From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Sun, 31 Mar 2024 11:31:39 -0700 Received: from mail-oo1-f58.google.com ([209.85.161.58]) by mail.fairlystable.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from ) id 1rqzxz-0001ll-Ar for bitcoindev@gnusha.org; Sun, 31 Mar 2024 11:31:39 -0700 Received: by mail-oo1-f58.google.com with SMTP id 006d021491bc7-5a53b018156sf1647381eaf.1 for ; Sun, 31 Mar 2024 11:31:39 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1711909893; cv=pass; d=google.com; s=arc-20160816; b=09mYFTAL6DHVBflWXrZczcfUfibR8hxoM2ZI/oiYjFB3MHEV39DZwRsidx2tZDtZBx mgbqg65QLZh80F/L9LQ6Rq2S6bnXIUGelrPcJh1+unnotoflSxt/od8+JPq23CGjK612 kIC3JgdKT2UWl1s5yqAGp9eCZrVcT6Z5DkDuq5jI4OdD9/KX9Djab2pp8osGNQTSqJ6u 55XurMpURKny5LgY04lpNKYbyv2JGSMA0BKY5X2jPz6oWZKVHXZYe9lyDli/T3Sh02YR HX7WluUG4dqQba+63i/w33TAmAMNBFy2N6xYtqcoXqUTsWbohxU/lZnk+gJR6cKv4ea6 fDVA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:content-disposition:mime-version :message-id:subject:to:from:date:feedback-id:sender:dkim-signature; bh=W1ajXyL3ZhYcqUMxbM2EMSvUmzxp9UaiZqVkCReLknA=; fh=LSIILU/bsJ/6cLUxx3aMsUBchjdwWugOZ4VnpESOFyE=; b=XgYL5NpX1SMNKPWzd3Np545BjFf14ntafS+qFOwD6pZL0fD7nToA85PVcEXzD8rU1F JM6M282zatCavoWhkJ8AcVe9ehhfERmKsddLThsNSH/n9YYCC4NtGt5qlrsrVMO9aKi2 8rmdf7NYRW2x0AcC4d4XpuItkLzmISa8qMiXEyuo/c13CVqL+iP/aEvlb5d6XitR202j AzwOT4BXL2xZ7xic7UXcJa5nxuCMBZeXragCB1ffcBbfjDiRooXOq2YauDktcZG2TF8K EF+tIGi8bgM74c/4oJ1j2RGy/hAkA6UoEcwjINWLADnFpE3pEStIKOGXFUFMOCv1bS+t 1YCw==; darn=gnusha.org ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@messagingengine.com header.s=fm2 header.b=EoYJRUiD; spf=pass (google.com: domain of pete@petertodd.org designates 103.168.172.154 as permitted sender) smtp.mailfrom=pete@petertodd.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1711909893; x=1712514693; darn=gnusha.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:content-disposition:mime-version:message-id :subject:to:from:date:feedback-id:sender:from:to:cc:subject:date :message-id:reply-to; bh=W1ajXyL3ZhYcqUMxbM2EMSvUmzxp9UaiZqVkCReLknA=; b=m7Y1c22ptGy2xiOPz/A2razRr74hvAhc1KAbsiXKY94JfSAzPe5VeMuoDirZMA48R5 JeLjUZ9NzLVBUhkPWnoy/geQjGxsxaTYsbAKrbkm1tSwNRSRoaLsiriIlL8PBaOV761Y LrI8K4+/XKpZJgbsollPCtjzJgmMg6i+R4Tl9urrM16PZVBHAKailQNuZFg/7UDoZ1h0 0z3NiKQ1wQOg12DCFcjOX1XAS5DueX1OddPxNTkfO1zzpPD01C+LkoV0Gpzk9ixhO4QP AjMuegnJmAkcnaXAt++r6GogUEXG8dpTkMqEBHNLHaFdyDO7oDQuAKIdpP6Qh0qv602V Oltg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1711909893; x=1712514693; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:content-disposition:mime-version:message-id :subject:to:from:date:feedback-id:x-beenthere:x-gm-message-state :sender:from:to:cc:subject:date:message-id:reply-to; bh=W1ajXyL3ZhYcqUMxbM2EMSvUmzxp9UaiZqVkCReLknA=; b=Gpio5yzqA/rv8FFV+s70+cIwL/6zCaxhOeq+LmRbCFJUhDNxzb1IwVGAZ9a0w9SU+h Wd/OFzzlz9QY+ZtJSzZwJBp3TBstWiTpIfzyJUoaRvZi0B9np+2Hoy4B3eO/GG4AXyox wvj6+FF2PCiYQtQFt0b2rLvv9XGHp3Xlx2VY6zHcVEbKrhqXca9dMpRXXKP+WyRNoCaF TVnJYHhyb2kb4wcO3arKegZZ+kxZrJf3meMiphgMO1dVI5jYxhFb0Yc/5PxSjpKN9bnc 6salKSwWsOCStB+AX1Qvn8U5TonxnWm7XKk3sDQCyGpL5j/O8GGcLgYsMOyr45BLOVUA aiNg== Sender: bitcoindev@googlegroups.com X-Forwarded-Encrypted: i=2; AJvYcCUzo7EcPonj5zUYJ1vvgzs0T1DYsw6v/BmQL5BeEqLgBF2zyKaDvbguSJOdhRxlJPWPygp1vAcgoNYeLtbrGWLN92E8SLg= X-Gm-Message-State: AOJu0YyhWijeRnGZ29fX/YSyWYVy/P2eUkdWMQPK5xqwHJ3MWsPyqWix 1udT9/d+M/GDtrc6GPa4eSofLJ8b8VymSH3ZdNwoo2C6UJTzf8o4 X-Google-Smtp-Source: AGHT+IEI/SHtkh/PUH+L5P7TMXkN7OhRpznFLphj1wDx9HeUW69MnoRJ0Q1c2BlNpyScwHkS8VCMNA== X-Received: by 2002:a05:6820:210e:b0:5a5:247e:147b with SMTP id cd14-20020a056820210e00b005a5247e147bmr3128973oob.0.1711909893168; Sun, 31 Mar 2024 11:31:33 -0700 (PDT) X-BeenThere: bitcoindev@googlegroups.com Received: by 2002:a4a:bc84:0:b0:5a4:905d:743f with SMTP id m4-20020a4abc84000000b005a4905d743fls3705463oop.1.-pod-prod-05-us; Sun, 31 Mar 2024 11:31:32 -0700 (PDT) X-Received: by 2002:a05:6820:61b:b0:5a5:868e:8bd2 with SMTP id e27-20020a056820061b00b005a5868e8bd2mr412133oow.0.1711909892320; Sun, 31 Mar 2024 11:31:32 -0700 (PDT) Received: by 2002:a05:6808:219c:b0:3c3:cc09:ef6d with SMTP id 5614622812f47-3c3ef57ad9dmsb6e; Sun, 31 Mar 2024 10:31:54 -0700 (PDT) X-Received: by 2002:a17:90a:ba8d:b0:2a0:7895:f356 with SMTP id t13-20020a17090aba8d00b002a07895f356mr15177750pjr.12.1711906312807; Sun, 31 Mar 2024 10:31:52 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1711906312; cv=none; d=google.com; s=arc-20160816; b=loSDVWdLWSElDLFODu6xWLI8IceQGlOkks/IdnnvurciL7Hb8kQwIC2qjW7RGhmwxC POPlIVnuElcMNdD3ZUyNHb1ZlHGqgAx0GTPYi7rwnK6WJ5Gr8JzJdRsGgqMx+vANcq3n WztP8hsdgJWcHqOiymSRBGmAlwF+u+4RUPCTUlLrB3d4casMxSquBh7tQgWhA+jrK1E0 +oKgCwx/Qp61OOsxaXoXRDg0jyGDHuZWGh4QC6cLqyvh6XYhHmfo+nypF5bbesylub8W jTz0jdbZcidjq7OAZkrVdpEnzysyTpEBzP1qoeXnN2hAiPYLBiKzPfovu80J9BL8lkrN PPJg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-disposition:mime-version:message-id:subject:to:from:date :feedback-id:dkim-signature; bh=uGR+8XnquD0VrDbleKA2W7C+6HYEai8CE+E0zIhcLsE=; fh=VcGcg+Zjs9gw1uDcHbxsAILhBAcecnbJzZRdxgKVDIc=; b=dyCTuWgOu52UCeRN8CZC89rojXAYEakNnDlgHB9Bhxf7gHICqhu3YQo1vbrtfieoqs S/HVGSOs7SqWjtCQLH5WB8MvP3s5PSFzaO8UDo92hNLiTBJWnUt9wrU53uSSAZ1BD+19 GHKkY+YlAmWzPsmlZBSKVhrK38boOD4BsZzPfxaypeh3HH1rywTsQTZpUdQoTbhgFHMM bDn3qgUP7Wax0q/wyaMBGo7rwLDqpUUiDyW+HQGDKWyUDlwzmwOP8sQ1HIbPO6IWVEbS