Received: from sog-mx-2.v43.ch3.sourceforge.com ([172.29.43.192] helo=mx.sourceforge.net) by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1Z5ySP-00075y-C2 for bitcoin-development@lists.sourceforge.net; Fri, 19 Jun 2015 15:43:53 +0000 Received-SPF: pass (sog-mx-2.v43.ch3.sourceforge.com: domain of bitpay.com designates 209.85.218.46 as permitted sender) client-ip=209.85.218.46; envelope-from=jgarzik@bitpay.com; helo=mail-oi0-f46.google.com; Received: from mail-oi0-f46.google.com ([209.85.218.46]) by sog-mx-2.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1Z5ySN-0005hr-Do for bitcoin-development@lists.sourceforge.net; Fri, 19 Jun 2015 15:43:53 +0000 Received: by oiax193 with SMTP id x193so82669714oia.2 for ; Fri, 19 Jun 2015 08:43:46 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=pG67pVksL5PGeIgA/xyFdtcLTIOugwTMSAw1Yqhjjg0=; b=Ij3bjMcfqLXwvYa18DFuBpbhNIb9/TSLMyUHapFIGnJjjWjysXR6q98EReLC0s+w4c czeYOAT1Bhix/sGHb/5x6cv+Y+JlfS1+7gsEu7L0VFRMvzJcMdB3PtcWu/szLoAT8l8t glXeW/PdwXBqchC/9KlHBmy880W8bO6LRPAg+GfdTDvWb7s7sG91k8XetC14zYOKFY2c mEoeyv6EsSD7MtDC5RympRzGoJwneVUo+OMYmuLDRyBOEj6qR81nm0eR1PRjAb73+KWF Fx7axHVE3A5jesYic3SRLM3DhcDOHPT6g63xWQj72NXNLkjx8YlRccYCOA65EzikdIiC pxTg== X-Gm-Message-State: ALoCoQkB6Ag0C2ykRfZL95NGKDmYD2BfPcm6TB5FeQyViIp5Idl/lfAAPCQJW5xg2M2/kFsEiRhl X-Received: by 10.202.55.7 with SMTP id e7mr13364692oia.56.1434728625965; Fri, 19 Jun 2015 08:43:45 -0700 (PDT) MIME-Version: 1.0 Received: by 10.202.108.149 with HTTP; Fri, 19 Jun 2015 08:43:25 -0700 (PDT) In-Reply-To: References: <20150619103959.GA32315@savin.petertodd.org> <20150619134408.GB27280@savin.petertodd.org> From: Jeff Garzik Date: Fri, 19 Jun 2015 08:43:25 -0700 Message-ID: To: Chun Wang <1240902@gmail.com> Content-Type: multipart/alternative; boundary=001a113cea2619a6b90518e0ca91 X-Spam-Score: -0.4 (/) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain -0.0 SPF_PASS SPF: sender matches SPF record 1.0 HTML_MESSAGE BODY: HTML included in message -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.2 AWL AWL: Adjusted score from AWL reputation of From: address X-Headers-End: 1Z5ySN-0005hr-Do Cc: bitcoin-development Subject: Re: [Bitcoin-development] F2Pool has enabled full replace-by-fee X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 19 Jun 2015 15:43:53 -0000 --001a113cea2619a6b90518e0ca91 Content-Type: text/plain; charset=UTF-8 Yes, FSS RBF is far better. On Fri, Jun 19, 2015 at 6:52 AM, Chun Wang <1240902@gmail.com> wrote: > Before F2Pool's launch, I performed probably the only successful > bitcoin double spend in the March 2013 fork without any mining power. > [ https://bitcointalk.org/index.php?topic=152348.0 ] I know how bad > the full RBF is. We are going to switch to FSS RBF in a few hours. > Sorry. > > On Fri, Jun 19, 2015 at 9:44 PM, Peter Todd wrote: > > On Fri, Jun 19, 2015 at 09:33:05AM -0400, Stephen Morse wrote: > >> It is disappointing that F2Pool would enable full RBF when the safe > >> alternative, first-seen-safe RBF, is also available, especially since > the > >> fees they would gain by supporting full RBF over FSS RBF would likely be > >> negligible. Did they consider using FSS RBF instead? > > > > Specifically the following is what I told them: > > > >> We are > >> interested in the replace-by-fee patch, but I am not following the > >> development closely, more background info is needed, like what the > >> difference between standard and zeroconf versions? Thanks. > > > > Great! > > > > Basically both let you replace one transaction with another that pays a > > higher fee. First-seen-safe replace-by-fee adds the additional criteria > > that all outputs of the old transaction still need to be paid by the new > > transaction, with >= as many Bitcoins. Basically, it makes sure that if > > someone was paid by tx1, then tx2 will still pay them. > > > > I've written about how wallets can use RBF and FSS-RBF to more > > efficiently use the blockchain on the bitcoin-development mailing list: > > > > > http://www.mail-archive.com/bitcoin-development@lists.sourceforge.net/msg07813.html > > > http://www.mail-archive.com/bitcoin-development@lists.sourceforge.net/msg07829.html > > > > Basically, for the purpose