subject:"\[bitcoin\-dev\] Playing with full\-rbf peers for fun and L2s security"

Re: [bitcoin-dev] Playing with full-rbf peers for fun and L2s security

2022-08-23 Thread Antoine Riard via bitcoin-dev

> I'd suggest doing that right now, without waiting for the patch to get
merged,
> as it improves the politics of getting the patch merged. Miners tend to
run
> customized bitcoind's anyway.

Philosophically, I think we're better off arguing code patches free from a
political framework and rather reasoning from scientific or engineering
principles. If a change is adopted it should be in the name of making the
whole system better, making the new situation a win-win game.

That said, and more pragmatically, now that the full-rbf patch is merged in
Core there is the pedagogical work of explaining the fee upsides of turning
on full-rbf setting to enough miners. AFAIK, we don't have public,
broadcast-all communication channels between developers and mining
operators to exchange on software upgrades (e.g Stratum V2). I think I'm
left with the process of reaching out to miner one by one.

Le jeu. 23 juin 2022 à 20:13, Peter Todd  a écrit :

> On Tue, Jun 21, 2022 at 07:45:48PM -0400, Antoine Riard wrote:
> > > BTW I changed one of my OTS calendars to issue fee-bumping txs without
> the
> > > opt-in RBF flag set as an experiment. I also made sure txs would
> > propagate to
> > > the above node. As of right now, it's up to 32 replacements (once per
> > block),
> > > without any of them mined; the calendars use the strategy of starting
> at
> > the
> > > minimum possible fee, and bumping the fee up every time a new block
> > arrives
> > > without the tx getting mined. So that's evidence we don't have much
> > full-rbf
> > > hash power at this moment.
> > >
> > > You can see the current status at:
> > https://alice.btc.calendar.opentimestamps.org/
> >
> > That's interesting. I'm not sure if we can conclude of the absence of
> > full-rbf hash power at this moment, as it could also be a lack of
> full-rbf
> > propagation path towards such potential hash power. I think the day we
> see
> > an opt-out replacement transaction mined, it would constitute a good hint
> > of full-rbf hash power (assuming the tx-relay topology stays relatively
> > stable across the transaction issuance...)
>
> Fees are relatively low right now, so there could be 1% or so of full-rbf
> hash
> power and I wouldn't notice with this particular technique as the initial
> tx
> gets mined within 10-20 blocks; a few years back similar experiments were
> finding a few percentage points of hashing power running full-rbf.
>
> > Anyway, if/when the `fullrbf` patch lands in Bitcoin Core, including
> > automatic outbound connections to few `NODE_REPLACE_BY_FEE` peers, I'm
> > thinking of reaching out to a few mining node operators to advocate them
> > with the new policy setting.
>
> I'd suggest doing that right now, without waiting for the patch to get
> merged,
> as it improves the politics of getting the patch merged. Miners tend to run
> customized bitcoind's anyway.
>
> --
> https://petertodd.org 'peter'[:-1]@petertodd.org
>
___
bitcoin-dev mailing list
bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev

Re: [bitcoin-dev] Playing with full-rbf peers for fun and L2s security

2022-07-09 Thread Antoine Riard via bitcoin-dev

> Point is, the attacker is thousands of UTXOs can also DoS rounds by simply
> failing to complete the round. In fact, the double-spend DoS attack
requires
> more resources, because for a double-spend to be succesful, BTC has to be
spent
> on fees.

I think I agree that effectively a DoS-by-abstention is lower cost than a
DoS-by-RBF-otpout, as in the second case the UTXO double-spent must be
still acquired. However, I wonder if the second DoS case isn't more
economically efficient for the attacker as you can re-use the same UTXO (or
the lineage of it) many times as the coinjoin coordinator have a limited
visibility (in the very best case) of the network mempools to blame
confidently.

Acquiring thousands of UTXO, whatever the origin, isn't free. Electricity
burns if they have been mined, fiat if they have been acquired through
exchange, time and energy if they have been earned as income.

> It's just a fact of life that a motivated attacker can DoS attack Wasabi
by
> spending money. That's a design choice that's serving them well so far.

I believe it's hard to make any open, p2p coinjoin services robust against
a deep-pocketed attacker practicing that type of DoS attacks. In theory, an
attacker could maintain the DoS for long enough to ruin the reputation of
the service until it's out of the market. It would be interesting to know
if you can design a DoS mitigation (e.g against DoS-by-abstention) offering
the advantage to the targeted service after one-round or a fixed number of
rounds.

> The other users' only practical choice is to double-spend their own input
> to get their money back(at competitive rates much higher than the
> attacker), or wait and hope you win a propagation race somewhere.

Yes, that's of the annoying concern with DoS-by-RBF-optout against
DoS-by-abstention, while the latter can be mitigated without assuming a
on-chain cost for the participant, the former might be crafted such that
on-chain fees must be spent to sanitize the situation, worst in an
asymmetric way bounded by the max size of the coinjoin, I think.

> Double spend attack requires only one laptop and a few UTXOs. Even if
spent in some cases, would pay a few sats per transaction which won't be an
issue for governments or competitors that normally perform such attacks.

That's an interesting question. Interactive transaction construction
protocol being formalized by the BOLT process implied (hopefully) that
sooner or later multi-party coinjoin capabilities should be well supported
across the ecosystem. From that, we might seen a large-scale p2p market of
coinjoin (in the same way we have a HTLC routing market with LN), where a
participant can enter into them, without the high cost of installing
another wallet. I believe how do we mitigate all those classes of DoS to
avoid malicious coinjoin service providers to outlaw competitions that stay
open (reminder Minecraft and the Mirai Botnet story).

Antoine

Le ven. 8 juil. 2022 à 10:53, Peter Todd  a écrit :

> On Tue, Jul 05, 2022 at 08:46:51PM +, alicexbt wrote:
> > Hi Peter,
> >
> > > Note that Wasabi already has a DoS attack vector in that a participant
> can stop
> > > participating after the first phase of the round, with the result that
> the
> > > coinjoin fails. Wasabi mitigates that by punishing participating in
> future
> > > rounds. Double-spends only create additional types of DoS attack that
> need to
> > > be detected and punished as well - they don't create a fundamentally
> new
> > > vulerability.
> >
> > I agree some DoS vectors are already mitigated however punishment in
> this case will be difficult because the transaction is broadcasted after
> signing and before coinjoin tx broadcast.
> >
> > Inputs are already checked multiple times for double spend during
> coinjoin round: https://github.com/zkSNACKs/WalletWasabi/pull/6460
> >
> > If all the inputs in the coinjoin transaction that failed to relay are
> checked and one or more are found to be spent later, what will be punished
> and how does this affect the attacker with thousands of UTXOs or normal
> users?
>
> Point is, the attacker is thousands of UTXOs can also DoS rounds by simply
> failing to complete the round. In fact, the double-spend DoS attack
> requires
> more resources, because for a double-spend to be succesful, BTC has to be
> spent
> on fees.
>
> It's just a fact of life that a motivated attacker can DoS attack Wasabi by
> spending money. That's a design choice that's serving them well so far.
>
> --
> https://petertodd.org 'peter'[:-1]@petertodd.org
>
___
bitcoin-dev mailing list
bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev

Re: [bitcoin-dev] Playing with full-rbf peers for fun and L2s security

2022-07-08 Thread alicexbt via bitcoin-dev

Hi Peter,

> Point is, the attacker is thousands of UTXOs can also DoS rounds by simply
> failing to complete the round. In fact, the double-spend DoS attack requires
> more resources, because for a double-spend to be succesful, BTC has to be 
> spent
> on fees.
>
> It's just a fact of life that a motivated attacker can DoS attack Wasabi by
> spending money. That's a design choice that's serving them well so far.

There are 2 things:

1) Based on my understanding, round will not be aborted if a threshold is met 
for inputs and will continue irrespective of attacker trying different things 
in the initial phases of round. I need to confirm this by testing although not 
feeling well today so it can take a few days.

2) Points mentioned by Greg Sanders are reasonable: There can be a different 
'mempool view' for coordinator, users and attacker. Attacker could use minimum 
fee rate required for relay and this works differently when there is enough 
demand for blockspace.

Double spend attack requires only one laptop and a few UTXOs. Even if spent in 
some cases, would pay a few sats per transaction which won't be an issue for 
governments or competitors that normally perform such attacks.

The vulnerability reported is different from the things being discussed and 
hopefully I will do a public disclosure this month. I observed some interesting 
things which I wanted to discuss. Full RBF pull request is already merged in 
bitcoin core and available in bitcoin knots if some users want to experiment.

/dev/fd0

Sent with Proton Mail secure email.

