From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Sat, 20 Jul 2024 08:12:40 -0700 Received: from mail-oa1-f57.google.com ([209.85.160.57]) by mail.fairlystable.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from ) id 1sVBlH-0003tp-PM for bitcoindev@gnusha.org; Sat, 20 Jul 2024 08:12:40 -0700 Received: by mail-oa1-f57.google.com with SMTP id 586e51a60fabf-26435434d25sf122639fac.0 for ; Sat, 20 Jul 2024 08:12:39 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1721488353; cv=pass; d=google.com; s=arc-20160816; b=Z8LnprHkPTBsAJco45IW3K4nnrg+qIlYNfMgNv0R7mkwCzgQjOkBNVU9TzMQQF2mYT BaXyIRKmB/270ubqmgwnEIL/0crhXFtWpuiNBfOQxc+0Q1mEsC7DXKqzdTZu/pKvXbXG lQ6zzCTaF8KJZgP5aaY2dYhi5dw7WxO0yr/HHXWDPcDEYBTRRosLxc3NsQF4t+eVihhV twKM3AZiT/c3JEiBHhX+3svqT8BUtbAdNTbriufUKK9H0TguTdg8EHScyImFq+Bf7R7p ntqp71DnjG8wjF3LygJcwtePw+WKxTs7w13+3ShjcWY4Cw79nLqSgbwJA0H6MvFWv+4w XtbQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :feedback-id:sender:dkim-signature; bh=XQeWNDpTaD4NQTIimt1xv+k24Ja07Ri6IE0aULWmWNQ=; fh=wO38tayyCMmZN2Vkjk9cnOb+mIJPOLCPAkwsbP1Zw1Q=; b=jW9RFOqey5OufWrksby07HnFx94c4sF7HdKxxiuEd6Ew+Mg4jPkNFjRRWuV6XBSn5k 3JVJqS4x55+whBlZAo6sJDYVZCooR5wjSlpcknp49Qep6FnJ/2Wkbz3Y3OXzXTIELKVK mAh4X9NpzwfJWS5A1NMRXTbZgSWXbC/7kW2RMYpyn/doLDgQoGseCCuI0iLaOwZIkda9 4wjAE9CiLZ09VIPpquJSiQUddMocjmMmfZFoivcaWPoQKzNq9bKwWVkqHhqcfomHuf86 0eMJ5dxlxppVcgvxHqEJRZYIgzztfnJHUsQzdg8KtfeOcB8xCVQDHLUcps6o9wf+Y1TZ xHIw==; darn=gnusha.org ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@messagingengine.com header.s=fm3 header.b=dBWVdTaC; spf=pass (google.com: domain of pete@petertodd.org designates 103.168.172.152 as permitted sender) smtp.mailfrom=pete@petertodd.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1721488353; x=1722093153; darn=gnusha.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:feedback-id:sender :from:to:cc:subject:date:message-id:reply-to; bh=XQeWNDpTaD4NQTIimt1xv+k24Ja07Ri6IE0aULWmWNQ=; b=TlqRJ+Dt+ylNc9fCVoml7kNutTc2PR90E8b156ugMNy8Vcf2hWOiEnk3i4sblAJlJ3 uKR19V9ehUszYLDCRXLYRY9dp1MblkO4Y7GXolvFFHTvfAPtDOdj29RnY2v84tTA2vpa iWZJpiwPFTqkLELZ1lvn9vjt3xzMg45A2oxx42QkEmz6le7iFVHgevYE/5MarcJzBkJI ElILgna24vaT3QXyFE4VoOo7gnYTjvX0JJSTJGbhZ9eI2OdTP7Nb4q7TM0owS39ALecX 38d61X6Hss+CcssQHThbnDow+ySta9RpfaofJ/UxW6QlKfugWEl0g4r3pOgrOZ0HC2cQ YRiA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1721488353; x=1722093153; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:feedback-id :x-beenthere:x-gm-message-state:sender:from:to:cc:subject:date :message-id:reply-to; bh=XQeWNDpTaD4NQTIimt1xv+k24Ja07Ri6IE0aULWmWNQ=; b=dYvqnvxgD1f3nj0vggq0/LtIcEHZ3WbJlbBnI8jZkvE1r4G3rNHdyqS8tuXZzZSeM/ dQjF98MTEoYWRoLdX0xdRZlHrGiQRtHAHRNpaLvHjQFr0dVdovwzehiD5rIBWxRhhTF/ p2+COn1ntnKROUW0amh1gdZ7cE9XgK+0FZIwbmf7ajJomN2QlezuSvurgwZUxPc5Gp6f OKdYCyPUTDVqTwqMllbmQrIY8LWM4IgRU7Tt3gAcbiAXni1Owml1gxxsaUnBCGDVfRR5 wDigjNEIm0KaBf5yHH0QADCJBcKNhc/HtAnsqRmi5ZjNRaCWinvobjEZjIRys8ol5eFS tcxA== Sender: bitcoindev@googlegroups.com X-Forwarded-Encrypted: i=2; AJvYcCUdjfrDt5dGPvtmitviLrkwZOO8Qqs0fioSdfXTDfRbr3qgx8FK3PBm7Lia2Vi5NCScVDbQl5TyPU7/eiOZZFjwHJrbNbI= X-Gm-Message-State: AOJu0Yw5j51Xa2SYoMQ65C19T9PyNF4wbHyvoIP2WT9guCu5QZ/we/Bv lzcuwZBWvMVQ7MA080f5evZfFe+k999FMi5BHcoTMVbttJbl1Jlc X-Google-Smtp-Source: AGHT+IF/hppa76Lrw38njL1ndzJ7L03kkktgsnfawoM/31H5MiVjfL1aLpDWEMqXlMy+NB94Q95WyQ== X-Received: by 2002:a05:6870:638d:b0:25e:ba6f:a93f with SMTP id 586e51a60fabf-260ef222693mr4470337fac.13.1721488353521; Sat, 20 Jul 2024 08:12:33 -0700 (PDT) X-BeenThere: bitcoindev@googlegroups.com Received: by 2002:a05:6870:d85:b0:259:f021:752d with SMTP id 586e51a60fabf-260ebdf6a96ls531805fac.0.