From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from sog-mx-2.v43.ch3.sourceforge.com ([172.29.43.192] helo=mx.sourceforge.net) by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1Z2NhN-0003rW-4h for bitcoin-development@lists.sourceforge.net; Tue, 09 Jun 2015 17:52:29 +0000 Received-SPF: pass (sog-mx-2.v43.ch3.sourceforge.com: domain of hotmail.com designates 65.55.34.220 as permitted sender) client-ip=65.55.34.220; envelope-from=raystonn@hotmail.com; helo=COL004-OMC4S18.hotmail.com; Received: from col004-omc4s18.hotmail.com ([65.55.34.220]) by sog-mx-2.v43.ch3.sourceforge.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.76) id 1Z2NhL-0000Lf-9X for bitcoin-development@lists.sourceforge.net; Tue, 09 Jun 2015 17:52:29 +0000 Received: from COL131-DS25 ([65.55.34.200]) by COL004-OMC4S18.hotmail.com over TLS secured channel with Microsoft SMTPSVC(7.5.7601.22751); Tue, 9 Jun 2015 10:52:21 -0700 X-TMN: [g2jS/SgJGBWZoJQtVDC+PXhcpq3Ju0Ex] X-Originating-Email: [raystonn@hotmail.com] Message-ID: From: "Raystonn ." To: "Gavin Andresen" , "Loi Luu" References: <5574E39C.3090904@thinlink.com> In-Reply-To: Date: Tue, 9 Jun 2015 10:52:05 -0700 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_03C6_01D0A2A2.5347F210" X-Priority: 3 X-MSMail-Priority: Normal Importance: Normal X-Mailer: Microsoft Windows Live Mail 15.4.3555.308 X-MimeOLE: Produced By Microsoft MimeOLE V15.4.3555.308 X-OriginalArrivalTime: 09 Jun 2015 17:52:21.0577 (UTC) FILETIME=[08F94390:01D0A2DD] X-Spam-Score: -0.1 (/) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (raystonn[at]hotmail.com) -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no trust [65.55.34.220 listed in list.dnswl.org] -0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay domain -0.0 SPF_PASS SPF: sender matches SPF record 1.0 HTML_MESSAGE BODY: HTML included in message 1.0 FREEMAIL_REPLY From and body contain different freemails -0.6 AWL AWL: Adjusted score from AWL reputation of From: address X-Headers-End: 1Z2NhL-0000Lf-9X Cc: Bitcoin Dev Subject: Re: [Bitcoin-development] New attack identified and potential solution described: Dropped-transaction spam attack against the block size limit X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Jun 2015 17:52:29 -0000 ------=_NextPart_000_03C6_01D0A2A2.5347F210 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable That does sound good on the surface, but how do we enforce #1 and #2? = They seem to be unenforceable, as a miner can adjust the size of the = memory pool in his local source. From: Gavin Andresen=20 Sent: Tuesday, June 09, 2015 6:36 AM To: Loi Luu=20 Cc: Raystonn . ; Bitcoin Dev=20 Subject: Re: [Bitcoin-development] New attack identified and potential = solution described: Dropped-transaction spam attack against the block = size limit How about this for mitigating this potential attack:=20 1. Limit the memory pool to some reasonable number of blocks-worth of = transactions (e.g. 11) 2. If evicting transactions from the memory pool, prefer to evict = transactions that are part of long chains of unconfirmed transactions. 3. Allow blocks to grow in size in times of high transaction demand. The combination of (1) and (2) means an attacker needs to prepare lots = of confirmed inputs to pull off the attack. By itself that means they = MUST pay transaction fees. (3) further mitigates the attack because it allows miners to just absorb = fees that the attacker is throwing at miners. On Tue, Jun 9, 2015 at 5:33 AM, Loi Luu wrote: The proposed fix is to add a new rule on how fees are handled. Some amount of every fee should be considered as = burned and can never be spent. I will propose 50% of the fee here, but = there may be better numbers that can be discovered prior to putting this into = place. If we'd like miners to continue to collect the same fees after this = change, we can suggest the default fee per transaction to be doubled I would propose another practical rule rather than burning 50% of the = fee. For example, you can credit 50% of the transaction fee to the next block. Thus, the = attacker cannot perform the attack with 0-fee any more, yet you don't have to double the price = of the TX fee for the fix. Thanks, Loi Luu. On Tue, Jun 9, 2015 at 4:07 AM, Raystonn . = wrote: When implemented, the block size limit was put in place to prevent = the potential for a massive block to be used as an attack to benefit the = miner of that block. The theory goes that such a massive block would = enrich its miner by delaying other miners who are now busy downloading and = validating that huge block. The original miner of that large-block would be = free to continue hashing the next block, giving it an advantage. Unfortunately, this block size limit opened a different attack. = Prior to the limit, any attempt to spam the network by anyone other than = someone mining their own transactions would have been economically = unfeasible. As every transaction would have a fee, there would have been a real = cost for every minute of spam. The end result would have been a transfer of = wealth from spammer to Bitcoin miners, which would have harmed the spammers = and encouraged further mining of Bitcoin, a very antifragile outcome. But now we have the block size limit. Things are very different = with this feature in place. The beginning of a spam attack on the Bitcoin = network will incur transaction fees, just like before. But if spam = continues at a rate exceeding the block size limit long enough for transactions to = be dropped from mempools, the vast majority of spam transaction fees = will never have to be paid. In fact, as real users gain in desperation and pay = higher fees to get their transactions through in a timely manner, the = spammers will adjust their fees to minimize the cost of the attack and maximize effectiveness. Using this method, they keep their fees at a point = that causes most of the spam transactions to be dropped without = confirmation (free spam), while forcing a floor for transaction fees. Thus, = while spam could be used by attackers to disable the network entirely, by = paying high-enough fees to actually fill the blocks with spam, it can also = be used by a single entity to force a transaction fee floor. Real users = will be forced to pay a transaction fee higher than the majority of the spam = to get their transactions confirmed. So this is an effective means for a = minority of miners to force higher fees through spam attacks, even in the = face of benevolent miners who would not support a higher fee floor by = policy. Miners would simply have no way to fix this, as they can only put in = the transactions that will fit under the block size limit. In the face of such a spam attack, Bitcoin's credibility and = usability would be severely undermined. The block size limit enables this attack, = and I now argue for its removal. But we can't just remove it and ignore the = problem that it was intended to address. We need a new fix for the = large-block problem described in the first paragraph that does not suffer from = the dropped-transaction spam-attack problem that is enabled by the block = size limit today. My proposal is likely to be controversial, and I'm = very much open to hearing other better proposals. Large blocks created by a miner as a means to spam other miners out = of competition is a problem because miners do not pay fees for their = own transactions when they mine them. They collect the fees they pay. = This breaks the economic barrier keeping people from spamming the = network, as the spamming is essentially free. The proposed fix is to add a new rule = on how fees are handled. Some amount of every fee should be considered as = burned and can never be spent. I will propose 50% of the fee here, but = there may be better numbers that can be discovered prior to putting this into = place. If we'd like miners to continue to collect the same fees after this = change, we can suggest the default fee per transaction to be doubled. Half = of every fee would be burned and disappear forever, effectively distributing = the value of those bitcoins across the entire money supply. The other = half would be collected by the miner of the block as is done today. This solution would mean large blocks would cost a significant number of = bitcoin to create, even when all of the transactions are created by the = miner of that block. For this to work, we'd need to ensure a minimum fee is = paid for most of the transactions in every block, and the new transaction fee = rule is in place. Then the block size limit can be removed. Raystonn = -------------------------------------------------------------------------= ----- _______________________________________________ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development = -------------------------------------------------------------------------= ----- _______________________________________________ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development --=20 -- Gavin Andresen ------=_NextPart_000_03C6_01D0A2A2.5347F210 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
That does sound good on the surface, but how do we enforce #1 and = #2? =20 They seem to be unenforceable, as a miner can adjust the size of the = memory pool=20 in his local source.
 
