MIME-Version: 1.0
References: <CAFXO6=JROe_9ih2h+_CCH-UbxehsM5RQ6YyNnPesEpveBEtdow@mail.gmail.com>
 <CAB3F3DsJPHQJiyRfBTAFfP2SSjOJbGREbGO0N5rXmxwkHLeHeg@mail.gmail.com>
In-Reply-To: <CAB3F3DsJPHQJiyRfBTAFfP2SSjOJbGREbGO0N5rXmxwkHLeHeg@mail.gmail.com>
From: Gloria Zhao <gloriajzhao@gmail.com>
Date: Tue, 17 May 2022 16:45:42 -0400
Message-ID: <CAFXO6=+_Xh_U+yJuu3f17zixvAOL+EHS6+XPDBzck4d0VOJupg@mail.gmail.com>
To: Greg Sanders <gsanders87@gmail.com>
Content-Type: multipart/alternative; boundary="0000000000000a309d05df3b3a2f"
Cc: Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] Package Relay Proposal
Precedence: list

--0000000000000a309d05df3b3a2f
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Hi Greg,

Thanks for reading!

>> A child-with-unconfirmed-parents package sent between nodes must abide b=
y
the rules below, otherwise the package is malformed and the sender should
be disconnected.

>> However, if the child has confirmed parents, they must not be in the
package.

> If my naive understanding is correct, this means things like otherwise
common situations such as a new block will result in disconnects, say when
> the sender doesn't hear about a new block which makes the relay package
superfluous/irrelevant. Similar would be disconnection
> when confirmed gets turned into unconfirmed, but those situations are
extremely uncommon. The other rules are entirely under the control
> of the sender, which leads me to wonder if it's appropriate.

This is why the "pckginfo1" message includes the blockhash at which the
package was defined.
Also please see Clarifications - "Q: What if a new block arrives in between
messages?'' section in the v1-packages portion. It covers both cases, i.e.
a transaction going from unconfirmed->confirmed and confirmed->unconfirmed
in a reorg.

In case anybody is wondering "why don't we just allow confirmed parents?":
Since we validate based on the UTXO set, when we see a recently-confirmed
transaction, it just looks like it spends nonexistent inputs. In these
cases, we don't really know if the input was recently spent in a block or
just never existed, unless we plan on looking up transactions in past
blocks. We do some guesswork when we deal with new blocks in normal
transaction relay (e.g. we requested the tx before a block arrived):
https://github.com/bitcoin/bitcoin/blob/d5d40d59f8d12cf53c5ad1ce9710f3f108c=
ec386/src/validation.cpp#L780-L784
I believe it's cleaner to just explicitly say which blockhash you're on to
avoid confusion.

Thanks,
Gloria

On Tue, May 17, 2022 at 1:56 PM Greg Sanders <gsanders87@gmail.com> wrote:

> Hi Gloria,
>
> Thanks for working on this important proposal!
>
> Still a lot to digest, but I just had on area of comment/question:
>
> > A child-with-unconfirmed-parents package sent between nodes must abide =
by
> the rules below, otherwise the package is malformed and the sender should
> be disconnected.
>
> > However, if the child has confirmed parents, they must not be in the
> package.
>
> If my naive understanding is correct, this means things like otherwise
> common situations such as a new block will result in disconnects, say whe=
n
> the sender doesn't hear about a new block which makes the relay package
> superfluous/irrelevant. Similar would be disconnection
> when confirmed gets turned into unconfirmed, but those situations are
> extremely uncommon. The other rules are entirely under the control
> of the sender, which leads me to wonder if it's appropriate.
>
> Cheers,
> Greg
>
> On Tue, May 17, 2022 at 12:09 PM Gloria Zhao via bitcoin-dev <
> bitcoin-dev@lists.linuxfoundation.org> wrote:
>
>> Hi everybody,
>>
>> I=E2=80=99m writing to propose a set of p2p protocol changes to enable p=
ackage
>> relay, soliciting feedback on the design and approach. Here is a link
>> to the most up-to-date proposal:
>>
>> https://github.com/bitcoin/bips/pull/1324
>>
>> If you have concept or approach feedback, *please respond on the
>> mailing list* to allow everybody to view and participate in the
>> discussion. If you find a typo or inaccurate wording, please feel free
>> to leave suggestions on the PR.
>>
>> I=E2=80=99m also working on an implementation for Bitcoin Core.
>>
>>
>> The rest of this post will include the same contents as the proposal,
>> with a bit of reordering and additional context. If you are not 100%
>> up-to-date on package relay and find the proposal hard to follow, I
>> hope you find this format more informative and persuasive.
>>
>>
>> =3D=3DBackground and Motivation=3D=3D
>>
>> Users may create and broadcast transactions that depend upon, i.e.
>> spend outputs of, unconfirmed transactions. A =E2=80=9Cpackage=E2=80=9D =
is the
>> widely-used term for a group of transactions representable by a
>> connected Directed Acyclic Graph (where a directed edge exists between
>> a transaction that spends the output of another transaction).
>>
>> Incentive-compatible mempool and miner policies help create a fair,
>> fee-based market for block space. While miners maximize transaction
>> fees in order to earn higher block rewards, non-mining users
>> participating in transaction relay reap many benefits from employing
>> policies that result in a mempool with the same contents, including
>> faster compact block relay and more accurate fee estimation.
>> Additionally, users may take advantage of mempool and miner policy to
>> bump the priority of their transactions by attaching high-fee
>> descendants (Child Pays for Parent or CPFP).  Only considering
>> transactions one at a time for submission to the mempool creates a
>> limitation in the node's ability to determine which transactions have
>> the highest feerates, since it cannot take into account descendants
>> until all the transactions are in the mempool. Similarly, it cannot
>> use a transaction's descendants when considering which of two
>> conflicting transactions to keep (Replace by Fee or RBF).
>>
>> When a user's transaction does not meet a mempool's minimum feerate
>> and they cannot create a replacement transaction directly, their
>> transaction will simply be rejected by this mempool. They also cannot
>> attach a descendant to pay for replacing a conflicting transaction.
>> This limitation harms users' ability to fee-bump their transactions.
>> Further, it presents a security issue in contracting protocols which
>> rely on **presigned**, time-sensitive transactions to prevent cheating
>> (HTLC-Timeout in LN Penalty [1] [2] [3], Unvault Cancel in Revault
>> [4], Refund Transaction in Discreet Log Contracts [5], Updates in
>> eltoo [6]). In other words, a key security assumption of many
>> contracting protocols is that all parties can propagate and confirm
>> transactions in a timely manner.
>>
>> In the past few years, increasing attention [0][1][2][3][6] has been
>> brought to **pinning attacks**, a type of censorship in which the
>> attacker uses mempool policy restrictions to prevent a transaction
>> from being relayed or getting mined.  TLDR: revocation transactions
>> must meet a certain confirmation target to be effective, but their
>> feerates are negotiated well ahead of broadcast time. If the
>> forecasted feerate was too low and no fee-bumping options are
>> available, attackers can steal money from their counterparties. I walk
>> through a concrete example for stealing Lightning HTLC outputs at
>> ~23:58 in this talk [7][8].  Note that most attacks are only possible
>> when the market for blockspace at broadcast time  demands much higher
>> feerates than originally anticipated at signing time. Always
>> overestimating fees may sidestep this issue temporarily (while mempool
>> traffic is low and predictable), but this solution is not foolproof
>> and wastes users' money. The feerate market can change due to sudden
>> spikes in traffic (e.g. huge 12sat/vB dump a few days ago [9]) or
>> sustained, high volume of Bitcoin payments (e.g.  April 2021 and
>> December 2017).
>>
>> The best solution is to enable nodes to consider packages of
>> transactions as a unit, e.g. one or more low-fee parent transactions
>> with a high-fee child, instead of separately. A package-aware mempool
>> policy can help determine if it would actually be economically
>> rational to accept a transaction to the mempool if it doesn't meet fee
>> requirements individually. Network-wide adoption of these policies
>> would create a more purely-feerate-based market for block space and
>> allow contracting protocols to adjust fees (and therefore mining
>> priority) at broadcast time.  Some support for packages has existed in
>> Bitcoin Core for years. Since v0.13, Bitcoin Core has used ancestor
>> packages instead of individual transactions to evaluate the incentive
>> compatibility of transactions in the mempool [10] and select them for
>> inclusion in blocks [11].
>>
>> Package Relay, the concept of {announcing, requesting, downloading}
>> packages between nodes on the p2p network, has also been discussed for
>> many years. The earliest public mention I can find is from 2015 [12].
>> The two most common use cases for package relay are fee-bumping
>> otherwise-too-low-fee transactions and reducing the amount of orphans.
>> It seems uncontroversial to say that everybody desires package relay
>> conceptually, with varying degrees of urgency. Lots of work has been
>> done by others over the past few years, from which I've taken
>> inspiration from [13][14][15][16].
>>
>> My approach has been to split the project into two components: (1) Packa=
ge
>> Mempool Accept, which includes validation logic and mempool policy.
>> (3) Package Relay, which includes the p2p protocol changes.
>>
>> Progress so far:
>> After discussions with various developers of contracting protocols
>> (with heavier emphasis towards LN), it was determined that a
>> package containing a child with all of its unconfirmed parents
>> (child-with-unconfirmed-parents or 1-child-multi-parent package) would
>> be sufficient for their use case, i.e. fee-bumping presigned
>> transactions. A child-with-unconfirmed-parents package has several
>> properties that make many things easier to reason about.
>>
>> A few months ago, I proposed a set of policies for safe package
>> validation and fee assessment for packages of this restricted
>> topology [17]. A series of PRs implementing this proposal have
>> been merged into Bitcoin Core [18].