of increasing fees, RBF is something like %50 > > cheaper than CPFP, and FSS-RBF is something like %25 cheaper. > > > > In addition, for ease of implementation, my new FSS-RBF has a number of > > other restrictions. For instance, you can't replace multiple > > transactions with one, you can't replace a transaction whose outputs > > have already been spent, you can't replace a transaction with one that > > spends additional unconfirmed inputs, etc. These restrictions aren't > > "set in stone", but they do make the code simpler and less likely to > > have bugs. > > > > In comparison my previous standard RBF patch can replace multiple > > transactions with one, can replace long chains of transactions, etc. > > It's willing to do more computation before deciding if a transaction > > should be replaced, with more complex logic; it probably has a higher > > chance of having a bug or DoS attack. > > > > You've probably seen the huge controversy around zeroconf with regard to > > standard replace-by-fee. While FSS RBF doesn't make zeroconf any safer, > > it also doesn't make it any more dangerous, so politically with regard > > to zeroconf it makes no difference. You *can* still use it doublespend > > by taking advantage of how different transactions are accepted > > differently, but that's true of *every* change we've ever made to > > Bitcoin Core - by upgrading to v0.10 from v0.9 you've also "broken" > > zeroconf in the same way. > > > > > > Having said that... honestly, zeroconf is pretty broken already. Only > > with pretty heroic measures like connecting to a significant fraction of > > the Bitcoin network at once, as well as connecting to getblocktemplate > > supporting miners to figure out what transactions are being mined, are > > services having any hope of avoiding getting ripped off. For the average > > user their wallets do a terrible job of showing whether or not an > > unconfirmed transaction will go through. For example, Schildbach's > > Bitcoin wallet for Android has no code at all to detect double-spends > > until they get mined, and I've been able to trick it into showing > > completely invalid transactions. In fact, currently Bitcoin XT will > > relay invalid transactions that are doublepsends, and Schildbach's > > wallet displays them as valid, unconfirmed, payments. It's really no > > surprise to me that nearly no-one in the Bitcoin ecosystem accepts > > unconfirmed transactions without some kind of protection that doesn't > > rely on first-seen-safe mempool behavior. For instance, many ATM's these > > days know who their customers are due to AML requirements, so while you > > can deposit Bitcoins and get your funds instantly, the protection for > > the ATM operator is that they can go to the police if you rip them off; > > I've spoken to ATM operators who didn't do this who've lost hundreds or > > even thousands of dollars before giving up on zeroconf. > > > > My big worry with zeroconf is a service like Coinbase or Shapeshift > > coming to rely on it, and then attempting to secure it by gaining > > control of a majority of hashing power. For instance, if Coinbase had > > contracts with 80% of the Bitcoin hashing power to guarantee their > > transactions would get mined, but 20% of the hashing power didn't sign > > up, then the only way to guarantee their transactions could be for the > > 80% to not build on blocks containing doublespends by the 20%. There's > > no way in a decentralized network to come to consensus about what > > transactions are or are not valid without mining itself, so you could > > end up in a situation where unless you're part of one of the big pools > > you can't reliably mine at all because your blocks may get rejected for > > containing doublespends. > > > > One of my goal with standard replace-by-fee is to prevent this scenario > > by forcing merchants and others to implement ways of accepting zeroconf > > transactions safely that work in a decentralized environment regardless > > of what miners do; we have a stronger and safer Bitcoin ecosystem if > > we're relying on math rather than trust to secure our zeroconf > > transactions. We're also being more honest to users, who right