Return-Path: Received: from smtp2.osuosl.org (smtp2.osuosl.org [140.211.166.133]) by lists.linuxfoundation.org (Postfix) with ESMTP id 77DF8C0037; Fri, 29 Dec 2023 18:30:33 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp2.osuosl.org (Postfix) with ESMTP id 3E96840128; Fri, 29 Dec 2023 18:30:33 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org 3E96840128 X-Virus-Scanned: amavisd-new at osuosl.org X-Spam-Flag: NO X-Spam-Score: -1.902 X-Spam-Level: X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from smtp2.osuosl.org ([127.0.0.1]) by localhost (smtp2.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id elAhn303Sbeh; Fri, 29 Dec 2023 18:30:32 +0000 (UTC) X-Greylist: delayed 601 seconds by postgrey-1.37 at util1.osuosl.org; Fri, 29 Dec 2023 18:30:32 UTC DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org 0F443400FD Received: from smtpauth.rollernet.us (smtpauth.rollernet.us [IPv6:2607:fe70:0:3::d]) by smtp2.osuosl.org (Postfix) with ESMTPS id 0F443400FD; Fri, 29 Dec 2023 18:30:31 +0000 (UTC) Received: from smtpauth.rollernet.us (localhost [127.0.0.1]) by smtpauth.rollernet.us (Postfix) with ESMTP id 78DBE2800864; Fri, 29 Dec 2023 10:11:43 -0800 (PST) Received: from webmail.rollernet.us (webmail.rollernet.us [IPv6:2607:fe70:0:14::a]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (Client did not present a certificate) by smtpauth.rollernet.us (Postfix) with ESMTPSA; Fri, 29 Dec 2023 10:11:43 -0800 (PST) MIME-Version: 1.0 Date: Fri, 29 Dec 2023 08:11:43 -1000 From: "David A. Harding" To: jlspc , Bitcoin Protocol Discussion In-Reply-To: References: User-Agent: Roundcube Webmail/1.4.15 Message-ID: <62edca3a0c61b7dca5f7dcddf8e33f6a@dtrt.org> X-Sender: dave@dtrt.org Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit X-Rollernet-Abuse: Contact abuse@rollernet.us to report. Abuse policy: http://www.rollernet.us/policy X-Rollernet-Submit: Submit ID 46bc.658f0bdf.57331.0 Cc: lightning-dev@lists.linuxfoundation.org Subject: Re: [bitcoin-dev] Scaling Lightning Safely With Feerate-Dependent Timelocks X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Dec 2023 18:30:33 -0000 On 2023-12-28 08:06, jlspc via bitcoin-dev wrote: > On Friday, December 22nd, 2023 at 8:36 AM, Nagaev Boris > wrote: >> To validate a transaction with FDT [...] >> a light client would have to determine the median fee >> rate of the recent blocks. To do that without involving trust, it has >> to download the blocks. What do you think about including median >> feerate as a required OP_RETURN output in coinbase transaction? > > Yes, I think that's a great idea! I think this points to a small challenge of implementing this soft fork for pruned full nodes. Let's say a fee-dependent timelock (FDT) soft fork goes into effect at time/block _t_. Both before and for a while after _t_, Alice is running an older pruned full node that did not contain any FDT-aware code, so it prunes blocks after _t_ without storing any median feerate information about them (not even commitments in the coinbase transaction). Later, well after _t_, Alice upgrades her node to one that is aware of FDTs. Unfortunately, as a pruned node, it doesn't have earlier blocks, so it can't validate FDTs without downloading those earlier blocks. I think the simplest solution would be for a recently-upgrade node to begin collecting median feerates for new blocks going forward and to only enforce FDTs for which it has the data. That would mean anyone depending on FDTs should be a little more careful about them near activation time, as even some node versions that nominally enforced FDT consensus rules might not actually be enforcing them yet. Of course, if the above solution isn't satisfactory, upgraded pruned nodes could simply redownload old blocks or, with extensions to the P2P protocol, just the relevant parts of them (i.e., coinbase transactions or, with a soft fork, even just commitments made in coinbase transactions[1]). -Dave [1] An idea discussed for the segwit soft fork was requiring the witness merkle root OP_RETURN to be the final output of the coinbase transaction so that all chunks of the coinbase transaction before it could be "compressed" into a SHA midstate and then the midstate could be extended with the bytes of the OP_RETURN commitment to produce the coinbase transaction's txid, which could then be connected to the block header using the standard Bitcoin-style merkle inclusion proof. This would allow trailing commitments in even a very large coinbase transaction to be communicated in just a few hundred bytes (not including the size of the commitments themselves). This idea was left out of segwit because at least one contemporary model of ASIC miner had a hardware-enforced requirement to put a mining reward payout in the final output.