--- Original Message ---
On Friday, July 8th, 2022 at 2:53 PM, Peter Todd  wrote:

> On Tue, Jul 05, 2022 at 08:46:51PM +, alicexbt wrote:
>
> > Hi Peter,
> >
> > > Note that Wasabi already has a DoS attack vector in that a participant 
> > > can stop
> > > participating after the first phase of the round, with the result that the
> > > coinjoin fails. Wasabi mitigates that by punishing participating in future
> > > rounds. Double-spends only create additional types of DoS attack that 
> > > need to
> > > be detected and punished as well - they don't create a fundamentally new
> > > vulerability.
> >
> > I agree some DoS vectors are already mitigated however punishment in this 
> > case will be difficult because the transaction is broadcasted after signing 
> > and before coinjoin tx broadcast.
> >
> > Inputs are already checked multiple times for double spend during coinjoin 
> > round: https://github.com/zkSNACKs/WalletWasabi/pull/6460
> >
> > If all the inputs in the coinjoin transaction that failed to relay are 
> > checked and one or more are found to be spent later, what will be punished 
> > and how does this affect the attacker with thousands of UTXOs or normal 
> > users?
>
>
> Point is, the attacker is thousands of UTXOs can also DoS rounds by simply
> failing to complete the round. In fact, the double-spend DoS attack requires
> more resources, because for a double-spend to be succesful, BTC has to be 
> spent
> on fees.
>
> It's just a fact of life that a motivated attacker can DoS attack Wasabi by
> spending money. That's a design choice that's serving them well so far.
>
> --
> https://petertodd.org 'peter'[:-1]@petertodd.org
___
bitcoin-dev mailing list
bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev

Re: [bitcoin-dev] Playing with full-rbf peers for fun and L2s security

2022-07-08 Thread Greg Sanders via bitcoin-dev

The attacker isn't guaranteed to spend *any* funds to disrupt the protocol
indefinitely, that's the issue here. In this scenario, her input double
spend is at an impractical feerate, and is never included in a block,
sitting at the bottom of the mempool.

The other users' only practical choice is to double-spend their own input
to get their money back(at competitive rates much higher than the
attacker), or wait and hope you win a propagation race somewhere.



On Fri, Jul 8, 2022 at 10:53 AM Peter Todd via bitcoin-dev <
bitcoin-dev@lists.linuxfoundation.org> wrote:

> On Tue, Jul 05, 2022 at 08:46:51PM +, alicexbt wrote:
> > Hi Peter,
> >
> > > Note that Wasabi already has a DoS attack vector in that a participant
> can stop
> > > participating after the first phase of the round, with the result that
> the
> > > coinjoin fails. Wasabi mitigates that by punishing participating in
> future
> > > rounds. Double-spends only create additional types of DoS attack that
> need to
> > > be detected and punished as well - they don't create a fundamentally
> new
> > > vulerability.
> >
> > I agree some DoS vectors are already mitigated however punishment in
> this case will be difficult because the transaction is broadcasted after
> signing and before coinjoin tx broadcast.
> >
> > Inputs are already checked multiple times for double spend during
> coinjoin round: https://github.com/zkSNACKs/WalletWasabi/pull/6460
> >
> > If all the inputs in the coinjoin transaction that failed to relay are
> checked and one or more are found to be spent later, what will be punished
> and how does this affect the attacker with thousands of UTXOs or normal
> users?
>
> Point is, the attacker is thousands of UTXOs can also DoS rounds by simply
> failing to complete the round. In fact, the double-spend DoS attack
> requires
> more resources, because for a double-spend to be succesful, BTC has to be
> spent
> on fees.
>
> It's just a fact of life that a motivated attacker can DoS attack Wasabi by
> spending money. That's a design choice that's serving them well so far.
>
> --
> https://petertodd.org 'peter'[:-1]@petertodd.org
> ___
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>
___
bitcoin-dev mailing list
bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev

Re: [bitcoin-dev] Playing with full-rbf peers for fun and L2s security

2022-07-08 Thread Peter Todd via bitcoin-dev

On Tue, Jul 05, 2022 at 08:46:51PM +, alicexbt wrote:
> Hi Peter,
> 
> > Note that Wasabi already has a DoS attack vector in that a participant can 
> > stop
> > participating after the first phase of the round, with the result that the
> > coinjoin fails. Wasabi mitigates that by punishing participating in future
> > rounds. Double-spends only create additional types of DoS attack that need 
> > to
> > be detected and punished as well - they don't create a fundamentally new
> > vulerability.
> 
> I agree some DoS vectors are already mitigated however punishment in this 
> case will be difficult because the transaction is broadcasted after signing 
> and before coinjoin tx broadcast.
> 
> Inputs are already checked multiple times for double spend during coinjoin 
> round: https://github.com/zkSNACKs/WalletWasabi/pull/6460
> 
> If all the inputs in the coinjoin transaction that failed to relay are 
> checked and one or more are found to be spent later, what will be punished 
> and how does this affect the attacker with thousands of UTXOs or normal users?

Point is, the attacker is thousands of UTXOs can also DoS rounds by simply
failing to complete the round. In fact, the double-spend DoS attack requires
more resources, because for a double-spend to be succesful, BTC has to be spent
on fees.

It's just a fact of life that a motivated attacker can DoS attack Wasabi by
spending money. That's a design choice that's serving them well so far.

-- 
https://petertodd.org 'peter'[:-1]@petertodd.org


signature.asc
Description: PGP signature
___
bitcoin-dev mailing list
bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev

Re: [bitcoin-dev] Playing with full-rbf peers for fun and L2s security

2022-07-06 Thread alicexbt via bitcoin-dev

Hi Peter,

> Note that Wasabi already has a DoS attack vector in that a participant can 
> stop
> participating after the first phase of the round, with the result that the
> coinjoin fails. Wasabi mitigates that by punishing participating in future
> rounds. Double-spends only create additional types of DoS attack that need to
> be detected and punished as well - they don't create a fundamentally new
> vulerability.

I agree some DoS vectors are already mitigated however punishment in this case 
will be difficult because the transaction is broadcasted after signing and 
before coinjoin tx broadcast.

Inputs are already checked multiple times for double spend during coinjoin 
round: https://github.com/zkSNACKs/WalletWasabi/pull/6460

If all the inputs in the coinjoin transaction that failed to relay are checked 
and one or more are found to be spent later, what will be punished and how does 
this affect the attacker with thousands of UTXOs or normal users?

/dev/fd0

Sent with Proton Mail secure email.

--- Original Message ---
On Monday, June 27th, 2022 at 12:43 AM, Peter Todd  wrote:


> On Sun, Jun 26, 2022 at 04:40:24PM +, alicexbt via bitcoin-dev wrote:
>
> > Hi Antoine,
> >
> > Thanks for sharing the DoS attack example with alternatives.
> >
> > > - Caroll broadcasts a double-spend of her own input C, the double-spend 
> > > is attached with a low-fee (1sat/vb) and it does not signal opt-in RBF
> > > - Alice broadcasts the multi-party transaction, it is rejected by the 
> > > network mempools because Alice double-spend is already present
> >
> > I think this affects almost all types of coinjoin transaction including 
> > coordinator based implementations. I tried a few things and have already 
> > reported details for an example DoS attack to one of the team but there is 
> > no response yet.
> >
> > It was fun playing with RBF, DoS and Coinjoin. Affected projects should 
> > share their opinion about full-rbf as it seems it might improve things.
> >
> > Example:
> >
> > In Wasabi an attacker can broadcast a transaction spending input used in 
> > coinjoin after sending signature in the round. This would result in a 
> > coinjoin tx which never gets relayed: 
> > https://nitter.net/144bytes/status/1540727534093905920
>
>
> Note that Wasabi already has a DoS attack vector in that a participant can 
> stop
> participating after the first phase of the round, with the result that the
> coinjoin fails. Wasabi mitigates that by punishing participating in future
> rounds. Double-spends only create additional types of DoS attack that need to
> be detected and punished as well - they don't create a fundamentally new
> vulerability.
>
> --
> https://petertodd.org 'peter'[:-1]@petertodd.org
___
bitcoin-dev mailing list
bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev

Re: [bitcoin-dev] Playing with full-rbf peers for fun and L2s security

2022-06-27 Thread Peter Todd via bitcoin-dev

On June 27, 2022 8:03:38 AM EDT, Greg Sanders  wrote:
>One key difference seems to be that properly punishing someone based on
>mempool behavior seems much more difficult. As we all know there is no "the
>mempool".

No, that's not relevant here: the DoS condition is the existence of a (mined) 
double spend for a given txout used in a coin join. That condition is entirely 
under the control of the wallet, and can be totally avoided by the wallet 
regardless of mempool behavior.
___
bitcoin-dev mailing list
bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev

Re: [bitcoin-dev] Playing with full-rbf peers for fun and L2s security

2022-06-27 Thread Greg Sanders via bitcoin-dev

One key difference seems to be that properly punishing someone based on
mempool behavior seems much more difficult. As we all know there is no "the
mempool".



On Sun, Jun 26, 2022, 8:43 PM Peter Todd via bitcoin-dev <
bitcoin-dev@lists.linuxfoundation.org> wrote:

> On Sun, Jun 26, 2022 at 04:40:24PM +, alicexbt via bitcoin-dev wrote:
> > Hi Antoine,
> >
> > Thanks for sharing the DoS attack example with alternatives.
> >
> > > - Caroll broadcasts a double-spend of her own input C, the
> double-spend is attached with a low-fee (1sat/vb) and it does _not_ signal
> opt-in RBF
> > > - Alice broadcasts the multi-party transaction, it is rejected by the
> network mempools because Alice double-spend is already present
> >
> > I think this affects almost all types of coinjoin transaction including
> coordinator based implementations. I tried a few things and have already
> reported details for an example DoS attack to one of the team but there is
> no response yet.
> >
> > It was fun playing with RBF, DoS and Coinjoin. Affected projects should
> share their opinion about full-rbf as it seems it might improve things.
> >
> > Example:
> >
> > In Wasabi an attacker can broadcast a transaction spending input used in
> coinjoin after sending signature in the round. This would result in a
> coinjoin tx which never gets relayed:
> https://nitter.net/144bytes/status/1540727534093905920
>
> Note that Wasabi already has a DoS attack vector in that a participant can
> stop
> participating after the first phase of the round, with the result that the
> coinjoin fails. Wasabi mitigates that by punishing participating in future
> rounds. Double-spends only create additional types of DoS attack that need
> to
> be detected and punished as well - they don't create a fundamentally new
> vulerability.
>
> --
> https://petertodd.org 'peter'[:-1]@petertodd.org
> ___
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>
___
bitcoin-dev mailing list
bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev

Re: [bitcoin-dev] Playing with full-rbf peers for fun and L2s security

2022-06-26 Thread Peter Todd via bitcoin-dev

On Sun, Jun 26, 2022 at 04:40:24PM +, alicexbt via bitcoin-dev wrote:
> Hi Antoine,
> 
> Thanks for sharing the DoS attack example with alternatives.
> 
> > - Caroll broadcasts a double-spend of her own input C, the double-spend is 
> > attached with a low-fee (1sat/vb) and it does _not_ signal opt-in RBF
> > - Alice broadcasts the multi-party transaction, it is rejected by the 
> > network mempools because Alice double-spend is already present
> 
> I think this affects almost all types of coinjoin transaction including 
> coordinator based implementations. I tried a few things and have already 
> reported details for an example DoS attack to one of the team but there is no 
> response yet.
> 
> It was fun playing with RBF, DoS and Coinjoin. Affected projects should share 
> their opinion about full-rbf as it seems it might improve things.
> 
> Example:
> 
> In Wasabi an attacker can broadcast a transaction spending input used in 
> coinjoin after sending signature in the round. This would result in a 
> coinjoin tx which never gets relayed: 
> https://nitter.net/144bytes/status/1540727534093905920

Note that Wasabi already has a DoS attack vector in that a participant can stop
participating after the first phase of the round, with the result that the
coinjoin fails. Wasabi mitigates that by punishing participating in future
rounds. Double-spends only create additional types of DoS attack that need to
be detected and punished as well - they don't create a fundamentally new
vulerability.

-- 
https://petertodd.org 'peter'[:-1]@petertodd.org


signature.asc
Description: PGP signature
___
bitcoin-dev mailing list
bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev

Re: [bitcoin-dev] Playing with full-rbf peers for fun and L2s security

2022-06-26 Thread alicexbt via bitcoin-dev

Hi Antoine,

Thanks for sharing the DoS attack example with alternatives.

> - Caroll broadcasts a double-spend of her own input C, the double-spend is 
> attached with a low-fee (1sat/vb) and it does _not_ signal opt-in RBF
> - Alice broadcasts the multi-party transaction, it is rejected by the network 
> mempools because Alice double-spend is already present

I think this affects almost all types of coinjoin transaction including 
coordinator based implementations. I tried a few things and have already 
reported details for an example DoS attack to one of the team but there is no 
response yet.

It was fun playing with RBF, DoS and Coinjoin. Affected projects should share 
their opinion about full-rbf as it seems it might improve things.

Example:

In Wasabi an attacker can broadcast a transaction spending input used in 
coinjoin after sending signature in the round. This would result in a coinjoin 
tx which never gets relayed: 
https://nitter.net/144bytes/status/1540727534093905920

/dev/fd0

Sent with Proton Mail secure email.

--- Original Message ---
On Tuesday, June 21st, 2022 at 11:43 PM, Antoine Riard 
 wrote:


> HI alicexbt,
>
> > Lets consider there are 2 users with name Bob (normal LN user) and Carol 
> > (attacker running LN node) which I will use in this email for examples. In 
> > this case Bob and Carol can manage security of their OS and it is not 
> > affected by others using vulnerable systems or OS.
>
> Yes, I believe my argument was the set of components making the security of 
> your LN node is far beyond Bitcoin softwares. Of course, you might review by 
> yourself the millions lines of code entering in the trusted computing base 
> (OS, bootloader, BIOS, device firmwares, essential utilities, ...) on which 
> your cryptocurrency software stack lays out, and as such exercise an extended 
> span of control on your personal computation. Though, while I hope we'll have 
> more LN node operators doing so, I'm not sure it's realistic to expect it 
> will be the behavior standard among them..
>
> > The odds are low as you said, this can be managed by Bob and Carol because 
> > they can use a better ISP. Others using ISP with some issues may not affect 
> > their LN usage.
>
> Sure, though as I would like to underscore being dependent on a Bitcoin node 
> policy and being dependent on a ISP internet traffic routing policy could be 
> analyzed as logically equivalent, all things are equal. That said, if your 
> personal risk aversion is too high for the Lightning security model, once 
> it's well-understood there is a strong reliance on a censorship-resistant 
> tx-relay network back to economically-rational miners, you're free to not use 
> it and satisfy yourself with the Bitcoin base layer.
>
> > Bob might use full-rbf as its suggested by LN developers for secure LN 
> > usage and better for miners. Carol could use a different RBF policy for 
> > some nodes and mining. In this case Bob may get affected at some point 
> > because of Carol's choice to use a different RBF policy which was not true 
> > above.
>
> Indeed, your secure LN usage is going to be dependent of the number of p2p 
> network nodes running an economically-rational policy like full-rbf. That 
> said, I think it's reasonable to assume that the players of the Bitcoin game 
> are economically-rational, and as such incentived to pick up a policy such as 
> full-rbf. I know the term "economically-rational" is poorly defined here, and 
> I think it could be interesting for any academic with an economic background 
> to study the incentives of Bitcoin actors.
>
> > Allowing users to create different mempool policies is great. My thought 
> > process is to code for happy path, where X policy is expected for 
> > replacement and edge cases where Y policy or no policy would be used. Users 
> > can try out different policies and even act as attackers. This is also true 
> > for other things in mempool, 'spkreuse=conflict' prevents address reuse in 
> > the mempool when using knots. If I assume that address reuse is always 
> > relayed, this could become a problem if some users and miners adopt this 
> > setting in their mempool.
>
> Agree, I'm all in for people to experiment with mempool policies. Though at 
> the end it's a software engineering resource question. If users are 
> interested in more features, they're always free to implement themselves. 
> Really, the binary distinction developers-vs-users doesn't make sense and if 
> we would like Bitcoin to be successful in the long-term, we should promote 
> high degree of software literacy among bitcoiners.
>
> > This makes sense and I would be interested to follow two things once 
> > full-rbf is available in a bitcoin core release: 1. Percentage of 
> > transaction getting replaced 2. Miners profit (Fee for replaced Tx - Fee 
> > for original Tx)
>
> Yes, I would be interested too to have those metrics once full-rbf is 
> available in a bitcoin core release. I

Re: [bitcoin-dev] Playing with full-rbf peers for fun and L2s security

2022-06-23 Thread Peter Todd via bitcoin-dev

On Tue, Jun 21, 2022 at 07:45:48PM -0400, Antoine Riard wrote:
> > BTW I changed one of my OTS calendars to issue fee-bumping txs without the
> > opt-in RBF flag set as an experiment. I also made sure txs would
> propagate to
> > the above node. As of right now, it's up to 32 replacements (once per
> block),
> > without any of them mined; the calendars use the strategy of starting at
> the
> > minimum possible fee, and bumping the fee up every time a new block
> arrives
> > without the tx getting mined. So that's evidence we don't have much
> full-rbf
> > hash power at this moment.
> >
> > You can see the current status at:
> https://alice.btc.calendar.opentimestamps.org/
> 
> That's interesting. I'm not sure if we can conclude of the absence of
> full-rbf hash power at this moment, as it could also be a lack of full-rbf
> propagation path towards such potential hash power. I think the day we see
> an opt-out replacement transaction mined, it would constitute a good hint
> of full-rbf hash power (assuming the tx-relay topology stays relatively
> stable across the transaction issuance...)

Fees are relatively low right now, so there could be 1% or so of full-rbf hash
power and I wouldn't notice with this particular technique as the initial tx
gets mined within 10-20 blocks; a few years back similar experiments were
finding a few percentage points of hashing power running full-rbf.

> Anyway, if/when the `fullrbf` patch lands in Bitcoin Core, including
> automatic outbound connections to few `NODE_REPLACE_BY_FEE` peers, I'm
> thinking of reaching out to a few mining node operators to advocate them
> with the new policy setting.

I'd suggest doing that right now, without waiting for the patch to get merged,
as it improves the politics of getting the patch merged. Miners tend to run
customized bitcoind's anyway.

-- 
https://petertodd.org 'peter'[:-1]@petertodd.org


signature.asc
Description: PGP signature
___
bitcoin-dev mailing list
bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev

Re: [bitcoin-dev] Playing with full-rbf peers for fun and L2s security

2022-06-21 Thread Antoine Riard via bitcoin-dev

> BTW I changed one of my OTS calendars to issue fee-bumping txs without the
> opt-in RBF flag set as an experiment. I also made sure txs would
propagate to
> the above node. As of right now, it's up to 32 replacements (once per
block),
> without any of them mined; the calendars use the strategy of starting at
the
> minimum possible fee, and bumping the fee up every time a new block
arrives
> without the tx getting mined. So that's evidence we don't have much
full-rbf
> hash power at this moment.
>
> You can see the current status at:
https://alice.btc.calendar.opentimestamps.org/

That's interesting. I'm not sure if we can conclude of the absence of
full-rbf hash power at this moment, as it could also be a lack of full-rbf
propagation path towards such potential hash power. I think the day we see
an opt-out replacement transaction mined, it would constitute a good hint
of full-rbf hash power (assuming the tx-relay topology stays relatively
stable across the transaction issuance...)

Anyway, if/when the `fullrbf` patch lands in Bitcoin Core, including
automatic outbound connections to few `NODE_REPLACE_BY_FEE` peers, I'm
thinking of reaching out to a few mining node operators to advocate them
with the new policy setting.

