Return-Path: Received: from smtp1.osuosl.org (smtp1.osuosl.org [140.211.166.138]) by lists.linuxfoundation.org (Postfix) with ESMTP id CF1D7C002D for ; Thu, 20 Oct 2022 13:42:43 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp1.osuosl.org (Postfix) with ESMTP id A28E383FE8 for ; Thu, 20 Oct 2022 13:42:43 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp1.osuosl.org A28E383FE8 Authentication-Results: smtp1.osuosl.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20210112 header.b=cA9sEv3E X-Virus-Scanned: amavisd-new at osuosl.org X-Spam-Flag: NO X-Spam-Score: -1.838 X-Spam-Level: X-Spam-Status: No, score=-1.838 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01] autolearn=ham autolearn_force=no Received: from smtp1.osuosl.org ([127.0.0.1]) by localhost (smtp1.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Qh2BwSF9Hnxx for ; Thu, 20 Oct 2022 13:42:41 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.8.0 DKIM-Filter: OpenDKIM Filter v2.11.0 smtp1.osuosl.org 4D72683F97 Received: from mail-ej1-x62d.google.com (mail-ej1-x62d.google.com [IPv6:2a00:1450:4864:20::62d]) by smtp1.osuosl.org (Postfix) with ESMTPS id 4D72683F97 for ; Thu, 20 Oct 2022 13:42:41 +0000 (UTC) Received: by mail-ej1-x62d.google.com with SMTP id ot12so47587292ejb.1 for ; Thu, 20 Oct 2022 06:42:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=LXPzLEjH+84ENL2Mx03JYST5hku5Rvs7bB1ExCJtz0c=; b=cA9sEv3EmpAHLqQzVh1J3iPIvWiI5koz/KcGINe+NROOnr7T2J5e46nhWKAUzyRqRZ 1ZQQkb31a/fpVKt6/o32PJeV5bCd2KWSsR/VxMsH0SlQ2z2hf9omJ4kjbSm4dragfKqn BCfrQgRi4taIHACuMbX6O0KfjxiPXy3pGXCfs71paq0Lbj1yB1iPGw/lVYMb0ExmyYc3 9ldDYmONWZARC25yVnzZyzdGggCTO22dcaunM4ChvQpYQK22c2ZTCC6aZIwoUh+Gkkh0 G/kxbFUuHDmp/6zrBACyOSXf4BRVATdh8fHJc7+XAtRScCOzvFBhR3fjF+4iipkEvzN7 Ub5w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=LXPzLEjH+84ENL2Mx03JYST5hku5Rvs7bB1ExCJtz0c=; b=JuH4Qy4UD7AiCInQlJFqlHZ/C3/P4zEHMqWVG6+cAM8bWN5z+wV2R9Kbj0ns/M2Am2 nqS9I3UTKBd4bJArvonPb2dO6IjoNCEWOF20zgXRh4mPUgQdhv0RCb3cGGwmbyPdjcR6 1CCjyQzrpYBerCGTxzLB/zhJGjK7hjxxykam805yk4tPmZaviCMIGBdmp0AJVoG48bVh lE6iDxC7ZZDbbG5nNrM88PzZb21y5/0krhBU+FZCpcbPkJyTyvCBO1gKaxNB9cxa0qBK 5qvdrWrzzmnaZsOaODMw87lsXgqvEtnnuemAyXbH7Eu69eWJRd69hF3dKxYCcRRQ5lH7 Vuzw== X-Gm-Message-State: ACrzQf0UV4Qq3UgHu2UkQ1x26s5EdSoAgZfVKd9/cPFV6Kh6wZofee6G pVF50juHxloctoBvZplLJbb1BVeHRdcW9doxOvHYOcuT X-Google-Smtp-Source: AMsMyM5hGVNVZJo02C9qcmxpdtLGtj3Aa+vnWCK1wyGeoXAEH4srMb5jkJPdGBw67Xj8E2kfT5i8kpi7IEb0KhBqpbU= X-Received: by 2002:a17:907:a47:b0:780:6883:2a37 with SMTP id be7-20020a1709070a4700b0078068832a37mr10928757ejc.219.1666273359171; Thu, 20 Oct 2022 06:42:39 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Greg Sanders Date: Thu, 20 Oct 2022 09:42:26 -0400 Message-ID: To: "James O'Beirne" Content-Type: multipart/alternative; boundary="000000000000ac162305eb777f1a" Cc: Jeremy Rubin , Bitcoin Protocol Discussion Subject: Re: [bitcoin-dev] Ephemeral Anchors: Fixing V3 Package RBF againstpackage limit pinning X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Oct 2022 13:42:44 -0000 --000000000000ac162305eb777f1a Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable So it doesn't look like I'm ignoring a good question: No solid noninteractive ideas, unless we get some very flexible sighash softfork. Interactively, I think you can get collaborative fee bumps under the current consensus regime and ephemeral anchors. The child will just be built with inputs from different people. On Wed, Oct 19, 2022 at 11:12 AM James O'Beirne wrote: > I'm also very happy to see this proposal, since it gets us closer to > having a mechanism that allows the contribution to feerate in an > "unauthenticated" way, which seems to be a very helpful feature for vault= s > and other contracting protocols. > > One possible advantage of the sponsors interface -- and I'm curious for > your input here Greg -- is that with sponsors, assuming we relaxed the "o= ne > sponsor per sponsoree" constraint, multiple uncoordinated parties can > collaboratively bump a tx's feerate. A simple example would be a batch > withdrawal from an exchange could be created with a low feerate, and then > multiple users with a vested interest of expedited confirmation could all > "chip in" to raise the feerate with multiple sponsor transactions. > > Having a single ephemeral output seems to create a situation where a > single UTXO has to shoulder the burden of CPFPing a package. Is there som= e > way we could (possibly later) amend the ephemeral anchor interface to all= ow > for this kind of collaborative sponsoring? Could you maybe see "chained" > ephemeral anchors that would allow this? > > > On Tue, Oct 18, 2022 at 12:52 PM Jeremy Rubin via bitcoin-dev < > bitcoin-dev@lists.linuxfoundation.org> wrote: > >> Excellent proposal and I agree it does capture much of the spirit of >> sponsors w.r.t. how they might be used for V3 protocols. >> >> The only drawbacks I see is they don't work for lower tx version >> contracts, so there's still something to be desired there, and that the >> requirement to sweep the output must be incentive compatible for the min= er, >> or else they won't enforce it (pass the buck onto the future bitcoiners)= . >> The Ephemeral UTXO concept can be a consensus rule (see >> https://rubin.io/public/pdfs/multi-txn-contracts.pdf "Intermediate >> UTXO") we add later on in lieu of managing them by incentive, so maybe i= t's >> a cleanup one can punt. >> >> One question I have is if V3 is designed for lightning, and this is >> designed for lightning, is there any sense in requiring these outputs fo= r >> v3? That might help with e.g. anonymity set, as well as potentially keep >> the v3 surface smaller. >> >> On Tue, Oct 18, 2022 at 11:51 AM Greg Sanders via bitcoin-dev < >> bitcoin-dev@lists.linuxfoundation.org> wrote: >> >>> > does that effectively mark output B as unspendable once the child get= s >>> confirmed? >>> >>> Not at all. It's a normal spend like before, since the parent has been >>> confirmed. It's completely unrestricted, not being bound to any >>> V3/ephemeral anchor restrictions on size, version, etc. >>> >>> On Tue, Oct 18, 2022 at 11:47 AM Arik Sosman via bitcoin-dev < >>> bitcoin-dev@lists.linuxfoundation.org> wrote: >>> >>>> Hi Greg, >>>> >>>> Thank you very much for sharing your proposal! >>>> >>>> I think there's one thing about the second part of your proposal that >>>> I'm missing. Specifically, assuming the scenario of a v3 transaction w= ith >>>> three outputs, A, B, and the ephemeral anchor OP_TRUE. If a child >>>> transaction spends A and OP_TRUE, does that effectively mark output B = as >>>> unspendable once the child gets confirmed? If so, isn't the implicatio= n >>>> therefore that to safely spend a transaction with an ephemeral anchor,= all >>>> outputs must be spent? Thanks! >>>> >>>> Best, >>>> Arik >>>> >>>> On Tue, Oct 18, 2022, at 6:52 AM, Greg Sanders via bitcoin-dev wrote: >>>> >>>> Hello Everyone, >>>> >>>> Following up on the "V3 Transaction" discussion here >>>> https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2022-September= /020937.html >>>> , I would like to elaborate a bit further on some potential follow-on = work >>>> that would make pinning