Sent: Tuesday, June 09, 2015 6:36 AM
To: Loi Luu
Cc: Raystonn . ; Bitcoin = Dev
Subject: Re: [Bitcoin-development] New attack identified and = potential solution described: Dropped-transaction spam attack against = the block=20 size limit
 
How about this for mitigating this potential attack:=20
 
1. Limit the memory pool to some reasonable number of blocks-worth = of=20 transactions (e.g. 11)
2. If evicting transactions from the memory pool, prefer to evict=20 transactions that are part of long chains of unconfirmed = transactions.
3. Allow blocks to grow in size in times of high transaction = demand.
 
The combination of (1) and (2) means an attacker needs to prepare = lots of=20 confirmed inputs to pull off the attack. By itself that means they MUST = pay=20 transaction fees.
 
(3) further mitigates the attack because it allows miners to just = absorb=20 fees that the attacker is throwing at miners.
 
 
On Tue, Jun 9, 2015 at 5:33 AM, Loi Luu <loi.luuthe@gmail.com> wrote:
The=20 proposed fix is to add a new rule on how
fees are handled.  = Some=20 amount of every fee should be considered as burned
and can never = be=20 spent.  I will propose 50% of the fee here, but there may
be = better=20 numbers that can be discovered prior to putting this into = place.
If we'd=20 like miners to continue to collect the same fees after this = change,
we=20 can suggest the default fee per transaction to be = doubled
 
I would propose another practical rule rather = than=20 burning 50% of the fee. For example, you can
credit 50% of the transaction fee to the next = block.=20 Thus, the attacker cannot perform
the attack with 0-fee any more, yet you don't = have to=20 double the price of the TX fee for the fix.
 
