Return-Path: Received: from smtp3.osuosl.org (smtp3.osuosl.org [140.211.166.136]) by lists.linuxfoundation.org (Postfix) with ESMTP id 66402C000E for ; Tue, 22 Jun 2021 18:26:54 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp3.osuosl.org (Postfix) with ESMTP id 50A3360854 for ; Tue, 22 Jun 2021 18:26:54 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org X-Spam-Flag: NO X-Spam-Score: -1.098 X-Spam-Level: X-Spam-Status: No, score=-1.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, FREEMAIL_REPLY=1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no Authentication-Results: smtp3.osuosl.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from smtp3.osuosl.org ([127.0.0.1]) by localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id M6y2HL5TSR7y for ; Tue, 22 Jun 2021 18:26:52 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.8.0 Received: from mail-ej1-x62d.google.com (mail-ej1-x62d.google.com [IPv6:2a00:1450:4864:20::62d]) by smtp3.osuosl.org (Postfix) with ESMTPS id 9FBC460839 for ; Tue, 22 Jun 2021 18:26:52 +0000 (UTC) Received: by mail-ej1-x62d.google.com with SMTP id ji1so29904963ejc.4 for ; Tue, 22 Jun 2021 11:26:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=SMVdLEupHLCG7aTqdEEq6OXITBWOfHITA1VPuUAEPMw=; b=m7ZRCKP5yDGwhcn5r2NOiSaTtkhVw8DdB9kZEac9+SApHC7thNaec9V53oXnueaYRp bS9AqL95hjSUJPBTg/2MdcSf3uIekw4zdu2fc4NPR2DHCWSjP1ZTVAsa4D0qNnh4+Upv rNch9jmeGzp9Zx6AZbTBlgHIsGSF609M57iHViva6sdbrFReTpFAWI8nMW+iw6Hw+tGR l3eO2uJe8dx5+YVBKqIWSRhTJNnxoh5BgZqeJcUqf1oGbH3H2t3ne6BgMhZkJVmdbK20 j3aarxOvHDAq18j83QH5JZd6XM7qIt3J3kWcLizJd3jhPjzAQAFpElhwtJvp6BdO5Nkz +P/Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=SMVdLEupHLCG7aTqdEEq6OXITBWOfHITA1VPuUAEPMw=; b=MvyvaX78Qr2oI922z9Cpu5oYsG2CeE4XgMHAbNLAkgAjMRAxnS4fgnBIvOzFfAxWOi X7GJo/OdcQL6THEcFjxhGkDaK1a43vTKicqZSGfgx3mCPW6smVGJgzPP8qjN3Q2TQRhM Yt/52YhM4pVIFQ18b9E7PnpcoOWBxyB+TM4sTJG5I4SLoeN0SEBHvzVlgVCyOYsU3MoF n6jiSYVEL6wISc9VRm+2wKxrq0XSm2ExbXAUTPVL9fP8dpaBYeLjmSi6sMWRlvwxYBsM ISUJxD6pzYR+NZsYwOSP5+CQxe6AW4K33/mXN/abFjXrVQz5MJ4Mzf/lP0Zs2b53KRia mZRg== X-Gm-Message-State: AOAM531Vbk3ULX1wb/57zHvjsx9KtoGMvK3V8YVK8PWh5jzNNzsXXcyt tV48eON8Ch+y7FhfEmgfyW3gYVdOFS1TQmvZcr0= X-Google-Smtp-Source: ABdhPJzOgTPjFfOaHjc8bW6Q7JQiO6HSJO83z5TFOKgtYnLeT9zxrAHqkbWlnKsqZaE1+jwroIjBRiVpuQanNKKLuSA= X-Received: by 2002:a17:907:9622:: with SMTP id gb34mr5379322ejc.401.1624386410702; Tue, 22 Jun 2021 11:26:50 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Billy Tetrud Date: Tue, 22 Jun 2021 11:26:34 -0700 Message-ID: To: Michael Folkson Content-Type: multipart/alternative; boundary="000000000000fcf06a05c55eee38" X-Mailman-Approved-At: Wed, 23 Jun 2021 02:51:37 +0000 Cc: Bitcoin Protocol Discussion Subject: Re: [bitcoin-dev] =?utf-8?q?Tuesday=E2=80=99s_IRC_workshop_on_L2_onch?= =?utf-8?q?ain_support?= X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 Jun 2021 18:26:54 -0000 --000000000000fcf06a05c55eee38 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable > where is the current network fee rate obtained from and how is it fed into the script? It could be obtained as something like the median transaction fee rate over a window of X blocks. Its something any full node could easily keep track of. And as long as hour-level or day-level granularity is acceptable, I wouldn't think there'd be any need to incorporate mempool information (if that were even possible without introducing new attack vectors). Let me know if this isn't an appropriate thread to discuss this in. On Tue, Jun 22, 2021 at 11:21 AM Michael Folkson wrote: > Hey Billy > > No, fee sensitive timelocks weren't discussed at any length in the > workshop. The workshops are obviously time limited but if they spur > future discussion and drafted proposals (whether they need soft forks > or not) outside of the workshops that would be great. This idea was > raised in the meeting by Ruben Somsen so maybe Ruben has given them > some thought. Making timelocks conditional on the current fee rate > seems challenging to me (where is the current network fee rate > obtained from and how is it fed into the script?) but I haven't > sketched out exactly how they would work. > > A reminder that the second workshop (on package relay and fee bumping) > starts at 19:00 UTC today (30 minutes after I've sent this, there may > be a delay before it is published to the mailing list). > > Thanks > Michael > > On Tue, Jun 22, 2021 at 7:02 PM Billy Tetrud > wrote: > > > > Thanks for the Summary Michael! > > > > It seems like fee-sensitive timelocks weren't discussed too much in the > workshop, unless I'm missing something. I also don't see any downside to = it > discussed (other than that it needs a soft-fork). It seems like that woul= d > be a great way to substantially increase the resilience of the LN to > temporary periods of fee congestion, even potentially long-running period= s > that last weeks. It might even help in non-temporary fee market increases > by giving participants extra time to use some fee-bumping technique to > close or restructure their channels to compensate for the elevated fee > market. > > > > On Thu, Jun 17, 2021 at 1:16 PM Michael Folkson via bitcoin-dev < > bitcoin-dev@lists.linuxfoundation.org> wrote: > >> > >> The workshop was previously announced by ariard on the bitcoin-dev > >> mailing list here: > >> > https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2021-April/018841= .html > >> > >> A reminder was posted to the bitcoin-dev mailing list here: > >> > https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2021-June/019068.= html > >> > >> The conversation log for the workshop is here: > >> https://gist.github.com/ariard/5f28dffe82ddad763b346a2344092ba4 > >> > >> I=E2=80=99ll summarize what was discussed during the meeting but pleas= e refer > >> to the L2 zoology repo ariard has set up for background context and > >> additional notes: https://github.com/ariard/L2-zoology > >> > >> General considerations > >> > >> I think it is worth first reiterating the obvious that there will > >> never be perfect security guarantees on network transaction fee rates > >> or transaction relay. Network fee rates can in theory go up to > >> anything (upper limit of infinity) and will always to some degree be > >> inherently unpredictable. In addition transaction acceptance can never > >> be guaranteed even if you attempt a direct connection to a miner. At > >> the same time L2 protocols (e.g. Lightning and DLCs) elevate > >> transaction propagation and inclusion in a time sensitive mined block > >> to a security assumption from what used to just be a usability > >> assumption (BlueMatt). Within those confines these workshops are > >> attempting to strengthen that security assumption knowing that > >> guaranteeing it is out of reach. > >> > >> There are considerations that blocked transaction propagation isn=E2= =80=99t > >> necessarily a problem for the victim if it is also blocked for the > >> attacker. In addition some successful attacks present an opportunity > >> for the victim to divert their funds to miner fees (e.g. scorched > >> earth) ensuring the attacker doesn=E2=80=99t financially benefit from = the > >> attack (harding). Personally I would argue neither of these present > >> much assurance to the victim. Out of conservatism one should assume > >> that the attacker has greater resources than the victim (e.g. a direct > >> line to a miner) and knowing a victim=E2=80=99s lost funds went to the= miner > >> instead of the attacker isn=E2=80=99t of much comfort to the victim (o= ther > >> than potentially presenting a disincentive for the attack in the first > >> place). This is obviously further complicated if the miner is the > >> attacker. In addition any incentive for miners to not mine > >> transactions to wait for a potential pay-all-to-fee are troubling > >> (t-bast). > >> > >> New(ish) ideas > >> > >> RubenSomsen brought up the idea of fee sensitive timelocks, they would > >> need a soft fork. ariard briefly discussed the idea of a transaction > >> relay overlay network. harding stated his opinion that we should be > >> leaning more on miners=E2=80=99 profit incentive rather than attemptin= g to > >> normalize mempool policy (e.g. > >> > https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-April/0026= 64.html > ). > >> t-bast raised the prospect of mining pools exposing public APIs to > >> push them transactions directly. > >> > >> The impact of changes to Bitcoin Core on L2 protocols > >> > >> Some changes to Core (e.g. some privacy improvements) can conflict > >> with the goal of minimizing transaction propagation times. > >> Chris_Stewart_5 raised the idea of a nightly bitcoind build to give L2 > >> developers a way to write regression tests against the latest builds > >> of bitcoind. He added that L2 devs should write automated regression > >> test suites against bitcoind exposed RPC commands. t-bast would like a > >> bitcoind =E2=80=9Cevicttx=E2=80=9D RPC to remove a transaction from th= e mempool on > >> regtest. > >> > >> Full RBF > >> > >> In advance of the workshop ariard posted to the mailing list a > >> proposal for full RBF in a future version of Bitcoin Core: > >> > https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2021-June/019074.= html > >> > >> Progress in this direction has been attempted in the past (e.g. > >> https://github.com/bitcoin/bitcoin/pull/10823) BlueMatt pointed out > >> that even with full RBF it is trivial to create mempool partitions. As > >> long as RBF has a fee rate increase minimum an attacker can trivially > >> split the mempool by broadcasting two conflicting transactions with > >> the same fee. > >> > >> ariard plans to contact businesses (e.g. Lightning onboarding services > >> relying on zero confirmations) to check that this possible eventual > >> move to full RBF doesn=E2=80=99t present a problem for them. There cou= ld well > >> be engineering work required in advance of the possible change being > >> made. > >> > >> Next week=E2=80=99s meeting > >> > >> Next week=E2=80=99s meeting (Tuesday 22nd June, 19:00 UTC, > >> #l2-onchain-support, Libera) will be on fee bumping and package relay > >> that glozow has recently been working to advance in Bitcoin Core. > >> > >> -- > >> Michael Folkson > >> Email: michaelfolkson@gmail.com > >> Keybase: michaelfolkson > >> PGP: 43ED C999 9F85 1D40 EAF4 9835 92D6 0159 214C FEE3 > >> _______________________________________________ > >> bitcoin-dev mailing list > >> bitcoin-dev@lists.linuxfoundation.org > >> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev > > > > -- > Michael Folkson > Email: michaelfolkson@gmail.com > Keybase: michaelfolkson > PGP: 43ED C999 9F85 1D40 EAF4 9835 92D6 0159 214C FEE3 > --000000000000fcf06a05c55eee38 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
>=C2=A0 where is the current network fee rate obtained from and how is it fed into = the script?

It could be obtained as something like the m= edian transaction fee rate over a window of X blocks. Its something any ful= l node could easily keep track of. And as long as hour-level or day-level g= ranularity is acceptable, I wouldn't think there'd be any need to i= ncorporate mempool information (if that were even possible without introduc= ing new attack vectors). Let me know if this isn't an appropriate threa= d to discuss this in.=C2=A0

On Tue, Jun 22, 2021 at 11:21 AM Michael F= olkson <michaelfolkson@gmail= .com> wrote:
Hey Billy

No, fee sensitive timelocks weren't discussed at any length in the
workshop. The workshops are obviously time limited but if they spur
future discussion and drafted proposals (whether they need soft forks
or not) outside of the workshops that would be great. This idea was
raised in the meeting by Ruben Somsen so maybe Ruben has given them
some thought. Making timelocks conditional on the current fee rate
seems challenging to me (where is the current network fee rate
obtained from and how is it fed into the script?) but I haven't
sketched out exactly how they would work.

A reminder that the second workshop (on package relay and fee bumping)
starts at 19:00 UTC today (30 minutes after I've sent this, there may be a delay before it is published to the mailing list).

Thanks
Michael

On Tue, Jun 22, 2021 at 7:02 PM Billy Tetrud <billy.tetrud@gmail.com> wrote:
>
> Thanks for the Summary Michael!
>
> It seems like fee-sensitive timelocks weren't discussed too much i= n the workshop, unless I'm missing something. I also don't see any = downside to it discussed (other than that it needs a soft-fork). It seems l= ike that would be a great way to substantially increase the resilience of t= he LN to temporary periods of fee congestion, even potentially long-running= periods that last weeks. It might even help in non-temporary fee market in= creases by giving participants extra time to use some fee-bumping technique= to close or restructure their channels to compensate for the elevated fee = market.
>
> On Thu, Jun 17, 2021 at 1:16 PM Michael Folkson via bitcoin-dev <bi= tcoin-dev@lists.linuxfoundation.org> wrote:
>>
>> The workshop was previously announced by ariard on the bitcoin-dev=
>> mailing list here:
>> https://lists= .linuxfoundation.org/pipermail/bitcoin-dev/2021-April/018841.html
>>
>> A reminder was posted to the bitcoin-dev mailing list here:
>> https://lists.= linuxfoundation.org/pipermail/bitcoin-dev/2021-June/019068.html
>>
>> The conversation log for the workshop is here:
>> https://gist.github.com/aria= rd/5f28dffe82ddad763b346a2344092ba4
>>
>> I=E2=80=99ll summarize what was discussed during the meeting but p= lease refer
>> to the L2 zoology repo ariard has set up for background context an= d
>> additional notes: https://github.com/ariard/L2-zoology<= /a>
>>
>> General considerations
>>
>> I think it is worth first reiterating the obvious that there will<= br> >> never be perfect security guarantees on network transaction fee ra= tes
>> or transaction relay. Network fee rates can in theory go up to
>> anything (upper limit of infinity) and will always to some degree = be
>> inherently unpredictable. In addition transaction acceptance can n= ever
>> be guaranteed even if you attempt a direct connection to a miner. = At
>> the same time L2 protocols (e.g. Lightning and DLCs) elevate
>> transaction propagation and inclusion in a time sensitive mined bl= ock
>> to a security assumption from what used to just be a usability
>> assumption (BlueMatt). Within those confines these workshops are >> attempting to strengthen that security assumption knowing that
>> guaranteeing it is out of reach.
>>
>> There are considerations that blocked transaction propagation isn= =E2=80=99t
