From: ZmnSCPxj <ZmnSCPxj@protonmail•com>
To: Weiji Guo <weiji.g@gmail•com>
Cc: Bitcoin Protocol Discussion <bitcoin-dev@lists•linuxfoundation.org>
Subject: Re: [bitcoin-dev] proposal: new opcode OP_ZKP to enable ZKP-based spending authorization
Date: Sat, 06 May 2023 02:51:33 +0000 [thread overview]
Message-ID: <-ZXduH8kzOVdK_FBE0VvMtuKDAFSU0Z4joKeIqM7CFnHO9kymMHfVwGjlwEHLzAnFWXLd_jVtNrkdeQGVobYUqjwASXEQ2w8BHh5FtEMJzs=@protonmail.com> (raw)
In-Reply-To: <CA+ydi=KMm6LW7W+NAUfRDESaJCg+smkiGS2WHKtYRWVGmM_0YA@mail.gmail.com>
Good Morning Weiji,
> Hi ZmnSCPxy,
> > As the network is pseudonymous, an anonymous attacker can flood the fullnode mempool network with large numbers of non-aggregated transactions, then in cooperation with a miner confirm a single aggregated transaction with lower feerate than what it put in the several non-aggregated transactions.
>
> Arguably this is hardly a feasible attack. Let's suppose the attacker creates 1000 such transactions, and attaches each transaction with a small amount of transaction fee X. The total fee will be 1000*X collectible by the aggregation vendor, who pays the miner a fee Y. We can reasonably assume that 1000*X is much larger than Y, yet X is much smaller than Y. Note that Y is already much larger than the regular fee for other transactions as the aggregated transaction should contain many inputs and many outputs, thus very large in size.
>
> Now, the attacker will have to generate proofs for these 1000 transactions, which is non-trivial; and pay for 1000*X upfront. The aggregation vendor has to spend more computing power doing the aggregation (or recursive verification) and take (1000*X - Y) as profit. Miner gets Y.
The entire point is that there has to be a separate, paid aggregator, in order to ensure that the free mempool service is not overloaded.
Basically, keep the aggregation outside the mempool, not in the mempool.
If aggregation is paid for, that is indeed sufficient to stop the attack, as you noted.
Regards,
ZmnSCPxj
prev parent reply other threads:[~2023-05-06 2:51 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-04-28 8:29 Weiji Guo
2023-04-30 2:15 ` ZmnSCPxj
2023-05-01 12:46 ` Weiji Guo
2023-05-02 15:01 ` ZmnSCPxj
2023-05-04 15:31 ` Weiji Guo
2023-05-04 17:13 ` ZmnSCPxj
2023-05-05 23:06 ` Weiji Guo
2023-05-06 2:51 ` ZmnSCPxj [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='-ZXduH8kzOVdK_FBE0VvMtuKDAFSU0Z4joKeIqM7CFnHO9kymMHfVwGjlwEHLzAnFWXLd_jVtNrkdeQGVobYUqjwASXEQ2w8BHh5FtEMJzs=@protonmail.com' \
--to=zmnscpxj@protonmail$(echo .)com \
--cc=bitcoin-dev@lists$(echo .)linuxfoundation.org \
--cc=weiji.g@gmail$(echo .)com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox