1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
|
Return-Path: <zachgrw@gmail.com>
Received: from smtp2.osuosl.org (smtp2.osuosl.org [140.211.166.133])
by lists.linuxfoundation.org (Postfix) with ESMTP id 06F47C000E
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 1 Sep 2021 15:15:44 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
by smtp2.osuosl.org (Postfix) with ESMTP id DD88C40283
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 1 Sep 2021 15:15:43 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
X-Spam-Flag: NO
X-Spam-Score: 0.602
X-Spam-Level:
X-Spam-Status: No, score=0.602 tagged_above=-999 required=5
tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001,
HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: smtp2.osuosl.org (amavisd-new);
dkim=pass (2048-bit key) header.d=gmail.com
Received: from smtp2.osuosl.org ([127.0.0.1])
by localhost (smtp2.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id NVR0fJOGoTUb
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 1 Sep 2021 15:15:42 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.8.0
Received: from mail-io1-xd32.google.com (mail-io1-xd32.google.com
[IPv6:2607:f8b0:4864:20::d32])
by smtp2.osuosl.org (Postfix) with ESMTPS id A6E1340158
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 1 Sep 2021 15:15:42 +0000 (UTC)
Received: by mail-io1-xd32.google.com with SMTP id a15so4492018iot.2
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 01 Sep 2021 08:15:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;
h=mime-version:references:in-reply-to:from:date:message-id:subject:to
:cc; bh=LK480Z7Dl9FGH6ow7z1S6YYnFBFHYa/zEnkC5HyF+ec=;
b=PaYlS1b0F+Rd++tyHgldgvAmNCUQsOXqh1B+HKskxMHF6NKJOkyYBLh5UPNga9MecG
Z72l2p0EpW/6RvYWyvvY/Q51T6PZcbVQWLbDtjppyKtj3NC4dlaH5cgclQJhXKxfQTP2
ZHcP3aastfUhhRk5/Rax+nD54NCIpOnw713h0zZCzyE8ecmvBCexMN24aMkHFHiwiFES
vx/u5SuR0geG5oXJo4mBZAei1juqInUOXSd1qX6cdbcaOC0pv4dXzwLgrbm27so0d4B0
jLRVJssafbwWl6h377JQmcDx+A1fSTW++pe7ZfzgaXJpWg4qlcsYQWI2O/ozr7OiNyfT
aUIQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:mime-version:references:in-reply-to:from:date
:message-id:subject:to:cc;
bh=LK480Z7Dl9FGH6ow7z1S6YYnFBFHYa/zEnkC5HyF+ec=;
b=WlU9lsmw3yCebeuQ7/ave/NZoQJQB02ZPi0IKVylMRdV34kZj7jlqh5OXxiHWH7ZwO
Ng+Po4FvAmYMXxxU8QS6SoK8YIvyjAjCpT4fw9KRfYh/1Ta6fJ3u+C/xYyF7JJQYa+xZ
Ia9WvNY3Iguz7VMRpsJra9Z7whPwDwuQh8IJe5+wBdJnUpMSdOiLZSw9dR+4+uKMwWO7
6HhFWI0rBezxFEUVKt7AjSg6NfOotgDE5RYmsl44dCelqTxqWQK8dr+DeDJwxHyaGSJn
nT0+jJF4pPhpYI8RVbJyi1OA/W7LaDwWswxcsL0MRY6X28LHJdiduPGUnSCSU7m3y5H+
uR5Q==
X-Gm-Message-State: AOAM530VBPcSn82ThzRfVHOhnbGFJzWssORIjZz4UhqWNI/TueLfQVV6
/EDcPOAzt1kJTE8aF8rjAZBQNYZ8IeLow04wArg=
