From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Mon, 27 Jan 2025 15:27:24 -0800 Received: from mail-qk1-f187.google.com ([209.85.222.187]) by mail.fairlystable.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from ) id 1tcYVn-0004Bl-G1 for bitcoindev@gnusha.org; Mon, 27 Jan 2025 15:27:24 -0800 Received: by mail-qk1-f187.google.com with SMTP id af79cd13be357-7b6ef813ed1sf717416685a.3 for ; Mon, 27 Jan 2025 15:27:23 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1738020437; cv=pass; d=google.com; s=arc-20240605; b=KsH4VbmOAd2f9k3GiKa2ouf/3+hEcUL6UX495y0CYngIUzLqnDwaPVRV2uriL59p4Y bI03oPIdhYksM1eU6ab02jAykeZpWU40ubZKTXdbsxvde3plnfuDa6hLPghluNh/vKVC wYt+KCt/VIy60V4V3Cqq8jPt7tHmSr0e4+Zv4HtG5ix8PUK+HYBygSVTOtx+LIbgW+rk DsF+M+h59B3NmuPo05srazPOa+cDIxHRXl0KUR73odYs4yrNB0yriB2XFzT42BMW/swN W9BODSUmau4wPccqKve9cK04GGwT6lBJCM2iWkra0vqeLEOsCP//65Dwn4nB3slNpjir 2npA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:sender:dkim-signature :dkim-signature; bh=925urScImubRwfCXDUNb17gr+N2W3+tbraIUgwUlseo=; fh=wM9YqqU1zinDZJ/2f9pDu46cnSeltczSDtLvtXD17Fo=; b=OF3pvDjQfqwmnUJdfle4PW05GH0ZB33l6lBxG25k2JztFtmLKk0tSfGeIMvlgIkaJu j3OWCyeX9CbNQ9pdpcrlAl6Jx9NNGmJ6XAJwWkRrXZZzhtg88iyu2YxGOLesS+nQfz1a gR4Sv55Idzq7yGXmW8g9TEw8uomX3geOxEVC3+s3D31zmY6FcRvKA5aW4hTehmrTFI4T /a9FmSNiY099Pg+387VQGtXjvROWrgN4pATi8kgXaeaJU/V29Ojj6OYKbm+OWw2uOWOQ Qiu/VDU1ir9SGXi1uDpqBYsCxuXQhY77qGiyH284Lrvb9euXbXcw9eSc7739rdFDFXsV A6UQ==; darn=gnusha.org ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b="U/AfY6iJ"; spf=pass (google.com: domain of antoine.riard@gmail.com designates 2607:f8b0:4864:20::1033 as permitted sender) smtp.mailfrom=antoine.riard@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com; dara=pass header.i=@googlegroups.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1738020437; x=1738625237; darn=gnusha.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:sender:from:to:cc:subject:date:message-id :reply-to; bh=925urScImubRwfCXDUNb17gr+N2W3+tbraIUgwUlseo=; b=HHoiQpcz7IZSbU2oqhK9TD4Eio+lpOf+OWsxKhgBxyaXN/kH6qvFDb0wGLz5dnBi9p IZSUhzPHQrq2nAjgS7nzG3F1/TRZ6q4JVwXUBYEl07FCzus6CvImC6wTXmQjYdpJdOjW Um61ViZsaEjw9uqR9/T+P6EvRqbwH+YDXfwihqa+nh2VOI6kdpUEH7ouLnMDD9WHAqWk IFIlmVqlJ9TZm3NCLVkoj/pC8PtI6bhUJa228XrhTgigsMXos0GFNNm+nqiETf6NBc3v crDhLuncZBBmS6ijF+CbhzLnUC7y2ebq0ycy6BbMUkeFei9SvUYRjy20Ev35UJ1njEXz KDAQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1738020437; x=1738625237; darn=gnusha.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:from:to:cc:subject:date:message-id:reply-to; bh=925urScImubRwfCXDUNb17gr+N2W3+tbraIUgwUlseo=; b=KlfN//Fn6qRSxSc8f3kTNEBFB0kbbPL1s6GCYcRrPNbV1qDUmStIHtjjsejIUyvCFi Fec2FrnonUuTs24Q91fVlMNIn1UwSm0uzOf42SHXTTjSr4OlNekE4HIoroUNdfg2I+SZ qiEw5hasoCeBsrdfzvKFImYujM5YEfNSjYSIS7EJc5hSLsOM0h33WKaT/haHns+N60xw BmeOAg3qzGAKOuXZOUGeWgjUrK7i4eLRnHPSFsbnXJasTAi2FuKS50rHMJK7wn+qUPTb q80g3ucnazHIX3juzhM4wuUMZ/23iih1fKdMSHiXpzYDjCw1H53rL2WrS2MecAxDpXQy 8AZA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1738020437; x=1738625237; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:x-beenthere:x-gm-message-state:sender:from :to:cc:subject:date:message-id:reply-to; bh=925urScImubRwfCXDUNb17gr+N2W3+tbraIUgwUlseo=; b=w6yYMWkVxwaqJWldTUYJ7XB49rLu1yaioQSc8Zx6WG3sYtMNuP+QyHEeTHAIEeA5Hz DvcGRIlmeHGQdRjUw7pFaHOqMYnjZs2dL1eTXS5EWFLk8Rc7dlDzvT7N6tbiWFRkp+BY eQ8IYrr3V1L6ObL1WYaobqsi7IUC4ySVk6ofBZg9m8qY2EDotXUbXS+T6WAv7NEAwOMn 0+KZyk2cVooH73mQEQ1yrEFu+VPyJ2gjhAFASA7HTTAQIm7WuHS7+0IvSngKfLVgIds9 D2wp2C0zVr0KQN+E/2vB1SKLBTP6S3XkeIIvRLkIeGoqN7PhkCmp20+yiDquvDLKOGn6 hwkQ== Sender: bitcoindev@googlegroups.com