severely constrained in many setups]. >>>> >>>> V3 transactions may solve bip125 rule#3 and rule#5 pinning attacks >>>> under some constraints[0]. This means that when a replacement is to be= made >>>> and propagated, it costs the expected amount of fees to do so. This is= a >>>> great start. What's left in this subset of pinning is *package limit* >>>> pinning. In other words, a fee-paying transaction cannot enter the mem= pool >>>> due to the existing mempool package it is being added to already being= too >>>> large in count or vsize. >>>> >>>> Zooming into the V3 simplified scenario for sake of discussion, though >>>> this problem exists in general today: >>>> >>>> V3 transactions restrict the package limit of a V3 package to one >>>> parent and one child. If the parent transaction includes two outputs w= hich >>>> can be immediately spent by separate parties, this allows one party to >>>> disallow a spend from the other. In Gloria's proposal for ln-penalty, = this >>>> is worked around by reducing the number of anchors per commitment >>>> transaction to 1, and each version of the commitment transaction has a >>>> unique party's key on it. The honest participant can spend their versi= on >>>> with their anchor and package RBF the other commitment transaction saf= ely. >>>> >>>> What if there's only one version of the commitment transaction, such a= s >>>> in other protocols like duplex payment channels, eltoo? What about mul= ti >>>> party payments? >>>> >>>> In the package RBF proposal, if the parent transaction is identical to >>>> an existing transaction in the mempool, the parent will be detected an= d >>>> removed from the package proposal. You are then left with a single V3 = child >>>> transaction, which is then proposed for entry into the mempool. In the= case >>>> of another parent output already being spent, this is simply rejected, >>>> regardless of feerate of the new child. >>>> >>>> I have two proposed solutions, of which I strongly prefer the latter: >>>> >>>> 1) Expand a carveout for "sibling eviction", where if the new child is >>>> paying "enough" to bump spends from the same parent, it knocks its sib= ling >>>> out of the mempool and takes the one child slot. This would solve it, = but >>>> is a new eviction paradigm that would need to be carefully worked thro= ugh. >>>> >>>> 2) Ephemeral Anchors (my real policy-only proposal) >>>> >>>> Ephemeral Anchors is a term which means an output is watermarked as an >>>> output that MUST be spent in a V3 package. We mark this anchor by bein= g the >>>> bare script `OP_TRUE` and of course make these outputs standard to rel= ay >>>> and spend with empty witness data. >>>> >>>> Also as a simplifying assumption, we require the parent transaction >>>> with such an output to be 0-fee. This makes mempool reasoning simpler = in >>>> case the child-spend is somehow evicted, guaranteeing the parent will = be as >>>> well. >>>> >>>> Implications: >>>> >>>> a) If the ephemeral anchor MUST be spent, we can allow *any* value, >>>> even dust, even 0, without worrying about bloating the utxo set. We re= lax >>>> this policy for maximum smart contract flexibility and specification >>>> simplicity.. >>>> >>>> b) Since this anchor MUST be spent, any spending of other outputs in >>>> the same parent transaction MUST directly double-spend prior spends of= the >>>> ephemeral anchor. This causes the 1 block CSV timelock on outputs to b= e >>>> removed in these situations. This greatly magnifies composability of s= mart >>>> contracts, as now we can do things like safely splice directly