Return-Path: Received: from smtp1.osuosl.org (smtp1.osuosl.org [140.211.166.138]) by lists.linuxfoundation.org (Postfix) with ESMTP id DB196C007A for ; Fri, 22 Apr 2022 01:10:38 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp1.osuosl.org (Postfix) with ESMTP id B550382E29 for ; Fri, 22 Apr 2022 01:10:38 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org X-Spam-Flag: NO X-Spam-Score: -1.697 X-Spam-Level: X-Spam-Status: No, score=-1.697 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=no autolearn_force=no Authentication-Results: smtp1.osuosl.org (amavisd-new); dkim=neutral reason="invalid (public key: not available)" header.d=shesek.info Received: from smtp1.osuosl.org ([127.0.0.1]) by localhost (smtp1.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wfGhAe9x-yM7 for ; Fri, 22 Apr 2022 01:10:37 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.8.0 Received: from mail-io1-xd35.google.com (mail-io1-xd35.google.com [IPv6:2607:f8b0:4864:20::d35]) by smtp1.osuosl.org (Postfix) with ESMTPS id 9B5AE82998 for ; Fri, 22 Apr 2022 01:10:37 +0000 (UTC) Received: by mail-io1-xd35.google.com with SMTP id n134so7160510iod.5 for ; Thu, 21 Apr 2022 18:10:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=shesek.info; s=shesek; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=XW6RgdtGgS6VHjo+nBQirlzLEBU4Ebdne+m4VxtniOY=; b=ZTm7VanZDA0JoC/zbZY8dgwOayYWtH7+WUfN4IqkwSTk3Vh11+uz7m67ujZkTzaS6k Thm1vatdwfw7V9EvYePZORVj7Xya4N6KzIlAnev3fG1KOLVlfZiZzWUcXCr2IPKbeJoO S5/O8DXqZWObU5Ur3uHY77aoN4Ft9HyV2VapQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=XW6RgdtGgS6VHjo+nBQirlzLEBU4Ebdne+m4VxtniOY=; b=eAAYzFuhmWRD01slW36rJXSilaTGbuEwwJyuvXzNz3X2t4Y9x7DGSuKteoiAHjatWZ sAvtFWk6o65OooahfamTwxKyTEKibMG76LUdqB+sTOdGViIN1LSl+ihZ/Y2/3HiYGnZm bk/kdpQ8lnvrovzlKghBWC3BZRg1C495GxDGeGfTedHHHxdOx/AY5mNVQjq06SfbfkeS cwvpFybKTsrk+Vjj+UgtM9BjGauBOuwHZiLQfPSKb2hmtAcg9dtTjFspV5eREpIIZ/vd JhWQ0y+n+bn9+qYiBJZyxQDX773J8ozabFal7XyVEgjG16EUA3G07PsouxZ627vWVXPq YPpw== X-Gm-Message-State: AOAM531cQtKJHqzRd+VTx2a49NPvKHJMMctHxvXyzq0xZQC6hcZvrqvd zhlfKkB3JxWteiXTnZJNVLJZO9rRYKbU1CLU6L5VldjQdm0j6djd X-Google-Smtp-Source: ABdhPJz9DnynGFu7VlLRoYDbPprhrxl1ZNjzIa+mGpx+j3kfG9oX+HC+nNOp4Np5wv4b2lasx9gKjYF5PyWG9K5cxhI= X-Received: by 2002:a05:6602:482:b0:614:b990:28c9 with SMTP id y2-20020a056602048200b00614b99028c9mr1045143iov.6.1650589836474; Thu, 21 Apr 2022 18:10:36 -0700 (PDT) MIME-Version: 1.0 References: <20220421050351.GA5616@erisian.com.au> <20220422005804.GC5616@erisian.com.au> In-Reply-To: <20220422005804.GC5616@erisian.com.au> From: Nadav Ivgi Date: Fri, 22 Apr 2022 04:10:25 +0300 Message-ID: To: Anthony Towns , Bitcoin Protocol Discussion Content-Type: multipart/alternative; boundary="000000000000df8d4705dd33e436" X-Mailman-Approved-At: Fri, 22 Apr 2022 07:55:54 +0000 Subject: Re: [bitcoin-dev] CTV Signet Parameters X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Apr 2022 01:10:39 -0000 --000000000000df8d4705dd33e436 Content-Type: text/plain; charset="UTF-8" > nobody's going to benefit from that possibility anyway. James O'Beirne's simple-ctv-vault appears to be using bare CTV outputs: https://github.com/jamesob/simple-ctv-vault/blob/7dd6c4ca25debb2140cdefb79b302c65d1b24937/main.py#L217-L218 https://github.com/jamesob/simple-ctv-vault/blob/7dd6c4ca25debb2140cdefb79b302c65d1b24937/main.py#L324-L325 I guess this suggests that it was not tested on signet? On Fri, Apr 22, 2022 at 3:58 AM Anthony Towns via bitcoin-dev < bitcoin-dev@lists.linuxfoundation.org> wrote: > On Thu, Apr 21, 2022 at 10:05:20AM -0500, Jeremy Rubin via bitcoin-dev > wrote: > > I can probably make some show up sometime soon. Note that James' vault > uses > > one at the top-level https://github.com/jamesob/simple-ctv-vault, but I > > think the second use of it (since it's not segwit wrapped) wouldn't be > > broadcastable since it's nonstandard. > > The whole point of testing is so that bugs like "wouldn't be broadcastable > since it's nonstandard" get fixed. If these things are still in the > "interesting thought experiment" stage, but nobody but Jeremy is > interested enough to start making them consistent with the proposed > consensus and policy rules, it seems very premature to be changing > consensus or policy rules. > > > One case where you actually use less space is if you have a few different > > sets of customers at N different fee priority level. Then, you might need > > to have N independent batches, or risk overpaying against the customer's > > priority level. Imagine I have 100 tier 1 customers and 1000 tier 2 > > customers. If I batcher tier 1 with tier 2, to provide tier 1 guarantees > > I'd need to pay tier 1 rate for 10x the customers. With CTV, I can > combine > > my batch into a root and N batch outputs. This eliminates the need for > > inputs, signatures, change outputs, etc per batch, and can be slightly > > smaller. Since the marginal benefit on that is still pretty small, having > > bare CTV improves the margin of byte wise saving. > > Bare CTV only saves bytes when *spending* -- but this is when you're > creating the 1100 outputs, so an extra 34 or 67 bytes of witness data > seems fairly immaterial (0.05% extra vbytes?). It doesn't make the small > commitment tx any smaller. > > ie, scriptPubKey looks like: > - bare ctv: [push][32 bytes][op_nop4] > - p2wsh: [op_0][push][32 bytes] > - p2tr: [op_1][push][32 bytes] > > while witness data looks like: > - bare ctv: empty scriptSig, no witness > - pw2sh: empty scriptSig, witness = "[push][32 bytes][op_nop4]" > - p2tr: empty scriptSig, witness = 33B control block, > "[push][32 bytes][op_nop4]" > > You might get more a benefit from bare ctv if you don't pay all 1100 > outputs in a single tx when fees go lower; but if so, you're also wasting > quite a bit more block space in that case due to the intermediate > transactions you're introducing, which makes it seem unlikely that > you care about the extra 9 or 17 vbytes bare CTV would save you per > intermediate tx... > > I admit that I am inclined towards micro-optimising things to save > those bytes if it's easy, which does incline me towards bare CTV; but > the closest thing we have to real user data suggests that nobody's going > to benefit from that possibility anyway. > > > Even if we got rid of bare ctv, segwit v0 CTV would still exist, so we > > couldn't use OP_SUCCESSx there either. segwitv0 might be desired if > someone > > has e.g. hardware modules or MPC Threshold Crypto that only support ECDSA > > signatures, but still want CTV. > > If you desire new features, then you might have to upgrade old hardware > that can't support them. > > Otherwise that would be an argument to never use OP_SUCCESSx: someone > might want to use whatever new feature we might imagine on hardware that > only supports ECDSA signatures. > > Cheers, > aj > _______________________________________________ > bitcoin-dev mailing list > bitcoin-dev@lists.linuxfoundation.org > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev > --000000000000df8d4705dd33e436 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
> nobody's going to benefit from that possibil= ity anyway.

= =C2=A0James O'Beirne's simple-ctv-vault appears to be using bare CT= V outputs:

=

I guess this suggests that it was not tested on signet?
=
<= /div>

On Thu, Apr 21, 2022 at 10:05:20AM -0500, Jeremy= Rubin via bitcoin-dev wrote:
> I can probably make some show up sometime soon. Note that James' v= ault uses
> one at the top-level https://github.com/jamesob/simp= le-ctv-vault, but I
> think the second use of it (since it's not segwit wrapped) wouldn&= #39;t be
> broadcastable since it's nonstandard.

The whole point of testing is so that bugs like "wouldn't be broad= castable
since it's nonstandard" get fixed. If these things are still in th= e
"interesting thought experiment" stage, but nobody but Jeremy is<= br> interested enough to start making them consistent with the proposed
consensus and policy rules, it seems very premature to be changing
consensus or policy rules.

> One case where you actually use less space is if you have a few differ= ent
> sets of customers at N different fee priority level. Then, you might n= eed
> to have N independent batches, or risk overpaying against the customer= 's
> priority level. Imagine I have 100 tier 1 customers and 1000 tier 2 > customers. If I batcher tier 1 with tier 2, to provide tier 1 guarante= es
> I'd need to pay tier 1 rate for 10x the customers. With CTV, I can= combine
> my batch into a root and N batch outputs. This eliminates the need for=
> inputs, signatures, change outputs, etc per batch, and can be slightly=
> smaller. Since the marginal benefit on that is still pretty small, hav= ing
> bare CTV improves the margin of byte wise saving.

Bare CTV only saves bytes when *spending* -- but this is when you're creating the 1100 outputs, so an extra 34 or 67 bytes of witness data
seems fairly immaterial (0.05% extra vbytes?). It doesn't make the smal= l
commitment tx any smaller.

ie, scriptPubKey looks like:
=C2=A0- bare ctv: [push][32 bytes][op_nop4]
=C2=A0- p2wsh: [op_0][push][32 bytes]
=C2=A0- p2tr: [op_1][push][32 bytes]

while witness data looks like:
=C2=A0- bare ctv: empty scriptSig, no witness
=C2=A0- pw2sh: empty scriptSig, witness =3D "[push][32 bytes][op_nop4]= "
=C2=A0- p2tr: empty scriptSig, witness =3D 33B control block,
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0"[push][32 bytes][op_nop4]"

You might get more a benefit from bare ctv if you don't pay all 1100 outputs in a single tx when fees go lower; but if so, you're also wasti= ng
quite a bit more block space in that case due to the intermediate
transactions you're introducing, which makes it seem unlikely that
you care about the extra 9 or 17 vbytes bare CTV would save you per
intermediate tx...

I admit that I am inclined towards micro-optimising things to save
those bytes if it's easy, which does incline me towards bare CTV; but the closest thing we have to real user data suggests that nobody's goin= g
to benefit from that possibility anyway.

> Even if we got rid of bare ctv, segwit v0 CTV would still exist, so we=
> couldn't use OP_SUCCESSx there either. segwitv0 might be desired i= f someone
> has e.g. hardware modules or MPC Threshold Crypto that only support EC= DSA
> signatures, but still want CTV.

If you desire new features, then you might have to upgrade old hardware
that can't support them.

Otherwise that would be an argument to never use OP_SUCCESSx: someone
might want to use whatever new feature we might imagine on hardware that only supports ECDSA signatures.

Cheers,
aj
_______________________________________________
bitcoin-dev mailing list
= bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mail= man/listinfo/bitcoin-dev
--000000000000df8d4705dd33e436--