>>
>> Theoretically, developing a safe and incentive-compatible package
>> mempool acceptance policy is sufficient to solve this issue. Nodes
>> could opportunistically accept packages (e.g. by trying combinations
>> of transactions rejected from their mempools), but this practice would
>> likely be inefficient at best and open new Denial of Service attacks
>> at worst. Additional p2p messages may enable nodes to request and
>> share package validation-related information with one another in a
>> more communication-efficient way.
>>
>> Given that only package RBF remains for package mempool accept, and we
>> can make progress on p2p and mempool in parallel, I think it=E2=80=99s
>> appropriate to put forward a package relay proposal.
>>
>> =3D=3DProposal=3D=3D
>>
>> This proposal contains 2 components: a =E2=80=9Cgeneric=E2=80=9D package=
 relay
>> protocol and an extension of it, child-with-unconfirmed-parents
>> packages, as version 1 package relay. Another version of packages,
>> =E2=80=9Ctx-with-unconfirmed-ancestors=E2=80=9D can be created to extend=
 package relay
>> for eliminating orphans.
>>
>> =3D=3D=3DGeneric Package Relay=3D=3D=3D
>>
>> Two main ideas are introduced:
>>
>> Download and validate packages of transactions together.
>>
>> Provide information to help peers decide whether to request and/or how
>> to validate transactions which are part of a package.
>>
>> =3D=3D=3D=3DIntended Protocol Flow=3D=3D=3D=3D
>>
>> Due to the asynchronous nature of a distributed transaction relay
>> network, nodes may not receive all of the information needed to
>> validate a transaction at once. For example, after a node completes
>> Initial Block Download (IBD) and first starts participating in
>> transaction relay with an empty mempool, it is common to receive
>> orphans. In such scenarios where a node is aware that it is missing
>> information, a ''receiver-initiated'' dialogue is appropriate:
>>
>> 1. Receiver requests package information.
>>
>> 2. The sender provides package information, including the wtxids of
>>    the transactions in the package and anything else that might be
>> relevant (e.g. total fees and size).
>>
>> 3. The reciever uses the package information to decide how to request
>>    and validate the transactions.
>>
>> Sometimes, no matter what order transactions are received by a node,
>> validating them individually is insufficient. When the sender is aware
>> of additional information that the receiver needs to accept a package,
>> a proactive ''sender-initiated'' dialogue should be enabled:
>>
>> 1. Sender announces they have package information pertaining to a
>>    transaction that might otherwise be undesired on its own.
>>
>> 2. The receiver requests package information.
>>
>> 3. The sender provides package information, including the wtxids of
>>    the transactions in the package and anything else that might be
>> relevant (e.g. total fees and size).
>>
>> 4. The reciever uses the package information to decide how to request
>>    and validate the transactions.
>>
>> Package relay is negotiated between two peers during the version
>> handshake. Package relay requires both peers to support wtxid-based
>> relay because package transactions are referenced by their wtxid.
>>
>> =3D=3D=3D=3DNew Messages=3D=3D=3D=3D
>>
>> Three new protocol messages are added for use in any version of
>> package relay. Additionally, each version of package relay must define
>> its own inv type and "pckginfo" message version, referred to in this
>> document as "MSG_PCKG" and "pckginfo" respectively. See
>> BIP-v1-packages for a concrete example.
>>
>> =3D=3D=3D=3D=3Dsendpackages=3D=3D=3D=3D=3D
>>
>> {|
>> |  Field Name  ||  Type  ||  Size  ||  Purpose
>> |-
>> |version || uint32_t || 4 || Denotes a package version supported by the
>> node.
>> |-
>> |max_count || uint32_t || 4 ||Specifies the maximum number of
>> transactions per package this node is
>> willing to accept.
>> |-
>> |max_weight || uint32_t || 4 ||Specifies the maximum total weight per
>> package this node is willing
>> to accept.
>> |-
>> |}
>>
>> 1. The "sendpackages" message has the structure defined above, with
>>    pchCommand =3D=3D "sendpackages".
>>
>> 2. During version handshake, nodes should send a "sendpackages"
>>    message indicate they support package relay and may request
>> packages.
>>
>> 3. The message should contain a version supported by the node. Nodes
>>    should send a "sendpackages" message for each version they support.
>>
>> 4. The "sendpackages" message MUST be sent before sending a "verack"
>>    message. If a "sendpackages" message is received afer "verack", the
>> sender should be disconnected.
>>
>> 5. If 'fRelay=3D=3Dfalse' in a peer's version message, the node must not
>>    send "sendpackages" to them. If a "sendpackages" message is
>> received by a peer after sending `fRelay=3D=3Dfalse` in their version
>> message, the sender should be disconnected.
>>
>> 6.. Upon receipt of a "sendpackages" message with a version that is
>> not supported, a node must treat the peer as if it never received the
>> message.
>>
>> 7. If both peers send "wtxidrelay" and "sendpackages" with the same
>>    version, the peers should announce, request, and send package
>> information to each other.
>>
>> =3D=3D=3D=3D=3Dgetpckgtxns=3D=3D=3D=3D=3D
>>
>> {|
>> |  Field Name  ||  Type  ||  Size  ||   Purpose
>> |-
>> |txns_length||CompactSize||1 or 3 bytes|| The number of transactions
>> requested.
>> |-
>> |txns||List of wtxids||txns_length * 32|| The wtxids of each transaction
>> in the package.
>> |}
>>
>> 1. The "getpckgtxns" message has the structure defined above, with
>>    pchCommand =3D=3D "getpckgtxns".
>>
>> 2. A "getpckgtxns" message should be used to request all or some of
>>    the transactions previously announced in a "pckginfo" message,
>> specified by witness transactiosome id.
>>
>> 3. Upon receipt of a "getpckgtxns" message, a node must respond with
>>    either a "pckgtxns" containing the requested transactions or a
>> "notfound" message indicating one or more of the transactions is
>> unavailable. This allows the receiver to avoid downloading and storing
>> transactions that cannot be validated immediately.
>>
>> 4. A "getpckgtxns" message should only be sent if both peers agreed to
>>    send packages in the version handshake. If a "getpckgtxns" message
>> is received from a peer with which package relay was not negotiated,
>> the sender should be disconnected.
>>
>> =3D=3D=3D=3D=3Dpckgtxns=3D=3D=3D=3D=3D
>>
>> {|
>> |  Field Name  ||  Type  ||  Size  ||   Purpose
>> |-
>> |txns_length||CompactSize||1 or 3 bytes|| The number of transactions
>> provided.
>> |-
>> |txns||List of transactions||variable|| The transactions in the package.
>> |}
>>
>> 1. The "pckgtxns" message has the structure defined above, with
>>    pchCommand =3D=3D "pckgtxns".
>>
>> 2. A "pckgtxns" message should contain the transaction data requested
>>    using "getpckgtxns".
>>
>> 3. A "pckgtxns" message should only be sent to a peer that requested
>>    the package using "getpckgtxns". If a node receives an unsolicited
>> package, the sender should be disconnected.
>>
>> 4. A "pckgtxns" message should only be sent if both peers agreed to
>>    send packages in the version handshake. If a "pckgtxns" message is
>> received from a peer with which package relay was not negotiated, the
>> sender should be disconnected.
>>
>> =3D=3D=3DVersion 1 Packages: child-with-unconfirmed-parents=3D=3D=3D
>>
>> This extends package relay for packages consisting of one transaction
>> and all of its unconfirmed parents,by defining version 1 packages, a
>> pckginfo1 message, and a MSG_PCKG1 inv type. It enables the use case
>> in which a child pays for its otherwise-too-low-fee parents and their
>> mempool conflict(s).
>>
>> =3D=3D=3D=3DIntended Protocol Flow=3D=3D=3D=3D
>>
>> When relaying a package of low-fee parent(s) and high-fee child, the
>> sender and receiver do the following:
>>
>> 1. Sender announces they have a child-with-unconfirmed-parents package
>>    for a child that pays for otherwise-too-low-fee parent(s) using
>> "inv(MSG_PCKG1)".
>>
>> 2. The receiver requests package information using
>>    "getdata(MSG_PCKG1)".
>>
>> 3. The sender provides package information using "pckginfo1",
>>    including the blockhash of the sender's best block, the wtxids of
>> the transactions in the package, their total fees and total weight.
>>
>> 4. The reciever uses the package information to decide how to request
>>    the transactions. For example, if the receiver already has some of
>> the transactions in their mempool, they only request the missing ones.
>> They could also decide not to request the package at all based on the
>> fee information provided.
>>
>> 5. Upon receiving a "pckgtxns", the receiver submits the transactions
>>    together as a package.
>>
>> =3D=3D=3D=3DNew Messages=3D=3D=3D=3D
>>
>> A new inv type, "MSG_PCKG1", and new protocol message, "PCKGINFO1",
>> are added.
>>
>> =3D=3D=3D=3D=3Dpckginfo1=3D=3D=3D=3D=3D
>>
>> {|
>> |  Field Name  ||  Type  ||  Size  ||   Purpose
>> |-
>> |blockhash || uint256 || 32 || The chain tip at which this package is
>> defined.
>> |-
>> |pckg_fee||CAmount||4|| The sum total fees paid by all transactions in
>> the package.
>> |-
>> |pckg_weight||int64_t||8|| The sum total weight of all transactions in
>> the package.
>> |-
>> |txns_length||CompactSize||1 or 3 bytes|| The number of transactions
>> provided.
>> |-
>> |txns||List of wtxids||txns_length * 32|| The wtxids of each transaction
>> in the package.
>> |}
>>
>>
>> 1. The "pckginfo1" message has the structure defined above, with
>>    pchCommand =3D=3D "pckginfo1".
>>
>> 2. A "pckginfo1" message contains information about a version 1
>>    package (defined below), referenced by the wtxid of the transaction
>> it pertains to and the current blockhash.
>>
>> 3. Upon receipt of a "pckginfo1" message, the node should decide if it
>>    wants to validate the package, request transaction data if
>> necessary, etc.
>>
>> 4. Upon receipt of a malformed "pckginfo1" message or package that
>>    does not abide by the max_count, max_weight, or other rules
>> specified by the version agreed upon in the initial negotiation, the
>> sender should be disconnected.  If a node receives a "pckginfo1"
>> message for which the "pckg_fee" or "pckg_weight" do not reflect the
>> true total fees and weight, respectively, or the transactions in the
>> package, the message is malformed.
>>
>> 5. A node MUST NOT send a "pckginfo1" message that has not been
>>    requested by the recipient. Upon receipt of an unsolicited
>> "pckginfo1", a node should disconnect the sender.
>>
>> 6. A "pckginfo1" message should only be sent if both peers agreed to
>>    send version 1 packages in the version handshake. If a "pckginfo1"
>> message is received from a peer with which package relay was not
>> negotiated, the sender should be disconnected.
>>
>> =3D=3D=3D=3D=3DMSG_PCKG1=3D=3D=3D=3D=3D
>>
>> 1. A new inv type (MSG_PCKG1 =3D=3D 0x6) is added, for use in inv messag=
es
>>    and getdata requests pertaining to version 1 packages.
>>
>> 2. As an inv type, it indicates that both transaction data and version
>>    1 package information are available for the transaction. The
>> transaction is referenced by its wtxid. As a getdata request type, it
>> indicates that the sender wants package information for the
>> transaction.
>>
>> 3. Upon receipt of a "getdata" request for "MSG_PCKG1", the node
>>    should respond with the version 1 package corresponding to the
>> requested transaction and its current chain tip, or with NOTFOUND.
>> The node should not assume that the sender is requesting the
>> transaction data as well.
>>
>> =3D=3D=3D=3DChild With Parent Packages Rules=3D=3D=3D=3D
>>
>> A child-with-unconfirmed-parents package sent between nodes must abide
>> by the rules below, otherwise the package is malformed and the sender
>> should be disconnected.
>>
>> A version 1 or ''child-with-unconfirmed-parents'' package can be
>> defined for any transaction that spends unconfirmed inputs. The child
>> can be thought of as the "representative" of the package. This package
>> can be uniquely identified by the transaction's wtxid and the current
>> chain tip block hash.
>>
>> A ''child-with-unconfirmed-parents'' package MUST be:
>>
>> 1. ''Sorted topologically.'' For every transaction t in the package,
>>    if any of t's parents are present in the package, the parent must
>> appear somewhere in the list before t. In other words, the
>> transactions must be sorted in ascending order of the number of
>> ancestors present in the package.
>>
>> 2. ''Only 1 child with unconfirmed parents.'' The package must consist
>>    of one transaction and its unconfirmed parents. There must not be
>> any other transactions in the package. Other dependency relationships
>> may exist within the package (e.g. one parent may spend the output of
>> another parent) provided that topological order is respected.
>>
>> 3. ''All unconfirmed parents.'' All of the child's unconfirmed parents
>>    must be present.
>>
>> 4. ''No conflicts.'' None of the transactions in the package may
>>    conflict with each other (i.e.  spend the same prevout).
>>
>> 5. ''Total fees and weight.'' The 'total_fee' and 'total_weight'
>>    fields must accurately represent the sum total of all transactions'
>> fees and weights as defined in BIP141, respectively.
>>
>> Not all of the child's parents must be present; the child transaction
>> may also spend confirmed inputs. However, if the child has confirmed
>> parents, they must not be in the package.
>>
>> While a child-with-unconfirmed-parents package is perhaps most
>> relevant when the child has a higher feerate than its parents, this
>> property is not required to construct a valid package.
>>
>> =3D=3D=3D=3DClarifications=3D=3D=3D=3D
>>
>> ''Q: Under what circumstances should a sender announce a
>> child-with-unconfirmed-parents package?''
>>
>> A child-with-unconfirmed-parents package for a transaction should be
>> announced when it meets the peer's fee filter but one or more of its
>> parents don't; a "inv(MSG_PCKG1)" instead of "inv(WTX)" should be sent
>> for the child. Each of the parents which meet the peer's fee filter
>> should still be announced normally.
>>
>> ''Q: What if a new block arrives in between messages?''
>>
>> A child-with-unconfirmed-parents package is defined for a transaction
>> based on the current chain state. As such, a new block extending the
>> tip may decrease the number of transactions in the package (i.e. if
>> any of the transaction's parents were included in the block). In a
>> reorg, the number of transactions in the package may decrease or
>> increase (i.e. if any of the transaction's parents were included in a
>> block in the previous chain but not the new one).
>>
>> If the new block arrives before the "getdata" or "pckginfo1", nothing
>> needs to change.
>>
>> If the new block arrives before "getpckgtxns" or before "pckgtxns",
>> the receiver may need to re-request package information if the block
>> contained a transaction in the package. If the block doesn't contain
>> any transactions in the package, whether it extends the previous tip
>> or causes a reorg, nothing needs to change.
>>
>> ''Q: Can "getpckgtxns" and "pckgtxns" messages contain only one
>> transaction?''
>>
>> Yes.
>>
>> =3D=3D=3DFurther Protocol Extensions=3D=3D=3D
>>
>> When introducing a new type of package, assign it a version number "n"
>> and use an additional "sendpackages" message during version handshake
>> to negotiate support for it. An additional package information message
>> "pckginfon" and inv type "MSG_PCKGn" should be defined for the type of
>> package.  However, "getpckgtxns" and "pckgtxns" do not need to be
>> changed.
>>
>> Example proposal for tx-with-unconfirmed-ancestors package relay: [19]
>>
>> =3D=3D=3DCompatibility=3D=3D=3D
>>
>> Older clients remain fully compatible and interoperable after this
>> change. Clients implementing this protocol will only attempt to send
>> and request packages if agreed upon during the version handshake.
>>
>> =3D=3D=3DPackage Erlay=3D=3D=3D
>>
>> Clients using BIP330 reconciliation-based transaction relay (Erlay)
>> are able to use package relay without interference. In fact, a package
>> of transactions may be announced using both Erlay and package relay.
>> After reconciliation, if the initiator would have announced a
>> transaction by wtxid but also has package information for it, they may
>> send "inv(MSG_PCKG)" instead of "inv(WTX)".
>>
>> =3D=3D=3DRationale=3D=3D=3D
>>
>> =3D=3D=3D=3DP2P Message Design=3D=3D=3D=3D
>>
>> These p2p messages are added for communication efficiency and, as
>> such, one should measure alternative solutions based on the resources
>> used to communicate (not necessarily trustworthy) information: We
>> would like to minimize network bandwidth, avoid downloading a
>> transaction more than once, avoid downloading transactions that are
>> eventually rejected, and minimize storage allocated for
>> not-yet-validated transactions.
>>
>> Consider these (plausible) scenarios in transaction relay:
>>
>> Alice (the "sender") is relaying transactions to Bob (the "receiver").
>> Alice's mempool has a minimum feerate of 1sat/vB and Bob's has a
>> minimum feerate of 3sat/vB. For simplicity, all transactions are
>> 1600Wu in virtual size and 500 bytes in serialized size. Apart from
>> the spending relationships specified, all other inputs are from
>> confirmed UTXOs.
>>
>> 1. Package {A, B} where A pays 0 satoshis and B pays 8000 satoshis in
>>    fees.
>>
>> 2. Package {C, D} where C pays 0 satoshis and D pays 1200 satoshis in
>>    fees.
>>
>> 3. Package {E, F, G, H, J} that pays 4000, 8000, 0, 2000, and 4000
>>    satoshis in fees, respectively.
>>
>> =3D=3D=3D=3DAlternative Designs Considered=3D=3D=3D=3D
>>
>> ''Package Information Only:'' Just having "pckginfo" gives enough
>> information for the receiver to accept the package. Omit the
>> "getpckgtxns" and "pckgtxns" messages. While this option is a good
>> fallback if batched transaction download fails for some reason, it
>> shouldn't be used as the default because it 'always' requires storage
>> of unvalidated transactions.
>>
>> ''No Package Information Round:'' Instead of having a package
>> information round, just use the child's wtxid to refer to the package
>> and always send the entire package together. This would cause nodes to
>> redownload duplicate transactions.
>>
>> I have also created a slidedeck exploring various alternative designs
>> and some examples in which they fall flat [20]. Please feel free to
>> suggest other alternatives.
>>
>> =3D=3D=3D=3DVersioning System=3D=3D=3D=3D
>>
>> This protocol should be extensible to support multiple types of
>> packages based on future desired use cases. Two "flavors" of
>> versioning were considered:
>>
>> 1. When package mempool acceptance is upgraded to support more types
>>    of packages, increment the version number (similar to Erlay).
>> During version handshake, peers negotiate which version of package
>> relay they will use by each sending one "sendpackages" message.
>>
>> 2. When introducing another type of package, assign a version number
>>    to it and announce it as an additional supported version (similar
>> to Compact Block Relay). During version handshake, peers send one
>> "sendpackages" message for each version supported.
>>
>> The second option was favored because it allows different parameters
>> for different versions.  For example, it should be possible to support
>> both "arbitrary topology but maximum 3-transaction" package as well as
>> "child-with-unconfirmed-parents with default mempool ancestor limits"
>> packages simultaneously.