into ne= w >>>> channels, into statechains, your custodial wallet account, your cold >>>> wallet, wherever, without requiring other wallets to support arbitrary >>>> scripts. Also it hurts that 1 CSV time locked scripts may not be minis= cript >>>> compatible to begin with... >>>> >>>> c) *Anyone* can bump the transaction, without any transaction key >>>> material. This is essentially achieving Jeremy's Transaction Sponsors = ( >>>> https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2020-September= /018168.html) >>>> proposal without consensus changes. As long as someone gets a fully si= gned >>>> parent, they can execute a bump with minimal wallet tooling. If a >>>> transaction author doesn=E2=80=99t want a =E2=80=9Csponsor=E2=80=9D, d= o not include the output. >>>> >>>> d) Lightning Carve-out( >>>> https://lists.linuxfoundation.org/pipermail/lightning-dev/2019-October= /002240.html) >>>> is superseded by this logic, as we are not restricted to two immediate= ly >>>> spendable output scenarios. In its place, robust multi-party fee bumpi= ng is >>>> possible. >>>> >>>> e) This also benefits more traditional wallet scenarios, as change >>>> outputs can no longer be pinned, and RBF/CPFP becomes robust. Payees i= n >>>> simple spends cannot pin you. Batched payouts become a lot less painfu= l. >>>> This was one of the motivating use cases that created the term =E2=80= =9Cpinning=E2=80=9D in >>>> the first place( >>>> https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2018-February/= 015717.html), >>>> even if LN/L2 discussion has largely overtaken it due to HTLC theft ri= sks. >>>> >>>> Open Question(s): >>>> >>>> >>>> 1. >>>> >>>> If we allow non-zero value in ephemeral outputs, does this open up >>>> a MEV we are worried about? Wallets should toss all the value direc= tly to >>>> fees, and add their own additional fees on top, otherwise miners ha= ve >>>> incentive to make the smallest utxo burn transaction to claim those= funds. >>>> They just confirmed your parent transaction anyways, so do we care? >>>> 2. >>>> >>>> SIGHASH_GROUP like constructs would allow uncommitted ephemeral >>>> anchors to be added at spend time, depending on spending requiremen= ts. >>>> SIGHASH_SINGLE already allows this. >>>> >>>> >>>> >>>> >>>> Hopefully this gives people something to consider as we move forward i= n >>>> thinking about mempool design within the constraints we have today. >>>> >>>> >>>> Greg >>>> >>>> 0: With V3 transactions where you have "veto power" over all the input= s >>>> in that transaction. Therefore something like ANYONECANPAY is still br= oken. >>>> We need a more complex solution, which I=E2=80=99m punting for the sak= e of progress. >>>> _______________________________________________ >>>> bitcoin-dev mailing list >>>> bitcoin-dev@lists.linuxfoundation.org >>>> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev >>>> >>>> >>>> _______________________________________________ >>>> bitcoin-dev mailing list >>>> bitcoin-dev@lists.linuxfoundation.org >>>> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev >>>> >>> _______________________________________________ >>> bitcoin-dev mailing list >>> bitcoin-dev@lists.linuxfoundation.org >>> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev >>> >> _______________________________________________ >> bitcoin-dev mailing list >> bitcoin-dev@lists.linuxfoundation.org >> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev >> > --000000000000ac162305eb777f1a Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
So it doesn't look like I'm ignoring a good questi= on:

No solid noninteractive ideas, unless we get some ve= ry flexible sighash softfork. Interactively, I think you can get collaborat= ive fee bumps under the current consensus regime and ephemeral=C2=A0anchors= . The child will just be built with inputs from different people.

On W= ed, Oct 19, 2022 at 11:12 AM James O'Beirne <james.obeirne@gmail.com> wrote:
I'm al= so very happy to see this proposal, since it gets us closer to having a mec= hanism that allows the contribution to feerate in an "unauthenticated= " way, which seems to be a very helpful feature for vaults and other c= ontracting protocols.

One possible advantage of th= e sponsors interface -- and I'm curious for your input here Greg -- is = that with sponsors, assuming we relaxed the "one sponsor per sponsoree= " constraint, multiple uncoordinated parties can collaboratively bump = a tx's feerate. A simple example would be a batch withdrawal from an ex= change could be created with a low feerate, and then multiple users with a = vested interest of expedited confirmation could all "chip in" to = raise the feerate with multiple sponsor transactions.

Having a single ephemeral output seems to create a situation where= a single UTXO has to shoulder the burden of CPFPing a package. Is there so= me way we could (possibly later) amend the ephemeral anchor interface to al= low for this kind of collaborative sponsoring? Could you maybe see "ch= ained" ephemeral anchors that would allow this?


On Tue, Oct 18, 2022 at 12:52 PM Jeremy Rubin via bitcoin-dev <bitcoin= -dev@lists.linuxfoundation.org> wrote:
Excellent proposal and I agree it does capture much of the spirit o= f sponsors w.r.t. how they might be used for V3 protocols.

The= only drawbacks I see=C2=A0is they don't work for lower tx version cont= racts, so there's still something to be desired there, and that the req= uirement to sweep the output must be incentive compatible for the miner, or= else they won't enforce it (pass the buck onto the future bitcoiners).= The Ephemeral UTXO concept can be a consensus rule (see=C2=A0https= ://rubin.io/public/pdfs/multi-txn-contracts.pdf "Intermediate UTXO= ") we add later on in lieu of managing them by incentive, so maybe it&= #39;s a cleanup one can punt.

=
One question I have is if V3 is d= esigned for lightning, and this is designed for lightning, is there any sen= se in requiring these outputs for v3? That might help with e.g. anonymity s= et, as well as potentially keep the v3 surface smaller.

On Tue, Oct 18= , 2022 at 11:51 AM Greg Sanders via bitcoin-dev <bitcoin-dev@lists.linux= foundation.org> wrote:
> does that effectively mark output B as = unspendable once the child gets confirmed?

Not at all. I= t's a normal spend like before, since the parent has been confirmed. It= 's completely unrestricted, not being bound to any V3/ephemeral anchor = restrictions on size, version, etc.

On Tue, Oct 18, 2022 at 11:47 AM A= rik Sosman via bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org>= ; wrote:
Hi Greg,

Thank you very much fo= r sharing your proposal!

I think there's one t= hing about the second part of your proposal that I'm missing. Specifica= lly, assuming the scenario of a v3 transaction with three outputs, A, B, an= d the ephemeral anchor OP_TRUE. If a child transaction spends A and OP_TRUE= , does that effectively mark output B as unspendable once the child gets co= nfirmed? If so, isn't the implication therefore that to safely spend a = transaction with an ephemeral anchor, all outputs must be spent? Thanks!

Best,
Arik

On Tue, Oct 18, 2022, at 6:52 AM, Greg Sanders via bitcoin-dev wrote:
=
<= div dir=3D"ltr">

Hello Everyone,


Following up on the "V3= Transaction" discussion here ht= tps://lists.linuxfoundation.org/pipermail/bitcoin-dev/2022-September/020937= .html , I would like to elaborate a bit further on some potential follo= w-on work that would make pinning severely constrained in many setups].


V3 transactions may solve bip= 125 rule#3 and rule#5 pinning attacks under some constraints[0]. This means= that when a replacement is to be made and propagated, it costs the expecte= d amount of fees to do so. This is a great start. What's left in this s= ubset of pinning is *package limit* pinning. In other words, a fee-paying t= ransaction cannot enter the mempool due to the existing mempool package it = is being added to already being too large in count or vsize.<= /span>


Zooming into the V3 simplified scenario = for sake of discussion, though this problem exists in general today:=


V3 transactions restrict the pac= kage limit of a V3 package to one parent and one child. If the parent trans= action includes two outputs which can be immediately spent by separate part= ies, this allows one party to disallow a spend from the other. In Gloria= 9;s proposal for ln-penalty, this is worked around by reducing the number o= f anchors per commitment transaction to 1, and each version of the commitme= nt transaction has a unique party's key on it. The honest participant c= an spend their version with their anchor and package RBF the other commitme= nt transaction safely.


Wha= t if there's only one version of the commitment transaction, such as in= other protocols like duplex payment channels, eltoo? What about multi part= y payments?


In the package= RBF proposal, if the parent transaction is identical to an existing transa= ction in the mempool, the parent will be detected and removed from the pack= age proposal. You are then left with a single V3 child transaction, which i= s then proposed for entry into the mempool. In the case of another parent o= utput already being spent, this is simply rejected, regardless of feerate o= f the new child.