Thanks,
Loi Luu.
 
On Tue, Jun 9, 2015 at 4:07 AM, Raystonn . = <raystonn@hotmail.com> wrote:
When=20 implemented, the block size limit was put in place to prevent=20 the
potential for a massive block to be used as an attack to = benefit the=20 miner
of that block.  The theory goes that such a massive = block=20 would enrich its
miner by delaying other miners who are now busy=20 downloading and validating
that huge block.  The original = miner of=20 that large-block would be free to
continue hashing the next = block, giving=20 it an advantage.

Unfortunately, this block size limit opened = a=20 different attack.  Prior to
the limit, any attempt to spam = the=20 network by anyone other than someone
mining their own = transactions would=20 have been economically unfeasible.  As
every transaction = would have=20 a fee, there would have been a real cost for
every minute of = spam. =20 The end result would have been a transfer of wealth
from spammer = to=20 Bitcoin miners, which would have harmed the spammers = and
encouraged=20 further mining of Bitcoin, a very antifragile outcome.

But = now we=20 have the block size limit.  Things are very different with=20 this
feature in place.  The beginning of a spam attack on = the=20 Bitcoin network
will incur transaction fees, just like = before.  But=20 if spam continues at a
rate exceeding the block size limit long = enough=20 for transactions to be
dropped from mempools, the vast majority = of spam=20 transaction fees will never
have to be paid.  In fact, as = real users=20 gain in desperation and pay higher
fees to get their transactions = through=20 in a timely manner, the spammers will
adjust their fees to = minimize the=20 cost of the attack and maximize
effectiveness.  Using this = method,=20 they keep their fees at a point that
causes most of the spam = transactions=20 to be dropped without confirmation
(free spam), while forcing a = floor for=20 transaction fees.  Thus, while spam
could be used by = attackers to=20 disable the network entirely, by paying
high-enough fees to = actually fill=20 the blocks with spam, it can also be used
by a single entity to = force a=20 transaction fee floor.  Real users will be
forced to pay a=20 transaction fee higher than the majority of the spam to get
their = transactions confirmed.  So this is an effective means for a=20 minority
of miners to force higher fees through spam attacks, = even in the=20 face of
benevolent miners who would not support a higher fee = floor by=20 policy.
Miners would simply have no way to fix this, as they can = only put=20 in the
transactions that will fit under the block size = limit.

In=20 the face of such a spam attack, Bitcoin's credibility and usability=20 would
be severely undermined.  The block size limit enables = this=20 attack, and I now
argue for its removal.  But we can't just = remove=20 it and ignore the problem
that it was intended to address.  = We need=20 a new fix for the large-block
problem described in the first = paragraph=20 that does not suffer from the
dropped-transaction spam-attack = problem=20 that is enabled by the block size
limit today.  My proposal = is=20 likely to be controversial, and I'm very much
open to hearing = other=20 better proposals.

Large blocks created by a miner as a means = to spam=20 other miners out of
competition is a problem because miners do = not pay=20 fees for their own
transactions when they mine them.  They = collect=20 the fees they pay.  This
breaks the economic barrier keeping = people=20 from spamming the network, as the
spamming is essentially = free.  The=20 proposed fix is to add a new rule on how
fees are handled.  = Some=20 amount of every fee should be considered as burned
and can never = be=20 spent.  I will propose 50% of the fee here, but there may
be = better=20 numbers that can be discovered prior to putting this into = place.
If we'd=20 like miners to continue to collect the same fees after this = change,
we=20 can suggest the default fee per transaction to be doubled.  = Half of=20 every
fee would be burned and disappear forever, effectively = distributing=20 the
value of those bitcoins across the entire money supply.  = The=20 other half
would be collected by the miner of the block as is = done=20 today.  This
solution would mean large blocks would cost a=20 significant number of bitcoin
to create, even when all of the=20 transactions are created by the miner of
that block.  For = this to=20 work, we'd need to ensure a minimum fee is paid for
most of the=20 transactions in every block, and the new transaction fee rule = is
in=20 place.  Then the block size limit can be=20 = removed.

Raystonn


-------------------------------------= -----------------------------------------
____________________________= ___________________
Bitcoin-development=20 mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-deve= lopment
=
 

----------------------------= --------------------------------------------------

_______________= ________________________________
Bitcoin-development=20 mailing list
Bitcoin-develop= ment@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-deve= lopment


 
--
--
Gavin=20 Andresen
------=_NextPart_000_03C6_01D0A2A2.5347F210--