>>
>> =3D=3DAcknowledgements=3D=3D
>>
>> I hope to have made it abundantly clear that this proposal isn=E2=80=99t
>> inventing the concept of package relay, and in fact builds upon years
>> of work by many others, including Suhas Daftuar and Antoine Riard.
>>
>> Thank you to John Newbery and Martin Zumsande for input on the design.
>>
>> Thank you to Matt Corallo, Christian Decker, David Harding, Antoine
>> Poinsot, Antoine Riard, Gregory Sanders, Chris Stewart, Bastien
>> Teinturier, and others for input on the desired interface for
>> contracting protocols.
>>
>> Looking forward to hearing your thoughts!
>>
>> Best,
>> Gloria
>>
>> [0]:
>> https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2022-January/019=
817.html
>> [1]:
>> https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-April/002=
639.html
>> [2]:
>> https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-June/0027=
58.html
>> [3]:
>> https://github.com/t-bast/lightning-docs/blob/master/pinning-attacks.md
>> [4]:
>> https://github.com/revault/practical-revault/blob/master/transactions.md=
#cancel_tx
>> [5]:
>> https://github.com/discreetlogcontracts/dlcspecs/blob/master/Transaction=
s.md#refund-transaction
>> [6]: https://gist.github.com/instagibbs/60264606e181451e977e439a49f69fe1
>> [7]:
>> https://btctranscripts.com/adopting-bitcoin/2021/2021-11-16-gloria-zhao-=
transaction-relay-policy/#lightning-attacks
>> [8]: https://youtu.be/fbWSQvJjKFs?t=3D1438
>> [9]:
>> https://www.reddit.com/r/Bitcoin/comments/unew4e/looks_like_70_mvb_of_tr=
ansactions_just_got_dumped/
>> [10]: https://github.com/bitcoin/bitcoin/pull/7594
>> [11]: https://github.com/bitcoin/bitcoin/pull/7600
>> [12]: https://github.com/bitcoin/bitcoin/pull/6455#issuecomment-12271682=
0
>> [13]: https://gist.github.com/sdaftuar/8756699bfcad4d3806ba9f3396d4e66a
>> [14]: https://github.com/bitcoin/bitcoin/issues/14895
>> [15]: https://github.com/bitcoin/bitcoin/pull/16401
>> [16]: https://github.com/bitcoin/bitcoin/pull/19621
>> [17]:
>> https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2021-September/0=
19464.html
>> [18]: https://github.com/users/glozow/projects/5/views/4?layout=3Dboard
>> [19]: https://gist.github.com/glozow/9b321cd3ef6505135c763112033ff2a7
>> [20]:
>> https://docs.google.com/presentation/d/1B__KlZO1VzxJGx-0DYChlWawaEmGJ9EG=
ApEzrHqZpQc/edit?usp=3Dsharing
>> _______________________________________________
>> bitcoin-dev mailing list
>> bitcoin-dev@lists.linuxfoundation.org
>> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>>
>

--0000000000000a309d05df3b3a2f
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div>Hi Greg,</div><div><br></div><div>Thanks for reading!=
</div><div><br></div><div><span class=3D"gmail-im"><div>&gt;&gt; <span styl=
e=3D"color:rgb(0,0,0);white-space:pre-wrap">A child-with-unconfirmed-parent=
s package sent between nodes must abide </span><span style=3D"color:rgb(0,0=
,0);white-space:pre-wrap">by the rules below, otherwise the package is malf=
ormed and the sender </span><span style=3D"color:rgb(0,0,0);white-space:pre=
-wrap">should be disconnected.</span></div></span><span class=3D"gmail-im">=
<div><span style=3D"color:rgb(0,0,0);white-space:pre-wrap"><br></span></div=
><div><span style=3D"color:rgb(0,0,0);white-space:pre-wrap">&gt;&gt; </span=
>However, if the child has confirmed parents, they must not be in the packa=
ge.</div><div><br></div></span><div><span style=3D"color:rgb(0,0,0);white-s=
pace:pre-wrap">&gt; If my naive understanding is correct, this means things=
 like otherwise common situations such as a new block will result in discon=
nects, say when</span></div><div><span style=3D"color:rgb(0,0,0);white-spac=
e:pre-wrap">&gt; the sender doesn&#39;t hear about a new block which makes =
the relay package superfluous/irrelevant. </span><span style=3D"color:rgb(0=
,0,0);white-space:pre-wrap">Similar would be disconnection</span><span styl=
e=3D"color:rgb(0,0,0);white-space:pre-wrap"></span><div><span style=3D"colo=
r:rgb(0,0,0);white-space:pre-wrap">&gt; when confirmed gets turned into unc=
onfirmed, but those situations are extremely uncommon. The other rules are =
entirely under the control</span></div><div><span style=3D"color:rgb(0,0,0)=
;white-space:pre-wrap">&gt; of the sender, which leads me to wonder if it&#=
39;s appropriate.</span></div></div><div><span style=3D"color:rgb(0,0,0);wh=
ite-space:pre-wrap"><br></span></div><div><span style=3D"color:rgb(0,0,0);w=
hite-space:pre-wrap">This is why the &quot;pckginfo1&quot; message includes=
 the blockhash at which the package was defined.</span></div><div><span sty=
le=3D"color:rgb(0,0,0);white-space:pre-wrap"><span style=3D"color:rgb(0,0,0=
);white-space:pre-wrap">Also please see Clarifications - &quot;Q: What if a=
 new block arrives in between messages?&#39;&#39; section in the v1-package=
s portion. It covers both cases, i.e. a transaction going from unconfirmed-=
&gt;confirmed and confirmed-&gt;unconfirmed in a reorg.</span></span></div>=
<div><span style=3D"color:rgb(0,0,0);white-space:pre-wrap"><br></span></div=
><div><span style=3D"color:rgb(0,0,0);white-space:pre-wrap">In case anybody=
 is wondering &quot;why don&#39;t we just allow confirmed parents?&quot;: S=
ince we validate based on the UTXO set, when we see a recently-confirmed tr=
ansaction, it just looks like it spends nonexistent inputs. In these cases,=
 we don&#39;t really know if the input was recently spent in a block or jus=
t never existed, unless we plan on looking up transactions in past blocks. =
We do some guesswork when <span style=3D"color:rgb(0,0,0);white-space:pre-w=
rap">we deal with new blocks in normal transaction relay (e.g. we requested=
 the tx before a block arrived): </span><a href=3D"https://github.com/bitco=
in/bitcoin/blob/d5d40d59f8d12cf53c5ad1ce9710f3f108cec386/src/validation.cpp=
#L780-L784">https://github.com/bitcoin/bitcoin/blob/d5d40d59f8d12cf53c5ad1c=
e9710f3f108cec386/src/validation.cpp#L780-L784</a></span></div><div><span s=
tyle=3D"color:rgb(0,0,0);white-space:pre-wrap">I believe it&#39;s cleaner t=
o just explicitly say which blockhash you&#39;re on to avoid confusion.<br>=
</span></div><div><span style=3D"color:rgb(0,0,0);white-space:pre-wrap"><br=
></span></div><div><span style=3D"color:rgb(0,0,0);white-space:pre-wrap">Th=
anks,</span></div><div><span style=3D"color:rgb(0,0,0);white-space:pre-wrap=
">Gloria<br></span></div></div></div><br><div class=3D"gmail_quote"><div di=
r=3D"ltr" class=3D"gmail_attr">On Tue, May 17, 2022 at 1:56 PM Greg Sanders=
 &lt;<a href=3D"mailto:gsanders87@gmail.com">gsanders87@gmail.com</a>&gt; w=
rote:<br></div><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0p=
x 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir=
=3D"ltr">Hi Gloria,<div><br></div><div>Thanks for working on this important=
 proposal!</div><div><br></div><div>Still a lot to digest, but I just had o=
n area of comment/question:</div><div><br></div><div>&gt;=C2=A0<span style=
=3D"color:rgb(0,0,0);white-space:pre-wrap">A child-with-unconfirmed-parents=
 package sent between nodes must abide </span><span style=3D"color:rgb(0,0,=
0);white-space:pre-wrap">by the rules below, otherwise the package is malfo=
rmed and the sender </span><span style=3D"color:rgb(0,0,0);white-space:pre-=
wrap">should be disconnected.</span></div><div><span style=3D"color:rgb(0,0=
,0);white-space:pre-wrap"><br></span></div><div><span style=3D"color:rgb(0,=
0,0);white-space:pre-wrap">&gt; </span>However, if the child has confirmed =
parents, they must not be in the package.</div><div><br></div><div><span st=
yle=3D"color:rgb(0,0,0);white-space:pre-wrap">If my naive understanding is =
correct, this means things like otherwise common situations such as a new b=
lock will result in disconnects, say when</span></div><div><span style=3D"c=
olor:rgb(0,0,0);white-space:pre-wrap">the sender doesn&#39;t hear about a n=
ew block which makes the relay package superfluous/irrelevant. Similar woul=
d be disconnection</span></div><div><span style=3D"color:rgb(0,0,0);white-s=
pace:pre-wrap">when confirmed gets turned into unconfirmed, but those situa=
tions are extremely uncommon. The other rules are entirely under the contro=
l</span></div><div><span style=3D"color:rgb(0,0,0);white-space:pre-wrap">of=
 the sender, which leads me to wonder if it&#39;s appropriate.</span></div>=
<div><span style=3D"color:rgb(0,0,0);white-space:pre-wrap"><br></span></div=
><div><span style=3D"white-space:pre-wrap;color:rgb(0,0,0)">Cheers,</span><=
br></div><div><font color=3D"#000000"><span style=3D"white-space:pre-wrap">=
Greg</span></font></div></div><br><div class=3D"gmail_quote"><div dir=3D"lt=
r" class=3D"gmail_attr">On Tue, May 17, 2022 at 12:09 PM Gloria Zhao via bi=