-pod-prod-07-us; Sat, 20 Jul 2024 08:12:32 -0700 (PDT) X-Received: by 2002:a05:6870:5254:b0:25e:118e:ce7e with SMTP id 586e51a60fabf-26121359ca5mr136721fac.3.1721488352032; Sat, 20 Jul 2024 08:12:32 -0700 (PDT) Received: by 2002:a05:6808:df4:b0:3d9:3291:87dc with SMTP id 5614622812f47-3dadf2fa4camsb6e; Sat, 20 Jul 2024 08:03:36 -0700 (PDT) X-Received: by 2002:a17:90a:b003:b0:2c8:8bf8:4e24 with SMTP id 98e67ed59e1d1-2cd16d4226dmr4318464a91.8.1721487815178; Sat, 20 Jul 2024 08:03:35 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1721487815; cv=none; d=google.com; s=arc-20160816; b=gS+D/OQSy+BSOFp9jX9fLl/Oapsskmd/uThy4Zjxc9ZFxHOvJMG6IxLFJuvsvOME7M jHEdoA3TYrj5Z4yNth9GumcjVooajpJxACWsg8SqA96b+AXEd2Hi8WSJQiEa7S4LIVfz GUv6C6LuVuyq4vesUGWNhllYrUUFs+CWR6NjX/Zv5OXtwCIoAf5BvOtIHVmP7DHgPb82 Mu4fcf0nc2rr5vDI4RmXLmIq8dJTEkRJenyTmYvAUlHZuZ8AXgh3zXlHbTdyNvmKz+tu +1F3uqIVfnk1h9qs/eFsWuKJgzNrMQnvHOXm4nRyPGLGuFMu3qiQwYnEVw+v7GVagxNC wpbw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:feedback-id:dkim-signature; bh=xLa8j/W1vXkTqsy/akVERuBRGGLN7dXTuggyEIREMh0=; fh=qAkUFgesXJOBZlEhHhc6qjOrC9x9vwcQK9K5cSmyNz0=; b=FX4XkeqMH/7gFgtsZtlwS78QzkO8+V6/N5fsnZmo1eXuCo5kPprhOFpzhkFEZrdZS8 4yxVbfQj5q29PUzghdc1cyGm1cbvraghVd8kYgB/G3ArpJi/NwPa0M9P4b24y/87UFMa 8E81jGid3jQDLIjjQ4kDNUFqHdKoW0r0LiWbWwqDgg874CkjHqVj3vNkOTC98VCQz2Vh sLnEgU2hjk0oaUpZtQsp6RGoXbPAtwMawrT8FkP5WPDUrPlrF8Zk93lU6yT/oDXHl2qD Hxpq6PcySd6j7w3MgJKsNMFxGmVoLid3uia7pNShofZjq6Mv1tO6Glnpuv7EMUqmRiCV f7UA==; dara=google.com ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@messagingengine.com header.s=fm3 header.b=dBWVdTaC; spf=pass (google.com: domain of pete@petertodd.org designates 103.168.172.152 as permitted sender) smtp.mailfrom=pete@petertodd.org Received: from fhigh1-smtp.messagingengine.com (fhigh1-smtp.messagingengine.com. [103.168.172.152]) by gmr-mx.google.com with ESMTPS id 98e67ed59e1d1-2cb7694a545si363545a91.0.2024.07.20.08.03.35 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 20 Jul 2024 08:03:35 -0700 (PDT) Received-SPF: pass (google.com: domain of pete@petertodd.org designates 103.168.172.152 as permitted sender) client-ip=103.168.172.152; Received: from compute6.internal (compute6.nyi.internal [10.202.2.47]) by mailfhigh.nyi.internal (Postfix) with ESMTP id EC543114012B; Sat, 20 Jul 2024 11:03:33 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute6.internal (MEProxy); Sat, 20 Jul 2024 11:03:33 -0400 X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeeftddrheefgdekfecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhepfffhvfevuffkfhggtggujgesghdtro ertddtvdenucfhrhhomheprfgvthgvrhcuvfhougguuceophgvthgvsehpvghtvghrthho uggurdhorhhgqeenucggtffrrghtthgvrhhnpeevueekudegvdfgheetheegueekteekud dtteefudevvedvtdehjeevjeefhffhkeenucffohhmrghinhepphgvthgvrhhtohguugdr ohhrghdpuggvlhhvihhnghgsihhttghoihhnrdhorhhgnecuvehluhhsthgvrhfuihiivg eptdenucfrrghrrghmpehmrghilhhfrhhomhepphgvthgvsehpvghtvghrthhouggurdho rhhg X-ME-Proxy: Feedback-ID: i525146e8:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Sat, 20 Jul 2024 11:03:32 -0400 (EDT) Received: by localhost (Postfix, from userid 1000) id 3B4905F83F; Sat, 