Received: by 2002:a05:6820:210e:b0:5a5:247e:147b with SMTP id cd14-20020a056820210e00b005a5247e147bmr3128973oob.0.1711909893168;
Sun, 31 Mar 2024 11:31:33 -0700 (PDT)
X-BeenThere: bitcoindev@googlegroups.com
Received: by 2002:a4a:bc84:0:b0:5a4:905d:743f with SMTP id m4-20020a4abc84000000b005a4905d743fls3705463oop.1.-pod-prod-05-us;
Sun, 31 Mar 2024 11:31:32 -0700 (PDT)
X-Received: by 2002:a05:6820:61b:b0:5a5:868e:8bd2 with SMTP id e27-20020a056820061b00b005a5868e8bd2mr412133oow.0.1711909892320;
Sun, 31 Mar 2024 11:31:32 -0700 (PDT)
Received: by 2002:a05:6808:219c:b0:3c3:cc09:ef6d with SMTP id 5614622812f47-3c3ef57ad9dmsb6e;
Sun, 31 Mar 2024 10:31:54 -0700 (PDT)
X-Received: by 2002:a17:90a:ba8d:b0:2a0:7895:f356 with SMTP id t13-20020a17090aba8d00b002a07895f356mr15177750pjr.12.1711906312807;
Sun, 31 Mar 2024 10:31:52 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1711906312; cv=none;
d=google.com; s=arc-20160816;
b=loSDVWdLWSElDLFODu6xWLI8IceQGlOkks/IdnnvurciL7Hb8kQwIC2qjW7RGhmwxC
POPlIVnuElcMNdD3ZUyNHb1ZlHGqgAx0GTPYi7rwnK6WJ5Gr8JzJdRsGgqMx+vANcq3n
WztP8hsdgJWcHqOiymSRBGmAlwF+u+4RUPCTUlLrB3d4casMxSquBh7tQgWhA+jrK1E0
+oKgCwx/Qp61OOsxaXoXRDg0jyGDHuZWGh4QC6cLqyvh6XYhHmfo+nypF5bbesylub8W
jTz0jdbZcidjq7OAZkrVdpEnzysyTpEBzP1qoeXnN2hAiPYLBiKzPfovu80J9BL8lkrN
PPJg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
h=content-disposition:mime-version:message-id:subject:to:from:date
:feedback-id:dkim-signature;
bh=uGR+8XnquD0VrDbleKA2W7C+6HYEai8CE+E0zIhcLsE=;
fh=VcGcg+Zjs9gw1uDcHbxsAILhBAcecnbJzZRdxgKVDIc=;
b=dyCTuWgOu52UCeRN8CZC89rojXAYEakNnDlgHB9Bhxf7gHICqhu3YQo1vbrtfieoqs
S/HVGSOs7SqWjtCQLH5WB8MvP3s5PSFzaO8UDo92hNLiTBJWnUt9wrU53uSSAZ1BD+19
GHKkY+YlAmWzPsmlZBSKVhrK38boOD4BsZzPfxaypeh3HH1rywTsQTZpUdQoTbhgFHMM
bDn3qgUP7Wax0q/wyaMBGo7rwLDqpUUiDyW+HQGDKWyUDlwzmwOP8sQ1HIbPO6IWVEbS
JuKq7gvXvui9uIDBsyZF/Q4uuW+tLrDXaEzzUOamjwSLNXRzqHQ3+C2+UIPiQbio4GlA
IG4g==;
dara=google.com
ARC-Authentication-Results: i=1; gmr-mx.google.com;
dkim=pass header.i=@messagingengine.com header.s=fm2 header.b=EoYJRUiD;
spf=pass (google.com: domain of pete@petertodd.org designates 103.168.172.154 as permitted sender) smtp.mailfrom=pete@petertodd.org
Received: from fhigh3-smtp.messagingengine.com (fhigh3-smtp.messagingengine.com. [103.168.172.154])
by gmr-mx.google.com with ESMTPS id a19-20020a17090a8c1300b002a213e8259asi804717pjo.1.2024.03.31.10.31.52
for <bitcoindev@googlegroups.com>
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Sun, 31 Mar 2024 10:31:52 -0700 (PDT)
Received-SPF: pass (google.com: domain of pete@petertodd.org designates 103.168.172.154 as permitted sender) client-ip=103.168.172.154;
Received: from compute5.internal (compute5.nyi.internal [10.202.2.45])
by mailfhigh.nyi.internal (Postfix) with ESMTP id C86D111400BA
for <bitcoindev@googlegroups.com>; Sun, 31 Mar 2024 13:31:51 -0400 (EDT)
Received: from mailfrontend1 ([10.202.2.162])
by compute5.internal (MEProxy); Sun, 31 Mar 2024 13:31:51 -0400
X-ME-Sender: <xms:Bp4JZq4s12qbLjnAXfCxwnY6E6A0hkgv3KJ594wtBw9iig6FXT8p_g>
<xme:Bp4JZj52ICzW_gSyTvDoC35WhgAbTG3-Jyy37Q-rWuazIXIK8w77r3CD-nyudI4Dk
faUo8HFIpzKgOvnDQw>