Antoine

Le lun. 20 juin 2022 à 19:49, Peter Todd  a écrit :

> On Mon, Jun 13, 2022 at 08:25:11PM -0400, Antoine Riard via bitcoin-dev
> wrote:
> > For that reason, I believe it would be beneficial to the flourishing of
> > multi-party funded transactions to fix the Dos vector by seeing a subset
> of
> > the network running full-rbf and enabling propagation of honest
> multi-party
> > transactions to the interested miners, replacing potential non-signaling
> > double-spend from a malicious counterparty. Moving towards that
> direction,
> > I've submitted a small patch against Bitcoin Core enabling it to turn on
> > full-rbf as a policy, still under review [3]. The default setting stays
> > **false**, i.e keeping opt-in RBF as a default replacement policy. I've
> > started to run the patch on a public node at 146.190.224.15.
>
> BTW I changed one of my OTS calendars to issue fee-bumping txs without the
> opt-in RBF flag set as an experiment. I also made sure txs would propagate
> to
> the above node. As of right now, it's up to 32 replacements (once per
> block),
> without any of them mined; the calendars use the strategy of starting at
> the
> minimum possible fee, and bumping the fee up every time a new block arrives
> without the tx getting mined. So that's evidence we don't have much
> full-rbf
> hash power at this moment.
>
> You can see the current status at:
> https://alice.btc.calendar.opentimestamps.org/
>
> --
> https://petertodd.org 'peter'[:-1]@petertodd.org
>
___
bitcoin-dev mailing list
bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev

Re: [bitcoin-dev] Playing with full-rbf peers for fun and L2s security

2022-06-21 Thread Antoine Riard via bitcoin-dev

HI alicexbt,

> Lets consider there are 2 users with name Bob (normal LN user) and Carol
(attacker running LN node) which I will use in this email for examples. In
this case Bob and Carol can manage security of their OS and it is not
affected by others using vulnerable systems or OS.

Yes, I believe my argument was the set of components making the security of
your LN node is far beyond Bitcoin softwares. Of course, you might review
by yourself the millions lines of code entering in the trusted computing
base (OS, bootloader, BIOS, device firmwares, essential utilities, ...) on
which your cryptocurrency software stack lays out, and as such exercise an
extended span of control on your personal computation. Though, while I hope
we'll have more LN node operators doing so, I'm not sure it's realistic to
expect it will be the behavior standard among them..

> The odds are low as you said, this can be managed by Bob and Carol
because they can use a better ISP. Others using ISP with some issues may
not affect their LN usage.

Sure, though as I would like to underscore being dependent on a Bitcoin
node policy and being dependent on a ISP internet traffic routing policy
could be analyzed as logically equivalent, all things are equal. That said,
if your personal risk aversion is too high for the Lightning security
model, once it's well-understood there is a strong reliance on a
censorship-resistant tx-relay network back to economically-rational miners,
you're free to not use it and satisfy yourself with the Bitcoin base layer.

> Bob might use full-rbf as its suggested by LN developers for secure LN
usage and better for miners. Carol could use a different RBF policy for
some nodes and mining. In this case Bob may get affected at some point
because of Carol's choice to use a different RBF policy which was not true
above.

Indeed, your secure LN usage is going to be dependent of the number of p2p
network nodes running an economically-rational policy like full-rbf. That
said, I think it's reasonable to assume that the players of the Bitcoin
game are economically-rational, and as such incentived to pick up a policy
such as full-rbf. I know the term "economically-rational" is poorly defined
here, and I think it could be interesting for any academic with an economic
background to study the incentives of Bitcoin actors.

> Allowing users to create different mempool policies is great. My thought
process is to code for happy path, where X policy is expected for
replacement and edge cases where Y policy or no policy would be used. Users
can try out different policies and even act as attackers. This is also true
for other things in mempool, 'spkreuse=conflict' prevents address reuse in
the mempool when using knots. If I assume that address reuse is always
relayed, this could become a problem if some users and miners adopt this
setting in their mempool.

Agree, I'm all in for people to experiment with mempool policies. Though at
the end it's a software engineering resource question. If users are
interested in more features, they're always free to implement themselves.
Really, the binary distinction developers-vs-users doesn't make sense and
if we would like Bitcoin to be successful in the long-term, we should
promote high degree of software literacy among bitcoiners.

> This makes sense and I would be interested to follow two things once
full-rbf is available in a bitcoin core release: 1. Percentage of
transaction getting replaced 2. Miners profit (Fee for replaced Tx - Fee
for original Tx)

Yes, I would be interested too to have those metrics once full-rbf is
available in a bitcoin core release. I think that's something every
full-rbf curious node operator could observe on its own with a few more
loggers, at least for the first metric.

> Can you explain how p2p coinjoin is affected with mempool DoS vector with
some examples? What is considered a p2p coinjoin? Joinmarket or
[Stonewall][1]?

I don't remember the Joinmarket code right now and I don't know the ins and
outs of Samourai coinjoin as I'm not sure the code is open source. Though
let's say for a p2p coinjoin as one you can build once you have implemented
LN's interactive construction protocol [0].

[0] https://github.com/lightning/bolts/pull/851

Here the DoS attack situation :
- Alice, Bob and Caroll would like to coinjoin 3 inputs to 3 outputs
- Each of the input is singly controlled by one party, e.g Alice owns input
A, Bob owns input B, ...
- Alice, Bob and Caroll exchanges a PSBT to build a multi-party funded
transaction (the coinjoin_tx)
- Alice is elected as the multi-party transaction broadcaster once the
signatures have been exchanged
- The block feerate is around 10sat/vb
- One of the transaction input signals opt-in RBF, the transaction is
attached a compelling feerate 10sat/vb
- Caroll broadcasts a double-spend of her own input C, the double-spend is
attached with a low-fee (1sat/vb) and it does _not_ signal opt-in RBF
- Alice broadcasts the multi-party

Re: [bitcoin-dev] Playing with full-rbf peers for fun and L2s security

2022-06-20 Thread Peter Todd via bitcoin-dev

On Mon, Jun 13, 2022 at 08:25:11PM -0400, Antoine Riard via bitcoin-dev wrote:
> For that reason, I believe it would be beneficial to the flourishing of
> multi-party funded transactions to fix the Dos vector by seeing a subset of
> the network running full-rbf and enabling propagation of honest multi-party
> transactions to the interested miners, replacing potential non-signaling
> double-spend from a malicious counterparty. Moving towards that direction,
> I've submitted a small patch against Bitcoin Core enabling it to turn on
> full-rbf as a policy, still under review [3]. The default setting stays
> **false**, i.e keeping opt-in RBF as a default replacement policy. I've
> started to run the patch on a public node at 146.190.224.15.

BTW I changed one of my OTS calendars to issue fee-bumping txs without the
opt-in RBF flag set as an experiment. I also made sure txs would propagate to
the above node. As of right now, it's up to 32 replacements (once per block),
without any of them mined; the calendars use the strategy of starting at the
minimum possible fee, and bumping the fee up every time a new block arrives
without the tx getting mined. So that's evidence we don't have much full-rbf
hash power at this moment.

You can see the current status at: 
https://alice.btc.calendar.opentimestamps.org/

-- 
https://petertodd.org 'peter'[:-1]@petertodd.org

signature.asc
Description: PGP signature
___
bitcoin-dev mailing list
bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev

Re: [bitcoin-dev] Playing with full-rbf peers for fun and L2s security

2022-06-19 Thread Peter Todd via bitcoin-dev

On Fri, Jun 17, 2022 at 04:54:11AM +, alicexbt via bitcoin-dev wrote:
> > If they'reparties interested in implementing more RBF policy options in 
> > Bitcoin Core, I think they're free to propose suchchanges and invest the 
> > engineering effort to do so. If you're interested in advancing the state 
> > ofpolicy options in Bitcoin Core, there are a lot of 
> > interestingresourcesavailable and communities toencourage you in the 
> > learning process to contribute to the codebase [6].
> 
> Thanks for sharing the link. I would love to see 5 RBF policies available to 
> use in bitcoin core. I have already tried experimenting with a few on regtest 
> and will try to open pull request if there are enough people interested to 
> test it on other chains (testnet3, signet, mainnet)

I don't think more RBF policies in Bitcoin Core helps much. RBF policies aren't
very useful in isolation: unless you're getting your txs to other nodes/miners
via special peering efforts, the only reason to run an uncommon RBF policy is
to accomodate local software with obsolete expectations about mempool behavior.
That's why my full-RBF patch advertised a special service bit, and did
preferential peering with other nodes advertising that service bit.

Bitcoin Core isn't going to do that for every RBF policy. So there's no reason
we should try to accomodate a bunch of them.

I can understand a -fullrbf flag from a political point of view, in the process
of enabling full-RBF all the time. But there's no reason to go beyond that.

-- 
https://petertodd.org 'peter'[:-1]@petertodd.org

signature.asc
Description: PGP signature
___
bitcoin-dev mailing list
bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev

Re: [bitcoin-dev] Playing with full-rbf peers for fun and L2s security

2022-06-17 Thread alicexbt via bitcoin-dev

Hi Antoine,

> One could list the operating system on which is running your Lightning 
> process or the compiler toolchain turning outyour Lightning source code in a 
> binary artifact. Some weird kernel's memory mapping change could allow access 
> toyour channel funding keys, _without_ breaking the Bitcoin consensus rules 
> [0].

Lets consider there are 2 users with name Bob (normal LN user) and Carol 
(attacker running LN node) which I will use in this email for examples. In this 
case Bob and Carol can manage security of their OS and it is not affected by 
others using vulnerable systems or OS.