X-Forwarded-Encrypted: i=2; AJvYcCXQNYBCyG4tGLrKV8frcHDPGpUZaQe25ajunzRv7hZY5eN3tXByFasTPGFYadDyS1jyHs5I98+RxKhs@gnusha.org X-Gm-Message-State: AOJu0Yx+Ua2e5AclM0ZxL6F+X74M2Xi5tySxNf+dWrEON37xbf3SZpAo wRFdAMSL8Vvhssp+EZySlmw6Gwl+3W+MHSH5jsimgeq25QIYk3gs X-Google-Smtp-Source: AGHT+IE7ZiOIE+le2ra+1DvmVMQzirQrTKFjmsw57CSoF3R9V57l+fbreFogutLTJ60jMYO7KXS7tQ== X-Received: by 2002:a05:620a:40b:b0:7be:6f05:1b46 with SMTP id af79cd13be357-7be6f051d14mr4932675985a.57.1738020437285; Mon, 27 Jan 2025 15:27:17 -0800 (PST) X-BeenThere: bitcoindev@googlegroups.com Received: by 2002:ac8:7cc:0:b0:463:f0e:44c6 with SMTP id d75a77b69052e-46e5b3d7388ls3068021cf.0.-pod-prod-01-us; Mon, 27 Jan 2025 15:27:14 -0800 (PST) X-Received: by 2002:a05:620a:4396:b0:7b1:48ff:6b56 with SMTP id af79cd13be357-7be6327979emr6794298985a.43.1738020433960; Mon, 27 Jan 2025 15:27:13 -0800 (PST) Received: by 2002:a05:620a:319c:b0:7b6:67a8:4fcd with SMTP id af79cd13be357-7bff5151275ms85a; Mon, 27 Jan 2025 15:01:15 -0800 (PST) X-Received: by 2002:ac8:7d43:0:b0:467:5c9f:f8ef with SMTP id d75a77b69052e-46e12a1e6d9mr646183441cf.6.1738018874565; Mon, 27 Jan 2025 15:01:14 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1738018874; cv=none; d=google.com; s=arc-20240605; b=UXenX6GSCXj3yx5bqlul/pyTxeNba0Umgjhtp7mGN6Xq0ttc/qnWdoxi8eSrcVbf/k 4od4DRMC+54ccb/HwNL0omG9CdpCEmi8vcp04MT10pj3roBOa6JRDCQjlY8YytGwSxZd uhD+djutR1Gt3iyReeqrvjzatHsknV3pTnh5230IQQHfyOv/IdbXdthDkvhzRUxp3QTP 3HImBevSA0OETpE9GvPwSc89f7Zz1qHV9xW1IGKHcFJ2KAHbMWtFWpfwWJOMgPt9Y9ZE wUhBsqtwcdbu7hHnt8ONPbrciUXI9z/krwImDCbKCmLhBWxftwyJMIszw4w9UWZQd/Gs Y77A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:dkim-signature; bh=3gR8czNVluW02lAHGsUTwphXPzEr5QIrSgcw+7SkgSI=; fh=8IhWpdr4iOuTkOTm2gRZZk21cYhi2Q2zuRpS0v0v2JA=; b=ju8yMS1Nw1dqD7uwlkgI7hNXDWmkYZpQk9h+c8Yp5PDpD0wRijie21dDzk56fQ/x8D +iYxDYYCLwfrOudY2hA8wISt5NbLnmJLMnthOu4EoW6RCR/lVmXSGO7Vt5fB7Dj+9kNs bD30ymeaRPZiKcfk6GKcse0M0+HPSeOsmsm7PhYhsSGfZQrp3stV+IrRFOlyvK59POaA BgVjUtFVnaLHOwb5PjoxHKwGq+D8BbbQ4cs6ssocG1qoN8tgM68zUqLgtUhKZ+vlXKQ6 kdDw6mgGQBG/srhI/wFrlVJCCCYrYlHm4ktVD/81c53n1Yg7dLT2wHygwRTpi6phXYSH n1Dg==; dara=google.com ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b="U/AfY6iJ"; spf=pass (google.com: domain of antoine.riard@gmail.com designates 2607:f8b0:4864:20::1033 as permitted sender) smtp.mailfrom=antoine.riard@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com; dara=pass header.i=@googlegroups.com Received: from mail-pj1-x1033.google.com (mail-pj1-x1033.google.com. [2607:f8b0:4864:20::1033]) by gmr-mx.google.com with ESMTPS id d75a77b69052e-46e66b3fa56si3639351cf.4.2025.01.27.15.01.14 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 27 Jan 2025 15:01:14 -0800 (PST) Received-SPF: pass (google.com: domain of antoine.riard@gmail.com designates 2607:f8b0:4864:20::1033 as permitted sender) client-ip=2607:f8b0:4864:20::1033; Received: by mail-pj1-x1033.google.com with SMTP id 98e67ed59e1d1-2ee74291415so6620632a91.3 for ; Mon, 27 Jan 2025 15:01:14 -0800 (PST) X-Gm-Gg: ASbGncsQXxRAFZJffI3DxpH6mZc5izg0lNcrm4ze+APTeJP75AhKfm7vTrTi0uM+3xD 5R3is1abzIsXPGcoe0yGdU2BO2KjBoMcU89TYEe5nBbY8ziy1XmTtz1ZCSaKk84E= X-Received: by 2002:a17:90b:51c5:b0:2ee:d371:3227 with SMTP id 98e67ed59e1d1-2f782c9cb13mr68942708a91.17.1738018873519; Mon, 27 Jan 2025 15:01:13 -0800 (PST) MIME-Version: 1.0 References: <7aa8b4bd7c2d475ad07efb90d770fbd8@dtrt.org> In-Reply-To: <7aa8b4bd7c2d475ad07efb90d770fbd8@dtrt.org> From: Antoine Riard Date: Mon, 27 Jan 2025 23:01:02 +0000 X-Gm-Features: AWEUYZkDWQ_GNNTqT1-zclaxu8V6VjrtPZYjqlHYA05LKLyp_BAryX-zo5wXUEE Message-ID: Subject: Re: [bitcoindev] [FULL DISCLOSURE]: Replacement Cycling Attacks on Attacks on Bitcoin Miners Block Templates To: "David A. Harding" Cc: Bitcoin Development Mailing List , security@ariard.me Content-Type: multipart/alternative; boundary="00000000000091b60c062cb80d2b" X-Original-Sender: antoine.riard@gmail.