X-Google-Smtp-Source: ABdhPJzs0nIxd+kNuA4n4A5pNkulX4pxxg2z4pcde3/8Tgk20lWTkD0t8oBCvL1CJFyBq+ROanAoRq+L4eKenoZWmts=
X-Received: by 2002:a6b:8bcf:: with SMTP id n198mr114130iod.178.1630509341742;
Wed, 01 Sep 2021 08:15:41 -0700 (PDT)
MIME-Version: 1.0
References: <CAGpPWDZ0aos5qHw2=popCpjuH7OXC0geEj8i3dwDTfP0j=or4w@mail.gmail.com>
<T9dyi_J_ZLwT8hXaxOBlCEhdoB9hsBcvFZX3r1JrtxunUTnFe7wefV6hi3Itw8z84drqAn64ZCJhfSfz7Aw0cqx4Aa8DtN1irvE-d4JPoeE=@protonmail.com>
<CAJ4-pED7sAe+yNqxv_1HSaku=kuTQYTU3nm2o6vUVCEnhkxxFA@mail.gmail.com>
<1qkQ1p1rAZApZhMKVFwQV6gfLyZxMYIUPrhcjtXNU4z0DBRwslPSbi76GnNnllpvPPfqt1bH3EyzJNhfK0Uxum7zJ_dh3H0DXqUpf2nmHyk=@protonmail.com>
<CAJ4-pECSE=by2ag4QmqrXbX_R0sk6HOL1KH0z2h=+915jaEE6Q@mail.gmail.com>
<wdlRrp4fZxH79mzVpTQWp99V9uI8jLvRU40mwdJ8lZ5A2mGMsxUK1TmZEZTV7O4_eUnNyq3feEGv5BUN-ecPSlbL-EYR6ZyLxk9ErsFiPlE=@protonmail.com>
<CAJ4-pECwGfrrB15oS0t-+vsjn11sC=9Bz6JGsGsicUorCjuYpA@mail.gmail.com>
<RrFU9zB125CEEua75KWb6IfANybTVN9AGfvjxE65Ysa1zOIgM-h48HmdBcfynW7HEd6kOaA5G-FhAVbmrq5DJXJJYHNArJDORGJklnBCU_I=@protonmail.com>
<CAJ4-pEC_NTScPFg822Va+Sw1_yC87tWBAL4y7y-m7PSx+JcccQ@mail.gmail.com>
<A8O_5wbTwq48sO02LAHT_t0RN0GVY0yrygt2DiSPrCavXCYu_0LsZWKf3jEQUyBbboW7zQnXyVSHkNJV7CP-VliKOYXjmmnfQIF2Q6E4pl8=@protonmail.com>
In-Reply-To: <A8O_5wbTwq48sO02LAHT_t0RN0GVY0yrygt2DiSPrCavXCYu_0LsZWKf3jEQUyBbboW7zQnXyVSHkNJV7CP-VliKOYXjmmnfQIF2Q6E4pl8=@protonmail.com>
From: Zac Greenwood <zachgrw@gmail.com>
Date: Wed, 1 Sep 2021 17:15:30 +0200
Message-ID: <CAJ4-pECwa6UTWy+xPp8xr8fRA9CZt=aCCA8tMPODdWsPkX+wNw@mail.gmail.com>
To: ZmnSCPxj <ZmnSCPxj@protonmail.com>
Content-Type: multipart/alternative; boundary="0000000000001e1b7105caf08abf"
X-Mailman-Approved-At: Wed, 01 Sep 2021 15:28:44 +0000
Cc: Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] Exploring: limiting transaction output amount as
a function of total input value
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Sep 2021 15:15:44 -0000
--0000000000001e1b7105caf08abf
Content-Type: text/plain; charset="UTF-8"
Hi ZmnSCPxj,
The rate-limiting algorithm would be relatively straightforward. I
documented the rate-limiting part of the algorithm below, perhaps they can
evoke new ideas of how to make this MAST-able or otherwise implement this
in a privacy preserving way.
Something like the following:
=> Create an output at block height [h0] with the following properties:
Serving as input at any block height, the maximum amount is limited to
[limit] sats; // This rule introduces [limit] and is permanent and always
copied over to a change output
Serving as input at a block height < [h0 + window], the maximum amount is
limited to [limit - 0] sats; // [limit - 0] to emphasize that nothing was
spent yet and no window has started.