JuKq7gvXvui9uIDBsyZF/Q4uuW+tLrDXaEzzUOamjwSLNXRzqHQ3+C2+UIPiQbio4GlA IG4g==; dara=google.com ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@messagingengine.com header.s=fm2 header.b=EoYJRUiD; spf=pass (google.com: domain of pete@petertodd.org designates 103.168.172.154 as permitted sender) smtp.mailfrom=pete@petertodd.org Received: from fhigh3-smtp.messagingengine.com (fhigh3-smtp.messagingengine.com. [103.168.172.154]) by gmr-mx.google.com with ESMTPS id a19-20020a17090a8c1300b002a213e8259asi804717pjo.1.2024.03.31.10.31.52 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 31 Mar 2024 10:31:52 -0700 (PDT) Received-SPF: pass (google.com: domain of pete@petertodd.org designates 103.168.172.154 as permitted sender) client-ip=103.168.172.154; Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailfhigh.nyi.internal (Postfix) with ESMTP id C86D111400BA for ; Sun, 31 Mar 2024 13:31:51 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute5.internal (MEProxy); Sun, 31 Mar 2024 13:31:51 -0400 X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvledruddvkedgledvucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpeffhffvuffkgggtugesghdtreertd dtvdenucfhrhhomheprfgvthgvrhcuvfhougguuceophgvthgvsehpvghtvghrthhouggu rdhorhhgqeenucggtffrrghtthgvrhhnpefhteevgeeuvdekheeivdeffeduuedufefhte elheffgfelueefieffjeefffeuleenucffohhmrghinhepphgvthgvrhhtohguugdrohhr ghenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehpvg htvgesphgvthgvrhhtohguugdrohhrgh X-ME-Proxy: Feedback-ID: i525146e8:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA for ; Sun, 31 Mar 2024 13:31:50 -0400 (EDT) Received: by localhost (Postfix, from userid 1000) id 264605F87B; Sun, 31 Mar 2024 17:31:47 +0000 (UTC) Date: Sun, 31 Mar 2024 17:31:47 +0000 From: Peter Todd To: bitcoindev@googlegroups.com Subject: [bitcoindev] A Free-Relay Attack Exploiting Min-Relay-Fee Differences Message-ID: MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="Qnvi3+pULi0x6xlS" Content-Disposition: inline X-Original-Sender: pete@petertodd.org X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@messagingengine.com header.s=fm2 header.b=EoYJRUiD; spf=pass (google.com: domain of pete@petertodd.org designates 103.168.172.154 as permitted sender) smtp.mailfrom=pete@petertodd.org Precedence: list Mailing-list: list bitcoindev@googlegroups.com; contact bitcoindev+owners@googlegroups.com List-ID: X-Google-Group-Id: 786775582512 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Score: -0.8 (/) --Qnvi3+pULi0x6xlS Content-Type: text/plain; charset="UTF-8" Content-Disposition: inline It's common for some nodes, especially miners, to have larger than default mempools, leading to lower-than-normal minrelayfees. This can be exploited for free-relay attacks as follows: 1. Publish tx A, with an unusually low fee-rate, below typical min-relay-fees, but with a sufficient size to have a reasonably large absolute fee. In my experience it is not difficult to get very low fee rate transactions mined if they're broadcast by well-connected nodes. Specific connections to miners is not required. 