20 Jul 2024 15:03:25 +0000 (UTC) Date: Sat, 20 Jul 2024 15:03:25 +0000 From: Peter Todd To: "David A. Harding" Cc: bitcoindev@googlegroups.com Subject: Re: [bitcoindev] A "Free" Relay Attack Taking Advantage of The Lack of Full-RBF In Core Message-ID: References: MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="ktO3e0ikvpuqSwWI" Content-Disposition: inline In-Reply-To: X-Original-Sender: pete@petertodd.org X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@messagingengine.com header.s=fm3 header.b=dBWVdTaC; spf=pass (google.com: domain of pete@petertodd.org designates 103.168.172.152 as permitted sender) smtp.mailfrom=pete@petertodd.org Precedence: list Mailing-list: list bitcoindev@googlegroups.com; contact bitcoindev+owners@googlegroups.com List-ID: X-Google-Group-Id: 786775582512 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Score: -0.7 (/) --ktO3e0ikvpuqSwWI Content-Type: text/plain; charset="UTF-8" Content-Disposition: inline On Fri, Jul 19, 2024 at 08:41:07PM -1000, David A. Harding wrote: > On 2024-07-18 05:56, Peter Todd wrote: > > I disclosed it to the bitcoin-security mailing list as a test: does > > Bitcoin Core actually care about free relay attacks? > > They do. Several free relay attacks that were present in earlier > versions of Bitcoin were eliminated in later versions. I can think of two such eliminated attacks, both significantly more "free" than anything we're discussing here, and interestingly, both attacks that I participated in discovering or fixing: 1) The fact that non-final transactions were accepted into the mempool, even if they wouldn't be valid for thousands of years (IIRC I exploited the mempool.space mixer with this). 2) nSequence replacement, which replace-by-fee ultimately fixed. What other "free" relay attacks can you think of that were fixed? > New proposals > are evaluated for their potential to create new permanent free relay > vectors. The discovery of free relay is almost always reason enough to > reject a proposal. Yet even though Murch (I think quite accurately) said that the full-rbf "free" relay attack was a fairly obvious attack, my pull-req to enable it sat for over a year without any comment from Core... Surely, if Core was genuinely concerned about these attacks, Core would rush to quietly fix them; we could have shipped full-RBF by default something like six months ago. And in spite of this apparent concern about "free" relay, I don't see anyone trying to mitigate the "free" relay attack that the introduction of TRUC/V3 transactions will cause. It's also notable that Core *introduced* a new form of "free" relay a few years back with mempool expiration. > The free relay attack you describe in your email and the type of free > relay enabled by your replace-by-feerate (RBFr) proposal can allow an > attacker to 10x to 100x the amount of bandwidth used network wide by > relay nodes for a cost of $10,000 to $50,000 a day (or, as you mention, > effectively for free if they were going to send a bunch of transactions > anyway). Did you actually read my One-Shot RBFR proposal? I covered DoS attacks: https://petertodd.org/2024/one-shot-replace-by-fee-rate#denial-of-service-attacks The *status quo* is that free relay attacks are unavoidable, because, at minimum, you can always pull them off by simultaneous broadcast of contradictory transactions (especially