1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
|
Delivery-date: Thu, 28 Mar 2024 07:58:29 -0700
Received: from mail-oa1-f56.google.com ([209.85.160.56])
by mail.fairlystable.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
(Exim 4.94.2)
(envelope-from <bitcoindev+bncBDRYHVHZTUGRBDULS2YAMGQE7B5JOFA@googlegroups.com>)
id 1rprD2-0004Au-QZ
for bitcoindev@gnusha.org; Thu, 28 Mar 2024 07:58:29 -0700
Received: by mail-oa1-f56.google.com with SMTP id 586e51a60fabf-229f4995573sf915588fac.1
for <bitcoindev@gnusha.org>; Thu, 28 Mar 2024 07:58:28 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1711637903; cv=pass;
d=google.com; s=arc-20160816;
b=q61o5NyRQseUapoOirRQ67WyOt+a6hToZvY+THOUI+fQ4RzGJzqxbCJdXMAibm6QKx
ELvTk4OM3q5JvrbyhxSY8DcmwOKmCGdRmCLIg8B0KYeS91NqEn7LUCn2il3jGIai9A8A
GIne+AasWal/Hmkpe/Pt9DvOUTKBXBR8oAEA023DayX2fTeNaP9LiqvW9Q+4eqv4Qjxn
U/OsjX1wwj5XWtw04sko08Q2IG4jZOyq1emno/HfYYdykPnfUXc/QG1JkWboGIY40I3A
psebmPyQLvwtQl8lszdb8iwSl/WuvTr84a9Ap+rn7TsG1ZoVhx4SdBPbTELxmiQa8ZXF
TtGA==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:in-reply-to:content-disposition
:mime-version:references:message-id:subject:cc:to:from:date
:feedback-id:sender:dkim-signature;
bh=9Fx8AAht2TORL/d2+41/Df9ZqP6TZujF0eEGKeSNpqc=;
fh=x2YIrW7YkvaLK9irUrCMBW9qLnCqGySJyCPKvGwDTt4=;
b=B+gfzadlGnvjbTgiqLuwdQtgltetdqUlTlql6THV4a+idx5nPz5lp7ujT6pbtD2sGD
n75YDRpf8WhMAW1URFQNR80sfx9zYWhJEB9MgEFr3Vk+bIvq6777OQBSUD/K0pz6dNIu
rXoD+rBZ7C6dEpnvMZOXjfIlbwfNpdzh6KJn0VdHCQXM6OwgswoIg317j7YtCUsywMBS
qEY2BRh/dA+MUC70yVE3LInER/u0a+nWhyHq9+CNazq3xNsipr2nZJ/+W6fSTAEaeDvK
AI4Ro5dK2SXTzd08wDoT7fFFbXTiLsQZSYrP/vU2NzlcTbOQYqhOAwvfArrinL6RMTx+
qqlA==;
darn=gnusha.org
ARC-Authentication-Results: i=2; gmr-mx.google.com;
dkim=pass header.i=@messagingengine.com header.s=fm2 header.b=E0mYFOIq;
spf=pass (google.com: domain of pete@petertodd.org designates 64.147.123.144 as permitted sender) smtp.mailfrom=pete@petertodd.org
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=googlegroups.com; s=20230601; t=1711637903; x=1712242703; darn=gnusha.org;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:x-original-authentication-results
:x-original-sender:in-reply-to:content-disposition:mime-version
:references:message-id:subject:cc:to:from:date:feedback-id:sender
:from:to:cc:subject:date:message-id:reply-to;
bh=9Fx8AAht2TORL/d2+41/Df9ZqP6TZujF0eEGKeSNpqc=;
b=DAJROnyhueZBbm3vd9su3tlPuIy2RAmuaWWzs+CApXECvlMwRbN50GKoAemPMyE1yd
p/INyT46c6MVSajL2j0h9lVcPkvYViDtXXKfmgllImYvY5oLTWVtrWiCkvI7XczOEzUC
NJtiJfoggvL19AncXF7cecThdINmmwspR45PXshUD+0nkr1oswYGsFpGkMn3Kz3b+edM
BDSkMs5R/X3G91O+ChpStW8YJUjYZ+94w7WE7G+yvjJXR8bsesNs179VxkbE3ukifVJv
bZaK/S8Djend/m05IfhvV4YGIB0sBefKWMJ6qjqawc8RJVBagPdhisE3rSxRddzG4ErM
ekVg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1711637903; x=1712242703;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:x-original-authentication-results
:x-original-sender:in-reply-to:content-disposition:mime-version
:references:message-id:subject:cc:to:from:date:feedback-id
:x-beenthere:x-gm-message-state:sender:from:to:cc:subject:date
:message-id:reply-to;
bh=9Fx8AAht2TORL/d2+41/Df9ZqP6TZujF0eEGKeSNpqc=;
b=EE0ywNrPjb5uUMrPIRVzUBMj5bUaEh6eBhPDrHbjnji5cm1Po6IIGlSgY7HmglnDkp
JowOWc9gNaQ0ZxpSoMOy9+LMyTd38zyHY2sNod80lFCQXwuhOB8F2qWymJ+qIxQiX3Dx
A724MwsGlX/PORAgYMGZGLbnefCkiO8Sv3c+aHbv2B7OiYX9XANRw/llUz3hg5Mvnr6h
IfG08LfIlTnzaleIKB7Gz8EgIPsGUJR/6IRrBdkxALFufSl5jSojZbiRzhgfCBhO8iox
PCsqT6cgY7W8KLY+h0YwWKxpnnef4pqVMzSipUY49n9N2WByjKGlp308Mukt0DxLkyGR
e0UQ==
Sender: bitcoindev@googlegroups.com
X-Forwarded-Encrypted: i=2; AJvYcCVJOEEteUHDo5TAdJ765OF8B5Epf6ucZHvj5bYdY7JikGcj5JPvvWDhnCdln40/zPxnxDhNpfKtLmT7SH6kpSAdhwJgedU=
X-Gm-Message-State: AOJu0Yx43MGaSymPEyvYHRW0F0l7oAJ1zFktqkpGtb8rlXhHe/6v39oN
tifXAyxZcMBSoAMr0a1csPnqHPo+6c9oCJqzq/bxFn/8QvBkkmgonpg=
X-Google-Smtp-Source: AGHT+IG1YNp8sCfWj+fMvjMc9wRSTHMt8L82Xh+WG2aVozIw4TYstWKEAs/46fRFpijmHBlnFf88xw==
X-Received: by 2002:a05:6870:4629:b0:220:8c16:fe1b with SMTP id z41-20020a056870462900b002208c16fe1bmr3166064oao.40.1711637902719;
Thu, 28 Mar 2024 07:58:22 -0700 (PDT)
X-BeenThere: bitcoindev@googlegroups.com
Received: by 2002:a05:6870:be92:b0:22a:62fa:314f with SMTP id
nx18-20020a056870be9200b0022a62fa314fls375638oab.2.-pod-prod-08-us; Thu, 28
Mar 2024 07:58:22 -0700 (PDT)
X-Received: by 2002:a05:6870:65a4:b0:21e:917a:1430 with SMTP id fp36-20020a05687065a400b0021e917a1430mr73358oab.5.1711637901954;
Thu, 28 Mar 2024 07:58:21 -0700 (PDT)
Received: by 2002:a05:6808:19a3:b0:3c3:cc75:72a7 with SMTP id 5614622812f47-3c3de8ca926msb6e;
Thu, 28 Mar 2024 07:27:26 -0700 (PDT)
X-Received: by 2002:a05:6e02:1d84:b0:366:99ee:f14a with SMTP id h4-20020a056e021d8400b0036699eef14amr3220022ila.22.1711636045853;
Thu, 28 Mar 2024 07:27:25 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1711636045; cv=none;
d=google.com; s=arc-20160816;
b=dG0Od5ie4jQL9et/d40uJpblbjhhc24DabJs7/vVJfLyUR7gKMofhWpYwAR79Iy88I
xzWkp88iAxW0EZtKjgXo17rdfeARhwjQRfwEWa8GM+CgP2K+LqlE+h2FMvpN5IOJZYk3
7Qpi1Qe6c1ZARkVX4dx6frNaas01FfgspPStyjtDN8vRUBrP3vVgUnZVAYtdnKWJgVgI
ewQ6tmCxqWRxvs7GAACJ12YIcQJUBd3Kl6bozrfZrtSX2lKWKrafrn0gjv91GOdABVIV
O2iROWPpypShJEHYZdTSlROGlgIqOMxhUpUgF7RRpHcL8tDCvBhFHcQSA31LZ8ttQcP7
vkmA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
h=in-reply-to:content-disposition:mime-version:references:message-id
:subject:cc:to:from:date:feedback-id:dkim-signature;
bh=XS2sWnXhFP4W3vuBUaxVOQuomv57q+McRqdpU959ink=;
fh=sapDHqhE46zLmMBeB1lkoe0zq8J9+V3Afx71/j8kvug=;
b=oHc7BlQy2JiVMMABcH3ZhZfR0HbVx/tG6bLw0qijawvWo9mB+EM2+cUv5g53QKunw1
RGBImlbKM8C+eQAPeGfOuCJ/TKQ4UmcxnR+uRNorKQjx0VXCzgYxLOVCSWLhn+NsHJ3S
H4zE89eol9QUxtR6kde4/z38PmUirIzkg3vVlVD6pAuTGYUkkrYsaqyh03YVT3O3TM8V
HpxrTpaBFkzWg7fuz0STKqUyKGUi6QHnmrMmSPJkU6rbV2s6rLX0J0dEO96JuGErECVv
3k3enPMdRCtAJ0q/FLpZGvMsBVwC7au9hxNo0ebxnSH4BUoNi4WFB+C4oumOyEzP+DgU
+xaw==;
dara=google.com
ARC-Authentication-Results: i=1; gmr-mx.google.com;
dkim=pass header.i=@messagingengine.com header.s=fm2 header.b=E0mYFOIq;
spf=pass (google.com: domain of pete@petertodd.org designates 64.147.123.144 as permitted sender) smtp.mailfrom=pete@petertodd.org
Received: from wfout1-smtp.messagingengine.com (wfout1-smtp.messagingengine.com. [64.147.123.144])
by gmr-mx.google.com with ESMTPS id ct3-20020a056e023b0300b0036898b55a0esi108242ilb.4.2024.03.28.07.27.25
for <bitcoindev@googlegroups.com>
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Thu, 28 Mar 2024 07:27:25 -0700 (PDT)
Received-SPF: pass (google.com: domain of pete@petertodd.org designates 64.147.123.144 as permitted sender) client-ip=64.147.123.144;
Received: from compute6.internal (compute6.nyi.internal [10.202.2.47])
by mailfout.west.internal (Postfix) with ESMTP id 4EDFA1C000E5;
Thu, 28 Mar 2024 10:27:24 -0400 (EDT)
Received: from mailfrontend1 ([10.202.2.162])
by compute6.internal (MEProxy); Thu, 28 Mar 2024 10:27:24 -0400
X-ME-Sender: <xms:S34FZj-5Go2Ap4ljFUjeyTpZ8ZGxKtFCpYahYF9YBCLNjoYquQCNMw>
<xme:S34FZvuV2cZ37qrZUFuClhqZGSOWUEcPDd0i1vS8M28r_A7ugLlKrGoxdFeZP6dn5
RLHCdRCmT7ibk9XPms>
X-ME-Received: <xmr:S34FZhC2KAxQr5GYpX6L_boMzgK7DaKWUSIxFxRRBB9zP05H7nh8KckNjrY>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvledrudduledgieefucetufdoteggodetrfdotf
fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen
uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne
cujfgurhepfffhvfevuffkfhggtggujgesghdtreertddtvdenucfhrhhomheprfgvthgv
rhcuvfhougguuceophgvthgvsehpvghtvghrthhouggurdhorhhgqeenucggtffrrghtth
gvrhhnpeelvdellefftddukeduffejgfefjeeuheeileeftdfgteduteeggeevueethfej
tdenucffohhmrghinhepphgvthgvrhhtohguugdrohhrghenucevlhhushhtvghrufhiii
gvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehpvghtvgesphgvthgvrhhtohguugdr
ohhrgh
X-ME-Proxy: <xmx:S34FZvdQi7wkbC5j1gwHzkI2eoB1grIq7M0OUxf5hQ49NqIdcrRmMw>
<xmx:S34FZoMnB4QGG_D_d6d-ftkPP4UH94A3DiAoYQQsZfyUM2toWIrNIQ>
<xmx:S34FZhkhNixrT9YhHn1S5lmvL5pCEUeKNXytYR6J11czvchRVEoRmQ>
<xmx:S34FZisfchj1DYwnRqHUuHSv_Wh5YmTI21_r2Hmtawve-_5qad3uKA>
<xmx:S34FZkDsNEUX5aazGveRZHA9a92ZNFe1JqeHAwnZqLjVH29Pd5cI1bNCLZw>
Feedback-ID: i525146e8:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Thu,
28 Mar 2024 10:27:22 -0400 (EDT)
Received: by localhost (Postfix, from userid 1000)
id C44D75F87B; Thu, 28 Mar 2024 14:27:18 +0000 (UTC)
Date: Thu, 28 Mar 2024 14:27:18 +0000
From: Peter Todd <pete@petertodd.org>
To: Antoine Riard <antoine.riard@gmail.com>
Cc: Bitcoin Development Mailing List <bitcoindev@googlegroups.com>
Subject: Re: [bitcoindev] Re: A Free-Relay Attack Exploiting RBF Rule #6
Message-ID: <ZgV+Rk0m4azlbRZP@petertodd.org>
References: <Zfg/6IZyA/iInyMx@petertodd.org>
<0a377ddb-b001-41ba-9208-27b3fa059bb5n@googlegroups.com>
<ZgQZUOCc/dSjKMoL@petertodd.org>
<CALZpt+GOCiwYdK4vfkODrT0Sx6HxCAuvhVqa1c5o3Xjy03OiAQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature"; boundary="nQsR4l3SVl/46568"
Content-Disposition: inline
In-Reply-To: <CALZpt+GOCiwYdK4vfkODrT0Sx6HxCAuvhVqa1c5o3Xjy03OiAQ@mail.gmail.com>
X-Original-Sender: pete@petertodd.org
X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass
header.i=@messagingengine.com header.s=fm2 header.b=E0mYFOIq; spf=pass
(google.com: domain of pete@petertodd.org designates 64.147.123.144 as
permitted sender) smtp.mailfrom=pete@petertodd.org
Precedence: list
Mailing-list: list bitcoindev@googlegroups.com; contact bitcoindev+owners@googlegroups.com
List-ID: <bitcoindev.googlegroups.com>
X-Google-Group-Id: 786775582512
List-Post: <https://groups.google.com/group/bitcoindev/post>, <mailto:bitcoindev@googlegroups.com>
List-Help: <https://groups.google.com/support/>, <mailto:bitcoindev+help@googlegroups.com>
List-Archive: <https://groups.google.com/group/bitcoindev
List-Subscribe: <https://groups.google.com/group/bitcoindev/subscribe>, <mailto:bitcoindev+subscribe@googlegroups.com>
List-Unsubscribe: <mailto:googlegroups-manage+786775582512+unsubscribe@googlegroups.com>,
<https://groups.google.com/group/bitcoindev/subscribe>
X-Spam-Score: -0.8 (/)
--nQsR4l3SVl/46568
Content-Type: text/plain; charset="UTF-8"
Content-Disposition: inline
On Wed, Mar 27, 2024 at 07:17:24PM +0000, Antoine Riard wrote:
> > I don't believe the other attacks in this attack class are even possible
> to
> fix. We just have to live with the fact that a degree of free relay is
> always
> going to be possible.
>
> See comments under proof-of-UTXO ownership as plausible mitigations.
>
> In anway, I think this is not the type of fixes we can land in a covert
> fashion given the
> order of magnitude of engineering effort and potential tx-relay network
> impact.
Indeed, at this point I strongly suspect had I instead lobbied for a fix
privately, given that one obvious mitigation is replace-by-fee-rate, I'd
instead just get accused of nefarious behavior for not doing so openly.
> > Can you explain in more detail how exactly you'd pull that off? Are you
> aware
> of LN implementations that actually create feerate ascending LN states?
>
> I think you can create feerates ascending LN states with today's LN
> implementations by playing with BOLT2's `dust_limit_satoshis`.
> State 1 has 1 dust HTLC trimmed, state 2 has 2 dust HTLCs trimmed, ...
> State N has N dust HTLCs trimmed.
Correct me if I'm wrong. But I don't believe that the `dust_limit_satoshis`
value can be changed on an existing channel.
It *should* be possible to change on an existing channel, as the economic dust
limit is fee-rate dependent. But the protocol does not support that yet IIUC.