2. Publish B, double-spending A, with a fee-rate high enough to be accepted by most mempools. But with a total fee less than A. 3. Publish C, spending B, with a low fee rate and large size. Nodes with A will not accept C, as it spends a txout that they're not aware of. 4. To recover funds, double-spend A with A', with a sufficiently high fee-rate to get mined. Since package replacement has not been implemented, the combination of C and B will not replace A, and the total cost of the attack will be limited to the cost of spending A. As usual, C can in turn be double-spent at higher and higher fee-rates. C could also be double-spent across multiple different nodes with different, almost identical, variants of C. # Mitigation Package replacement. Though it is still economically irrational for miners to "mitigate" this attack: they earn more money by simply mining the high fee-rate A', with replace-by-fee-rate. # Responsible Disclosure You're reading it. Since this type of attack is public, other variants of attacks along these lines should just be openly discussed. Better to have plenty of people who understand the issue so there's lots of eyes on potential fixes. -- https://petertodd.org 'peter'[:-1]@petertodd.org -- You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group. To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/bitcoindev/ZgmeAzZp8RS6uMdc%40petertodd.org. --Qnvi3+pULi0x6xlS Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE0RcYcKRzsEwFZ3N5Lly11TVRLzcFAmYJngEACgkQLly11TVR LzeuKw/9EUxUwen1W8vGDtFnwLBxfK7AEYih8h+BUKqnINWTmJE/NpTPdHLXA1IF RwFcO2saVQAfceSTgXm1DrWWEYFJa9mnNb2xBOV5tkUWX2I6aaAtfIZ6L0RkB2BV y9oaJUAh98+k+Mia3xf5Zm4+gLtET3eIIkgF7eK3Ge8cDCzFAqihoXsUV7XRYC5J TOn5D4XbYHHz7pJumb69tAvNuaYCdBNjJrLtAIzLCMHEXNsbII26BpRQ2B6r1iAH 0As/qMxFZZPuekQohUA52TEZwvNXppX0wWI9mp4b4p4WPZ8exmDpUT6JGYVkdYCt aimNK/V5vG9A2NfcxS1UIvxFVePuZcSzCg6fR9U4Uhbc7lAXVFSqj5UHPQGM5+n/ xDa8nR3SFsQEJl3nmJAVu4vsNVnR0NeoBT/FjeB7rrjSccjL6x/INyEoDxlVB+Kp FHssEawqQktLYu+s6TNPfYEy2ih2eORnrcOBzuYLQm/h64jhN7Zv40VFjRXzdklY Bxt5lBNVDVOk6IdFBjlHPiZ916MaGi5ACxQXqrXQetL0dxUlAIqPDq+kyxwT5wky 36pTwH20GNfgF77issQHQ6LtN+oUFahOqzHsfuylrgXqVYmN2e/WK7VFGZA93iVo QLNiCkPWSktUmILpm71Y3h0T4JeZEE3xtgGGShBMy30ap90qEBg= =Jibx -----END PGP SIGNATURE----- --Qnvi3+pULi0x6xlS--