I have tw= o proposed solutions, of which I strongly prefer the latter:<= /span>


1) Expand a carveout for "sibling e= viction", where if the new child is paying "enough" to bump = spends from the same parent, it knocks its sibling out of the mempool and t= akes the one child slot. This would solve it, but is a new eviction paradig= m that would need to be carefully worked through.
<= /p>


2) Ephemeral Anchors (my real policy-only proposal)=


Ephemeral Anchors is a te= rm which means an output is watermarked as an output that MUST be spent in = a V3 package. We mark this anchor by being the bare script `OP_TRUE` and of= course make these outputs standard to relay and spend with empty witness d= ata.


Also as a simplifying= assumption, we require the parent transaction with such an output to be 0-= fee. This makes mempool reasoning simpler in case the child-spend is someho= w evicted, guaranteeing the parent will be as well.


Implications:

a) If the ephemeral anchor MUST be spent, we can allow *any* = value, even dust, even 0, without worrying about bloating the utxo set. We = relax this policy for maximum smart contract flexibility and specification = simplicity..


b) Since this= anchor MUST be spent, any spending of other outputs in the same parent tra= nsaction MUST directly double-spend prior spends of the ephemeral anchor. T= his causes the 1 block CSV timelock on outputs to be removed in these situa= tions. This greatly magnifies composability of smart contracts, as now we c= an do things like safely splice directly into new channels, into statechain= s, your custodial wallet account, your cold wallet, wherever, without requi= ring other wallets to support arbitrary scripts. Also it hurts that 1 CSV t= ime locked scripts may not be miniscript compatible to begin with...=


c) *Anyone* can bump the transac= tion, without any transaction key material. This is essentially achieving J= eremy's Transaction Sponsors (h= ttps://lists.linuxfoundation.org/pipermail/bitcoin-dev/2020-September/01816= 8.html) proposal without consensus changes. = As long as someone gets a fully signed parent, they can execute a bump with= minimal wallet tooling. If a transaction author doesn=E2=80=99t want a =E2= =80=9Csponsor=E2=80=9D, do not include the output.
=


d) Lightning Carve-out(https://lists.linuxfoundation.org/pipermail/lightning-dev/2019= -October/002240.html)=C2=A0 is superseded by= this logic, as we are not restricted to two immediately spendable output s= cenarios. In its place, robust multi-party fee bumping is possible.<= /span>


e) This also benefits more tradit= ional wallet scenarios, as change outputs can no longer be pinned, and RBF/= CPFP becomes robust. Payees in simple spends cannot pin you. Batched payout= s become a lot less painful. This was one of the motivating use cases that = created the term =E2=80=9Cpinning=E2=80=9D in the first place(https://lists.linuxfoundation.org/pipermail/bitco= in-dev/2018-February/015717.html), even if L= N/L2 discussion has largely overtaken it due to HTLC theft risks.


Open Question(s):


    If we allow non-z= ero value in ephemeral outputs, does this open up a MEV we are worried abou= t? Wallets should toss all the value directly to fees, and add their own ad= ditional fees on top, otherwise miners have incentive to make the smallest = utxo burn transaction to claim those funds. They just confirmed your parent= transaction anyways, so do we care?

  1. SIGHASH_GROUP like construc= ts would allow uncommitted ephemeral anchors to be added at spend time, dep= ending on spending requirements. SIGHASH_SINGLE already allows this.=




Hopefully this gives people something to consider as we move forward in th= inking about mempool design within the constraints we have today.



Greg


0: With V3 transactions where you have &q= uot;veto power" over all the inputs in that transaction. Therefore som= ething like ANYONECANPAY is still broken. We need a more complex solution, = which I=E2=80=99m punting for the sake of progress.

_______________________________________________
<= /div>
bitcoin-dev mailing list


_______________________________________________
bitcoin-dev mailing list
= bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mail= man/listinfo/bitcoin-dev
_______________________________________________
bitcoin-dev mailing list
= bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mail= man/listinfo/bitcoin-dev
_______________________________________________
bitcoin-dev mailing list
= bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mail= man/listinfo/bitcoin-dev
--000000000000ac162305eb777f1a--