Peter Todd [ARCHIVE] on Nostr: 📅 Original date posted:2023-01-10 🗒️ Summary of this message: Full-RBF ...
📅 Original date posted:2023-01-10
🗒️ Summary of this message: Full-RBF mitigates double-spend DoS attacks by replacing low-fee transactions with higher fee ones, ensuring forward progress, without requiring extra sats.
📝 Original message:On Tue, Jan 10, 2023 at 09:19:39AM +0000, alicexbt wrote:
> Hi Peter,
>
> > ## How Full-RBF Mitigates the Double-Spend DoS Attack
> >
> > Modulo tx-pinning, full-rbf mitigates the double-spend DoS attack in a very
> > straightforward way: the low fee transaction is replaced by the higher fee
> > transaction, resulting in the latter getting mined in a reasonable amount of
> > time and the protocol making forward progress.
>
> Asking this question based on a [discussion on twitter][0]. How would you get extra sats to increase the fees?
You're misunderstanding the issue. There is no need for extra sats to increase
fees. Coinjoin transactions already have fees set at a level at which you'd
expect them to be mined in a reasonable amount of time. Full-RBF ensures that,
modulo tx pinning, either the coinjoin gets mined, or any double-spend has to
have a high enough feerate that it will be mined in a reasonable amount of time
as well.
> It seems this would be possible with Joinmarket, Wasabi and even joinstr although things would get worse for Whirlpool. Whirlpool coinjoin transactions do not signal BIP 125 RBF so they were not replaceable earlier
Bringing up Whirlpool here is silly. Everyone knows Samourai has made, at best,
some rather insane technical decisions. Quite likely downright malicious with
their xpub collection. Their opinion isn't relevant. Cite reputable sources.
Anyway, Wasabi would like to move to making coinjoins opt-in to RBF. Though
full-rbf may come sooner; for technical reasons opt-in RBF is ugly to implement
now as activation needs to be coordinated accross all clients:
https://github.com/zkSNACKs/WalletWasabi/issues/9041#issuecomment-1376653020
> however attacker would be able to perform DoS attacks now by double spending their inputs used in coinjoin.
As I explained, attackers can already do this with or without full-rbf simply
by picking the right time to broadcast the double spend. It's not an effective
attack anyway: with a UTXO you can already hold up a coinjoin round by simply
failing to complete stage #2 of the coinjoin. Actually doing a double-spend
simply guarantees that you're spending money on it. It's only effective with
low-fee double-spends in the absence of full-rbf.
> [0]: https://twitter.com/dammkewl/status/1599692908860706818
This tweet is nuts. Eg "Gives well connected mining pools an added advantage"
is simply false. Full-RBF does the exact opposite.
--
https://petertodd.org 'peter'[:-1]@petertodd.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20230110/60b6077c/attachment.sig>;
🗒️ Summary of this message: Full-RBF mitigates double-spend DoS attacks by replacing low-fee transactions with higher fee ones, ensuring forward progress, without requiring extra sats.
📝 Original message:On Tue, Jan 10, 2023 at 09:19:39AM +0000, alicexbt wrote:
> Hi Peter,
>
> > ## How Full-RBF Mitigates the Double-Spend DoS Attack
> >
> > Modulo tx-pinning, full-rbf mitigates the double-spend DoS attack in a very
> > straightforward way: the low fee transaction is replaced by the higher fee
> > transaction, resulting in the latter getting mined in a reasonable amount of
> > time and the protocol making forward progress.
>
> Asking this question based on a [discussion on twitter][0]. How would you get extra sats to increase the fees?
You're misunderstanding the issue. There is no need for extra sats to increase
fees. Coinjoin transactions already have fees set at a level at which you'd
expect them to be mined in a reasonable amount of time. Full-RBF ensures that,
modulo tx pinning, either the coinjoin gets mined, or any double-spend has to
have a high enough feerate that it will be mined in a reasonable amount of time
as well.
> It seems this would be possible with Joinmarket, Wasabi and even joinstr although things would get worse for Whirlpool. Whirlpool coinjoin transactions do not signal BIP 125 RBF so they were not replaceable earlier
Bringing up Whirlpool here is silly. Everyone knows Samourai has made, at best,
some rather insane technical decisions. Quite likely downright malicious with
their xpub collection. Their opinion isn't relevant. Cite reputable sources.
Anyway, Wasabi would like to move to making coinjoins opt-in to RBF. Though
full-rbf may come sooner; for technical reasons opt-in RBF is ugly to implement
now as activation needs to be coordinated accross all clients:
https://github.com/zkSNACKs/WalletWasabi/issues/9041#issuecomment-1376653020
> however attacker would be able to perform DoS attacks now by double spending their inputs used in coinjoin.
As I explained, attackers can already do this with or without full-rbf simply
by picking the right time to broadcast the double spend. It's not an effective
attack anyway: with a UTXO you can already hold up a coinjoin round by simply
failing to complete stage #2 of the coinjoin. Actually doing a double-spend
simply guarantees that you're spending money on it. It's only effective with
low-fee double-spends in the absence of full-rbf.
> [0]: https://twitter.com/dammkewl/status/1599692908860706818
This tweet is nuts. Eg "Gives well connected mining pools an added advantage"
is simply false. Full-RBF does the exact opposite.
--
https://petertodd.org 'peter'[:-1]@petertodd.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20230110/60b6077c/attachment.sig>;