> Moreover, your Lightning node is alsorelying on the existence of a global 
> Internet allowing your HTLC transaction to flow from your physical hostto the 
> crowd of transactions confirming in the blockchain. Due to this "protocol 
> assumption" your channel balancewould be vulnerable to any change in your ISP 
> routing policy, e.g refusing to accept your IPV4 traffic by a 
> suddendesiderata to impose an IPV6 supremacy. Still _without_ breaking the 
> Bitcoin consensus rules. Of course, the odds ofyour ISP operator adopting 
> this behavior are really low, mostly because your operator has to bind to 
> social andeconomic constraints to stay in business.

The odds are low as you said, this can be managed by Bob and Carol because they 
can use a better ISP. Others using ISP with some issues may not affect their LN 
usage.

> And I believe this imperative to stay in business is certainly not absent in 
> the incentives of the Bitcoin nodeoperators. You're free to run any policy on 
> your node, especially one hardening the safety of your operationsbeyond the 
> default one. However, if you start to a transaction-relay non-compatible with 
> miner incentives, youwon't have an efficient view of the blockspace demand, 
> and from then won't be able to offer compelling feeratesto execute your 
> business transactions to satisfy your client needs. Or you won't consolidate 
> yourwallet UTXOs attimesof low-demand. Indeed, a sane visibility of the 
> mempools might not be critical now foryour Bitcoin operations, but this is 
> not likely to become true with miner's coinbase reward lowering with timeand 
> the system securityrelyingon a fruitful fee market.

Bob might use full-rbf as its suggested by LN developers for secure LN usage 
and better for miners. Carol could use a different RBF policy for some nodes 
and mining. In this case Bob may get affected at some point because of Carol's 
choice to use a different RBF policy which was not true above.

> So assuming there is a significant number of economically rational entities 
> running p2p nodes, I think it's areasonable assumption for Lightning 
> developers that a policy maximizing miner's income and economic 
> nodesoperations will be widely run on the p2p network, and therefore lay its 
> security model on that. When there is agap between the economically optimal 
> policy (full-rbf) and the effectively deployed one (optin), and this 
> gapconstitutes a flaw for exploitation, I believe it's better to fix it.

Agree with the assumption there is nothing wrong in experimenting with a new 
RBF policy (non-default) if that helps some users and projects.

> If you have a different mode of thinking w.r.t how we should design protocol 
> in a trust-minimized, open,adversarialenvironment such as Bitcoin, I'm 
> curious to listen to it.

Allowing users to create different mempool policies is great. My thought 
process is to code for happy path, where X policy is expected for replacement 
and edge cases where Y policy or no policy would be used. Users can try out 
different policies and even act as attackers. This is also true for other 
things in mempool, 'spkreuse=conflict' prevents address reuse in the mempool 
when using knots. If I assume that address reuse is always relayed, this could 
become a problem if some users and miners adopt this setting in their mempool.

> Of course not. If you deliver any critical software, you should attach a 
> solid manual explaining all thecorner cases and rough edges. Even better 
> would be to enshrine the manual directly in your software APIto minimize the 
> footgunish behaviors. E.g, with any ECC library, forbidding to reuse nonces. 
> If youruserstill ignores or misread the manual and provides an insecure 
> input, there isnot thatmuch you can do.

Agree with the documentation as it helps users.

> Given there are like 17000 public LN nodes, if half of them adopt full-rbf it 
> should givealready a good number of full-rbf transaction-relay routes across 
> the p2p network graph.When we're there, we can measure and think more about 
> how to tune the full-rbf sub-topology.

Sounds good.

> Because it's breaking the reliability and security of their use-cases. 
> Use-cases which didn't exista few years ago. The mempool DoS vector is 
> described here [4]. To the best of my understanding, it mightaffect a bunch 
> of

Re: [bitcoin-dev] Playing with full-rbf peers for fun and L2s security

2022-06-17 Thread Antoine Riard via bitcoin-dev

Hi alicexbt,


Thanks for taking time to review the pull request,


> 1)If something relies on a policy which can be changed without breaking
consensus rules, how is it secure in any case with or without full rbf?


Your Lightning node software relies on far more software and hardware
components than the transaction-relay p2p network. One could list the
operating system on which is running your Lightning process or the compiler
toolchain turning out your Lightning source code in a binary artifact. Some
weird kernel's memory mapping change could allow access to your channel
funding keys, _without_ breaking the Bitcoin consensus rules [0]. Moreover,
your Lightning node is also relying on the existence of a global Internet
allowing your HTLC transaction to flow from your physical host to the crowd
of transactions confirming in the blockchain. Due to this "protocol
assumption" your channel balance would be vulnerable to any change in your
ISP routing policy, e.g refusing to accept your IPV4 traffic by a
sudden desiderata
to impose an IPV6 supremacy. Still _without_ breaking the Bitcoin consensus
rules. Of course, the odds of your ISP operator adopting this behavior are
really low, mostly because your operator has to bind to social and economic
constraints to stay in business.


And I believe this imperative to stay in business is certainly not absent
in the incentives of the Bitcoin node operators. You're free to run any
policy on your node, especially one hardening the safety of your
operations beyond
the default one. However, if you start to a transaction-relay
non-compatible with miner incentives, you won't have an efficient view of
the blockspace demand, and from then won't be able to offer compelling
feerates to execute your business transactions to satisfy your client
needs. Or you won't consolidate your wallet UTXOs at times of low-demand.
Indeed, a sane visibility of the mempools might not be critical now for your
Bitcoin operations, but this is not likely to become true with miner's
coinbase reward lowering with time and the system security relying on a
fruitful fee market.


So assuming there is a significant number of economically rational entities
running p2p nodes, I think it's a reasonable assumption for Lightning
developers that a policy maximizing miner's income and economic nodes
operations
will be widely run on the p2p network, and therefore lay its security model
on that. When there is a gap between the economically optimal policy
(full-rbf) and the effectively deployed one (optin), and this gap constitutes
a flaw for exploitation, I believe it's better to fix it.


If you have a different mode of thinking w.r.t how we should design
protocol in a trust-minimized, open, adversarial environment such as
Bitcoin, I'm curious to listen to it.


> If I write a python script that expects user to enter char 'a' or 'b' but
user can enter 'c' and there is no code to handle exceptions or other
chars, will it be secure?


Of course not. If you deliver any critical software, you should attach a
solid manual explaining all the corner cases and rough edges. Even better
would be to enshrine the manual directly in your software API to minimize
the footgunish behaviors. E.g, with any ECC library, forbidding to reuse
nonces. If your user still ignores or misread the manual and provides an
insecure input, there is not that much you can do.


By analogy, I believe that's the same with Lightning. One recommendation of
the deployment manual would be to be always connected to a full-rbf
transaction-relay topology. Defaulting to this rule and your node exposes
far more surface of attacks. Assuming the manual has been well-written (big
assumption!), I don't think the system designer would be to blame.


That said, one issue to confess with current Lightning is our lack of
understanding of what should be figured out in the LN user manual for safe
operations. I would say that's an active area of research [1] [2] [3]


> 2)full-rbf is not default in the 2 open pull requests, so this experiment
still relies on users changing RBF policies manually. If majority of nodes
use default opt-in policy, how would this affect vulnerable projects?


If we define the goal as ensuring there is a significant number of
transaction-relay routes between the L2s nodes requiring full-rbf and the
set of miners supporting this policy, and the set of miners is populated
enough, there is no need to convince the majority of nodes operators to
switch to full-rbf.


Beyond landing the 'full-rbf' pull request, in pursuit of a partial
full-rbf deployment, I'm thinking of reaching out to Lightning vendors to
recommend running LN nodes operators run their full-node with the setting
enabled. And also to few mining pool operators to advocate the potential
increase in their income.


Given there are like 17000 public LN nodes, if half of them adopt full-rbf
it should give already a good number of full-rbf transaction-relay routes
across the p2p network

Re: [bitcoin-dev] Playing with full-rbf peers for fun and L2s security

2022-06-16 Thread Greg Sanders via bitcoin-dev

> It is not possible to guarantee that a transaction will be mined within N
blocks irrespective of fees. It is vulnerable if a project's security
relies on it, and should fix it by changing the security assumptions.

It's not possible to guarantee that any funds can be moved ever. But we
still build an entire system assuming we can via an interesting mix of
cryptography and incentives.