tcoin-dev &lt;<a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org" targ=
et=3D"_blank">bitcoin-dev@lists.linuxfoundation.org</a>&gt; wrote:<br></div=
><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border=
-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir=3D"ltr">Hi ever=
ybody,<br><br>I=E2=80=99m writing to propose a set of p2p protocol changes =
to enable package<br>relay, soliciting feedback on the design and approach.=
 Here is a link<br>to the most up-to-date proposal:<br><br><a href=3D"https=
://github.com/bitcoin/bips/pull/1324" target=3D"_blank">https://github.com/=
bitcoin/bips/pull/1324</a><br><br>If you have concept or approach feedback,=
 *please respond on the<br>mailing list* to allow everybody to view and par=
ticipate in the<br>discussion. If you find a typo or inaccurate wording, pl=
ease feel free<br>to leave suggestions on the PR.<br><br>I=E2=80=99m also w=
orking on an implementation for Bitcoin Core.<br><div><br></div><div><br></=
div>The rest of this post will include the same contents as the proposal,<b=
r>with a bit of reordering and additional context. If you are not 100%<br>u=
p-to-date on package relay and find the proposal hard to follow, I<br><div>=
hope you find this format more informative and persuasive.</div><div><br></=
div><br>=3D=3DBackground and Motivation=3D=3D<br><br>Users may create and b=
roadcast transactions that depend upon, i.e.<br>spend outputs of, unconfirm=
ed transactions. A =E2=80=9Cpackage=E2=80=9D is the<br>widely-used term for=
 a group of transactions representable by a<br>connected Directed Acyclic G=
raph (where a directed edge exists between<br>a transaction that spends the=
 output of another transaction).<br><br>Incentive-compatible mempool and mi=
ner policies help create a fair,<br>fee-based market for block space. While=
 miners maximize transaction<br>fees in order to earn higher block rewards,=
 non-mining users<br>participating in transaction relay reap many benefits =
from employing<br>policies that result in a mempool with the same contents,=
 including<br>faster compact block relay and more accurate fee estimation.<=
br>Additionally, users may take advantage of mempool and miner policy to<br=
>bump the priority of their transactions by attaching high-fee<br>descendan=
ts (Child Pays for Parent or CPFP).=C2=A0 Only considering<br>transactions =
one at a time for submission to the mempool creates a<br>limitation in the =
node&#39;s ability to determine which transactions have<br>the highest feer=
ates, since it cannot take into account descendants<br>until all the transa=
ctions are in the mempool. Similarly, it cannot<br>use a transaction&#39;s =
descendants when considering which of two<br>conflicting transactions to ke=
ep (Replace by Fee or RBF).<br><br>When a user&#39;s transaction does not m=
eet a mempool&#39;s minimum feerate<br>and they cannot create a replacement=
 transaction directly, their<br>transaction will simply be rejected by this=
 mempool. They also cannot<br>attach a descendant to pay for replacing a co=
nflicting transaction.<br>This limitation harms users&#39; ability to fee-b=
ump their transactions.<br>Further, it presents a security issue in contrac=
ting protocols which<br>rely on **presigned**, time-sensitive transactions =
to prevent cheating<br>(HTLC-Timeout in LN Penalty [1] [2] [3], Unvault Can=
cel in Revault<br>[4], Refund Transaction in Discreet Log Contracts [5], Up=
dates in<br>eltoo [6]). In other words, a key security assumption of many<b=
r>contracting protocols is that all parties can propagate and confirm<br>tr=
ansactions in a timely manner.<br><br>In the past few years, increasing att=
ention [0][1][2][3][6] has been<br>brought to **pinning attacks**, a type o=
f censorship in which the<br>attacker uses mempool policy restrictions to p=
revent a transaction<br>from being relayed or getting mined.=C2=A0 TLDR: re=
vocation transactions<br>must meet a certain confirmation target to be effe=
ctive, but their<br>feerates are negotiated well ahead of broadcast time. I=
f the<br>forecasted feerate was too low and no fee-bumping options are<br>a=
vailable, attackers can steal money from their counterparties. I walk<br>th=
rough a concrete example for stealing Lightning HTLC outputs at<br>~23:58 i=
n this talk [7][8].=C2=A0 Note that most attacks are only possible<br>when =
the market for blockspace at broadcast time =C2=A0demands much higher<br>fe=
erates than originally anticipated at signing time. Always<br>overestimatin=
g fees may sidestep this issue temporarily (while mempool<br>traffic is low=
 and predictable), but this solution is not foolproof<br>and wastes users&#=
39; money. The feerate market can change due to sudden<br>spikes in traffic=
 (e.g. huge 12sat/vB dump a few days ago [9]) or<br>sustained, high volume =
of Bitcoin payments (e.g.=C2=A0 April 2021 and<br>December 2017).<br><br>Th=
e best solution is to enable nodes to consider packages of<br>transactions =
as a unit, e.g. one or more low-fee parent transactions<br>with a high-fee =
child, instead of separately. A package-aware mempool<br>policy can help de=
termine if it would actually be economically<br>rational to accept a transa=
ction to the mempool if it doesn&#39;t meet fee<br>requirements individuall=
y. Network-wide adoption of these policies<br>would create a more purely-fe=
erate-based market for block space and<br>allow contracting protocols to ad=
just fees (and therefore mining<br>priority) at broadcast time.=C2=A0 Some =
support for packages has existed in<br>Bitcoin Core for years. Since v0.13,=
 Bitcoin Core has used ancestor<br>packages instead of individual transacti=
ons to evaluate the incentive<br>compatibility of transactions in the mempo=
ol [10] and select them for<br>inclusion in blocks [11].<br><br>Package Rel=
ay, the concept of {announcing, requesting, downloading}<br>packages betwee=
n nodes on the p2p network, has also been discussed for<br>many years. The =
earliest public mention I can find is from 2015 [12].<br>The two most commo=
n use cases for package relay are fee-bumping<br>otherwise-too-low-fee tran=
sactions and reducing the amount of orphans.<br>It seems uncontroversial to=
 say that everybody desires package relay<br>conceptually, with varying deg=
rees of urgency. Lots of work has been<br>done by others over the past few =
years, from which I&#39;ve taken<br>inspiration from [13][14][15][16].<br><=
br>My approach has been to split the project into two components: (1) Packa=
ge<br>Mempool Accept, which includes validation logic and mempool policy.<b=
r>(3) Package Relay, which includes the p2p protocol changes.<br><br>Progre=
ss so far:<br>After discussions with various developers of contracting prot=
ocols<br>(with heavier emphasis towards LN), it was determined that a<br>pa=
ckage containing a child with all of its unconfirmed parents<br>(child-with=
-unconfirmed-parents or 1-child-multi-parent package) would<br>be sufficien=
t for their use case, i.e. fee-bumping presigned<br>transactions. A child-w=
ith-unconfirmed-parents package has several<br>properties that make many th=
ings easier to reason about.<br><br>A few months ago, I proposed a set of p=
olicies for safe package<br>validation and fee assessment for packages of t=
his restricted<br><div>topology [17]. A series of PRs implementing this pro=
posal have</div><div>been merged into Bitcoin Core [18].<br></div><br>Theor=
etically, developing a safe and incentive-compatible package<br>mempool acc=
eptance policy is sufficient to solve this issue. Nodes<br>could opportunis=
tically accept packages (e.g. by trying combinations<br>of transactions rej=
ected from their mempools), but this practice would<br>likely be inefficien=
t at best and open new Denial of Service attacks<br>at worst. Additional p2=
p messages may enable nodes to request and<br>share package validation-rela=
ted information with one another in a<br>more communication-efficient way.<=
br><br>Given that only package RBF remains for package mempool accept, and =
we<br>can make progress on p2p and mempool in parallel, I think it=E2=80=99=
s<br>appropriate to put forward a package relay proposal.<br><br>=3D=3DProp=
osal=3D=3D<br><br>This proposal contains 2 components: a =E2=80=9Cgeneric=
=E2=80=9D package relay<br>protocol and an extension of it, child-with-unco=
nfirmed-parents<br>packages, as version 1 package relay. Another version of=
 packages,<br>=E2=80=9Ctx-with-unconfirmed-ancestors=E2=80=9D can be create=
d to extend package relay<br>for eliminating orphans.<br><br>=3D=3D=3DGener=
ic Package Relay=3D=3D=3D<br><br>Two main ideas are introduced:<br><br>Down=
load and validate packages of transactions together.<br><br>Provide informa=
tion to help peers decide whether to request and/or how<br>to validate tran=
sactions which are part of a package.<br><br>=3D=3D=3D=3DIntended Protocol =
Flow=3D=3D=3D=3D<br><br>Due to the asynchronous nature of a distributed tra=
nsaction relay<br>network, nodes may not receive all of the information nee=
ded to<br>validate a transaction at once. For example, after a node complet=
es<br>Initial Block Download (IBD) and first starts participating in<br>tra=
nsaction relay with an empty mempool, it is common to receive<br>orphans. I=
n such scenarios where a node is aware that it is missing<br>information, a=
 &#39;&#39;receiver-initiated&#39;&#39; dialogue is appropriate:<br><br>1. =
Receiver requests package information.<br><br>2. The sender provides packag=
e information, including the wtxids of<br>=C2=A0 =C2=A0the transactions in =
the package and anything else that might be<br>relevant (e.g. total fees an=
d size).<br><br>3. The reciever uses the package information to decide how =
to request<br>=C2=A0 =C2=A0and validate the transactions.<br><br>Sometimes,=
 no matter what order transactions are received by a node,<br>validating th=
em individually is insufficient. When the sender is aware<br>of additional =
information that the receiver needs to accept a package,<br>a proactive =
9;&#39;sender-initiated&#39;&#39; dialogue should be enabled:<br><br>1. Sen=
der announces they have package information pertaining to a<br>=C2=A0 =C2=
=A0transaction that might otherwise be undesired on its own.<br><br>2. The =
receiver requests package information.<br><br>3. The sender provides packag=
e information, including the wtxids of<br>=C2=A0 =C2=A0the transactions in =
the package and anything else that might be<br>relevant (e.g. total fees an=
d size).<br><br>4. The reciever uses the package information to decide how =
to request<br>=C2=A0 =C2=A0and validate the transactions.<br><br>Package re=
lay is negotiated between two peers during the version<br>handshake. Packag=
e relay requires both peers to support wtxid-based<br>relay because package=
 transactions are referenced by their wtxid.<br><br>=3D=3D=3D=3DNew Message=
s=3D=3D=3D=3D<br><br>Three new protocol messages are added for use in any v=
ersion of<br>package relay. Additionally, each version of package relay mus=
t define<br>its own inv type and &quot;pckginfo&quot; message version, refe=
rred to in this<br>document as &quot;MSG_PCKG&quot; and &quot;pckginfo&quot=
; respectively. See<br>BIP-v1-packages for a concrete example.<br><br>=3D=
=3D=3D=3D=3Dsendpackages=3D=3D=3D=3D=3D<br><br>{|<br>| =C2=A0Field Name =C2=
=A0|| =C2=A0Type =C2=A0|| =C2=A0Size =C2=A0|| =C2=A0Purpose<br>|-<br>|versi=
on || uint32_t || 4 || Denotes a package version supported by the node.<br>=
|-<br>|max_count || uint32_t || 4 ||Specifies the maximum number of transac=
tions per package this node is<br>willing to accept.<br>|-<br>|max_weight |=
| uint32_t || 4 ||Specifies the maximum total weight per package this node =
is willing<br>to accept.<br>|-<br>|}<br><br>1. The &quot;sendpackages&quot;=
 message has the structure defined above, with<br>=C2=A0 =C2=A0pchCommand =
=3D=3D &quot;sendpackages&quot;.<br><br>2. During version handshake, nodes =
should send a &quot;sendpackages&quot;<br>=C2=A0 =C2=A0message indicate the=
y support package relay and may request<br>packages.<br><br>3. The message =
should contain a version supported by the node. Nodes<br>=C2=A0 =C2=A0shoul=
d send a &quot;sendpackages&quot; message for each version they support.<br=
><br>4. The &quot;sendpackages&quot; message MUST be sent before sending a =
&quot;verack&quot;<br>=C2=A0 =C2=A0message. If a &quot;sendpackages&quot; m=
essage is received afer &quot;verack&quot;, the<br>sender should be disconn=
ected.<br><br>5. If &#39;fRelay=3D=3Dfalse&#39; in a peer&#39;s version mes=
sage, the node must not<br>=C2=A0 =C2=A0send &quot;sendpackages&quot; to th=
em. If a &quot;sendpackages&quot; message is<br>received by a peer after se=
nding `fRelay=3D=3Dfalse` in their version<br>message, the sender should be=
 disconnected.<br><br>6.. Upon receipt of a &quot;sendpackages&quot; messag=
e with a version that is<br>not supported, a node must treat the peer as if=
 it never received the<br>message.<br><br>7. If both peers send &quot;wtxid=
relay&quot; and &quot;sendpackages&quot; with the same<br>=C2=A0 =C2=A0vers=
ion, the peers should announce, request, and send package<br>information to=
 each other.<br><br>=3D=3D=3D=3D=3Dgetpckgtxns=3D=3D=3D=3D=3D<br><br>{|<br>=
| =C2=A0Field Name =C2=A0|| =C2=A0Type =C2=A0|| =C2=A0Size =C2=A0|| =C2=A0 =
Purpose<br>|-<br>|txns_length||CompactSize||1 or 3 bytes|| The number of tr=
ansactions requested.<br>|-<br>|txns||List of wtxids||txns_length * 32|| Th=
e wtxids of each transaction in the package.<br>|}<br><br>1. The &quot;getp=
ckgtxns&quot; message has the structure defined above, with<br>=C2=A0 =C2=
=A0pchCommand =3D=3D &quot;getpckgtxns&quot;.<br><br>2. A &quot;getpckgtxns=
&quot; message should be used to request all or some of<br>=C2=A0 =C2=A0the=
 transactions previously announced in a &quot;pckginfo&quot; message,<br>sp=
ecified by witness transactiosome id.<br><br>3. Upon receipt of a &quot;get=
pckgtxns&quot; message, a node must respond with<br>=C2=A0 =C2=A0either a &=
quot;pckgtxns&quot; containing the requested transactions or a<br>&quot;not=
found&quot; message indicating one or more of the transactions is<br>unavai=
lable. This allows the receiver to avoid downloading and storing<br>transac=
tions that cannot be validated immediately.<br><br>4. A &quot;getpckgtxns&q=
uot; message should only be sent if both peers agreed to<br>=C2=A0 =C2=A0se=
nd packages in the version handshake. If a &quot;getpckgtxns&quot; message<=
br>is received from a peer with which package relay was not negotiated,<br>=
the sender should be disconnected.<br><br>=3D=3D=3D=3D=3Dpckgtxns=3D=3D=3D=
=3D=3D<br><br>{|<br>| =C2=A0Field Name =C2=A0|| =C2=A0Type =C2=A0|| =C2=A0S=
ize =C2=A0|| =C2=A0 Purpose<br>|-<br>|txns_length||CompactSize||1 or 3 byte=
s|| The number of transactions provided.<br>|-<br>|txns||List of transactio=
ns||variable|| The transactions in the package.<br>|}<br><br>1. The &quot;p=
ckgtxns&quot; message has the structure defined above, with<br>=C2=A0 =C2=
=A0pchCommand =3D=3D &quot;pckgtxns&quot;.<br><br>2. A &quot;pckgtxns&quot;=
 message should contain the transaction data requested<br>=C2=A0 =C2=A0usin=
g &quot;getpckgtxns&quot;.<br><br>3. A &quot;pckgtxns&quot; message should =
only be sent to a peer that requested<br>=C2=A0 =C2=A0the package using &qu=
ot;getpckgtxns&quot;. If a node receives an unsolicited<br>package, the sen=
der should be disconnected.<br><br>4. A &quot;pckgtxns&quot; message should=
 only be sent if both peers agreed to<br>=C2=A0 =C2=A0send packages in the =
version handshake. If a &quot;pckgtxns&quot; message is<br>received from a =
peer with which package relay was not negotiated, the<br>sender should be d=
isconnected.<br><br>=3D=3D=3DVersion 1 Packages: child-with-unconfirmed-par=
ents=3D=3D=3D =C2=A0<br><br>This extends package relay for packages consist=
ing of one transaction<br>and all of its unconfirmed parents,by defining ve=
rsion 1 packages, a<br>pckginfo1 message, and a MSG_PCKG1 inv type. It enab=
les the use case<br>in which a child pays for its otherwise-too-low-fee par=
ents and their<br>mempool conflict(s).<br><br>=3D=3D=3D=3DIntended Protocol=
 Flow=3D=3D=3D=3D<br><br>When relaying a package of low-fee parent(s) and h=
igh-fee child, the<br>sender and receiver do the following:<br><br>1. Sende=
r announces they have a child-with-unconfirmed-parents package<br>=C2=A0 =
=C2=A0for a child that pays for otherwise-too-low-fee parent(s) using<br>&q=
uot;inv(MSG_PCKG1)&quot;.<br><br>2. The receiver requests package informati=
on using<br>=C2=A0 =C2=A0&quot;getdata(MSG_PCKG1)&quot;.<br><br>3. The send=
er provides package information using &quot;pckginfo1&quot;,<br>=C2=A0 =C2=
=A0including the blockhash of the sender&#39;s best block, the wtxids of<br=
>the transactions in the package, their total fees and total weight.<br><br=
>4. The reciever uses the package information to decide how to request<br>=
=C2=A0 =C2=A0the transactions. For example, if the receiver already has som=
e of<br>the transactions in their mempool, they only request the missing on=
es.<br>They could also decide not to request the package at all based on th=
e<br>fee information provided.<br><br>5. Upon receiving a &quot;pckgtxns&qu=
ot;, the receiver submits the transactions<br>=C2=A0 =C2=A0together as a pa=
ckage.<br><br>=3D=3D=3D=3DNew Messages=3D=3D=3D=3D<br><br>A new inv type, &=
quot;MSG_PCKG1&quot;, and new protocol message, &quot;PCKGINFO1&quot;,<br>a=
re added.<br><br>=3D=3D=3D=3D=3Dpckginfo1=3D=3D=3D=3D=3D<br><br>{|<br>| =C2=
=A0Field Name =C2=A0|| =C2=A0Type =C2=A0|| =C2=A0Size =C2=A0|| =C2=A0 Purpo=
se<br>|-<br>|blockhash || uint256 || 32 || The chain tip at which this pack=
age is defined.<br>|-<br>|pckg_fee||CAmount||4|| The sum total fees paid by=
 all transactions in the package.<br>|-<br>|pckg_weight||int64_t||8|| The s=
um total weight of all transactions in the package.<br>|-<br>|txns_length||=
CompactSize||1 or 3 bytes|| The number of transactions provided.<br>|-<br>|=
txns||List of wtxids||txns_length * 32|| The wtxids of each transaction in =
the package.<br>|}<br><br><br>1. The &quot;pckginfo1&quot; message has the =
structure defined above, with<br>=C2=A0 =C2=A0pchCommand =3D=3D &quot;pckgi=
nfo1&quot;.<br><br>2. A &quot;pckginfo1&quot; message contains information =
about a version 1<br>=C2=A0 =C2=A0package (defined below), referenced by th=
e wtxid of the transaction<br>it pertains to and the current blockhash.<br>=
<br>3. Upon receipt of a &quot;pckginfo1&quot; message, the node should dec=
ide if it<br>=C2=A0 =C2=A0wants to validate the package, request transactio=
n data if<br>necessary, etc.<br><br>4. Upon receipt of a malformed &quot;pc=
kginfo1&quot; message or package that<br>=C2=A0 =C2=A0does not abide by the=
 max_count, max_weight, or other rules<br>specified by the version agreed u=
pon in the initial negotiation, the<br>sender should be disconnected.=C2=A0=
 If a node receives a &quot;pckginfo1&quot;<br>message for which the &quot;=
pckg_fee&quot; or &quot;pckg_weight&quot; do not reflect the<br>true total =
fees and weight, respectively, or the transactions in the<br>package, the m=
essage is malformed.<br><br>5. A node MUST NOT send a &quot;pckginfo1&quot;=
 message that has not been<br>=C2=A0 =C2=A0requested by the recipient. Upon=
 receipt of an unsolicited<br>&quot;pckginfo1&quot;, a node should disconne=
ct the sender.<br><br>6. A &quot;pckginfo1&quot; message should only be sen=
t if both peers agreed to<br>=C2=A0 =C2=A0send version 1 packages in the ve=
rsion handshake. If a &quot;pckginfo1&quot;<br>message is received from a p=
eer with which package relay was not<br>negotiated, the sender should be di=
sconnected.<br><br>=3D=3D=3D=3D=3DMSG_PCKG1=3D=3D=3D=3D=3D<br><br>1. A new =
inv type (MSG_PCKG1 =3D=3D 0x6) is added, for use in inv messages<br>=C2=A0=
 =C2=A0and getdata requests pertaining to version 1 packages.<br><br>2. As =
an inv type, it indicates that both transaction data and version<br>=C2=A0 =
=C2=A01 package information are available for the transaction. The<br>trans=
action is referenced by its wtxid. As a getdata request type, it<br>indicat=
es that the sender wants package information for the<br>transaction.<br><br=
>3. Upon receipt of a &quot;getdata&quot; request for &quot;MSG_PCKG1&quot;=
, the node<br>=C2=A0 =C2=A0should respond with the version 1 package corres=
ponding to the<br>requested transaction and its current chain tip, or with =
NOTFOUND.<br>The node should not assume that the sender is requesting the<b=
r>transaction data as well.<br><br>=3D=3D=3D=3DChild With Parent Packages R=
ules=3D=3D=3D=3D<br><br>A child-with-unconfirmed-parents package sent betwe=
en nodes must abide<br>by the rules below, otherwise the package is malform=
ed and the sender<br>should be disconnected.<br><br>A version 1 or &#39;=
9;child-with-unconfirmed-parents&#39;&#39; package can be<br>defined for an=
y transaction that spends unconfirmed inputs. The child<br>can be thought o=
f as the &quot;representative&quot; of the package. This package<br>can be =
uniquely identified by the transaction&#39;s wtxid and the current<br>chain=
 tip block hash.<br><br>A &#39;&#39;child-with-unconfirmed-parents&#39;&#39=
; package MUST be:<br><br>1. &#39;&#39;Sorted topologically.&#39;&#39; For =
every transaction t in the package,<br>=C2=A0 =C2=A0if any of t&#39;s paren=
ts are present in the package, the parent must<br>appear somewhere in the l=
ist before t. In other words, the<br>transactions must be sorted in ascendi=
ng order of the number of<br>ancestors present in the package.<br><br>2. &#=
39;&#39;Only 1 child with unconfirmed parents.&#39;&#39; The package must c=
onsist<br>=C2=A0 =C2=A0of one transaction and its unconfirmed parents. Ther=
e must not be<br>any other transactions in the package. Other dependency re=
lationships<br>may exist within the package (e.g. one parent may spend the =
output of<br>another parent) provided that topological order is respected.<=
br><br>3. &#39;&#39;All unconfirmed parents.&#39;&#39; All of the child&#39=
;s unconfirmed parents<br>=C2=A0 =C2=A0must be present.<br><br>4. &#39;&#39=
;No conflicts.&#39;&#39; None of the transactions in the package may<br>=C2=
=A0 =C2=A0conflict with each other (i.e. =C2=A0spend the same prevout).<br>=
<br>5. &#39;&#39;Total fees and weight.&#39;&#39; The &#39;total_fee&#39; a=
nd &#39;total_weight&#39;<br>=C2=A0 =C2=A0fields must accurately represent =
the sum total of all transactions&#39;<br>fees and weights as defined in BI=
P141, respectively.<br><br>Not all of the child&#39;s parents must be prese=
nt; the child transaction<br>may also spend confirmed inputs. However, if t=
he child has confirmed<br>parents, they must not be in the package.<br><br>=
While a child-with-unconfirmed-parents package is perhaps most<br>relevant =
when the child has a higher feerate than its parents, this<br>property is n=
ot required to construct a valid package.<br><br>=3D=3D=3D=3DClarifications=
=3D=3D=3D=3D<br><br>&#39;&#39;Q: Under what circumstances should a sender a=
nnounce a<br>child-with-unconfirmed-parents package?&#39;&#39;<br><br>A chi=
ld-with-unconfirmed-parents package for a transaction should be<br>announce=
d when it meets the peer&#39;s fee filter but one or more of its<br>parents=
 don&#39;t; a &quot;inv(MSG_PCKG1)&quot; instead of &quot;inv(WTX)&quot; sh=
ould be sent<br>for the child. Each of the parents which meet the peer&#39;=
s fee filter<br>should still be announced normally.<br><br>&#39;&#39;Q: Wha=
t if a new block arrives in between messages?&#39;&#39;<br><br>A child-with=
-unconfirmed-parents package is defined for a transaction<br>based on the c=
urrent chain state. As such, a new block extending the<br>tip may decrease =
the number of transactions in the package (i.e. if<br>any of the transactio=
n&#39;s parents were included in the block). In a<br>reorg, the number of t=
ransactions in the package may decrease or<br>increase (i.e. if any of the =
transaction&#39;s parents were included in a<br>block in the previous chain=
 but not the new one).<br><br>If the new block arrives before the &quot;get=
data&quot; or &quot;pckginfo1&quot;, nothing<br>needs to change.<br><br>If =
the new block arrives before &quot;getpckgtxns&quot; or before &quot;pckgtx=
ns&quot;,<br>the receiver may need to re-request package information if the=
 block<br>contained a transaction in the package. If the block doesn&#39;t =
contain<br>any transactions in the package, whether it extends the previous=
 tip<br>or causes a reorg, nothing needs to change.<br><br>&#39;&#39;Q: Can=
 &quot;getpckgtxns&quot; and &quot;pckgtxns&quot; messages contain only one=
<br>transaction?&#39;&#39;<br><br>Yes.<br><br>=3D=3D=3DFurther Protocol Ext=
ensions=3D=3D=3D<br><br>When introducing a new type of package, assign it a=
 version number &quot;n&quot;<br>and use an additional &quot;sendpackages&q=
uot; message during version handshake<br>to negotiate support for it. An ad=
ditional package information message<br>&quot;pckginfon&quot; and inv type =
&quot;MSG_PCKGn&quot; should be defined for the type of<br>package.=C2=A0 H=
owever, &quot;getpckgtxns&quot; and &quot;pckgtxns&quot; do not need to be<=
br>changed.<br><br>Example proposal for tx-with-unconfirmed-ancestors packa=
ge relay: [19] <br><br>=3D=3D=3DCompatibility=3D=3D=3D<br><br>Older clients=
 remain fully compatible and interoperable after this<br>change. Clients im=
plementing this protocol will only attempt to send<br>and request packages =
if agreed upon during the version handshake.<br><br>=3D=3D=3DPackage Erlay=
=3D=3D=3D<br><br>Clients using BIP330 reconciliation-based transaction rela=
y (Erlay)<br>are able to use package relay without interference. In fact, a=
 package<br>of transactions may be announced using both Erlay and package r=
elay.<br>After reconciliation, if the initiator would have announced a<br>t=
ransaction by wtxid but also has package information for it, they may<br>se=
nd &quot;inv(MSG_PCKG)&quot; instead of &quot;inv(WTX)&quot;.<br><br>=3D=3D=
