Return-Path: Received: from smtp2.osuosl.org (smtp2.osuosl.org [140.211.166.133]) by lists.linuxfoundation.org (Postfix) with ESMTP id 45F52C000E for ; Sat, 14 Aug 2021 01:51:01 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp2.osuosl.org (Postfix) with ESMTP id 2DF05400E7 for ; Sat, 14 Aug 2021 01:51:01 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org X-Spam-Flag: NO X-Spam-Score: 1.098 X-Spam-Level: * X-Spam-Status: No, score=1.098 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, FROM_LOCAL_NOVOWEL=0.5, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: smtp2.osuosl.org (amavisd-new); dkim=pass (1024-bit key) header.d=protonmail.com Received: from smtp2.osuosl.org ([127.0.0.1]) by localhost (smtp2.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LllGtbhA84i2 for ; Sat, 14 Aug 2021 01:50:57 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0 Received: from mail-4325.protonmail.ch (mail-4325.protonmail.ch [185.70.43.25]) by smtp2.osuosl.org (Postfix) with ESMTPS id E499E400B9 for ; Sat, 14 Aug 2021 01:50:56 +0000 (UTC) Date: Sat, 14 Aug 2021 01:50:45 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail; t=1628905853; bh=BBak5x0bEWpOThbpmW5g1DxLrsrBBoOCYMWAogjpGY0=; h=Date:To:From:Cc:Reply-To:Subject:In-Reply-To:References:From; b=Z0JFRuiLzIsQVuGjc7ozcxL/p3Rf/Z6RdLkZHPXJxpzhXN5S1nSvlf1N805GWquPN aS9SrZpG2+B8IYeohFzgCPtabh5LbmJNa7jwBZWQ5LdZ5utxfvqFO6dpqdN18ejUWf W3GkqTo6ZvdgGrweeFhYAzbKXtAUWPpM9Egn8Vug= To: Zac Greenwood From: ZmnSCPxj Reply-To: ZmnSCPxj Message-ID: <1qkQ1p1rAZApZhMKVFwQV6gfLyZxMYIUPrhcjtXNU4z0DBRwslPSbi76GnNnllpvPPfqt1bH3EyzJNhfK0Uxum7zJ_dh3H0DXqUpf2nmHyk=@protonmail.com> In-Reply-To: References: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Cc: Bitcoin Protocol Discussion Subject: Re: [bitcoin-dev] Exploring: limiting transaction output amount as a function of total input value X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 14 Aug 2021 01:51:01 -0000 Good morning Zac, > Hi=C2=A0ZmnSCPxj, > > Thank you for your insightful response. > > Perhaps I should take a step back and take a strictly functional angle. P= erhaps the list could help me to establish whether=C2=A0the proposed functi= onality is: > > Desirable; > Not already possible; > Feasible to implement. > > The proposed functionality is as follows: > > The ability to control some coin with two private keys (or two sets of pr= ivate keys) such that spending is limited over time for one private key (i.= e., it is for instance not possible to spend all coin in a single transacti= on) while spending is unrestricted for the other private key (no limits app= ly). No limits must apply to coin transacted to a third party. > > Also, it must be possible never having to bring the unrestricted private = key online unless more than the limit imposed on the restrictive private ke= y is desired to be spent. > > Less generally, taking the perspective of a hodler: the user must be able= to keep one key offline and one key online. The offline key allows unrestr= icted spending, the online key is limited in how much it is allowed to spen= d over time. > > Furthermore, the spending limit must be intuitive. Best candidate I belie= ve would be a maximum spend per some fixed number of blocks. For instance, = the restrictive key may allow a maximum of 100k sats per any window of 144 = blocks. Ofcourse the user must be able to set these parameters freely. My proposal does not *quite* implement a window. However, that is because it uses `nLockTime`. With the use of `nSequence` in relative-locktime mode, however, it *does* i= mplement a window, sort of. More specifically, it implements a timeout on spending --- if you spend usi= ng a presigned transaction (which creates an unencumbered specific-valued T= XO that can be arbitrarily spent with your online keyset) then you cannot g= et another "batch" of funds until the `nSequence` relative locktime passes. However, this *does* implement a window that limits a maximum value spendab= le per any window of the relative timelock you select. The disadvantage is that `nSequence` use is a lot more obvious and discerni= ble than `nLockTime` use. Many wallets today use non-zero `nLockTime` for anti-fee-sniping, and that = is a good cover for `nLockTime` transactions. I believe Dave Harding proposed that wallets should also use, at random, (s= ay 50-50) `nSequence`-in-relative-locktime-mode as an alternate anti-fee-sn= iping mechanism. This alternate anti-fee-sniping would help cover `nSequence` use. Note that my proposal does impose a maximum limit on the number of windows. With `nSequence`-in-relative-locktime-mode the limit is the number of times= that the online keyset can spend. After spending that many windows, the offline keyset has to be put back onl= ine to generate a new set of transactions. It has the massive massive advantage that you can implement it today withou= t any consensus change, and I think you can expect that consensus change wi= ll take a LONG time (xref SegWit, Taproot). Certainly the functionality is desirable. But it seems it can be implemented with Bitcoin today. Regards, ZmnSCPxj