=> A transaction occurs at block height [h1], spending [h1_spent].
The payment output created at [h1] is not encumbered and of value
[h1_spent]; // Note, this is the first encumbered transaction so [h1] is
the first block of the first window
The change output created at block height [h1] must be encumbered as
follows:
Serving as input at any block height, the maximum amount is limited to
[limit] sats; // Permanent rule repeats
Serving as input at a block height < [h1 + window], the maximum amount is
limited to [limit - h1_spent] // Second permanent rule reduces spendable
amount until height [h1 + window] by [h1_spent]
=> A second transaction occurs at block height [h2], spending [h2_spent].
The payment output created at [h2] is not encumbered and of value
[h2_spent]; // Second transaction, so a second window starts at [h2]
The change output created at block height [h2] must be encumbered as
follows:
Serving as input at any block height, the maximum amount is limited to
[limit] sats; // Permanent rule repeats
Serving as input at a block height < [h1 + window], the max amount is
limited to [limit - h1_spent - h2_spent] // Reduce spendable amount between
[h1] and [h1 + window] by an additional [h2_spent]
Serving as input in range [h1 + window] <= block height < [h2 + window],
the max amount is limited to [limit - h2_spent] // First payment no longer
inside this window so [h1_spent] no longer subtracted
... and so on. A rule that pertains to a block height < the current block
height can be abandoned, keeping the number of rules equal to the number of
transactions that exist within the oldest still active window.
Zac
On Tue, Aug 31, 2021 at 4:22 PM ZmnSCPxj <ZmnSCPxj@protonmail.com> wrote:
> Good morning Zac,
>
> > Hi ZmnSCPxj,
> >
> > Thank you for your helpful response. We're on the same page concerning
> privacy so I'll focus on that. I understand from your mail that privacy
> would be reduced by this proposal because:
> >
> > * It requires the introduction of a new type of transaction that is
> different from a "standard" transaction (would that be P2TR in the
> future?), reducing the anonymity set for everyone;
> > * The payment and change output will be identifiable because the change
> output must be marked encumbered on-chain;
> > * The specifics of how the output is encumbered must be visible on-chain
> as well reducing privacy even further.
> >
> > I don't have the technical skills to judge whether these issues can
> somehow be resolved. In functional terms, the output should be spendable in
> a way that does not reveal that the output is encumbered, and produce a
> change output that cannot be distinguished from a non-change output while
> still being encumbered. Perhaps some clever MAST-fu could somehow help?
>
> I believe some of the covenant efforts may indeed have such clever MAST-fu
> integrated into them, which is why I pointed you to them --- the people
> developing these (aj I think? RubenSomsen?) might be able to accommodate
> this or some subset of the desired feature in a sufficiently clever
> covenant scheme.
>
> There are a number of such proposals, though, so I cannot really point you
> to one that seems likely to have a lot of traction.
