MIME-Version: 1.0
References: <CAD5xwhjFBjvkMKev_6HFRuRGcZUi7WjO5d963GNXWN4n-06Pqg@mail.gmail.com>
 <CALZpt+F9FScaLsvXUozdBL4Ss8r71-gtUS_Fh9i53cK_rSGBeA@mail.gmail.com>
 <20210810061441.6rg3quotiycomcp6@ganymede>
In-Reply-To: <20210810061441.6rg3quotiycomcp6@ganymede>
From: Antoine Riard <antoine.riard@gmail.com>
Date: Tue, 10 Aug 2021 18:37:48 -0400
Message-ID: <CALZpt+G0CRitWLwUTA+7NnnZWNNrsEmFTMW3VmFSQ=vzXZOQGA@mail.gmail.com>
To: "David A. Harding" <dave@dtrt.org>
Content-Type: multipart/alternative; boundary="00000000000085086205c93c2716"
Cc: Bitcoin development mailing list <bitcoin-dev@lists.linuxfoundation.org>,
 lightning-dev <lightning-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] [Lightning-dev] Removing the Dust Limit
Precedence: list

--00000000000085086205c93c2716
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

>  As developers, we have no
control over prevailing feerates, so this is a problem LN needs to deal
with regardless of Bitcoin Core's dust limit.

Right, as of today, we're going to trim-to-dust any commitment output of
which the value is inferior to the transaction owner's
`dust_limit_satoshis` plus the HTLC-claim (either success/timeout) fee at
the agreed on feerate. So the feerate is the most significant variable in
defining what's a LN *uneconomical output*.

IMO this approach presents annoying limitations. First, you still need to
come with an agreement among channel operators on the mempools feerate.
Such agreement might be problematic to find, as on one side you would like
to let your counterparty free to pick up a feerate gauged as efficient for
the confirmation of their transactions but at the same time not too high to
burn to fees your low-values HTLCs that *your* fee-estimator judged as sane
to claim.

Secondly, the trim-to-dust evaluation doesn't correctly match the lifetime
of the HTLC. A HTLC might be considered as dust at block 100, at which
mempools are full. Though its expiration only occurs at block 200, at which
mempools are empty and this HTLC is fine to claim again. I think this
inaccuracy will even become worse with a wider deployment of long-lived
routed packets over LN, such as DLCs or hodl invoices.

All this to say, if for those reasons LN devs remove feerate negotiation
from the trim-to-dust definition to a static feerate, it would likely put a
higher pressure on the full-nodes operators, as the number of uneconomical
outputs might increase.

(From a LN viewpoint, I would say we're trying to solve a price discovery
issue, namely the cost to write on the UTXO set, in a distributed system,
where any deviation from the "honest" price means you trust more your LN
counterparty)

> They could also use trustless probabalistic payments, which have been
discussed in the context of LN for handling the problem of payments too
small to be represented onchain since early 2016:
https://docs.google.com/presentation/d/1G4xchDGcO37DJ2lPC_XYyZIUkJc2khnLrCa=
ZXgvDN0U/edit?pref=3D2&pli=3D1#slide=3Did.g85f425098

Thanks to bringing to the surface probabilistic payments, yes that's a
worthy alternative approach for low-value payments to keep in mind.

Le mar. 10 ao=C3=BBt 2021 =C3=A0 02:15, David A. Harding <dave@dtrt.org> a =
=C3=A9crit :

> On Mon, Aug 09, 2021 at 09:22:28AM -0400, Antoine Riard wrote:
> > I'm pretty conservative about increasing the standard dust limit in any
> > way. This would convert a higher percentage of LN channels capacity int=
o
> > dust, which is coming with a lowering of funds safety [0].
>
> I think that reasoning is incomplete.  There are two related things here:
>
> - **Uneconomical outputs:** outputs that would cost more to spend than
>   the value they contain.
>
> - **Dust limit:** an output amount below which Bitcoin Core (and other
>   nodes) will not relay the transaction containing that output.
>
> Although raising the dust limit can have the effect you describe,
> increases in the minimum necessary feerate to get a transaction
> confirmed in an appropriate amount of time also "converts a higher
> percentage of LN channel capacity into dust".  As developers, we have no
> control over prevailing feerates, so this is a problem LN needs to deal
> with regardless of Bitcoin Core's dust limit.
>
> (Related to your linked thread, that seems to be about the risk of
> "burning funds" by paying them to a miner who may be a party to the
> attack.  There's plenty of other alternative ways to burn funds that can
> change the risk profile.)
>
> > the standard dust limit [...] introduces a trust vector
>
> My point above is that any trust vector is introduced not by the dust
> limit but by the economics of outputs being worth less than they cost to
> spend.
>
> > LN node operators might be willingly to compensate this "dust" trust
> vector
> > by relying on side-trust model
>
> They could also use trustless probabalistic payments, which have been
> discussed in the context of LN for handling the problem of payments too
> small to be represented onchain since early 2016:
>
> https://docs.google.com/presentation/d/1G4xchDGcO37DJ2lPC_XYyZIUkJc2khnLr=
CaZXgvDN0U/edit?pref=3D2&pli=3D1#slide=3Did.g85f425098_0_178
>
> (Probabalistic payments were discussed in the general context of Bitcoin
> well before LN was proposed, and Elements even includes an opcode for
> creating them.)
>
> > smarter engineering such as utreexo on the base-layer side
>
> Utreexo doesn't solve this problem.  Many nodes (such as miners) will
> still want to store the full UTXO set and access it quickly,  Utreexo
> proofs will grow in size with UTXO set size (though, at best, only
> log(n)), so full node operators will still not want their bandwidth
> wasted by people who create UTXOs they have no reason to spend.
>
> > I think the status quo is good enough for now
>
> I agree.
>
> -Dave
>