now often > > have the very wrong impression that unconfirmed transactions are safe to > > accept - this does get people ripped off all too often! > > > > > > Anyway, sorry for the rant! FWIW I updated my FSS-RBF patch and am > > waiting to get some feedback: > > > > https://github.com/bitcoin/bitcoin/pull/6176 > > > > Suhas Daftuar did find a pretty serious bug in it, now fixed. I'm > > working on porting it to v0.10.2, and once that's done I'm going to put > > up a bounty for anyone who can find a DoS attack in the patch. If no-one > > claims the bounty after a week or two I think I'll start feeling > > confident about using it in production. > > > > > > -- > > 'peter'[:-1]@petertodd.org > > 000000000000000003188926be14e5fbe2f8f9c63c9fb8e2ba4b14ab04f1c9ab > > > > > ------------------------------------------------------------------------------ > > > > _______________________________________________ > > Bitcoin-development mailing list > > Bitcoin-development@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/bitcoin-development > > > > > ------------------------------------------------------------------------------ > _______________________________________________ > Bitcoin-development mailing list > Bitcoin-development@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/bitcoin-development > -- Jeff Garzik Bitcoin core developer and open source evangelist BitPay, Inc. https://bitpay.com/ --001a113cea2619a6b90518e0ca91 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Yes, FSS RBF is far better.


On Fri, Jun 19, 2015 at 6:5= 2 AM, Chun Wang <1240902@gmail.com> wrote:
Before F2Pool's launch, I performed probably the only = successful
bitcoin double spend in the March 2013 fork without any mining power.
[ https://bitcointalk.org/index.php?topic=3D152348= .0 ] I know how bad
the full RBF is. We are going to switch to FSS RBF in a few hours.
Sorry.

On Fri, Jun 19, 2015 at 9:44 PM, Peter Todd <pete@petertodd.org> wrote:
> On Fri, Jun 19, 2015 at 09:33:05AM -0400, Stephen Morse wrote:
>> It is disappointing that F2Pool would enable full RBF when the saf= e
>> alternative, first-seen-safe RBF, is also available, especially si= nce the
>> fees they would gain by supporting full RBF over FSS RBF would lik= ely be
>> negligible. Did they consider using FSS RBF instead?
>
> Specifically the following is what I told them:
>
>> We are
>> interested in the replace-by-fee patch, but I am not following the=
>> development closely, more background info is needed, like what the=
>> difference between standard and zeroconf versions? Thanks.
>
> Great!
>
> Basically both let you replace one transaction with another that pays = a
> higher fee. First-seen-safe replace-by-fee adds the additional criteri= a
> that all outputs of the old transaction still need to be paid by the n= ew
> transaction, with >=3D as many Bitcoins. Basically, it makes sure t= hat if
> someone was paid by tx1, then tx2 will still pay them.
>
> I've written about how wallets can use RBF and FSS-RBF to more
> efficiently use the blockchain on the bitcoin-development mailing list= :
>
> http://www.m= ail-archive.com/bitcoin-development@lists.sourceforge.net/msg07813.html=
> http://www.m= ail-archive.com/bitcoin-development@lists.sourceforge.net/msg07829.html=
>
> Basically, for the purpose of increasing fees, RBF is something like %= 50
> cheaper than CPFP, and FSS-RBF is something like %25 cheaper.
>
> In addition, for ease of implementation, my new FSS-RBF has a number o= f
> other restrictions. For instance, you can't replace multiple
> transactions with one, you can't replace a transaction whose outpu= ts
> have already been spent, you can't replace a transaction with one = that
> spends additional unconfirmed inputs, etc. These restrictions aren'= ;t
> "set in stone", but they do make the code simpler and less l= ikely to
> have bugs.
>
> In comparison my previous standard RBF patch can replace multiple
> transactions with one, can replace long chains of transactions, etc. > It's willing to do more computation before deciding if a transacti= on
> should be replaced, with more complex logic; it probably has a higher<= br> > chance of having a bug or DoS attack.