>
> Regards,
> ZmnSCPxj
>
--0000000000001e1b7105caf08abf
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><div dir=3D"ltr">Hi ZmnSCPxj,<div><br></div><div>The rate-=
limiting algorithm would be relatively straightforward. I documented the ra=
te-limiting part of the algorithm below, perhaps they can evoke new ideas o=
f how to make this MAST-able or otherwise implement this in a privacy prese=
rving way.</div><div><br></div><div>Something like the following:</div><div=
><br></div><div>=3D> Create an output at block height [h0] with the foll=
owing properties:</div><div><br></div><div><div>Serving as input at any blo=
ck height, the maximum amount is limited to [limit] sats;=C2=A0 // This rul=
e introduces [limit] and is permanent and always copied over to a change ou=
tput</div><div>Serving as input at a block height < [h0 + window], the m=
aximum amount is limited to [limit - 0] sats;=C2=A0 // [limit - 0] to empha=
size that nothing was spent yet and no window has started.</div></div><div>=
<br></div><div>=3D> A transaction occurs at block height [h1], spending =
[h1_spent].</div><div>The payment output created at [h1] is not encumbered =
and of value [h1_spent]; // Note, this is the first encumbered transaction =
so [h1] is the first block of the first window</div><div><br></div><div>The=
change output created at block height [h1] must be encumbered as follows:<=
/div><div><div>Serving as input at any block height, the maximum amount is =
limited to [limit] sats;=C2=A0 // Permanent rule repeats</div><div>Serving =
as input at a block height < [h1 + window], the maximum amount is limite=
d to [limit - h1_spent]=C2=A0 // Second permanent rule reduces spendable am=
ount until height [h1 + window] by [h1_spent]</div><div><br></div><div>=3D&=
gt; A second transaction occurs at block height [h2], spending [h2_spent].<=
/div><div><div><div>The payment output created at [h2] is not encumbered an=
d of value [h2_spent]; // Second transaction, so a second window starts at =
[h2]</div><div><br></div></div><div>The change output created at block heig=
ht [h2] must be encumbered as follows:</div><div>Serving as input at any bl=
ock height, the maximum amount is limited to [limit] sats;=C2=A0 // Permane=
nt rule repeats<br></div><div>Serving as input at a block height < [h1=
=C2=A0+ window], the max amount is limited to [limit - h1_spent - h2_spent]=
// Reduce spendable amount between [h1] and [h1=C2=A0+ window] by an addit=
ional [h2_spent]</div><div>Serving as input in range [h1 + window] <=3D =
block height < [h2 + window], the max amount is limited to [limit - h2_s=
pent]=C2=A0 // First payment no longer inside this window so [h1_spent] no =
longer subtracted</div><div><br></div><div>... and so on. A rule that perta=
ins to a block height < the current block height can be abandoned, keepi=
ng the number of rules equal to the number of transactions that exist withi=
n the oldest still active window.</div></div></div><div><br></div><div>Zac<=
/div><div><br></div></div><br><div class=3D"gmail_quote"><div dir=3D"ltr" c=
lass=3D"gmail_attr">On Tue, Aug 31, 2021 at 4:22 PM ZmnSCPxj <<a href=3D=
"mailto:ZmnSCPxj@protonmail.com">ZmnSCPxj@protonmail.com</a>> wrote:<br>=
</div><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;b=
order-left:1px solid rgb(204,204,204);padding-left:1ex">Good morning Zac,<b=
r>
<br>
> Hi ZmnSCPxj,<br>
><br>
> Thank you for your helpful response. We're on the same page concer=
ning privacy so I'll focus on that. I understand from your mail that pr=
ivacy would be reduced by this proposal because:<br>
><br>
> * It requires the introduction of a new type of transaction that is di=
fferent from a "standard" transaction (would that be P2TR in the =
future?), reducing the anonymity set for everyone;<br>
> * The payment and change output will be identifiable because the chang=
e output must be marked encumbered on-chain;<br>
> * The specifics of how the output is encumbered must be visible on-cha=
in as well reducing privacy even further.<br>
><br>
> I don't have the technical skills to judge whether these issues ca=
n somehow be resolved. In functional terms, the output should be spendable =
in a way that does not reveal that the output is encumbered, and produce a =
change output that cannot be distinguished from a non-change output while s=
till being encumbered. Perhaps some clever MAST-fu could somehow help?<br>
<br>
I believe some of the covenant efforts may indeed have such clever MAST-fu =
integrated into them, which is why I pointed you to them --- the people dev=
eloping these (aj I think? RubenSomsen?) might be able to accommodate this =
or some subset of the desired feature in a sufficiently clever covenant sch=
eme.<br>
<br>
There are a number of such proposals, though, so I cannot really point you =
to one that seems likely to have a lot of traction.<br>
<br>
Regards,<br>
ZmnSCPxj<br>
</blockquote></div></div>
--0000000000001e1b7105caf08abf--
|
