Return-Path: Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) by lists.linuxfoundation.org (Postfix) with ESMTP id 7F832C0051 for ; Sun, 20 Sep 2020 23:10:38 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id 66C5186764 for ; Sun, 20 Sep 2020 23:10:38 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id B4xro9Lzd5wl for ; Sun, 20 Sep 2020 23:10:37 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mail-wr1-f54.google.com (mail-wr1-f54.google.com [209.85.221.54]) by whitealder.osuosl.org (Postfix) with ESMTPS id 1AC7F8667D for ; Sun, 20 Sep 2020 23:10:37 +0000 (UTC) Received: by mail-wr1-f54.google.com with SMTP id c18so10837205wrm.9 for ; Sun, 20 Sep 2020 16:10:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=heQqqsVd1ZRUgukNEQ5b9GJUREmF2gW+u818X5UOrfk=; b=Y7kcaPmkpxs8/z3M9eWDlu+dUikPq4bchpJXya3/O+Hgt89HYNRFmpoj6o+UFay5qf QVbyh7bQ5OigwP5Iq0ionq3GVhE2ONGvtDQ0nUtGZUS3etzEf7pmT+c3CJgdMdHWpz3u +50H8T5J3FIVHEJjvAalwbNOdzHuh8WtaDzKk/K92U7bodLAzDSBzw4Ni0/KICVZjkNS Nv39bQNu6wdntktpZCMgGdUp5HylHf60EalWDcV48xqLK8+Xy/h17rc/fAUiFG4ASm66 2L5ss+rTegLaz1Qp1i2aOfgMjGbhu0EhNs2sTZx80CjEIlfFTO3/nhukzLyXTjVi24ZH z8QQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=heQqqsVd1ZRUgukNEQ5b9GJUREmF2gW+u818X5UOrfk=; b=FD7nKdyvqm7yUOnjIHHMb5s3nMxW1eZ3VTM8f/NWEnla2Bm9R0xU91cmEdh7jqF2tC ZfN9BMiWJByPSFSR+gKgOjWJTikmR4zbTtwRU60M7LS0i+mgTEeKumOj6jd5Pwgm/bTP ZmijRc4kwjPmt0ISJjaEyv4beiXUijERDeV+RpQSjCQ4aQLUEDFIIjB0vuIWXgmsT5hg SwDZ9WZKq19YDhloopCqyl2LKUh7AGlepXMoaMq8sfuFtgjptPSyDyO+4Lx0ytygbFM4 XnmKY6ftkSIoYFTqvfHJtNwpqjAB4PEWkzAINnyn8Wey/XbYWVslljyjS90CC1T63VhR tpHg== X-Gm-Message-State: AOAM532YojMVnF0ZP1T9WkmAuCBSWWZkPf2+uRLQvAQPVILsxGt1Icoe x9y4Cl6uicUfAdXt/IsrcRB+tb2f2ct0tgrlWEu0T36ZRS2HXQ== X-Google-Smtp-Source: ABdhPJxEIEUybhrd0Ac9sQ+sP+r/m0rTiCklRWMpWjZXDyTMt5I4kOomaoRhqiKeFIpoNnff9rs9oisRSJd1vOODCoc= X-Received: by 2002:a5d:608f:: with SMTP id w15mr26228698wrt.244.1600643435371; Sun, 20 Sep 2020 16:10:35 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Antoine Riard Date: Sun, 20 Sep 2020 19:10:23 -0400 Message-ID: To: Jeremy Content-Type: multipart/alternative; boundary="00000000000060a12305afc6d748" X-Mailman-Approved-At: Mon, 21 Sep 2020 00:57:29 +0000 Cc: Bitcoin Protocol Discussion Subject: Re: [bitcoin-dev] A Replacement for RBF and CPFP: Non-Destructive TXID Dependencies for Fee Sponsoring X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 20 Sep 2020 23:10:38 -0000 --00000000000060a12305afc6d748 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Right, I was off the shot. Thanks for the explanation. As you mentioned, if the goal of the sponsor mechanism is to let any party drive a state N's first tx to completion, you still have the issue of concurrent states being pinned and thus non-observable for sponsoring by an honest party. E.g, Bob can broadcast a thousand of revoked LN states and pin them with low-feerate sponsors such as these malicious packages absolute fee are higher than the honest state N. Alice can't fee-sponsor them as we can assume she hasn't a global view of network mempools. Due to the proposed policy rule "The Sponsor Vector's entry must be present in the mempool", Alice's sponsors won't propagate. Even amending this rule, we can't assume Alice has a thousand of sponsoring utxos to avoid conflict between her own broadcast. Of course, offchain protocols designers can limit a participant's capability to construct a pinning package by constraining its malleability and thus to always have a compelling feerate. E.g in Lightning you can bind the size of a commitment transaction by refusing relayed HTLCs and thus have less HTLC outputs. This security increase comes at the price of less protocol flexibility, e.g reducing payments throughput. Further, a malicious counterparty can still take advantage of mempool-congestion spikes. Even if the pinning package has a compelling feerate, high enough to bounce off a honest broadcast, there is no guarantee it stays such. Just after the pinning, congestion can increase and bury it for long-enough until a timelock expires. If we want to solve the hard cases of pinning, I still think mempool acceptance of a whole package only on the merits of feerate is the easiest solution to reason on. Le sam. 19 sept. 2020 =C3=A0 15:46, Jeremy a =C3=A9crit : > Antoine, > > Yes I think you're a bit confused on where the actual sponsor vector is. > If you have a transaction chain A->B->C and a sponsor S_A, S_A commits to > txid A and A is unaware of S. > > > W.r.t your other points, I fully agree that the 1-to-N sponsored case is > very compelling. The consensus rules are clear that sponsor commitments a= re > non-rival, so there's no issue with allowing as many sponsors as possible > and including them in aggregate. E.g., if S_A and S'_A both sponsor A wit= h > feerate(S*) > feerate(A), there's no reason not to include all of them in= a > block. The only issue is denial of service in the mempool. In the future, > it would definitely be desirable to figure out rules that allow mempools = to > track both multiple sponsors and multiple sponsor targets. But in the > interest of KISS, the current policy rules are designed to be minimally > invasive and maximally functional. > > In terms of location for the sponsor vector, I'm relatively indifferent. > The annex is a possible location, but it's a bit odd as we really only ne= ed > to allow one such vector per tx, not one per input, and one per input wou= ld > enable some new use cases (maybe good, maybe bad). Further, being in the > witness space would mean that if two parties create a 2 input transaction > with a desired sponsor vector they would both need to specify it as you > can't sign another input's witness data. I wholeheartedly agree with the > sentiment though; there could be a more efficient place to put this data, > but nothing jumps out to me as both efficient and simple in implementatio= n > (a new tx-level field sounds like a lot of complexity). > > > > n >=3D1 ? I think you can have at least one vector and this is matching > the code > > yes, this has been fixed in the gist (cred to Dmitry Petukhov for pointin= g > it out first), but is correct in the code. Thank you for your careful > reading. > > --00000000000060a12305afc6d748 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Right, I was off the shot. Thanks for the explanation.
=
As you mentioned, if the goal of the sponsor mechanism is to let any pa= rty drive a state N's first tx to completion, you still have the issue = of concurrent states being pinned and thus non-observable for sponsoring by= an honest party.

