1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
|
Delivery-date: Mon, 27 Jan 2025 15:27:24 -0800
Received: from mail-qk1-f187.google.com ([209.85.222.187])
by mail.fairlystable.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
(Exim 4.94.2)
(envelope-from <bitcoindev+bncBC3PT7FYWAMRBUVM4C6AMGQEO4TES2A@googlegroups.com>)
id 1tcYVn-0004Bl-G1
for bitcoindev@gnusha.org; Mon, 27 Jan 2025 15:27:24 -0800
Received: by mail-qk1-f187.google.com with SMTP id af79cd13be357-7b6ef813ed1sf717416685a.3
for <bitcoindev@gnusha.org>; Mon, 27 Jan 2025 15:27:23 -0800 (PST)
ARC-Seal: i=2; a=rsa-sha256; t=1738020437; cv=pass;
d=google.com; s=arc-20240605;
b=KsH4VbmOAd2f9k3GiKa2ouf/3+hEcUL6UX495y0CYngIUzLqnDwaPVRV2uriL59p4Y
bI03oPIdhYksM1eU6ab02jAykeZpWU40ubZKTXdbsxvde3plnfuDa6hLPghluNh/vKVC
wYt+KCt/VIy60V4V3Cqq8jPt7tHmSr0e4+Zv4HtG5ix8PUK+HYBygSVTOtx+LIbgW+rk
DsF+M+h59B3NmuPo05srazPOa+cDIxHRXl0KUR73odYs4yrNB0yriB2XFzT42BMW/swN
W9BODSUmau4wPccqKve9cK04GGwT6lBJCM2iWkra0vqeLEOsCP//65Dwn4nB3slNpjir
2npA==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:cc:to:subject:message-id:date:from
:in-reply-to:references:mime-version:sender:dkim-signature
:dkim-signature;
bh=925urScImubRwfCXDUNb17gr+N2W3+tbraIUgwUlseo=;
fh=wM9YqqU1zinDZJ/2f9pDu46cnSeltczSDtLvtXD17Fo=;
b=OF3pvDjQfqwmnUJdfle4PW05GH0ZB33l6lBxG25k2JztFtmLKk0tSfGeIMvlgIkaJu
j3OWCyeX9CbNQ9pdpcrlAl6Jx9NNGmJ6XAJwWkRrXZZzhtg88iyu2YxGOLesS+nQfz1a
gR4Sv55Idzq7yGXmW8g9TEw8uomX3geOxEVC3+s3D31zmY6FcRvKA5aW4hTehmrTFI4T
/a9FmSNiY099Pg+387VQGtXjvROWrgN4pATi8kgXaeaJU/V29Ojj6OYKbm+OWw2uOWOQ
Qiu/VDU1ir9SGXi1uDpqBYsCxuXQhY77qGiyH284Lrvb9euXbXcw9eSc7739rdFDFXsV
A6UQ==;
darn=gnusha.org
ARC-Authentication-Results: i=2; gmr-mx.google.com;
dkim=pass header.i=@gmail.com header.s=20230601 header.b="U/AfY6iJ";
spf=pass (google.com: domain of antoine.riard@gmail.com designates 2607:f8b0:4864:20::1033 as permitted sender) smtp.mailfrom=antoine.riard@gmail.com;
dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com;
dara=pass header.i=@googlegroups.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=googlegroups.com; s=20230601; t=1738020437; x=1738625237; darn=gnusha.org;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:x-original-authentication-results
:x-original-sender:cc:to:subject:message-id:date:from:in-reply-to
:references:mime-version:sender:from:to:cc:subject:date:message-id
:reply-to;
bh=925urScImubRwfCXDUNb17gr+N2W3+tbraIUgwUlseo=;
b=HHoiQpcz7IZSbU2oqhK9TD4Eio+lpOf+OWsxKhgBxyaXN/kH6qvFDb0wGLz5dnBi9p
IZSUhzPHQrq2nAjgS7nzG3F1/TRZ6q4JVwXUBYEl07FCzus6CvImC6wTXmQjYdpJdOjW
Um61ViZsaEjw9uqR9/T+P6EvRqbwH+YDXfwihqa+nh2VOI6kdpUEH7ouLnMDD9WHAqWk
IFIlmVqlJ9TZm3NCLVkoj/pC8PtI6bhUJa228XrhTgigsMXos0GFNNm+nqiETf6NBc3v
crDhLuncZBBmS6ijF+CbhzLnUC7y2ebq0ycy6BbMUkeFei9SvUYRjy20Ev35UJ1njEXz
KDAQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20230601; t=1738020437; x=1738625237; darn=gnusha.org;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:x-original-authentication-results