if you, eg, need to do consolidation transactions anyway). RBFR does not change that. > I cannot imagine what would make you think that protocol developers are > not concerned about attacks that could drive large numbers of relay > nodes off the network for a cost easily affordable to any well-funded > adversary. > > In this case, you've found a specific instance (full-RBF vs signaled > RBF) of a well-known general problem (optional policies leading to > mempool inconsistencies, allowing free relay) and appear to be arguing > that devs don't care about free relay because they refused to reverse a > previous decision (to not change the RBF configuration default) that has > been hotly debated multiple times. ...and your point is? Are you saying that Core developers put politics above security, by refusing to fix a known "free" relay attack simply because it was "hotly debated"? > > I believe the authors of that BIP are fully aware of the fact that > > "free" relay is an unavoidable problem, making their rational for > > TRUC/V3 bogus > > Differences in node policy leading to mempool inconsistencies (which > allows free relay) is a well known problem that's the result of Bitcoin > being an open protocol based on free/libre software (two things I think > we all want). Many protocol developers have attempted to address the > problem over the years, most recently just a few months ago with an > updated proposal for using weak blocks as a first step to address > "diverging mempool policies".[1] Weak blocks are not a solution to any of the "free" relay attacks I've disclosed, and your source, https://delvingbitcoin.org/t/second-look-at-weak-blocks/805, does not claim that they are a "free" relay solution. Weak blocks simply aren't relevant until a miner has received a transaction and found a weak block. By that point the "free" relay has already happened. Anyway, before I spend time replying to the rest of your email, I think it'd be helpful if you confirm two things to make sure we're actually on the same page: 1) Have you've read my One Shot RBFR proposal? In particular, my analysis of DoS attacks *including* existing DoS attacks like simultaneous broadcast. 2) Do you agree or disagree with me that these existing DoS attacks are real? -- https://petertodd.org 'peter'[:-1]@petertodd.org -- You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group. To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/bitcoindev/ZpvRvRybauFFnhQV%40petertodd.org. --ktO3e0ikvpuqSwWI Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE0RcYcKRzsEwFZ3N5Lly11TVRLzcFAmab0bkACgkQLly11TVR LzfXwBAAuRQnu+0QVsTrAFPU9s0Py0ylk9F+thfDfqmR0/os31z042zz7EVhXTNN P0U0hAPkNQK/mE5R/SZGqgMjb2lNrCsxBsP4fH1CFWB18BTC2vgp8xryHqy6BdRF hYTAl/VgFawSVWLnQLsRgS7yXRgci1fsPuAsSVj1dE+5Nv0FwXVfdp+m4fACrHUO DO6zkTZlb9jrxQVfVhL3k0B2jEHiPQC1VPIbNVbuAC4cKc8NTLuAOljR4o0D4IuU uKYkCSZE317cOXgu4wefL7KkhtBvSIp5p/ZGgXGYOarZk+Y3QXVQqb+SiM3bWpjQ UxPe2WIc86DMHfm5HRsGHq85K9n9WSOQZCIkQh+FZ0yKEOctdlPpaDPOlZvLBbr3 bvrrJEoWgjU9+5HXJzsBfEzc5gD4NDc5j+CJ9s4mJg8w0Q8ZsXkIW7GOahyA+xxE JxSDecJ0ZYDcr7ONZEczKZVmQ+JZcFxI0/d0pmKaM6CFpuU1AQ95j8nOfFpq/Kde 8Wzg5GdcIx7WIxrXIy4g72PUlJIq/ssqfZPLc5VKePkEA7cTYRbemLfcXiOmCr8H qZM+QLCy4qZiBTHP0hhugHNN2SMfc9XsYavbwE6v7DJ71C9U9W6AGlekQfeEcOly sECaDgyeisqYyE1ovPbETeqyGKsHWbU9NUHSMqbR/J1YxOFgwTY= =tkhg -----END PGP SIGNATURE----- --ktO3e0ikvpuqSwWI--