Re: [bitcoin-dev] A proposal for Full RBF to not exclude Zero Conf use case

From: Daniel Lipshitz <daniel@gap600•com>
To: Erik Aronesty <erik@q32•com>
Cc: Bitcoin Protocol Discussion
	<bitcoin-dev@lists•linuxfoundation.org>,
	John Carvalho <john@synonym•to>
Subject: Re: [bitcoin-dev] A proposal for Full RBF to not exclude Zero Conf use case
Date: Tue, 17 Jan 2023 19:27:13 +0200	[thread overview]
Message-ID: <CACkWPs867CH+haR8ZEjnX7kzsruX=TbrhnRX+-XFJpnv=EBHnw@mail.gmail.com> (raw)
In-Reply-To: <CAJowKgK9VQ3bgZZnnmTBkhF8DFrv08ywEQEC5oTvXX66d=mkoQ@mail.gmail.com>

[-- Attachment #1: Type: text/plain, Size: 6904 bytes --]

> > 0-conf on Bitcoin with its understood risks is a significant use case
>
> and that use case doesn't change, at all, with full rbf.   the risk
> profile will, likely, remain the same.   observation of the fee paid,
> history of doing business with the customer, transaction size are all
> needed.
>

Currently 0-conf recognition is done without any KYC on the payor, this
includes activities like, gaming, non-custodial trading and applications.
In general OptinRBF is not possible to offer 0-conf since as soon as it is
recognised it can be double spent. Full RBF would make all trxs just like
OptinRBF. FullRBF but with FSS implemented will still enable 0-conf
acceptance.

>
> On Mon, Jan 16, 2023 at 1:50 PM Daniel Lipshitz via bitcoin-dev <
> bitcoin-dev@lists•linuxfoundation.org> wrote:
>
>> Some further clarity on our unique trx hashes queried to our platform,
>> our initial and followup numbers on unique trx hashes queried were not
>> accurate - apologies. Bitcoin addresses queried and Usd value and unique
>> were accurate. This is as a result of our platform viewing each queried
>> bitcoin address as a transaction from our point of view.
>>
>>  November 2022
>>   Total queried unique bitcoin address- circa 1.5m trxs
>>   Unique Bitcoin trx hashes queried- circa 500k
>>   USD value - circa 220m
>>   December 2022
>>    Total queried unique bitcoin address- circa 1.7m trxs
>>    Unique Bitcoin trx hashes queried - circa 500k
>>    USD value - circa 200m
>>
>> There are further merchants and service providers who enable 0-conf on
>> Bitcoin who are not working via our platform - I do not know their numbers
>> but believe they are significant. 0-conf on Bitcoin with its understood
>> risks is a significant use case.
>>
>> For third party clarification please see
>> https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2022-December/021239.html
>> and
>> https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2022-December/021238.html
>> ________________________________
>>
>> Daniel Lipshitz
>> GAP600| www.gap600.com
>>
>>
>>
>>
>> On Sat, Jan 14, 2023 at 10:15 PM Daniel Lipshitz <daniel@gap600•com>
>> wrote:
>>
>>>
>>>
>>>
>>> On Sat, Jan 14, 2023 at 1:53 AM Peter Todd <pete@petertodd•org> wrote:
>>>
>>>> On Sun, Dec 18, 2022 at 10:06:15AM +0200, Daniel Lipshitz wrote:
>>>> > GAP600 is not a trxs processor or liquidity provider we service
>>>> merchants,
>>>> > payment processors & non-custodial liquidity providers - our service
>>>> is
>>>> > purely the 0-conf enabling our clients to accept 0-conf. Clients
>>>> access our
>>>> > service via API - sending us the Trx hash & output address. Our
>>>> service is
>>>> > not based on AML/KYC it is purely an analysis of the Bitcoin network.
>>>>
>>>> I checked and to sign up for your service, you ask for the name, phone
>>>> number,
>>>> email, and company name.
>>>>
>>>> That is an example of AML/KYC. By learning the tx hash and output
>>>> address, you
>>>> learn which addresses are associated with what real world entity is
>>>> paying for
>>>> your service. You learning that information for what you claim is ~10%
>>>> of all
>>>> transactions is a significant privacy concern. On that basiss alone, I
>>>> would
>>>> argue that full-rbf should be implemented specifically to destroy your
>>>> business
>>>> and stop the collection of that data.
>>>>
>>>> We have standard commercial information about the payment processors,
>>> non custodial liquidity providers and merchants which become our clients -
>>> we do not have any kyc/aml information or telephone number on who is
>>> sending our clients the bitcoin for deposit.  For us these are just bitcoin
>>> Trx which our clients choose to benefit from 0-conf deposit recognition.
>>> Our service is provided via API with the only information our clients share
>>> with us, regarding a specific bitcoin transaction, being public bitcoin
>>> information like trx hash and output address.
>>>
>>> > I am not at liberty to share names of other services which have
>>>> developed
>>>> > their own 0-conf service - they include a payment processor on a
>>>> gambling
>>>> > platform which services multiple gambling operators, a standalone
>>>> gaming
>>>> > payment processor, and a payment processor recently I have come
>>>> across. We
>>>> > also do not have a significant presence in Asia - so I don't have
>>>> > visibility there.
>>>>
>>>> No, I asked you for information on what companies are actually using
>>>> *your*
>>>> service. You claim to be involved with a huge % of all transactions. If
>>>> that is
>>>> in fact true, obviously it shouldn't be hard to provide some examples of
>>>> merchants using GAP600 to accept unconfirmed txs.
>>>>
>>>
>>> As already posted here
>>> https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2022-December/021240.html
>>> Max CEO from Coinspaid who has provided Cpoinspaid address clusters, see
>>> link, is available to discuss further and may choose to share further
>>> information on the merchants they support.
>>>
>>>>
>>>> > I don't see it being necessarily an either/or approach here. The risk
>>>> > looking to be mitigated with FullRBF seems to be able to be mitigated
>>>> with
>>>> > FullRBF but with a swop limitation of at least the Inputs of Trx1
>>>> being in
>>>> > Trx2 - no flagging required. Added to this all these trxs always have
>>>> the
>>>> > OptinRBF so if these platforms need to be able to recreate completely
>>>> their
>>>> > trxs they have that option as well. The option to Swop out or bump up
>>>> trxs
>>>> > seems to be well covered under those two options.
>>>>
>>>> You are not correct. One of the most important use-cases for full-rbf is
>>>> multi-party transactions; adding that limitation to full-rbf negates
>>>> that
>>>> usecase. See my post on why full-rbf makes DoS attacks on multiparty
>>>> protocols
>>>> significantly more expensive:
>>>>
>>>>
>>>> https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2023-January/021322.html
>>>
>>>
>>> I also note that there is ongoing debate as to the need for full RBF see
>>> here
>>> https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2023-January/021331.html
>>> .
>>>
>>> This seems to be an extreme edge case - with Opt-in RBF, FSS Full RBF
>>> and common sense - offering enough coverage to mitigate.
>>>
>>> 0-conf although may not be liked by some actors in Bitcoin, is engaged
>>> with free choice and understanding of the risks. 0-conf is a long standing
>>> and significant use case which should not be ignored. 0-conf demise should
>>> be viewed as being a major and unnecessary cost to FullRBF as currently
>>> implemented.
>>>
>>>> --
>>>> https://petertodd.org 'peter'[:-1]@petertodd.org
>>>>
>>> _______________________________________________
>> bitcoin-dev mailing list
>> bitcoin-dev@lists•linuxfoundation.org
>> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>>
>

[-- Attachment #2: Type: text/html, Size: 10334 bytes --]