:x-original-sender:cc:to:subject:message-id:date:from:in-reply-to
:references:mime-version:from:to:cc:subject:date:message-id:reply-to;
bh=925urScImubRwfCXDUNb17gr+N2W3+tbraIUgwUlseo=;
b=KlfN//Fn6qRSxSc8f3kTNEBFB0kbbPL1s6GCYcRrPNbV1qDUmStIHtjjsejIUyvCFi
Fec2FrnonUuTs24Q91fVlMNIn1UwSm0uzOf42SHXTTjSr4OlNekE4HIoroUNdfg2I+SZ
qiEw5hasoCeBsrdfzvKFImYujM5YEfNSjYSIS7EJc5hSLsOM0h33WKaT/haHns+N60xw
BmeOAg3qzGAKOuXZOUGeWgjUrK7i4eLRnHPSFsbnXJasTAi2FuKS50rHMJK7wn+qUPTb
q80g3ucnazHIX3juzhM4wuUMZ/23iih1fKdMSHiXpzYDjCw1H53rL2WrS2MecAxDpXQy
8AZA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1738020437; x=1738625237;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:x-original-authentication-results
:x-original-sender:cc:to:subject:message-id:date:from:in-reply-to
:references:mime-version:x-beenthere:x-gm-message-state:sender:from
:to:cc:subject:date:message-id:reply-to;
bh=925urScImubRwfCXDUNb17gr+N2W3+tbraIUgwUlseo=;
b=w6yYMWkVxwaqJWldTUYJ7XB49rLu1yaioQSc8Zx6WG3sYtMNuP+QyHEeTHAIEeA5Hz
DvcGRIlmeHGQdRjUw7pFaHOqMYnjZs2dL1eTXS5EWFLk8Rc7dlDzvT7N6tbiWFRkp+BY
eQ8IYrr3V1L6ObL1WYaobqsi7IUC4ySVk6ofBZg9m8qY2EDotXUbXS+T6WAv7NEAwOMn
0+KZyk2cVooH73mQEQ1yrEFu+VPyJ2gjhAFASA7HTTAQIm7WuHS7+0IvSngKfLVgIds9
D2wp2C0zVr0KQN+E/2vB1SKLBTP6S3XkeIIvRLkIeGoqN7PhkCmp20+yiDquvDLKOGn6
hwkQ==
Sender: bitcoindev@googlegroups.com
X-Forwarded-Encrypted: i=2; AJvYcCXQNYBCyG4tGLrKV8frcHDPGpUZaQe25ajunzRv7hZY5eN3tXByFasTPGFYadDyS1jyHs5I98+RxKhs@gnusha.org
X-Gm-Message-State: AOJu0Yx+Ua2e5AclM0ZxL6F+X74M2Xi5tySxNf+dWrEON37xbf3SZpAo
wRFdAMSL8Vvhssp+EZySlmw6Gwl+3W+MHSH5jsimgeq25QIYk3gs
X-Google-Smtp-Source: AGHT+IE7ZiOIE+le2ra+1DvmVMQzirQrTKFjmsw57CSoF3R9V57l+fbreFogutLTJ60jMYO7KXS7tQ==
X-Received: by 2002:a05:620a:40b:b0:7be:6f05:1b46 with SMTP id af79cd13be357-7be6f051d14mr4932675985a.57.1738020437285;
Mon, 27 Jan 2025 15:27:17 -0800 (PST)
X-BeenThere: bitcoindev@googlegroups.com
Received: by 2002:ac8:7cc:0:b0:463:f0e:44c6 with SMTP id d75a77b69052e-46e5b3d7388ls3068021cf.0.-pod-prod-01-us;
Mon, 27 Jan 2025 15:27:14 -0800 (PST)
X-Received: by 2002:a05:620a:4396:b0:7b1:48ff:6b56 with SMTP id af79cd13be357-7be6327979emr6794298985a.43.1738020433960;
Mon, 27 Jan 2025 15:27:13 -0800 (PST)
Received: by 2002:a05:620a:319c:b0:7b6:67a8:4fcd with SMTP id af79cd13be357-7bff5151275ms85a;
Mon, 27 Jan 2025 15:01:15 -0800 (PST)
X-Received: by 2002:ac8:7d43:0:b0:467:5c9f:f8ef with SMTP id d75a77b69052e-46e12a1e6d9mr646183441cf.6.1738018874565;
Mon, 27 Jan 2025 15:01:14 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1738018874; cv=none;
d=google.com; s=arc-20240605;
b=UXenX6GSCXj3yx5bqlul/pyTxeNba0Umgjhtp7mGN6Xq0ttc/qnWdoxi8eSrcVbf/k
4od4DRMC+54ccb/HwNL0omG9CdpCEmi8vcp04MT10pj3roBOa6JRDCQjlY8YytGwSxZd
uhD+djutR1Gt3iyReeqrvjzatHsknV3pTnh5230IQQHfyOv/IdbXdthDkvhzRUxp3QTP
3HImBevSA0OETpE9GvPwSc89f7Zz1qHV9xW1IGKHcFJ2KAHbMWtFWpfwWJOMgPt9Y9ZE
wUhBsqtwcdbu7hHnt8ONPbrciUXI9z/krwImDCbKCmLhBWxftwyJMIszw4w9UWZQd/Gs
