Return-Path: Received: from smtp4.osuosl.org (smtp4.osuosl.org [IPv6:2605:bc80:3010::137]) by lists.linuxfoundation.org (Postfix) with ESMTP id E8B4FC000E; Mon, 12 Jul 2021 22:07:44 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id C99354052E; Mon, 12 Jul 2021 22:07:44 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org X-Spam-Flag: NO X-Spam-Score: -4.2 X-Spam-Level: X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TxSqJZUomE59; Mon, 12 Jul 2021 22:07:43 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0 X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0 Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by smtp4.osuosl.org (Postfix) with ESMTPS id 6971740528; Mon, 12 Jul 2021 22:07:43 +0000 (UTC) Received: from mail-io1-f44.google.com (mail-io1-f44.google.com [209.85.166.44]) (authenticated bits=0) (User authenticated as jlrubin@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id 16CM7eUd001564 (version=TLSv1/SSLv3 cipher=AES128-GCM-SHA256 bits=128 verify=NOT); Mon, 12 Jul 2021 18:07:41 -0400 Received: by mail-io1-f44.google.com with SMTP id y8so24620152iop.13; Mon, 12 Jul 2021 15:07:41 -0700 (PDT) X-Gm-Message-State: AOAM533dGf+1O9TUgyPtOvqAwondHcXTfaP1QR4GliNIyvVJKS/s9kMc j0OwI4Bqf/B3SU/PaRPDiJNRyceupSa09OxoZ8Q= X-Google-Smtp-Source: ABdhPJw5P2vpfjQ1uPtMoHix6M4sink9zZYUCeaweydSMIZYytLWDn0OYq8Szd3uHiPbsh/OA82IDLd2+39soHok0Pc= X-Received: by 2002:a02:11c6:: with SMTP id 189mr1040151jaf.20.1626127660362; Mon, 12 Jul 2021 15:07:40 -0700 (PDT) MIME-Version: 1.0 References: <20210708084416.GB1339@erisian.com.au> <20210712050115.GA6250@erisian.com.au> In-Reply-To: <20210712050115.GA6250@erisian.com.au> From: Jeremy Date: Mon, 12 Jul 2021 15:07:29 -0700 X-Gmail-Original-Message-ID: Message-ID: To: Anthony Towns Content-Type: multipart/alternative; boundary="0000000000008e2f9405c6f459a4" Cc: Bitcoin Protocol Discussion , lightning-dev Subject: Re: [bitcoin-dev] [Lightning-dev] Eltoo / Anyprevout & Baked in Sequences X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Jul 2021 22:07:45 -0000 --0000000000008e2f9405c6f459a4 Content-Type: text/plain; charset="UTF-8" On Sun, Jul 11, 2021 at 10:01 PM Anthony Towns wrote: > On Thu, Jul 08, 2021 at 08:48:14AM -0700, Jeremy wrote: > > This would disallow using a relative locktime and an absolute > locktime > > for the same input. I don't think I've seen a use case for that so > far, > > but ruling it out seems suboptimal. > > I think you meant disallowing a relative locktime and a sequence > locktime? I > > agree it is suboptimal. > > No? If you overload the nSequence for a per-input absolute locktime > (well in the past for eltoo), then you can't reuse the same input's > nSequence for a per-input relative locktime (ie CSV). > > Apparently I have thought of a use for it now -- cut-through of PTLC > refunds when the timeout expires well after the channel settlement delay > has passed. (You want a signature that's valid after a relative locktime > of the delay and after the absolute timeout) > Ah -- I didn't mean a per input abs locktime, I mean the tx global locktime. I agree that at some point we should just separate all locktime types per input so we get rid of all weirdness/overlap. > > > What do you make of sequence tagged keys? > > I think we want sequencing restrictions to be obvious from some (simple) > combination of nlocktime/nsequence/annex so that you don't have to > evaluate scripts/signatures in order to determine if a transaction > is final. > > Perhaps there's a more general principle -- evaluating a script should > only return one bit of info: "bool tx_is_invalid_script_failed"; every > other bit of information -- how much is paid in fees (cf ethereum gas > calculations), when the tx is final, if the tx is only valid in some > chain fork, if other txs have to have already been mined / can't have > been mined, who loses funds and who gets funds, etc... -- should already > be obvious from a "simple" parsing of the tx. > > Cheers, > aj > > I don't think we have this property as is. E.g. consider the transaction: TX: locktime: None sequence: 100 scriptpubkey: 101 CSV How will you tell it is able to be included without running the script? I agree this is a useful property, but I don't think we can do it practically. What's nice is the transaction in this form cannot go from invalid to valid -- once invalid it is always invalid for a given UTXO. sequence tagged keys have this property -- a txn is either valid or invalid and that never changes w/o any external information needing to be passed up. --0000000000008e2f9405c6f459a4 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
On Sun, = Jul 11, 2021 at 10:01 PM Anthony Towns <aj@erisian.com.au> wrote:
On Thu, Jul 08, 2021 at 08:48:14AM -0700, Jere= my wrote:
>=C2=A0 =C2=A0 =C2=A0This would disallow using a relative locktime and a= n absolute locktime
>=C2=A0 =C2=A0 =C2=A0for the same input. I don't think I've seen= a use case for that so far,
>=C2=A0 =C2=A0 =C2=A0but ruling it out seems suboptimal.
> I think you meant disallowing a relative locktime and a sequence lockt= ime? I
> agree it is suboptimal.

No? If you overload the nSequence for a per-input absolute locktime
(well in the past for eltoo), then you can't reuse the same input's=
nSequence for a per-input relative locktime (ie CSV).

Apparently I have thought of a use for it now -- cut-through of PTLC
refunds when the timeout expires well after the channel settlement delay has passed. (You want a signature that's valid after a relative locktim= e
of the delay and after the absolute timeout)

Ah -- I didn't mean a per inp= ut abs locktime, I mean the =C2=A0tx global locktime.

I agree t= hat at some point we should just separate all locktime types per input so w= e get rid of all weirdness/overlap.

=C2=A0

> What do you make of sequence tagged keys?

I think we want sequencing restrictions to be obvious from some (simple) combination of nlocktime/nsequence/annex so that you don't have to
evaluate scripts/signatures in order to determine if a transaction
is final.

Perhaps there's a more general principle -- evaluating a script should<= br> only return one bit of info: "bool tx_is_invalid_script_failed"; = every
other bit of information -- how much is paid in fees (cf ethereum gas
calculations), when the tx is final, if the tx is only valid in some
chain fork, if other txs have to have already been mined / can't have been mined, who loses funds and who gets funds, etc... -- should already be obvious from a "simple" parsing of the tx.

Cheers,
aj


I= don't think we have this property as is.

E.g. consider the= transaction:

TX:
=C2= =A0 =C2=A0locktime: None
=C2=A0 = =C2=A0sequence: 100
=C2=A0 =C2=A0s= criptpubkey: 101 CSV

How will you tell it is able to be include= d without running the script?

=
I agree this is a useful property= , but I don't think we can do it practically.

What's ni= ce is the transaction in this form cannot go from invalid to valid -- once = invalid it is always invalid for a given UTXO.

sequence tagged = keys have this property -- a txn is either valid or invalid and that never = changes w/o any external information needing to be passed up.
--0000000000008e2f9405c6f459a4--