> > Imagine if the mempool size was 1TB, an amount larger than the entire BTC
> > blocksize to date. I think that example helps make it obvious that with
> such an
> > enormous mempool, there *must* be free relay attacks, because it's simply
> > impossible for all broadcast transactions to even get mined.
>
> I think there is an interesting distinction that can be made between
> mempool size
> ressources dedicated to increase block template efficiency and minimum
> mempool size
> to just ensure you have good BIP152 compact block validation time.
> Obviously if you're
> aiming for the first, you're incentivized to offer "free-relay" bandwidth
> to your peers and
> increase your view of the ongoing transaction traffic.
There's also a convenience aspect to this: large mempools are convenient for
transaction senders, as it allows them to go off line after sending
transactions that aren't going to be mined in the near future. If we had a
world of purely always-online transaction senders, mempools could be smaller.
> > All the existing replacement mechanisms _are_ basically a proof-of-UTXO
> > ownership, because they're transactions spending UTXOs. The only question
> is
> > the details of how that proof works.
>
> Yeah somehow it's correct that any replacement mechanisms encompass a
> proof-of-UTXO
> ownership mechanism. Yet in a world you can partition mempool like you show
> with your
> for example, it's easy to make this proof-of-UTXO economically unpaid by
> the attacker. Asking
> aged UTXOs attached to a replacement candidate could be make such proof
> more robust, in
> my understanding.
I think you're missing a third aspect to this: # of peers.
Modulo economic irrationalities with differently sized txs like the Rule #6
attack, the proof-of-UTXO is almost economically paid even when mempools are
partitioned because the bandwidth used by a given form of a transaction is
limited to the % of peers that relay it. Eg if I broadcast TxA to 50% of nodes,
and TxB to the other 50%, both spending the same txout, the total cost/KB used
in total would exactly the same... except that nodes have more than one peer.
This acts as an amplification fator to attacks depending on the exact topology
as bandwidth is wasted in proportion to the # of peers txs need to be broadcast
too. Basically, a fan-out factor.
If the # of peers is reduced, the impact of this type of attack is also
reduced. Of course, a balance has to be maintained.
I call the Rule #6 attack an economic irrationality because the higher fee-rate
transaction should have replaced the low fee-rate transactions: it's the one
that got mined, so bandwidth spend on the low fee-rate txs was clearly wasted,
and miners lost out on some fees.
--
https://petertodd.org 'peter'[:-1]@petertodd.org
--
You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/bitcoindev/ZgV%2BRk0m4azlbRZP%40petertodd.org.
--nQsR4l3SVl/46568
Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE0RcYcKRzsEwFZ3N5Lly11TVRLzcFAmYFfj8ACgkQLly11TVR
LzdZWg/+N7SHalFTmifKpJ4KaADVlyoGlRFittRIFLzlz6roSp/sQ2c7NJwmfUtH
Uulj9V3MPfQZ5PBMc6L5Xhx+fOLD6i1M+P3lMendFPiQAje0SrQOy/n/oW//dR6K
AiRrhf6aYkbVygITLgw2oQP2ukfze0ls10YL1ezI/itEKYLoWNHMLNF+RVtl6DMn
14lf9WTadAVUXcs6avbpUNggEYE7w8MYf+zC7tisZKcphdJm6stvLQYZ5yHWVqNM
AnOb7ejkL5Y2jFl1urz84f+quqwb1OxUJ6+UkVoKjmVaBL7fcvflOL2+PWWA0H1J
HPf9nQSzGUVVk+oBa6yGU8vyw1KyXsFm55LI0KQyqyuOTa81UVUEKM/mONae2ymu
oe2xjMKIOfu091O0jxrGDu90iaqS3R1QEPtAE4U4BDcePPsazG39BlvHzhM2Mbxq
JM/2FI7EQoXdHE5GETey/ENz7AsvzyepG3QLM65HV6OzLR6rdnZj7sPuJWMZsCTo
kn75B/afJmbuV6fO1tKA4tKl091ckPE/P9S/ggp3A6xrNzEMJA2i2BuYgA2Dn7Fg
xb5P4D06aZTKXjtwmj7qMaflnbzAsrI68jpzK/pX9JC+RbNwCahF18y9EZ5PK65c
t5p6H0Ry/YXpYpGVrz2Fbqe7OLl2lEytiCgtoe5sr3G9SgXlmF4=
=wXFE
-----END PGP SIGNATURE-----
--nQsR4l3SVl/46568--
|