X-ME-Received: <xmr:Bp4JZpdklrBvs8EVaA6wuDUc6_9OicZD77RC2xrzlFWKCXuEJWEXRQSfcA>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvledruddvkedgledvucetufdoteggodetrfdotf
fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen
uceurghilhhouhhtmecufedttdenucenucfjughrpeffhffvuffkgggtugesghdtreertd
dtvdenucfhrhhomheprfgvthgvrhcuvfhougguuceophgvthgvsehpvghtvghrthhouggu
rdhorhhgqeenucggtffrrghtthgvrhhnpefhteevgeeuvdekheeivdeffeduuedufefhte
elheffgfelueefieffjeefffeuleenucffohhmrghinhepphgvthgvrhhtohguugdrohhr
ghenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehpvg
htvgesphgvthgvrhhtohguugdrohhrgh
X-ME-Proxy: <xmx:Bp4JZnLqf0CqNpvvdk6CMKKWYXl43RUlsjG4Tt_vr9SH0kfVK_W2yw>
<xmx:Bp4JZuICdZwpxjnuA2TaLjcNFeEr9yytHBDxMGZs7hdRnCK0NocXVw>
<xmx:Bp4JZozip-NROZFWuDcP9msBUvQyZwAMkMXe7tkxWqswNC5UXdJ_Rw>
<xmx:Bp4JZiLPsnct2r7pDUif-7OR8K3GlLdwiPoiDmkFVuuObRcxWXsapQ>
<xmx:B54JZgjxf3mduecZ8f_fZIIKguXZ5XzdAUzbW4VMirh6Qx1xT-F1kw>
Feedback-ID: i525146e8:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA for
<bitcoindev@googlegroups.com>; Sun, 31 Mar 2024 13:31:50 -0400 (EDT)
Received: by localhost (Postfix, from userid 1000)
id 264605F87B; Sun, 31 Mar 2024 17:31:47 +0000 (UTC)
Date: Sun, 31 Mar 2024 17:31:47 +0000
From: Peter Todd <pete@petertodd.org>
To: bitcoindev@googlegroups.com
Subject: [bitcoindev] A Free-Relay Attack Exploiting Min-Relay-Fee Differences
Message-ID: <ZgmeAzZp8RS6uMdc@petertodd.org>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature"; boundary="Qnvi3+pULi0x6xlS"
Content-Disposition: inline
X-Original-Sender: pete@petertodd.org
X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass
header.i=@messagingengine.com header.s=fm2 header.b=EoYJRUiD; spf=pass
(google.com: domain of pete@petertodd.org designates 103.168.172.154 as
permitted sender) smtp.mailfrom=pete@petertodd.org
Precedence: list
Mailing-list: list bitcoindev@googlegroups.com; contact bitcoindev+owners@googlegroups.com
List-ID: <bitcoindev.googlegroups.com>
X-Google-Group-Id: 786775582512
List-Post: <https://groups.google.com/group/bitcoindev/post>, <mailto:bitcoindev@googlegroups.com>
List-Help: <https://groups.google.com/support/>, <mailto:bitcoindev+help@googlegroups.com>
List-Archive: <https://groups.google.com/group/bitcoindev
List-Subscribe: <https://groups.google.com/group/bitcoindev/subscribe>, <mailto:bitcoindev+subscribe@googlegroups.com>
List-Unsubscribe: <mailto:googlegroups-manage+786775582512+unsubscribe@googlegroups.com>,
<https://groups.google.com/group/bitcoindev/subscribe>
X-Spam-Score: -0.8 (/)
--Qnvi3+pULi0x6xlS
Content-Type: text/plain; charset="UTF-8"
Content-Disposition: inline
It's common for some nodes, especially miners, to have larger than default
mempools, leading to lower-than-normal minrelayfees. This can be exploited for
free-relay attacks as follows:
1. Publish tx A, with an unusually low fee-rate, below typical
min-relay-fees, but with a sufficient size to have a reasonably large absolute
fee. In my experience it is not difficult to get very low fee rate
transactions mined if they're broadcast by well-connected nodes. Specific
connections to miners is not required.
2. Publish B, double-spending A, with a fee-rate high enough to be accepted by
most mempools. But with a total fee less than A.
3. Publish C, spending B, with a low fee rate and large size. Nodes with A will
not accept C, as it spends a txout that they're not aware of.
4. To recover funds, double-spend A with A', with a sufficiently high fee-rate
to get mined.
Since package replacement has not been implemented, the combination of C and B
will not replace A, and the total cost of the attack will be limited to the
cost of spending A.
As usual, C can in turn be double-spent at higher and higher fee-rates. C could
also be double-spent across multiple different nodes with different, almost
identical, variants of C.
# Mitigation
Package replacement. Though it is still economically irrational for miners to
"mitigate" this attack: they earn more money by simply mining the high fee-rate
A', with replace-by-fee-rate.
# Responsible Disclosure
You're reading it. Since this type of attack is public, other variants of
attacks along these lines should just be openly discussed. Better to have
plenty of people who understand the issue so there's lots of eyes on potential
fixes.
--
https://petertodd.org 'peter'[:-1]@petertodd.org
--
You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/bitcoindev/ZgmeAzZp8RS6uMdc%40petertodd.org.
--Qnvi3+pULi0x6xlS
Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE0RcYcKRzsEwFZ3N5Lly11TVRLzcFAmYJngEACgkQLly11TVR
LzeuKw/9EUxUwen1W8vGDtFnwLBxfK7AEYih8h+BUKqnINWTmJE/NpTPdHLXA1IF
RwFcO2saVQAfceSTgXm1DrWWEYFJa9mnNb2xBOV5tkUWX2I6aaAtfIZ6L0RkB2BV
y9oaJUAh98+k+Mia3xf5Zm4+gLtET3eIIkgF7eK3Ge8cDCzFAqihoXsUV7XRYC5J
TOn5D4XbYHHz7pJumb69tAvNuaYCdBNjJrLtAIzLCMHEXNsbII26BpRQ2B6r1iAH
0As/qMxFZZPuekQohUA52TEZwvNXppX0wWI9mp4b4p4WPZ8exmDpUT6JGYVkdYCt
aimNK/V5vG9A2NfcxS1UIvxFVePuZcSzCg6fR9U4Uhbc7lAXVFSqj5UHPQGM5+n/
xDa8nR3SFsQEJl3nmJAVu4vsNVnR0NeoBT/FjeB7rrjSccjL6x/INyEoDxlVB+Kp
FHssEawqQktLYu+s6TNPfYEy2ih2eORnrcOBzuYLQm/h64jhN7Zv40VFjRXzdklY
Bxt5lBNVDVOk6IdFBjlHPiZ916MaGi5ACxQXqrXQetL0dxUlAIqPDq+kyxwT5wky
36pTwH20GNfgF77issQHQ6LtN+oUFahOqzHsfuylrgXqVYmN2e/WK7VFGZA93iVo
QLNiCkPWSktUmILpm71Y3h0T4JeZEE3xtgGGShBMy30ap90qEBg=
=Jibx
-----END PGP SIGNATURE-----
--Qnvi3+pULi0x6xlS--
|
