From: Prayank <prayank@tutanota•de>
To: Michael Folkson <michaelfolkson@protonmail•com>
Cc: Bitcoin Dev <bitcoin-dev@lists•linuxfoundation.org>,
Lightning Dev <lightning-dev@lists•linuxfoundation.org>
Subject: Re: [bitcoin-dev] [Lightning-dev] Lightning and other layer 2 projects with multiple RBF policies
Date: Mon, 14 Feb 2022 06:18:30 +0100 (CET) [thread overview]
Message-ID: <Mvqek99--B-2@tutanota.de> (raw)
In-Reply-To: <aTVwIe_-6PUKYZ4btOUF8axaX_CzpStUta2_mOzX_5nN1NomU_OinXIRFHsswr7-O-C-i60ViTfeAyLVxYH490YZo65m8hlUy9KnY5OPEwo=@protonmail.com>
[-- Attachment #1: Type: text/plain, Size: 7654 bytes --]
> I suspect as with defaults generally most users will run whatever the defaults are as they won't care to change them (or even be capable of changing them if they are very non-technical).
30% nodes are using 0.21.1 right now whereas latest version was 22.0 and some are even running lower versions. Different versions in future with defaults might be running RBF v1 and RBF v2.
> But users who have a stake in the security of Lightning (or other Layer 2 projects) will clearly want to run whatever policy rules are beneficial to those protocols.
Agree and attackers will want to run the nodes with policy that helps them exploit bitcoin projects. Miners can run nodes with policy that helps them get more fees.
> As you know the vast majority of the full nodes on the network currently run Bitcoin Core. Whether that will change in future and whether this a good thing or not is a whole other discussion. But the reality is that with such strong dominance there is the option to set defaults that are widely used.
Bitcoin Core with different versions are used at any point and not sure if this will ever change.
https://luke.dashjr.org/programs/bitcoin/files/charts/security.html
https://www.shodan.io/search/facet.png?query=User-Agent%3A%2FSatoshi%2F+port%3A%228333%22&facet=product
> I think if certain defaults can bolster the security of Lightning (and possibly other Layer 2 projects) at no cost to full node users with no interest in those protocols we should discuss what those defaults should be.
This is the assumption which I don't agree with and hence asked some questions in my email. A new RBF policy used by default in Core will not improve the security of projects that are vulnerable to multiple RBF policies or rely on these policies in a way that affects their security.
Maybe some experiments on signet might help in knowing more issues associated with multiple RBF policies.
--
Prayank
A3B1 E430 2298 178F
Feb 13, 2022, 21:16 by michaelfolkson@protonmail•com:
> Hi Prayank
>
> > 1.Is Lightning Network and a few other layer 2 projects vulnerable to multiple RBF policies being used?
>
> Clearly the security of the Lightning Network and some other Layer 2 projects are at least impacted or partly dependent on policy rules in a way that the base blockchain/network isn't. As I (and others) have said on many occasions ideally this wouldn't be the case but it is best we can do with current designs. I (and others) take the view that this is not a reason to abandon those designs in the absence of an alternative that offers a strictly superior security model. Going back to a model where *all* activity is onchain (or even in less trust minimized protocols than Lightning) doesn't seem like the right approach to me.
>
> > 2.With recent discussion to change things in default RBF policy used by Core, will we have multiple versions using different policies? Are users and especially miners incentivized to use different versions and policies? Do they have freedom to use different RBF policy?
>
> Without making policy rules effective consensus rules users (including miners) are free to run different policy rules. I think it is too early to say what the final incentives will be to run the same or differing policies. Research into Lightning security is still nascent and we have no idea whether alternative Layer 2 projects will thrive and whether they will have the same or conflicting security considerations to Lightning.
>
> As you know the vast majority of the full nodes on the network currently run Bitcoin Core. Whether that will change in future and whether this a good thing or not is a whole other discussion. But the reality is that with such strong dominance there is the option to set defaults that are widely used. I think if certain defaults can bolster the security of Lightning (and possibly other Layer 2 projects) at no cost to full node users with no interest in those protocols we should discuss what those defaults should be.
>
> > 3.Are the recent improvements suggested for RBF policy only focused on Lightning Network and its security which will anyway remain same or become worse with multiple RBF policies?
>
> I think by nature of the Lightning Network being the most widely adopted Layer 2 project most of the focus has been on Lightning security. But contributors to other Layer 2 projects are free to flag and discuss security considerations that aren't Lightning specific.
>
> > Note: Bitcoin Knots policy is fully configurable, even in the GUI - users can readily choose whatever policy *they* want.
>
> The maintainer(s) and contributors to Bitcoin Knots are free to determine what default policy rules they want to implement (and make it easier for users to change those defaults) in the absence of those policy rules being made effective consensus rules. I suspect there would be strong opposition to making some policy rules effective consensus rules but we are now venturing again into future speculation and none of us have a crystal ball. Certainly if you take the view that these policy rules should never be made effective consensus rules then the fact there is at least one implementation taking a contrasting approach to Core is a good thing.
>
> --
> Michael Folkson
> Email: michaelfolkson at > protonmail.com <http://protonmail.com/>> Keybase: michaelfolkson
> PGP: 43ED C999 9F85 1D40 EAF4 9835 92D6 0159 214C FEE3
>
>
> ------- Original Message -------
> On Sunday, February 13th, 2022 at 6:09 AM, Prayank via Lightning-dev <lightning-dev@lists•linuxfoundation.org> wrote:
>
>
>> Hello World,
>>
>> There was a discussion about improving fee estimation in Bitcoin Core last year in which 'instagibbs' mentioned that we cannot consider mempool as an orderbook in which which everyone is bidding for block space because nodes can use different relay policies: https://bitcoin-irc.chaincode.com/bitcoin-core-dev/2021-09-22#706294;
>>
>> Although I still don't consider fee rates used in last few blocks relevant for fee estimation, it is possible that we have nodes with different relay policies.
>>
>> Similarly if we have different RBF policies being used by nodes in future, how would this affect the security of lightning network implementations and other layer 2 projects?
>>
>> Based on the things shared by 'aj' in
>> https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2022-February/019846.html it is possible for an attacker to use a different RBF policy with some nodes, 10% hash power and affect the security of different projects that rely on default RBF policy in latest Bitcoin Core.
>>
>> There was even a CVE in which RBF policy not being documented according to the implementation could affect the security of LN:
>> https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2021-May/018893.html
>>
>> 1.Is Lightning Network and a few other layer 2 projects vulnerable to multiple RBF policies being used?
>>
>> 2.With recent discussion to change things in default RBF policy used by Core, will we have multiple versions using different policies? Are users and especially miners incentivized to use different versions and policies? Do they have freedom to use different RBF policy?
>>
>> 3.Are the recent improvements suggested for RBF policy only focused on Lightning Network and its security which will anyway remain same or become worse with multiple RBF policies?
>>
>> Note: Bitcoin Knots policy is fully configurable, even in the GUI - users can readily choose whatever policy *they* want.
>>
>> --
>> Prayank
>>
>> A3B1 E430 2298 178F
>>
[-- Attachment #2: Type: text/html, Size: 12525 bytes --]
next prev parent reply other threads:[~2022-02-14 5:18 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-02-13 6:09 [bitcoin-dev] " Prayank
2022-02-13 15:46 ` [bitcoin-dev] [Lightning-dev] " Michael Folkson
2022-02-14 5:18 ` Prayank [this message]
2022-02-14 17:02 ` Michael Folkson
2022-02-14 17:59 ` Prayank
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Mvqek99--B-2@tutanota.de \
--to=prayank@tutanota$(echo .)de \
--cc=bitcoin-dev@lists$(echo .)linuxfoundation.org \
--cc=lightning-dev@lists$(echo .)linuxfoundation.org \
--cc=michaelfolkson@protonmail$(echo .)com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox