I think this is a good understanding of the goal of Rule #3, but I'm not sure how you're getting these numbers without specifying the size and fees of the commitment transaction. We should also quantify the severity of the "damage" of this pin in a meaningful way; the issue of "Alice may need to pay to replace descendant(s) she
isn't aware of" is just a property of allowing unconfirmed descendants.
Let's use some concrete numbers with your example. As you describe, we need 80-162sat/vB to get into the next block, and Alice can fund a CPFP with a 152vB CPFP. Let's say the commitment transaction has size N, and pays 0 fees.
The lower number of 80sat/vB describes what Mallory needs to shoot below in order to "pay nothing" for the attack (i.e. otherwise it's a CPFP and gets the tx confirmed). Mallory can maximize the cost of replacement according to Rule #3 by keeping a low feerate while maximizing the size of the tx.
The higher number of 162sat/vB describes the reasonable upper bound of what Alice should pay to get the transactions confirmed. As in: If Alice pays exactly 162sat/vB * (N + 152vB) satoshis to get her tx
confirmed, nothing went wrong. She hopes to not pay more than that, but
she'll keep broadcasting higher bumps until it confirms.
The "damage" of the pin can quantified by the extra fees Alice has to pay.
For a v3 transaction, Mallory can attach 1000vB at 80sat/vB. This can increase the cost of replacement to 80,000sat.
For a non-v3 transaction, Mallory can attach (101KvB - N) before maxing out the descendant limit.
Rule #4 is pretty negligible here, but since you've already specified Alice's child as 152vB, she'll need to pay Rule #3 + 152sats for a replacement.
Let's say N is 1000vB. AFAIK commitment transactions aren't usually smaller than this:
- Alice is happy to pay 162sat/vB * (1000 + 152vB) = 186,624sat
- In a v3 world, Mallory can make the cost to replace 80sat/vB * (1000vB) + 152 = 80,152sat
- Mallory doesn't succeed, Alice's CPFP easily pays for the replacement
- In a non-v3 world, Mallory can make the cost to replace 80sat/vB * (100,000vB) + 152 = 8,000,152sat
- Mallory does succeed, Alice would need to pay ~7 million sats extra
Let's say N is 10,000vB:
- Alice is happy to pay 162sat/vB * (10,000 + 152vB) = 1,644,624
- In a v3 world, Mallory can make the cost to replace 80sat/vB * (1000vB) + 152 = 80,152sat
- Mallory doesn't succeed, Alice's CPFP easily pays for the replacement
- In a non-v3 world, Mallory can make the cost to replace 80sat/vB * (91,000vB) + 152 = 7,280,152sat
- Mallory does succeed Alice would need to pay ~5 million sats extra
Let's say N is 50,000vB:
- Alice is happy to pay 162sat/vB * (50,000 + 152vB) = 8,124,624
- In a v3 world, Mallory can make the cost to replace 80sat/vB * (1000vB) + 152 = 80,152sat
- Mallory doesn't succeed, Alice's CPFP easily pays for the replacement
- In a non-v3 world, Mallory can make the cost to replace 80sat/vB * (51,000vB) + 152 = 4,080,152sat
- Mallory doesn't succeed, Alice's CPFP easily pays for the replacement
- The key idea here is that there isn't much room for descendants and the cost to CPFP is very high
These numbers change if you tweak more variables - the fees paid by the commitment tx, the feerate range, etc. But the point here is to reduce the potential "damage" by 100x by restricting the allowed child size.
> If V3 children are restricted to, say, 200vB, the attack is much less effective
as the ratio of Alice vs Mallory size is so small.
This is exactly the idea; note that we've come from 100KvB to 1000vB.
> Mallory can improve the efficiency of his griefing attack by attacking multiple
> targets at once. Assuming Mallory uses 1 taproot input and 1 taproot output for
> his own funds, he can spend 21 ephemeral anchors in a single 1000vB
> transaction.
Note that v3 does not allow more than 1 unconfirmed parent per tx.
Let me know if I've made an arithmetic error, but hopefully the general idea is clear.
Best,
Gloria