On Tue, Jan 10, 2023 at 10:14:47AM -1000, David A. Harding wrote: > On 2023-01-10 00:06, Peter Todd wrote: > > Remember, we'd like decentralized coinjoin implementations like > > Joinmarket to > > work. How does a decentralized coinjoin implement "conflict monitoring"? > > 1. Run a relay node with a conflict-detection patch. Stock Bitcoin Core > with -debug=mempoolrej will tell you when it rejects a transaction > for conflicting with a transaction already in the mempool, e.g.: > > 2022-11-01T02:53:17Z > 867b85d68d7a7244c1d65c4797006b56973110ac243ab5ee15a8c4d220060c58 from > peer=58 was not accepted: txn-mempool-conflict > > I think it would be easy to extend this facility to list the inputs > which conflicted. So if Alice sees a conflict created by Mallory, > she can create a new coinjoin transaction without Mallory. This > method has the advantage of being fast and attributing fault, > although it does require Alice's node be online at the time Mallory's > conflict is propagated.
So for something as simple as reliable coinjoining - an important privacy feature that we'd like all wallets to use - you expect people to run well-connected 24/7 nodes running specialty software? Even if you run a node as you suggest, there's certainly no guarantee that you'd learn about any double-spend without doing a severe sybil attack against the network; the 8 outgoing nodes a typical node has samples a tiny fraction of the network. And *even if* you sybil attack to try to detect conflicts there's still no guarantee as attackers can use all kinds of special techniques to get transactions into miner mempools and not others. > 2. Simply assume a conflict exists for otherwise unexplainable failures. > For example, if Alice sees several new blocks whose bottom feerates > are well below the feerates of an unconfirmed coinjoin transaction > that Alice helped create and broadcast, she can assume it's a > conflict that is preventing preventing confirmation of the coinjoin. > She can find an entirely different set of collaborators and create a > non-conflicting transaction without ever needing to know which inputs > from the original transaction conflicted. This method has the > disadvantage of being slow (on the order of hours) and not attributing > fault, although it doesn't require Alice has any information beyond > copies > of recent blocks. You're suggesting that to avoid enabling full-rbf, coinjoin's and other decentralized multi-party protocols risk getting coins tied up for hours trying to do conflict resolution rather than just fixing the underlying problem with what's literally a one-line code change that 17% of the v24.x nodes have decided to enable. > I didn't list these methods or others before because the specific method > used to > detect conflicts doesn't matter to the realization that software which > uses conflict detection and evasion to defeat the $17.00 attack also > defeats the $0.05 attack without any need for full-RBF. Fact is, full-rbf defeats those attacks much better. And I'm amazed that you don't consider raising the cost of attacks on coinjoins and similar decentralized protocols by almost three orders of magnitude to be important: why are you prioritizing a few highly centralized, often AML/KYC'd, unconfirmed tx acceptance services over decentralized protocols which provide privacy and security to a lot more users? -- https://petertodd.org 'peter'[:-1]@petertodd.org
signature.asc
Description: PGP signature
_______________________________________________ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