Y77A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605;
h=cc:to:subject:message-id:date:from:in-reply-to:references
:mime-version:dkim-signature;
bh=3gR8czNVluW02lAHGsUTwphXPzEr5QIrSgcw+7SkgSI=;
fh=8IhWpdr4iOuTkOTm2gRZZk21cYhi2Q2zuRpS0v0v2JA=;
b=ju8yMS1Nw1dqD7uwlkgI7hNXDWmkYZpQk9h+c8Yp5PDpD0wRijie21dDzk56fQ/x8D
+iYxDYYCLwfrOudY2hA8wISt5NbLnmJLMnthOu4EoW6RCR/lVmXSGO7Vt5fB7Dj+9kNs
bD30ymeaRPZiKcfk6GKcse0M0+HPSeOsmsm7PhYhsSGfZQrp3stV+IrRFOlyvK59POaA
BgVjUtFVnaLHOwb5PjoxHKwGq+D8BbbQ4cs6ssocG1qoN8tgM68zUqLgtUhKZ+vlXKQ6
kdDw6mgGQBG/srhI/wFrlVJCCCYrYlHm4ktVD/81c53n1Yg7dLT2wHygwRTpi6phXYSH
n1Dg==;
dara=google.com
ARC-Authentication-Results: i=1; gmr-mx.google.com;
dkim=pass header.i=@gmail.com header.s=20230601 header.b="U/AfY6iJ";
spf=pass (google.com: domain of antoine.riard@gmail.com designates 2607:f8b0:4864:20::1033 as permitted sender) smtp.mailfrom=antoine.riard@gmail.com;
dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com;
dara=pass header.i=@googlegroups.com
Received: from mail-pj1-x1033.google.com (mail-pj1-x1033.google.com. [2607:f8b0:4864:20::1033])
by gmr-mx.google.com with ESMTPS id d75a77b69052e-46e66b3fa56si3639351cf.4.2025.01.27.15.01.14
for <bitcoindev@googlegroups.com>
(version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
Mon, 27 Jan 2025 15:01:14 -0800 (PST)
Received-SPF: pass (google.com: domain of antoine.riard@gmail.com designates 2607:f8b0:4864:20::1033 as permitted sender) client-ip=2607:f8b0:4864:20::1033;
Received: by mail-pj1-x1033.google.com with SMTP id 98e67ed59e1d1-2ee74291415so6620632a91.3
for <bitcoindev@googlegroups.com>; Mon, 27 Jan 2025 15:01:14 -0800 (PST)
X-Gm-Gg: ASbGncsQXxRAFZJffI3DxpH6mZc5izg0lNcrm4ze+APTeJP75AhKfm7vTrTi0uM+3xD
5R3is1abzIsXPGcoe0yGdU2BO2KjBoMcU89TYEe5nBbY8ziy1XmTtz1ZCSaKk84E=
X-Received: by 2002:a17:90b:51c5:b0:2ee:d371:3227 with SMTP id
98e67ed59e1d1-2f782c9cb13mr68942708a91.17.1738018873519; Mon, 27 Jan 2025
15:01:13 -0800 (PST)
MIME-Version: 1.0
References: <CALZpt+EnDUtfty3X=u2-2c5Q53Guc6aRdx0Z4D75D50ZXjsu2A@mail.gmail.com>
<7aa8b4bd7c2d475ad07efb90d770fbd8@dtrt.org>
In-Reply-To: <7aa8b4bd7c2d475ad07efb90d770fbd8@dtrt.org>
From: Antoine Riard <antoine.riard@gmail.com>
Date: Mon, 27 Jan 2025 23:01:02 +0000
X-Gm-Features: AWEUYZkDWQ_GNNTqT1-zclaxu8V6VjrtPZYjqlHYA05LKLyp_BAryX-zo5wXUEE
Message-ID: <CALZpt+HyQyj6EUf39JX3nuD3izsmBSG9XUcV-EVrC05o2T=u7A@mail.gmail.com>
Subject: Re: [bitcoindev] [FULL DISCLOSURE]: Replacement Cycling Attacks on
Attacks on Bitcoin Miners Block Templates
To: "David A. Harding" <dave@dtrt.org>
Cc: Bitcoin Development Mailing List <bitcoindev@googlegroups.com>, security@ariard.me
Content-Type: multipart/alternative; boundary="00000000000091b60c062cb80d2b"
X-Original-Sender: antoine.riard@gmail.com
X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass
header.i=@gmail.com header.s=20230601 header.b="U/AfY6iJ"; spf=pass
(google.com: domain of antoine.riard@gmail.com designates 2607:f8b0:4864:20::1033
as permitted sender) smtp.mailfrom=antoine.riard@gmail.com; dmarc=pass
(p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com; dara=pass header.i=@googlegroups.com
Precedence: list
Mailing-list: list bitcoindev@googlegroups.com; contact bitcoindev+owners@googlegroups.com
List-ID: <bitcoindev.googlegroups.com>
X-Google-Group-Id: 786775582512
List-Post: <https://groups.google.com/group/bitcoindev/post>, <mailto:bitcoindev@googlegroups.com>
List-Help: <https://groups.google.com/support/>, <mailto:bitcoindev+help@googlegroups.com>
List-Archive: <https://groups.google.com/group/bitcoindev
List-Subscribe: <https://groups.google.com/group/bitcoindev/subscribe>, <mailto:bitcoindev+subscribe@googlegroups.com>
List-Unsubscribe: <mailto:googlegroups-manage+786775582512+unsubscribe@googlegroups.com>,
<https://groups.google.com/group/bitcoindev/subscribe>
X-Spam-Score: -0.5 (/)
--00000000000091b60c062cb80d2b
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
> Do I understand correctly that this attack only applies if Alice
> attempts to fee bump her batch transaction? In short, is this the
> attack:
Fundamentally, yes. This attack is primarily targeting all transaction
flows with a fee bump.
See section 6.4 of the joined paper for more characterization of the
"Transaction Traffic Hijack", while no quantitative analysis of the average
% txn affected has been done so far.
There could also be UTXO-sharing flows that are affected, where the
attacker is propagating first, and preventing the other tx to propagate,
before evicting his own package.
However no test and no thoughts has been given to this
"block-first-at-the-UTXO-root" alternative, the fee bump is more concerning=
.
Best,
Antoine
Le lun. 27 janv. 2025 =C3=A0 22:17, David A. Harding <dave@dtrt.org> a =C3=
=A9crit :
> On 2025-01-27 05:22, Antoine Riard wrote:
> > As soon as Alice's batch transaction starts to propagate, Mallet
> > consumes its 2 outputs with 2 chain of junk transactions to reach max
> > package limits (25 descendants) and block the carve-out. The junk
> > transactions are of size 150 bytes and feerates 2 satoshis per virtual
> > byte and they have 2 parents: one Alice's payout UTXO and one Mallet's
> > UTXO.
> >
> > Starting from this point, Alice's exchange server logic should either
> > (a) attempts a CPFP or (b) attempts a RBF on the batch transaction. As
> > there is no global mempool, Alice is uncertain on the explanation for
> > the lack of propagation of her batch transaction [...]
>
> Do I understand correctly that this attack only applies if Alice
> attempts to fee bump her batch transaction? In short, is this the
> attack:
>
> - Alice broadcasts a transaction.
> - Mallet pins Alice.
> - Alice doesn't realize she's been pinned and bumps the fees.
> - The bump doesn't propagate due to the pin, but Mallet receives it
> anyway somehow.