>
> You've probably seen the huge controversy around zeroconf with reg= ard to
> standard replace-by-fee. While FSS RBF doesn't make zeroconf any s= afer,
> it also doesn't make it any more dangerous, so politically with re= gard
> to zeroconf it makes no difference. You *can* still use it doublespend=
> by taking advantage of how different transactions are accepted
> differently, but that's true of *every* change we've ever made= to
> Bitcoin Core - by upgrading to v0.10 from v0.9 you've also "b= roken"
> zeroconf in the same way.
>
>
> Having said that... honestly, zeroconf is pretty broken already. Only<= br> > with pretty heroic measures like connecting to a significant fraction = of
> the Bitcoin network at once, as well as connecting to getblocktemplate=
> supporting miners to figure out what transactions are being mined, are=
> services having any hope of avoiding getting ripped off. For the avera= ge
> user their wallets do a terrible job of showing whether or not an
> unconfirmed transaction will go through. For example, Schildbach's=
> Bitcoin wallet for Android has no code at all to detect double-spends<= br> > until they get mined, and I've been able to trick it into showing<= br> > completely invalid transactions. In fact, currently Bitcoin XT will > relay invalid transactions that are doublepsends, and Schildbach's=
> wallet displays them as valid, unconfirmed, payments. It's really = no
> surprise to me that nearly no-one in the Bitcoin ecosystem accepts
> unconfirmed transactions without some kind of protection that doesn= 9;t
> rely on first-seen-safe mempool behavior. For instance, many ATM's= these
> days know who their customers are due to AML requirements, so while yo= u
> can deposit Bitcoins and get your funds instantly, the protection for<= br> > the ATM operator is that they can go to the police if you rip them off= ;
> I've spoken to ATM operators who didn't do this who've los= t hundreds or
> even thousands of dollars before giving up on zeroconf.
>
> My big worry with zeroconf is a service like Coinbase or Shapeshift > coming to rely on it, and then attempting to secure it by gaining
> control of a majority of hashing power. For instance, if Coinbase had<= br> > contracts with 80% of the Bitcoin hashing power to guarantee their
> transactions would get mined, but 20% of the hashing power didn't = sign
> up, then the only way to guarantee their transactions could be for the=
> 80% to not build on blocks containing doublespends by the 20%. There&#= 39;s
> no way in a decentralized network to come to consensus about what
> transactions are or are not valid without mining itself, so you could<= br> > end up in a situation where unless you're part of one of the big p= ools
> you can't reliably mine at all because your blocks may get rejecte= d for
> containing doublespends.
>
> One of my goal with standard replace-by-fee is to prevent this scenari= o
> by forcing merchants and others to implement ways of accepting zerocon= f
> transactions safely that work in a decentralized environment regardles= s
> of what miners do; we have a stronger and safer Bitcoin ecosystem if > we're relying on math rather than trust to secure our zeroconf
> transactions. We're also being more honest to users, who right now= often
> have the very wrong impression that unconfirmed transactions are safe = to
> accept - this does get people ripped off all too often!
>
>
> Anyway, sorry for the rant! FWIW I updated my FSS-RBF patch and am
> waiting to get some feedback:
>
>=C2=A0 =C2=A0 =C2=A0https://github.com/bitcoin/bitco= in/pull/6176
>
> Suhas Daftuar did find a pretty serious bug in it, now fixed. I'm<= br> > working on porting it to v0.10.2, and once that's done I'm goi= ng to put
> up a bounty for anyone who can find a DoS attack in the patch. If no-o= ne
> claims the bounty after a week or two I think I'll start feeling > confident about using it in production.
>
>
> --
> 'peter'[:-1]@petertodd.org
> 000000000000000003188926be14e5fbe2f8f9c63c9fb8e2ba4b14ab04f1c9ab
>
> ------------------= ------------------------------------------------------------
>
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-d= evelopment@lists.sourceforge.net
> https://lists.sourceforge.net/l= ists/listinfo/bitcoin-development
>

---------------------------------------------------------------------------= ---
_______________________________________________
Bitcoin-development mailing list
Bitcoin-develo= pment@lists.sourceforge.net
https://lists.sourceforge.net/lists/= listinfo/bitcoin-development



--
=
Jeff Garzik
Bitcoin core developer and op= en source evangelist
BitPay, Inc. =C2=A0 =C2=A0 =C2=A0https://bitpay.com/
--001a113cea2619a6b90518e0ca91--