On Wed, Jun 15, 2022 at 9:45 PM alicexbt  wrote:

> Hi Greg,
>
>
> The security of LN and other related systems are something like: "given
> proper fees offered, can a transaction be mined within N blocks?" You're
> simply not allowed to out-bid your attacker in certain circumstances due to
> today's miner incentive-incompatible relay policies.
>
>
> It is not possible to guarantee that a transaction will be mined within N
> blocks irrespective of fees. It is vulnerable if a project's security
> relies on it, and should fix it by changing the security assumptions.
> Miners can try full-rbf or other policy without core so I won't consider
> opt-in as incentive-incompatible.
>
> > ... arguments about how many people RBF being sufficient or not ...
>
> The idea that we should only build robust systems after the broken ones
> are attacked is not a serious argument.
>
>
> Its true and was even mentioned in PR #16171 that a policy is only useful
> if enough nodes and miners follow it. We should build robust systems but I
> don't think this change will help in doing it.
>
> This is a strawman.
>
> Full-RBF is a simple, obvious, incentive-compatible step to getting closer
> to more robust layer two systems. Fixing the rest of the holes is for
> future proposals which are a bit more involved and definitely less mature.
>
>
> I do not have issues with multiple RBF policies being tried out and
> full-rbf being one of them. My disagreements are with rationale, lack of
> basic options in Bitcoin Core to employ/disable different RBF policies
> and a few arguments made in support for full-rbf. Whether it appears
> strawman or offtopic on github, there should be a place to share these
> disagreements.
>
> If Knots has these knobs, just use Knots rather than lobby all
> implementations to have miner incentive incompatible knobs?
>
>
> Everyone can share options that would help users in the bitcoin
> implementation used by 90% nodes. I don't think this is reserved only for a
> few developers. I would personally use Knots and others are free to try the
> suggestion or continue using Bitcoin Core.
>
> /dev/fd0
>
>
> Sent with Proton Mail  secure email.
>
> --- Original Message ---
> On Thursday, June 16th, 2022 at 6:32 AM, Greg Sanders <
> gsander...@gmail.com> wrote:
>
> > If something relies on a policy which can be changed without breaking
> consensus rules, how is it secure in any case with or without full rbf?
>
> The security of LN and other related systems are something like: "given
> proper fees offered, can a transaction be mined within N blocks?" You're
> simply not allowed to out-bid your attacker in certain circumstances due to
> today's miner incentive-incompatible relay policies.
>
> There is also a time-value dimension to this with other simpler systems
> where your funds can be locked up for potentially weeks for similar reasons.
>
> > ... arguments about how many people RBF being sufficient or not ...
>
> The idea that we should only build robust systems after the broken ones
> are attacked is not a serious argument.
>
> > I am not opposed to full-rbf; rather, I am opposed to the notion that
> full-rbf will solve all problems
>
> This is a strawman.
>
> Full-RBF is a simple, obvious, incentive-compatible step to getting closer
> to more robust layer two systems. Fixing the rest of the holes is for
> future proposals which are a bit more involved and definitely less mature.
>
> > would suggest users to try Bitcoin Knots instead
> > Developers should provide basic RBF policy options rather than
> attempting to define what constitutes a good policy and removing the
> ability to disable something when necessary.
>
> If Knots has these knobs, just use Knots rather than lobby all
> implementations to have miner incentive incompatible knobs?
>
> Cheers,
> Greg
>
> On Wed, Jun 15, 2022 at 8:27 PM alicexbt via bitcoin-dev <
> bitcoin-dev@lists.linuxfoundation.org> wrote:
>
>> Hi Antoine,
>>
>>
>> Thanks for opening the pull request to add support for full-rbf in
>> Bitcoin Core. I have a few disagreements with the approach and questions.
>>
>> Recent discussions among LN devs have brought back on the surface
>> concerns about the security of multi-party funded transactions (coinjoins,
>> dual-funded LN channels, on-chain DLCs, ...). It turns out there is a
>> low-fruit, naive DoS vector playable against the funding flow of any such
>> construction due to the lack of existent full-rbf transaction-relay
>> topology on today's p2p network [0] [1].
>>
>>
>> 1)If something relies on a policy which can be changed

Re: [bitcoin-dev] Playing with full-rbf peers for fun and L2s security

2022-06-16 Thread alicexbt via bitcoin-dev

Hi cndm1,

> If you see a "lack of basic options" and no one has opened a pull request for 
> it, it may be for two reasons.

The basic option to disable all RBF policies in a node's mempool if required 
was removed in [PR #16171][1]. No one has opened a pull request to revert this 
because most of the maintainers and a few reviewers agreed with this change. It 
wasn't required, PR had weak rationale, 2 NACKS and was reopened to merge 
because some reviewers/maintainers believe its a policy that cannot be 
maintained. One of the reviewers who NACKed it already maintains the config 
option to disable all RBF policies in Bitcoin Knots which is a derivative of 
Bitcoin Core.

> However, repeatedly demanding others to do it for you is not helpful in open 
> source software development.

I am not demanding anyone to add a few lines of code and open a pull request. I 
am _reviewing_ a pull request in an open source project and sharing my 
feedback. Even Antoine and Luke agreed to add it if other reviewers have no 
issues or I can do it. This option in context with another being added for a 
new RBF policy was being discussed in [PR #25353][2] and my earlier emails in 
this thread.

Other 'basic options' will be easier to accommodate with `-mempoolreplacement` 
used in [PR #25373] which is unlikely to be merged.

[1]: https://github.com/bitcoin/bitcoin/pull/16171
[2]: https://github.com/bitcoin/bitcoin/pull/25353
[3]: https://github.com/bitcoin/bitcoin/pull/25373

/dev/fd0

Sent with Proton Mail secure email.

--- Original Message ---
On Thursday, June 16th, 2022 at 11:13 AM, linuxfoundation.cndm1--- via 
bitcoin-dev bitcoin-dev@lists.linuxfoundation.org wrote:

> alicexbt wrote:
>
> > I do not have issues with multiple RBF policies being tried out and 
> > full-rbf being one of them. My disagreements are with rationale, lack of 
> > basic options in Bitcoin Core to employ/disable different RBF policies and 
> > a few arguments made in support for full-rbf. Whether it appears strawman 
> > or offtopic on github, there should be a place to share these disagreements.
>
> Bitcoin Core is open source software, where developers open pull
> requests to try to get them merged after review. If you see a "lack of
> basic options" and no one has opened a pull request for it, it may be
> for two reasons. First, it could be that it just doesn't make sense,
> so no one sees a point in implementing it. Secondly, it may be that it
> isn't on anyone's list of priorities. In the second case, you are
> welcome to share your preference once. Moreover, no one is holding you
> back to implement it yourself and suggest a pull request. However,
> repeatedly demanding others to do it for you is not helpful in open
> source software development.
>
> cndm1
>
> ___
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
___
bitcoin-dev mailing list
bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev

Re: [bitcoin-dev] Playing with full-rbf peers for fun and L2s security

2022-06-16 Thread linuxfoundation.cndm1--- via bitcoin-dev

alicexbt wrote:
> I do not have issues with multiple RBF policies being tried out and full-rbf 
> being one of them. My disagreements are with rationale, lack of basic options 
> in Bitcoin Core to employ/disable different RBF policies and a few arguments 
> made in support for full-rbf. Whether it appears strawman or offtopic on 
> github, there should be a place to share these disagreements.

Bitcoin Core is open source software, where developers open pull
requests to try to get them merged after review. If you see a "lack of
basic options" and no one has opened a pull request for it, it may be
for two reasons. First, it could be that it just doesn't make sense,
so no one sees a point in implementing it. Secondly, it may be that it
isn't on anyone's list of priorities. In the second case, you are
welcome to share your preference once. Moreover, no one is holding you
back to implement it yourself and suggest a pull request. However,
repeatedly demanding others to do it for you is not helpful in open
source software development.

cndm1

___
bitcoin-dev mailing list
bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev

Re: [bitcoin-dev] Playing with full-rbf peers for fun and L2s security

2022-06-15 Thread alicexbt via bitcoin-dev

Hi Greg,

> The security of LN and other related systems are something like: "given 
> proper fees offered, can a transaction be mined within N blocks?" You're 
> simply not allowed to out-bid your attacker in certain circumstances due to 
> today's miner incentive-incompatible relay policies.

It is not possible to guarantee that a transaction will be mined within N 
blocks irrespective of fees. It is vulnerable if a project's security relies on 
it,and should fix it by changing the security assumptions. Miners can try 
full-rbf or other policy without core so I won't consider opt-in as 
incentive-incompatible.

>> ... arguments about how many people RBF being sufficient or not ...
>
> The idea that we should only build robust systems after the broken ones are 
> attacked is not a serious argument.

Its true and was even mentioned in PR #16171 that a policy is only useful if 
enough nodes and miners follow it. We should build robust systems but I don't 
think this change will help in doing it.

> This is a strawman.
>
> Full-RBF is a simple, obvious, incentive-compatible step to getting closer to 
> more robust layer two systems.Fixing the rest of the holes is for future 
> proposals which are a bit more involved and definitely less mature.

I do not have issues with multiple RBF policies being tried out and full-rbf 
being one of them. My disagreements are with rationale, lack of basic options 
in Bitcoin Core to employ/disable different RBF policies and a few arguments 
made in support for full-rbf. Whether it appears strawman or offtopic on 
github, there should be a place to share these disagreements.

> If Knots has these knobs, just use Knots rather than lobby all 
> implementations to have miner incentive incompatible knobs?

Everyone can share options that would help users in the bitcoin implementation 
used by 90% nodes. I don't think this is reserved only for a few developers. I 
would personally use Knots and others are free to try the suggestion or 
continue using Bitcoin Core.

/dev/fd0

Sent with [Proton Mail](https://proton.me/) secure email.