E.g, Bob can broadcast a thousand of revoked LN st= ates and pin them with low-feerate sponsors such as these malicious package= s absolute fee are higher than the honest state N. Alice can't fee-spon= sor
them as we can assume she hasn't a global view of network mempoo= ls. Due to the proposed policy rule "The Sponsor Vector's entry mu= st be present in the mempool", Alice's sponsors won't propagat= e. Even amending this rule, we can't assume Alice has a thousand of spo= nsoring utxos to avoid conflict between her own broadcast.

Of course= , offchain protocols designers can limit a participant's capability to = construct a pinning package by constraining its malleability and thus to al= ways have a compelling feerate. E.g in Lightning you can bind the size of a= commitment transaction by refusing relayed HTLCs and thus have less HTLC o= utputs. This security increase comes at the price of less protocol flexibil= ity, e.g reducing payments throughput.

Further, a malicious counterp= arty can still take advantage of mempool-congestion spikes. Even if the pin= ning package has a compelling feerate, high enough to bounce off a honest b= roadcast, there is no guarantee it stays such. Just after the pinning, cong= estion can increase and bury it for long-enough until a timelock expires.
If we want to solve the hard cases of pinning, I still think mempool = acceptance of a whole package only on the merits of feerate is the easiest = solution to reason on.

Le=C2=A0sam. 19 sept. 2020 =C3=A0=C2=A015:46, Jer= emy <jlrubin@mit.edu> a =C3=A9= crit=C2=A0:
Antoine,

Yes= I think you're a bit confused on where the actual sponsor vector is. I= f you have a transaction chain A->B->C and a sponsor S_A, S_A commits= to txid A and A is unaware of S.
=

W.r.t your other points, I fully agree that the 1-to-N s= ponsored case is very compelling. The consensus rules are clear that sponso= r commitments are non-rival, so there's no issue with allowing as many = sponsors as possible and including them in aggregate. E.g., if S_A and S= 9;_A both sponsor A with feerate(S*) > feerate(A), there's no reason= not to include all of them in a block. The only issue is denial of service= in the mempool. In the future, it would definitely be desirable to figure = out rules that allow mempools to track both multiple sponsors and multiple = sponsor targets. But in the interest of KISS, the current policy rules are = designed to be minimally invasive and maximally functional.

In = terms of location for the sponsor vector, I'm relatively indifferent. T= he annex is a possible location, but it's a bit odd as we really only n= eed to allow one such vector per tx, not one per input, and one per input w= ould enable some new use cases (maybe good, maybe bad). Further, being in t= he witness space would mean that if two parties create a 2 input transactio= n with a desired sponsor vector they would both need to specify it as you c= an't sign another input's witness data. I wholeheartedly agree with= the sentiment though; there could be a more efficient place to put this da= ta, but nothing jumps out to me as both efficient and simple in implementat= ion (a new tx-level field sounds like a lot of complexity).
=

> n >=3D1 ? I think you can have at least one vector and this is ma= tching the code

yes, this has been fixed in the=C2=A0gist (cred= to Dmitry Petukhov for pointing it out first), but is correct in the code.= Thank you for your careful reading.

--00000000000060a12305afc6d748--