--00000000000085086205c93c2716
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">&gt; =C2=A0As developers, we have no<br>control over preva=
iling feerates, so this is a problem LN needs to deal<br>with regardless of=
 Bitcoin Core&#39;s dust limit.<br><br>Right, as of today, we&#39;re going =
to trim-to-dust any commitment output of which the value is inferior to the=
 transaction owner&#39;s `dust_limit_satoshis` plus the HTLC-claim (either =
success/timeout) fee at the agreed on feerate. So the feerate is the most s=
ignificant variable in defining what&#39;s a LN *uneconomical output*.<br><=
br>IMO this approach presents annoying limitations. First, you still need t=
o come with an agreement among channel operators on the mempools feerate. S=
uch agreement might be problematic to find, as on one side you would like t=
o let your counterparty free to pick up a feerate gauged as efficient for t=
he confirmation of their transactions but at the same time not too high to =
burn to fees your low-values HTLCs that *your* fee-estimator judged as sane=
 to claim.<br><br>Secondly, the trim-to-dust evaluation doesn&#39;t correct=
ly match the lifetime of the HTLC. A HTLC might be considered as dust at bl=
ock 100, at which mempools are full. Though its expiration only occurs at b=
lock 200, at which mempools are empty and this HTLC is fine to claim again.=
 I think this inaccuracy will even become worse with a wider deployment of =
long-lived routed packets over LN, such as DLCs or hodl invoices.<br><br>Al=
l this to say, if for those reasons LN devs remove feerate negotiation from=
 the trim-to-dust definition to a static feerate, it would likely put a hig=
her pressure on the full-nodes operators, as the number of uneconomical out=
puts might increase.<br><br>(From a LN viewpoint, I would say we&#39;re try=
ing to solve a price discovery issue, namely the cost to write on the UTXO =
set, in a distributed system, where any deviation from the &quot;honest&quo=
t; price means you trust more your LN counterparty)<br><br>&gt; They could =
also use trustless probabalistic payments, which have been<br>discussed in =
the context of LN for handling the problem of payments too<br>small to be r=
epresented onchain since early 2016:<br><a href=3D"https://docs.google.com/=
presentation/d/1G4xchDGcO37DJ2lPC_XYyZIUkJc2khnLrCaZXgvDN0U/edit?pref=3D2&a=
mp;pli=3D1#slide=3Did.g85f425098">https://docs.google.com/presentation/d/1G=
4xchDGcO37DJ2lPC_XYyZIUkJc2khnLrCaZXgvDN0U/edit?pref=3D2&amp;pli=3D1#slide=
=3Did.g85f425098</a><br><br>Thanks to bringing to the surface probabilistic=
 payments, yes that&#39;s a worthy alternative approach for low-value payme=
nts to keep in mind.<br></div><br><div class=3D"gmail_quote"><div dir=3D"lt=
r" class=3D"gmail_attr">Le=C2=A0mar. 10 ao=C3=BBt 2021 =C3=A0=C2=A002:15, D=
avid A. Harding &lt;<a href=3D"mailto:dave@dtrt.org">dave@dtrt.org</a>&gt; =
a =C3=A9crit=C2=A0:<br></div><blockquote class=3D"gmail_quote" style=3D"mar=
gin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1=
ex">On Mon, Aug 09, 2021 at 09:22:28AM -0400, Antoine Riard wrote:<br>
&gt; I&#39;m pretty conservative about increasing the standard dust limit i=
n any<br>
&gt; way. This would convert a higher percentage of LN channels capacity in=
to<br>
&gt; dust, which is coming with a lowering of funds safety [0]. <br>
<br>
I think that reasoning is incomplete.=C2=A0 There are two related things he=
re:<br>
<br>
- **Uneconomical outputs:** outputs that would cost more to spend than<br>
=C2=A0 the value they contain.<br>
<br>
- **Dust limit:** an output amount below which Bitcoin Core (and other<br>
=C2=A0 nodes) will not relay the transaction containing that output.<br>
<br>
Although raising the dust limit can have the effect you describe, <br>
increases in the minimum necessary feerate to get a transaction<br>
confirmed in an appropriate amount of time also &quot;converts a higher<br>
percentage of LN channel capacity into dust&quot;.=C2=A0 As developers, we =
have no<br>
control over prevailing feerates, so this is a problem LN needs to deal<br>
with regardless of Bitcoin Core&#39;s dust limit.<br>
<br>
(Related to your linked thread, that seems to be about the risk of<br>
&quot;burning funds&quot; by paying them to a miner who may be a party to t=
he<br>
attack.=C2=A0 There&#39;s plenty of other alternative ways to burn funds th=
at can<br>
change the risk profile.)<br>
<br>
&gt; the standard dust limit [...] introduces a trust vector <br>
<br>
My point above is that any trust vector is introduced not by the dust<br>
limit but by the economics of outputs being worth less than they cost to<br=
>
spend.<br>
<br>
&gt; LN node operators might be willingly to compensate this &quot;dust&quo=
t; trust vector<br>
&gt; by relying on side-trust model<br>
<br>
They could also use trustless probabalistic payments, which have been<br>
discussed in the context of LN for handling the problem of payments too<br>
small to be represented onchain since early 2016:<br>
<a href=3D"https://docs.google.com/presentation/d/1G4xchDGcO37DJ2lPC_XYyZIU=
kJc2khnLrCaZXgvDN0U/edit?pref=3D2&amp;pli=3D1#slide=3Did.g85f425098_0_178" =
rel=3D"noreferrer" target=3D"_blank">https://docs.google.com/presentation/d=
/1G4xchDGcO37DJ2lPC_XYyZIUkJc2khnLrCaZXgvDN0U/edit?pref=3D2&amp;pli=3D1#sli=
de=3Did.g85f425098_0_178</a><br>
<br>
(Probabalistic payments were discussed in the general context of Bitcoin<br=
>
well before LN was proposed, and Elements even includes an opcode for<br>
creating them.)<br>
<br>
&gt; smarter engineering such as utreexo on the base-layer side <br>
<br>
Utreexo doesn&#39;t solve this problem.=C2=A0 Many nodes (such as miners) w=
ill<br>
still want to store the full UTXO set and access it quickly,=C2=A0 Utreexo<=
br>
proofs will grow in size with UTXO set size (though, at best, only<br>
log(n)), so full node operators will still not want their bandwidth<br>
wasted by people who create UTXOs they have no reason to spend.<br>
<br>
&gt; I think the status quo is good enough for now<br>
<br>
I agree.<br>
<br>
-Dave<br>
</blockquote></div>

--00000000000085086205c93c2716--