--- Original Message ---
On Thursday, June 16th, 2022 at 6:32 AM, Greg Sanders  
wrote:

>> If something relies on a policy which can be changed without breaking 
>> consensus rules, how is it secure in any case with or without full rbf?
>
> The security of LN and other related systems are something like: "given 
> proper fees offered, can a transaction be mined within N blocks?" You're 
> simply not allowed to out-bid your attacker in certain circumstances due to 
> today's miner incentive-incompatible relay policies.
>
> There is also a time-value dimension to this with other simpler systems where 
> your funds can be locked up for potentially weeks for similar reasons.
>
>> ... arguments about how many people RBF being sufficient or not ...
>
> The idea that we should only build robust systems after the broken ones are 
> attacked is not a serious argument.
>
>> I am not opposed to full-rbf; rather, I am opposed to the notion that 
>> full-rbf will solve all problems
>
> This is a strawman.
>
> Full-RBF is a simple, obvious, incentive-compatible step to getting closer to 
> more robust layer two systems. Fixing the rest of the holes is for future 
> proposals which are a bit more involved and definitely less mature.
>
>> would suggest users to try Bitcoin Knots instead
>> Developers should provide basic RBF policy options rather than attempting to 
>> define what constitutes a good policy and removing the ability to disable 
>> something when necessary.
>
> If Knots has these knobs, just use Knots rather than lobby all 
> implementations to have miner incentive incompatible knobs?
>
> Cheers,
> Greg
>
> On Wed, Jun 15, 2022 at 8:27 PM alicexbt via bitcoin-dev 
>  wrote:
>
>> Hi Antoine,
>>
>> Thanks for opening the pull request to add support for full-rbf in Bitcoin 
>> Core. I have a few disagreements with the approach and questions.
>>
>>> Recent discussions among LN devs have brought back on the surface concerns 
>>> about the security of multi-party funded transactions (coinjoins, 
>>> dual-funded LN channels, on-chain DLCs, ...). It turns out there is a 
>>> low-fruit, naive DoS vector playable against the funding flow of any such 
>>> construction due to the lack of existent full-rbf transaction-relay 
>>> topology on today's p2p network [0] [1].
>>
>> 1)If something relies on a policy which can be changed without breaking 
>> consensus rules, how is it secure in any case with or without full rbf? If I 
>> write a python script that expects user to enter char 'a' or 'b' but user 
>> can enter 'c' and there is no code to handle exceptions or other chars, will 
>> it be secure?
>>
>> 2)full-rbf is not default in the 2 open pull requests, so this experiment 
>> still relies on users changing RBF policies manually. If majority of nodes 
>> use default opt-in policy, how would this affect vulnerable projects?
>>
>>> If you're a mining

Re: [bitcoin-dev] Playing with full-rbf peers for fun and L2s security

2022-06-15 Thread Greg Sanders via bitcoin-dev

> If something relies on a policy which can be changed without breaking
consensus rules, how is it secure in any case with or without full rbf?

The security of LN and other related systems are something like: "given
proper fees offered, can a transaction be mined within N blocks?" You're
simply not allowed to out-bid your attacker in certain circumstances due to
today's miner incentive-incompatible relay policies.

There is also a time-value dimension to this with other simpler systems
where your funds can be locked up for potentially weeks for similar reasons.

>  ... arguments about how many people RBF being sufficient or not ...

The idea that we should only build robust systems after the broken ones are
attacked is not a serious argument.

> I am not opposed to full-rbf; rather, I am opposed to the notion that
full-rbf will solve all problems

This is a strawman.

Full-RBF is a simple, obvious, incentive-compatible step to getting closer
to more robust layer two systems. Fixing the rest of the holes is for
future proposals which are a bit more involved and definitely less mature.

>  would suggest users to try Bitcoin Knots instead
> Developers should provide basic RBF policy options rather than attempting
to define what constitutes a good policy and removing the ability to
disable something when necessary.

If Knots has these knobs, just use Knots rather than lobby all
implementations to have miner incentive incompatible knobs?

Cheers,
Greg

On Wed, Jun 15, 2022 at 8:27 PM alicexbt via bitcoin-dev <
bitcoin-dev@lists.linuxfoundation.org> wrote:

> Hi Antoine,
>
>
> Thanks for opening the pull request to add support for full-rbf in Bitcoin
> Core. I have a few disagreements with the approach and questions.
>
> Recent discussions among LN devs have brought back on the surface concerns
> about the security of multi-party funded transactions (coinjoins,
> dual-funded LN channels, on-chain DLCs, ...). It turns out there is a
> low-fruit, naive DoS vector playable against the funding flow of any such
> construction due to the lack of existent full-rbf transaction-relay
> topology on today's p2p network [0] [1].
>
>
> 1)If something relies on a policy which can be changed without breaking
> consensus rules, how is it secure in any case with or without full rbf? If
> I write a python script that expects user to enter char 'a' or 'b' but user
> can enter 'c' and there is no code to handle exceptions or other chars,
> will it be secure?
>
> 2)full-rbf is not default in the 2 open pull requests, so this experiment
> still relies on users changing RBF policies manually. If majority of nodes
> use default opt-in policy, how would this affect vulnerable projects?
>
> If you're a mining operator looking to increase your income, you might be
> interested to experiment with full-rbf as a policy.
>
>
> Miners can only increase their income if users replace transactions. 2-3%
> transactions are replaced with opt-in RBF, if someone did not replace
> earlier why would they do it with full RBF? Or even if we add some users in
> it who could not signal for some reasons, do you think it would be anything
> above 5%?
>
> If you're a Bitcoin user or business and you don't like full-rbf, please
> express an opinion on how it might affect your software/operations. I'm
> always interested to learn more about mempool and transaction-relay
> interactions with upper-layers and applications and to listen to feedback
> in those areas, and I guess a lot of other Bitcoin researchers/devs too. I
> know there have been a lot of concerns about full-rbf in the past, however
> I believe the Bitcoin ecosystem has matured a lot since then.
>
>
> I am not opposed to full-rbf; rather, I am opposed to the notion that
> full-rbf will solve all problems and the lack of basic options in Bitcoin
> Core to employ/disable different RBF policies. There is also a speculation
> about making full RBF default in an year which isn't relevant to discuss at
> this point without trying different RBF policies.
>
> I would suggest users to try Bitcoin Knots instead which already has an
> option to disable all RBF policies if required, opt-in and full RBF policy.
> This can also be done using GUI if not familiar with config option
> mempoolreplacement.
>
> The rationale in PR #16171 was insufficient to justify removing it in the
> first place, had 2 NACKs and was reopened to merge it. Why bother with a
> few lines of code that may allow someone disable it if required in local
> mempool since it's only useful when a big percentage of miners utilize it
> and essentially underused according to the PR author? Developers should
> provide basic RBF policy options rather than attempting to define what
> constitutes a good policy and removing the ability to disable something
> when necessary.
>
>
> /dev/fd0
>
> Sent with Proton Mail  secure email.
>
> --- Original Message ---
> On Tuesday, June 14th, 2022 at 5:55 AM, Antoine Riard via

Re: [bitcoin-dev] Playing with full-rbf peers for fun and L2s security

2022-06-15 Thread alicexbt via bitcoin-dev

Hi Antoine,

Thanks for opening the pull request to add support for full-rbf in Bitcoin 
Core. I have a few disagreements with the approach and questions.

> Recent discussions among LN devs have brought back on the surface concerns 
> about the security of multi-party funded transactions (coinjoins, dual-funded 
> LN channels, on-chain DLCs, ...). It turns out there is a low-fruit, naive 
> DoS vector playable against the funding flow of any such construction due to 
> the lack of existent full-rbf transaction-relay topology on today's p2p 
> network [0] [1].

1)If something relies on a policy which can be changed without breaking 
consensus rules, how is it secure in any case with or without full rbf? If I 
write a python script that expects user to enter char 'a' or 'b' but user can 
enter 'c' and there is no code to handle exceptions or other chars, will it be 
secure?

2)full-rbf is not default in the 2 open pull requests, so this experiment still 
relies on users changing RBF policies manually. If majority of nodes use 
default opt-in policy, how would this affect vulnerable projects?

> If you're a mining operator looking to increase your income, you might be 
> interested to experiment with full-rbf as a policy.

Miners can only increase their income if users replace transactions. 2-3% 
transactions are replaced with opt-in RBF, if someone did not replace earlier 
why would they do it with full RBF? Or even if we add some users in it who 
could not signal for some reasons, do you think it would be anything above 5%?

> If you're a Bitcoin user or business and you don't like full-rbf, please 
> express an opinion on how it might affect your software/operations. I'm 
> always interested to learn more about mempool and transaction-relay 
> interactions with upper-layers and applications and to listen to feedback in 
> those areas, and I guess a lot of other Bitcoin researchers/devs too. I know 
> there have been a lot of concerns about full-rbf in the past, however I 
> believe the Bitcoin ecosystem has matured a lot since then.

I am not opposed to full-rbf; rather, I am opposed to the notion that full-rbf 
will solve all problems and the lack of basic options in Bitcoin Core to 
employ/disable different RBF policies. There is also a speculation about making 
full RBF default in an year which isn't relevant to discuss at this point 
without trying different RBF policies.

I would suggest users to try Bitcoin Knots instead which already has an option 
to disable all RBF policies if required, opt-in and full RBF policy. This can 
also be done using GUI if not familiar with config optionmempoolreplacement.

The rationale in PR #16171 was insufficient to justify removing it in the first 
place, had 2 NACKs and was reopened to merge it. Why bother with a few lines of 
code that may allow someone disable it if required in local mempool since it's 
only useful when a big percentage of miners utilize it and essentially 
underused according to the PR author? Developers should provide basic RBF 
policy options rather than attempting to define what constitutes a good policy 
and removing the ability to disable something when necessary.

/dev/fd0

Sent with [Proton Mail](https://proton.me/) secure email.