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b="U/AfY6iJ"; spf=pass (google.com: domain of antoine.riard@gmail.com designates 2607:f8b0:4864:20::1033 as permitted sender) smtp.mailfrom=antoine.riard@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com; dara=pass header.i=@googlegroups.com Precedence: list Mailing-list: list bitcoindev@googlegroups.com; contact bitcoindev+owners@googlegroups.com List-ID: X-Google-Group-Id: 786775582512 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Score: -0.5 (/) --00000000000091b60c062cb80d2b Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable > Do I understand correctly that this attack only applies if Alice > attempts to fee bump her batch transaction? In short, is this the > attack: Fundamentally, yes. This attack is primarily targeting all transaction flows with a fee bump. See section 6.4 of the joined paper for more characterization of the "Transaction Traffic Hijack", while no quantitative analysis of the average % txn affected has been done so far. There could also be UTXO-sharing flows that are affected, where the attacker is propagating first, and preventing the other tx to propagate, before evicting his own package. However no test and no thoughts has been given to this "block-first-at-the-UTXO-root" alternative, the fee bump is more concerning= . Best, Antoine Le lun. 27 janv. 2025 =C3=A0 22:17, David A. Harding a =C3= =A9crit : > On 2025-01-27 05:22, Antoine Riard wrote: > > As soon as Alice's batch transaction starts to propagate, Mallet > > consumes its 2 outputs with 2 chain of junk transactions to reach max > > package limits (25 descendants) and block the carve-out. The junk > > transactions are of size 150 bytes and feerates 2 satoshis per virtual > > byte and they have 2 parents: one Alice's payout UTXO and one Mallet's > > UTXO. > > > > Starting from this point, Alice's exchange server logic should either > > (a) attempts a CPFP or (b) attempts a RBF on the batch transaction. As > > there is no global mempool, Alice is uncertain on the explanation for > > the lack of propagation of her batch transaction [...] > > Do I understand correctly that this attack only applies if Alice > attempts to fee bump her batch transaction? In short, is this the > attack: > > - Alice broadcasts a transaction. > - Mallet pins Alice. > - Alice doesn't realize she's been pinned and bumps the fees. > - The bump doesn't propagate due to the pin, but Mallet receives it > anyway somehow. > - Mallet mines the fee bump, but nobody else mines it because it didn't > propagate. Mallet thus makes more money than other miners. > > Thanks, > > -Dave > --=20 You received this message because you are subscribed to the Google Groups "= Bitcoin Development Mailing List" group. To unsubscribe from this group and stop receiving emails from it, send an e= mail to bitcoindev+unsubscribe@googlegroups.com. To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/= CALZpt%2BHyQyj6EUf39JX3nuD3izsmBSG9XUcV-EVrC05o2T%3Du7A%40mail.gmail.com. --00000000000091b60c062cb80d2b Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
> Do I understand correctly that this attack only appli= es if Alice
> attempts to fee bump her batch transaction?=C2=A0 In sh= ort, is this the
> attack:

Fundamentally, yes. Thi= s attack is primarily targeting=C2=A0all transaction flows with a fee bump.=

See section 6.4 of the joined paper=C2=A0for more= characterization of the "Transaction Traffic Hijack", while no q= uantitative analysis of the average % txn affected has been done so far.

There could also be UTXO-sharing flows that are affe= cted, where the attacker is propagating first, and preventing the other tx = to propagate, before evicting his own package.

How= ever no test and no thoughts has been given to this "block-first-at-th= e-UTXO-root" alternative, the fee bump is more concerning.
<= br>
Best,
Antoine

Le=C2=A0lu= n. 27 janv. 2025 =C3=A0=C2=A022:17, David A. Harding <dave@dtrt.org> a =C3=A9crit=C2=A0:
On 2025-01-27 05:22, Antoine Riard wrote:
> As soon as Alice's batch transaction starts to propagate, Mallet > consumes its 2 outputs with 2 chain of junk transactions to reach max<= br> > package limits (25 descendants) and block the carve-out. The junk
> transactions are of size 150 bytes and feerates 2 satoshis per virtual=
> byte and they have 2 parents: one Alice's payout UTXO and one Mall= et's
> UTXO.
>
> Starting from this point, Alice's exchange server logic should eit= her
> (a) attempts a CPFP or (b) attempts a RBF on the batch transaction. As=
> there is no global mempool, Alice is uncertain on the explanation for<= br> > the lack of propagation of her batch transaction [...]

Do I understand correctly that this attack only applies if Alice
attempts to fee bump her batch transaction?=C2=A0 In short, is this the
attack:

- Alice broadcasts a transaction.
- Mallet pins Alice.
- Alice doesn't realize she's been pinned and bumps the fees.
- The bump doesn't propagate due to the pin, but Mallet receives it
=C2=A0 =C2=A0anyway somehow.
- Mallet mines the fee bump, but nobody else mines it because it didn't=
=C2=A0 =C2=A0propagate.=C2=A0 Mallet thus makes more money than other miner= s.

Thanks,

-Dave

--
You received this message because you are subscribed to the Google Groups &= quot;Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an e= mail to bitcoind= ev+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/= d/msgid/bitcoindev/CALZpt%2BHyQyj6EUf39JX3nuD3izsmBSG9XUcV-EVrC05o2T%3Du7A%= 40mail.gmail.com.
--00000000000091b60c062cb80d2b--