>> necessarily a problem for the victim if it is also blocked for the=
>> attacker. In addition some successful attacks present an opportuni= ty
>> for the victim to divert their funds to miner fees (e.g. scorched<= br> >> earth) ensuring the attacker doesn=E2=80=99t financially benefit f= rom the
>> attack (harding). Personally I would argue neither of these presen= t
>> much assurance to the victim. Out of conservatism one should assum= e
>> that the attacker has greater resources than the victim (e.g. a di= rect
>> line to a miner) and knowing a victim=E2=80=99s lost funds went to= the miner
>> instead of the attacker isn=E2=80=99t of much comfort to the victi= m (other
>> than potentially presenting a disincentive for the attack in the f= irst
>> place). This is obviously further complicated if the miner is the<= br> >> attacker. In addition any incentive for miners to not mine
>> transactions to wait for a potential pay-all-to-fee are troubling<= br> >> (t-bast).
>>
>> New(ish) ideas
>>
>> RubenSomsen brought up the idea of fee sensitive timelocks, they w= ould
>> need a soft fork. ariard briefly discussed the idea of a transacti= on
>> relay overlay network. harding stated his opinion that we should b= e
>> leaning more on miners=E2=80=99 profit incentive rather than attem= pting to
>> normalize mempool policy (e.g.
>> https://lis= ts.linuxfoundation.org/pipermail/lightning-dev/2020-April/002664.html).=
>> t-bast raised the prospect of mining pools exposing public APIs to=
>> push them transactions directly.
>>
>> The impact of changes to Bitcoin Core on L2 protocols
>>
>> Some changes to Core (e.g. some privacy improvements) can conflict=
>> with the goal of minimizing transaction propagation times.
>> Chris_Stewart_5 raised the idea of a nightly bitcoind build to giv= e L2
>> developers a way to write regression tests against the latest buil= ds
>> of bitcoind. He added that L2 devs should write automated regressi= on
>> test suites against bitcoind exposed RPC commands. t-bast would li= ke a
>> bitcoind =E2=80=9Cevicttx=E2=80=9D RPC to remove a transaction fro= m the mempool on
>> regtest.
>>
>> Full RBF
>>
>> In advance of the workshop ariard posted to the mailing list a
>> proposal for full RBF in a future version of Bitcoin Core:
>> https://lists.= linuxfoundation.org/pipermail/bitcoin-dev/2021-June/019074.html
>>
>> Progress in this direction has been attempted in the past (e.g. >> https://github.com/bitcoin/bitcoin/pull/10823<= /a>) BlueMatt pointed out
>> that even with full RBF it is trivial to create mempool partitions= . As
>> long as RBF has a fee rate increase minimum an attacker can trivia= lly
>> split the mempool by broadcasting two conflicting transactions wit= h
>> the same fee.
>>
>> ariard plans to contact businesses (e.g. Lightning onboarding serv= ices
>> relying on zero confirmations) to check that this possible eventua= l
>> move to full RBF doesn=E2=80=99t present a problem for them. There= could well
>> be engineering work required in advance of the possible change bei= ng
>> made.
>>
>> Next week=E2=80=99s meeting
>>
>> Next week=E2=80=99s meeting (Tuesday 22nd June, 19:00 UTC,
>> #l2-onchain-support, Libera) will be on fee bumping and package re= lay
>> that glozow has recently been working to advance in Bitcoin Core.<= br> >>
>> --
>> Michael Folkson
>> Email: michaelfolkson@gmail.com
>> Keybase: michaelfolkson
>> PGP: 43ED C999 9F85 1D40 EAF4 9835 92D6 0159 214C FEE3
>> _______________________________________________
>> bitcoin-dev mailing list
>> bitcoin-dev@lists.linuxfoundation.org
>> https://lists.linuxfoundation= .org/mailman/listinfo/bitcoin-dev



--
Michael Folkson
Email: michae= lfolkson@gmail.com
Keybase: michaelfolkson
PGP: 43ED C999 9F85 1D40 EAF4 9835 92D6 0159 214C FEE3
--000000000000fcf06a05c55eee38--