--- Original Message ---
On Tuesday, June 14th, 2022 at 5:55 AM, Antoine Riard via bitcoin-dev 
 wrote:

> Hi list,
>
> Recent discussions among LN devs have brought back on the surface concerns 
> about the security of multi-party funded transactions (coinjoins, dual-funded 
> LN channels, on-chain DLCs, ...). It turns out there is a low-fruit, naive 
> DoS vector playable against the funding flow of any such construction due to 
> the lack of existent full-rbf transaction-relay topology on today's p2p 
> network [0] [1]. While it does not consist in a direct loss of funds, if 
> exploited well I think it's annoying enough to inflict significant timevalue 
> loss or fee-bumping waste
> to the future providers or distributed swarm of users doing multi-party 
> funded transactions. Of course, it can be fixed one layer above by 
> introducing either fidelity bonds or a reliable centralized coordinator, 
> though at the price of an overhead per-participant ressources cost and loss 
> in system openness [1].
>
> For that reason, I believe it would be beneficial to the flourishing of 
> multi-party funded transactions to fix the Dos vector by seeing a subset of 
> the network running full-rbf and enabling propagation of honest multi-party 
> transactions to the interested miners, replacing potential non-signaling 
> double-spend from a malicious counterparty. Moving towards that direction, 
> I've submitted a small patch against Bitcoin Core enabling it to turn on 
> full-rbf as a policy, still under review [3]. The default setting stays 
> **false**, i.e keeping opt-in RBF as a default replacement policy. I've 
> started to run the patch on a public node at 146.190.224.15.
>
> If you're a node operator

Re: [bitcoin-dev] Playing with full-rbf peers for fun and L2s security

2022-06-14 Thread Peter Todd via bitcoin-dev

On Wed, Jun 15, 2022 at 02:53:58AM +, Luke Dashjr wrote:
> Bitcoin Knots still uses this service bit, FWIW (though due to a bug in some 
> older versions, it wasn't signalled by default). There are probably at least 
> 100 nodes with full RBF already.

Right. However it looks like you do not add NODE_REPLACE_BY_FEE to the list
returned by GetDesirableServiceFlags, so those nodes won't preferentially peer
with each other.

Also, if NODE_REPLACE_BY_FEE is added to the desirable service flags, it
ideally needs to be supported by the DNS seeds too. Currently it is not.

-- 
https://petertodd.org 'peter'[:-1]@petertodd.org

signature.asc
Description: PGP signature
___
bitcoin-dev mailing list
bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev

Re: [bitcoin-dev] Playing with full-rbf peers for fun and L2s security

2022-06-14 Thread Luke Dashjr via bitcoin-dev

Bitcoin Knots still uses this service bit, FWIW (though due to a bug in some 
older versions, it wasn't signalled by default). There are probably at least 
100 nodes with full RBF already.

On Wednesday 15 June 2022 02:27:20 Peter Todd via bitcoin-dev wrote:
> On Mon, Jun 13, 2022 at 08:25:11PM -0400, Antoine Riard via bitcoin-dev 
wrote:
> > If you're a node operator curious to play with full-rbf, feel free to
> > connect to this node or spawn up a toy, public node yourself. There is a
> > ##uafrbf libera chat if you would like information on the settings or
> > looking for full-rbf friends (though that step could be automated in the
> > future by setting up a dedicated network bit and reserving a few outbound
> > slots for them).
>
> I previously maintained a Bitcoin Core fork that did just that, using
> nServices bit 26:
>
> https://github.com/petertodd/bitcoin/commit/1cc1a46a633535c42394380b656d681
>258a111ac
>
> IIRC I was using the code written to prefer segwit peers; I have no idea if
> a similar approach is still easy to implement as I haven't worked on the
> Bitcoin Core codebase for years.

___
bitcoin-dev mailing list
bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev

Re: [bitcoin-dev] Playing with full-rbf peers for fun and L2s security

2022-06-14 Thread Peter Todd via bitcoin-dev

On Mon, Jun 13, 2022 at 08:25:11PM -0400, Antoine Riard via bitcoin-dev wrote:
> If you're a node operator curious to play with full-rbf, feel free to
> connect to this node or spawn up a toy, public node yourself. There is a
> ##uafrbf libera chat if you would like information on the settings or
> looking for full-rbf friends (though that step could be automated in the
> future by setting up a dedicated network bit and reserving a few outbound
> slots for them).

I previously maintained a Bitcoin Core fork that did just that, using nServices
bit 26:

https://github.com/petertodd/bitcoin/commit/1cc1a46a633535c42394380b656d681258a111ac

IIRC I was using the code written to prefer segwit peers; I have no idea if a
similar approach is still easy to implement as I haven't worked on the Bitcoin
Core codebase for years.

-- 
https://petertodd.org 'peter'[:-1]@petertodd.org


signature.asc
Description: PGP signature
___
bitcoin-dev mailing list
bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev

[bitcoin-dev] Playing with full-rbf peers for fun and L2s security

2022-06-13 Thread Antoine Riard via bitcoin-dev

Hi list,

Recent discussions among LN devs have brought back on the surface concerns
about the security of multi-party funded transactions (coinjoins,
dual-funded LN channels, on-chain DLCs, ...). It turns out there is a
low-fruit, naive DoS vector playable against the funding flow of any such
construction due to the lack of existent full-rbf transaction-relay
topology on today's p2p network [0] [1]. While it does not consist in a
direct loss of funds, if exploited well I think it's annoying enough to
inflict significant timevalue loss or fee-bumping waste
to the future providers or distributed swarm of users doing multi-party
funded transactions. Of course, it can be fixed one layer above by
introducing either fidelity bonds or a reliable centralized coordinator,
though at the price of an overhead per-participant ressources cost and loss
in system openness [1].

For that reason, I believe it would be beneficial to the flourishing of
multi-party funded transactions to fix the Dos vector by seeing a subset of
the network running full-rbf and enabling propagation of honest multi-party
transactions to the interested miners, replacing potential non-signaling
double-spend from a malicious counterparty. Moving towards that direction,
I've submitted a small patch against Bitcoin Core enabling it to turn on
full-rbf as a policy, still under review [3]. The default setting stays
**false**, i.e keeping opt-in RBF as a default replacement policy. I've
started to run the patch on a public node at 146.190.224.15.

If you're a node operator curious to play with full-rbf, feel free to
connect to this node or spawn up a toy, public node yourself. There is a
##uafrbf libera chat if you would like information on the settings or
looking for full-rbf friends (though that step could be automated in the
future by setting up a dedicated network bit and reserving a few outbound
slots for them).

If you're a mining operator looking to increase your income, you might be
interested to experiment with full-rbf as a policy. Indeed, in the future I
believe the multi-party transactions issuers who need full-rbf to secure
their funding flow should connect by default to full-rbf peers. One can
conjecture that their transactions are likely to be more compelling in
their feerate as their liquidity needs are higher than the simple
transaction. For today, I think we have really few standards and bitcoin
softwares relying on multi-party funded transactions [4].

If you're a Bitcoin user or business and you don't like full-rbf, please
express an opinion on how it might affect your software/operations. I'm
always interested to learn more about mempool and transaction-relay
interactions with upper-layers and applications and to listen to feedback
in those areas, and I guess a lot of other Bitcoin researchers/devs too. I
know there have been a lot of concerns about full-rbf in the past, however
I believe the Bitcoin ecosystem has matured a lot since then.

Any mistakes or missing context is my own.

Cheers,
Antoine

[0] For more info about replace-by-fee, see
https://bitcoinops.org/en/topics/replace-by-fee/

[1] For more details about the DoS vector, see
https://lists.linuxfoundation.org/pipermail/lightning-dev/2021-May/003033.html

[2] E.g I think it does not affect the Lightning Pool service, as there is
a preliminary step where the participant funds are locked first in a 2-of-2
with the coordinator before being committed in the multi-party batch
transaction.

[3] https://github.com/bitcoin/bitcoin/pull/25353

[4] E.g DLCs :
https://github.com/discreetlogcontracts/dlcspecs/blob/master/Transactions.md
; Lightning dual-funded channel :
https://github.com/lightning/bolts/pull/851
___
bitcoin-dev mailing list
bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev

Re: [bitcoin-dev] Playing with full-rbf peers for fun and L2s security

Re: [bitcoin-dev] Playing with full-rbf peers for fun and L2s security

Re: [bitcoin-dev] Playing with full-rbf peers for fun and L2s security

Re: [bitcoin-dev] Playing with full-rbf peers for fun and L2s security

Re: [bitcoin-dev] Playing with full-rbf peers for fun and L2s security

Re: [bitcoin-dev] Playing with full-rbf peers for fun and L2s security

Re: [bitcoin-dev] Playing with full-rbf peers for fun and L2s security

Re: [bitcoin-dev] Playing with full-rbf peers for fun and L2s security

Re: [bitcoin-dev] Playing with full-rbf peers for fun and L2s security

Re: [bitcoin-dev] Playing with full-rbf peers for fun and L2s security

Re: [bitcoin-dev] Playing with full-rbf peers for fun and L2s security

Re: [bitcoin-dev] Playing with full-rbf peers for fun and L2s security

Re: [bitcoin-dev] Playing with full-rbf peers for fun and L2s security

Re: [bitcoin-dev] Playing with full-rbf peers for fun and L2s security

Re: [bitcoin-dev] Playing with full-rbf peers for fun and L2s security

Re: [bitcoin-dev] Playing with full-rbf peers for fun and L2s security

Re: [bitcoin-dev] Playing with full-rbf peers for fun and L2s security

Re: [bitcoin-dev] Playing with full-rbf peers for fun and L2s security

Re: [bitcoin-dev] Playing with full-rbf peers for fun and L2s security

Re: [bitcoin-dev] Playing with full-rbf peers for fun and L2s security

Re: [bitcoin-dev] Playing with full-rbf peers for fun and L2s security

Re: [bitcoin-dev] Playing with full-rbf peers for fun and L2s security

Re: [bitcoin-dev] Playing with full-rbf peers for fun and L2s security

Re: [bitcoin-dev] Playing with full-rbf peers for fun and L2s security

Re: [bitcoin-dev] Playing with full-rbf peers for fun and L2s security

Re: [bitcoin-dev] Playing with full-rbf peers for fun and L2s security

[bitcoin-dev] Playing with full-rbf peers for fun and L2s security

27 matches

Site Navigation

Mail list logo

Footer information