=3DRationale=3D=3D=3D<br><br>=3D=3D=3D=3DP2P Message Design=3D=3D=3D=3D<br>=
<br>These p2p messages are added for communication efficiency and, as<br>su=
ch, one should measure alternative solutions based on the resources<br>used=
 to communicate (not necessarily trustworthy) information: We<br>would like=
 to minimize network bandwidth, avoid downloading a<br>transaction more tha=
n once, avoid downloading transactions that are<br>eventually rejected, and=
 minimize storage allocated for<br>not-yet-validated transactions.<br><br>C=
onsider these (plausible) scenarios in transaction relay:<br><br>Alice (the=
 &quot;sender&quot;) is relaying transactions to Bob (the &quot;receiver&qu=
ot;).<br>Alice&#39;s mempool has a minimum feerate of 1sat/vB and Bob&#39;s=
 has a<br>minimum feerate of 3sat/vB. For simplicity, all transactions are<=
br>1600Wu in virtual size and 500 bytes in serialized size. Apart from<br>t=
he spending relationships specified, all other inputs are from<br>confirmed=
 UTXOs.<br><br>1. Package {A, B} where A pays 0 satoshis and B pays 8000 sa=
toshis in<br>=C2=A0 =C2=A0fees.<br><br>2. Package {C, D} where C pays 0 sat=
oshis and D pays 1200 satoshis in<br>=C2=A0 =C2=A0fees.<br><br>3. Package {=
E, F, G, H, J} that pays 4000, 8000, 0, 2000, and 4000<br>=C2=A0 =C2=A0sato=
shis in fees, respectively.<br><br>=3D=3D=3D=3DAlternative Designs Consider=
ed=3D=3D=3D=3D<br><br>&#39;&#39;Package Information Only:&#39;&#39; Just ha=
ving &quot;pckginfo&quot; gives enough<br>information for the receiver to a=
ccept the package. Omit the<br>&quot;getpckgtxns&quot; and &quot;pckgtxns&q=
uot; messages. While this option is a good<br>fallback if batched transacti=
on download fails for some reason, it<br>shouldn&#39;t be used as the defau=
lt because it &#39;always&#39; requires storage<br>of unvalidated transacti=
ons.<br><br>&#39;&#39;No Package Information Round:&#39;&#39; Instead of ha=
ving a package<br>information round, just use the child&#39;s wtxid to refe=
r to the package<br>and always send the entire package together. This would=
 cause nodes to<br>redownload duplicate transactions.<br><br>I have also cr=
eated a slidedeck exploring various alternative designs<br>and some example=
s in which they fall flat [20]. Please feel free to<br>suggest other altern=
atives.<br><br>=3D=3D=3D=3DVersioning System=3D=3D=3D=3D<br><br>This protoc=
ol should be extensible to support multiple types of<br>packages based on f=
uture desired use cases. Two &quot;flavors&quot; of<br>versioning were cons=
idered:<br><br>1. When package mempool acceptance is upgraded to support mo=
re types<br>=C2=A0 =C2=A0of packages, increment the version number (similar=
 to Erlay).<br>During version handshake, peers negotiate which version of p=
ackage<br>relay they will use by each sending one &quot;sendpackages&quot; =
message.<br><br>2. When introducing another type of package, assign a versi=
on number<br>=C2=A0 =C2=A0to it and announce it as an additional supported =
version (similar<br>to Compact Block Relay). During version handshake, peer=
s send one<br>&quot;sendpackages&quot; message for each version supported.<=
br><br>The second option was favored because it allows different parameters=
<br>for different versions.=C2=A0 For example, it should be possible to sup=
port<br>both &quot;arbitrary topology but maximum 3-transaction&quot; packa=
ge as well as<br>&quot;child-with-unconfirmed-parents with default mempool =
ancestor limits&quot;<br>packages simultaneously.<br><br>=3D=3DAcknowledgem=
ents=3D=3D<br><br>I hope to have made it abundantly clear that this proposa=
l isn=E2=80=99t<br>inventing the concept of package relay, and in fact buil=
ds upon years<br>of work by many others, including Suhas Daftuar and Antoin=
e Riard.<br><br>Thank you to John Newbery and Martin Zumsande for input on =
the design.<br><br>Thank you to Matt Corallo, Christian Decker, David Hardi=
ng, Antoine<br>Poinsot, Antoine Riard, Gregory Sanders, Chris Stewart, Bast=
ien<br>Teinturier, and others for input on the desired interface for<br>con=
tracting protocols.<br><br><div>Looking forward to hearing your thoughts!</=
div><div><br></div><div>Best,</div><div>Gloria<br></div><div><br></div>[0]:=
 <a href=3D"https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2022-Ja=
nuary/019817.html" target=3D"_blank">https://lists.linuxfoundation.org/pipe=
rmail/bitcoin-dev/2022-January/019817.html</a><br>[1]: <a href=3D"https://l=
ists.linuxfoundation.org/pipermail/lightning-dev/2020-April/002639.html" ta=
rget=3D"_blank">https://lists.linuxfoundation.org/pipermail/lightning-dev/2=
020-April/002639.html</a><br>[2]: <a href=3D"https://lists.linuxfoundation.=
org/pipermail/lightning-dev/2020-June/002758.html" target=3D"_blank">https:=
//lists.linuxfoundation.org/pipermail/lightning-dev/2020-June/002758.html</=
a><br>[3]: <a href=3D"https://github.com/t-bast/lightning-docs/blob/master/=
pinning-attacks.md" target=3D"_blank">https://github.com/t-bast/lightning-d=
ocs/blob/master/pinning-attacks.md</a><br>[4]: <a href=3D"https://github.co=
m/revault/practical-revault/blob/master/transactions.md#cancel_tx" target=
=3D"_blank">https://github.com/revault/practical-revault/blob/master/transa=
ctions.md#cancel_tx</a><br>[5]: <a href=3D"https://github.com/discreetlogco=
ntracts/dlcspecs/blob/master/Transactions.md#refund-transaction" target=3D"=
_blank">https://github.com/discreetlogcontracts/dlcspecs/blob/master/Transa=
ctions.md#refund-transaction</a><br>[6]: <a href=3D"https://gist.github.com=
/instagibbs/60264606e181451e977e439a49f69fe1" target=3D"_blank">https://gis=
t.github.com/instagibbs/60264606e181451e977e439a49f69fe1</a><br>[7]: <a hre=
f=3D"https://btctranscripts.com/adopting-bitcoin/2021/2021-11-16-gloria-zha=
o-transaction-relay-policy/#lightning-attacks" target=3D"_blank">https://bt=
ctranscripts.com/adopting-bitcoin/2021/2021-11-16-gloria-zhao-transaction-r=
elay-policy/#lightning-attacks</a><br>[8]: <a href=3D"https://youtu.be/fbWS=
QvJjKFs?t=3D1438" target=3D"_blank">https://youtu.be/fbWSQvJjKFs?t=3D1438</=
a><br>[9]: <a href=3D"https://www.reddit.com/r/Bitcoin/comments/unew4e/look=
s_like_70_mvb_of_transactions_just_got_dumped/" target=3D"_blank">https://w=
ww.reddit.com/r/Bitcoin/comments/unew4e/looks_like_70_mvb_of_transactions_j=
ust_got_dumped/</a><br>[10]: <a href=3D"https://github.com/bitcoin/bitcoin/=
pull/7594" target=3D"_blank">https://github.com/bitcoin/bitcoin/pull/7594</=
a><br>[11]: <a href=3D"https://github.com/bitcoin/bitcoin/pull/7600" target=
=3D"_blank">https://github.com/bitcoin/bitcoin/pull/7600</a><br>[12]: <a hr=
ef=3D"https://github.com/bitcoin/bitcoin/pull/6455#issuecomment-122716820" =
target=3D"_blank">https://github.com/bitcoin/bitcoin/pull/6455#issuecomment=
-122716820</a><br>[13]: <a href=3D"https://gist.github.com/sdaftuar/8756699=
bfcad4d3806ba9f3396d4e66a" target=3D"_blank">https://gist.github.com/sdaftu=
ar/8756699bfcad4d3806ba9f3396d4e66a</a><br>[14]: <a href=3D"https://github.=
com/bitcoin/bitcoin/issues/14895" target=3D"_blank">https://github.com/bitc=
oin/bitcoin/issues/14895</a><br>[15]: <a href=3D"https://github.com/bitcoin=
/bitcoin/pull/16401" target=3D"_blank">https://github.com/bitcoin/bitcoin/p=
ull/16401</a><br>[16]: <a href=3D"https://github.com/bitcoin/bitcoin/pull/1=
9621" target=3D"_blank">https://github.com/bitcoin/bitcoin/pull/19621</a><b=
r>[17]: <a href=3D"https://lists.linuxfoundation.org/pipermail/bitcoin-dev/=
2021-September/019464.html" target=3D"_blank">https://lists.linuxfoundation=
.org/pipermail/bitcoin-dev/2021-September/019464.html</a><br>[18]: <a href=
=3D"https://github.com/users/glozow/projects/5/views/4?layout=3Dboard" targ=
et=3D"_blank">https://github.com/users/glozow/projects/5/views/4?layout=3Db=
oard</a><br>[19]: <a href=3D"https://gist.github.com/glozow/9b321cd3ef65051=
35c763112033ff2a7" target=3D"_blank">https://gist.github.com/glozow/9b321cd=
3ef6505135c763112033ff2a7</a><br>[20]: <a href=3D"https://docs.google.com/p=
resentation/d/1B__KlZO1VzxJGx-0DYChlWawaEmGJ9EGApEzrHqZpQc/edit?usp=3Dshari=
ng" target=3D"_blank">https://docs.google.com/presentation/d/1B__KlZO1VzxJG=
x-0DYChlWawaEmGJ9EGApEzrHqZpQc/edit?usp=3Dsharing</a></div>
_______________________________________________<br>
bitcoin-dev mailing list<br>
<a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org" target=3D"_blank">=
bitcoin-dev@lists.linuxfoundation.org</a><br>
<a href=3D"https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev" =
rel=3D"noreferrer" target=3D"_blank">https://lists.linuxfoundation.org/mail=
man/listinfo/bitcoin-dev</a><br>
</blockquote></div>
</blockquote></div>

--0000000000000a309d05df3b3a2f--