> - Mallet mines the fee bump, but nobody else mines it because it didn't
> propagate. Mallet thus makes more money than other miners.
>
> Thanks,
>
> -Dave
>
--=20
You received this message because you are subscribed to the Google Groups "=
Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an e=
mail to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/=
CALZpt%2BHyQyj6EUf39JX3nuD3izsmBSG9XUcV-EVrC05o2T%3Du7A%40mail.gmail.com.
--00000000000091b60c062cb80d2b
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr">> Do I understand correctly that this attack only appli=
es if Alice<br>> attempts to fee bump her batch transaction?=C2=A0 In sh=
ort, is this the<br>> attack:<div><br></div><div>Fundamentally, yes. Thi=
s attack is primarily targeting=C2=A0all transaction flows with a fee bump.=
</div><div><br></div><div>See section 6.4 of the joined paper=C2=A0for more=
characterization of the "Transaction Traffic Hijack", while no q=
uantitative analysis of the average % txn affected has been done so far.</d=
iv><div><br></div><div>There could also be UTXO-sharing flows that are affe=
cted, where the attacker is propagating first, and preventing the other tx =
to propagate, before evicting his own package.</div><div><br></div><div>How=
ever no test and no thoughts has been given to this "block-first-at-th=
e-UTXO-root" alternative, the fee bump is more concerning.</div><div><=
br></div><div>Best,</div><div>Antoine</div></div><br><div class=3D"gmail_qu=
ote gmail_quote_container"><div dir=3D"ltr" class=3D"gmail_attr">Le=C2=A0lu=
n. 27 janv. 2025 =C3=A0=C2=A022:17, David A. Harding <<a href=3D"mailto:=
dave@dtrt.org">dave@dtrt.org</a>> a =C3=A9crit=C2=A0:<br></div><blockquo=
te class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left-widt=
h:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-le=
ft:1ex">On 2025-01-27 05:22, Antoine Riard wrote:<br>
> As soon as Alice's batch transaction starts to propagate, Mallet<b=
r>
> consumes its 2 outputs with 2 chain of junk transactions to reach max<=
br>
> package limits (25 descendants) and block the carve-out. The junk<br>
> transactions are of size 150 bytes and feerates 2 satoshis per virtual=
<br>
> byte and they have 2 parents: one Alice's payout UTXO and one Mall=
et's<br>
> UTXO.<br>
> <br>
> Starting from this point, Alice's exchange server logic should eit=
her<br>
> (a) attempts a CPFP or (b) attempts a RBF on the batch transaction. As=
<br>
> there is no global mempool, Alice is uncertain on the explanation for<=
br>
> the lack of propagation of her batch transaction [...]<br>
<br>
Do I understand correctly that this attack only applies if Alice<br>
attempts to fee bump her batch transaction?=C2=A0 In short, is this the<br>
attack:<br>
<br>
- Alice broadcasts a transaction.<br>
- Mallet pins Alice.<br>
- Alice doesn't realize she's been pinned and bumps the fees.<br>
- The bump doesn't propagate due to the pin, but Mallet receives it<br>
=C2=A0 =C2=A0anyway somehow.<br>
- Mallet mines the fee bump, but nobody else mines it because it didn't=
<br>
=C2=A0 =C2=A0propagate.=C2=A0 Mallet thus makes more money than other miner=
s.<br>
<br>
Thanks,<br>
<br>
-Dave<br>
</blockquote></div>
<p></p>
-- <br />
You received this message because you are subscribed to the Google Groups &=
quot;Bitcoin Development Mailing List" group.<br />
To unsubscribe from this group and stop receiving emails from it, send an e=
mail to <a href=3D"mailto:bitcoindev+unsubscribe@googlegroups.com">bitcoind=
ev+unsubscribe@googlegroups.com</a>.<br />
To view this discussion visit <a href=3D"https://groups.google.com/d/msgid/=
bitcoindev/CALZpt%2BHyQyj6EUf39JX3nuD3izsmBSG9XUcV-EVrC05o2T%3Du7A%40mail.g=
mail.com?utm_medium=3Demail&utm_source=3Dfooter">https://groups.google.com/=
d/msgid/bitcoindev/CALZpt%2BHyQyj6EUf39JX3nuD3izsmBSG9XUcV-EVrC05o2T%3Du7A%=
40mail.gmail.com</a>.<br />
--00000000000091b60c062cb80d2b--
|
