Skip to content

Instantly share code, notes, and snippets.

@ariard
Last active June 24, 2021 15:16
Show Gist options
  • Save ariard/32b51ecceccc5c6f647bae86d083c442 to your computer and use it in GitHub Desktop.
Save ariard/32b51ecceccc5c6f647bae86d083c442 to your computer and use it in GitHub Desktop.
19:01 -!- suredbits is now known as Chris_Stewart_5
19:01 < darosior> hi
19:02 <@ariard> will try to do a different meeting format, like sharing the question and give time to everyone to share their thoughts?
19:02 < glozow> sounds good!
19:02 < t-bast> sgtm
19:03 < harding> +1
19:03 <@ariard> what problem(s) package-relay aim to solve at the base-layer :) ?
19:03 <@ariard> (feel free to take the mic!)
19:04 < rgrant> hi
19:04 < michaelfolkson> A CPFP transaction not making into a block speedily to make sure a justice transaction gets confirmed
19:04 < glozow> i see package relay as a way of correcting current limitations wrt evaluating transactions as candidates for mempool. namely, that we want the best transactions in our mempool, but we aren't always able to see their true feerate by looking at them one at a time
19:04 < t-bast> A simple problem that comes to mind is allowing the recipient of a tx to fee bump that tx without the sender having to do anything, in all cases (initial tx fee below mempool min fee)
19:05 < darosior> Avoid rejecting a set of transactions from your mempool that could be included in a block by a rationale miner
19:05 < glozow> (best being, what miners want)
19:05 < t-bast> I like darosior's way of putting it
19:05 < Chris_Stewart_5> When you want a utxo to have a series of state transitions to happen atomically
19:06 < harding> Chris_Stewart_5: hmm, I don't actually like that definition. I don't think package relay can help with that.
19:06 < harding> I.e., it's always possible for the parent to be confirmed without the child even if that's not fee-rational.
19:06 < rgrant> i would define package relay as small hints for what's otherwise a hard-to-compute problem.
19:07 < Chris_Stewart_5> from an application developer perspective, that is what i want
19:07 <@ariard> to me, i think package-relay can help to propagate branch of transactions with a low-feerate root
19:07 < Chris_Stewart_5> if this isn't for app devs, then ignore me :-)
19:07 < harding> Chris_Stewart_5: oh, sure, atomicity guarantees are always a nice thing to have; I just don't think it's possible for package relay to provide that.
19:07 <@ariard> rgrant: can you explain more :) ?
19:08 < michaelfolkson> Chris_Stewart_5: What is an example of the state transitions? A UTXO is either locked/unlocked or unspent/spent?
19:08 < Chris_Stewart_5> michaelfolkson: funding tx -> commitment tx -> htlc txs is an example IMO. In DLC world, funding tx -> CET (contract execution tx)
19:09 < michaelfolkson> Oh ok, so chains of transactions basically
19:09 < glozow> Chris_Stewart_5: I'm here because I want to hear what devs building on top of bitcoin core want from package relay
19:09 < harding> Chris_Stewart_5: it certainly is for application developers; I just don't know how to achieve what I think you want.
19:09 < t-bast> Chris_Stewart_5: but do you mean that you'd want the whole chain of txs to be confirmed in the same block?
19:09 < rgrant> ariard: first, i too like darosior's definition, but in addition to that package relay is a way for someone to suggest a set that algorithms would otherwise need to be searching for.
19:09 < Chris_Stewart_5> I think my definition might be a little incorrect, but hopefully it gets the point across
19:10 < harding> At least symettrically; you can guarantee a parent is confirmed before a child but not the other way around.
19:11 < Chris_Stewart_5> Well i think at minimum accepted into the mempool A block would be even better
19:11 <@ariard> rgrant: hmmm do you mean block assemblage algorithms?
19:12 < glozow> perhaps a guarantee that package relay could provide is that your transactions get propagated as intended, so you're not stuck with a wrong execution path because you couldn't get your tx to a miner in time
19:12 < t-bast> I think that batching confirmation in the same block isn't a job for package relay, but ensuring it makes sense to relay them together to other mempools should be
19:12 < harding> t-bast: agreed.
19:13 < rgrant> can someone link me to glozow's appropriate branch or pull request?
19:13 < glozow> rgrant: I agree in the sense that, after nodes are able to do package validation, package relay serves as a hint of "hey, u should run these transactions through package validation rather than individual tx validation"
19:13 < Chris_Stewart_5> glozow: Yeah, i think the worst case is my commitment tx makes it into the mempool, but my htlc txs can't for some reason. That means my "package" isn't getting relayed IMO.
19:13 <@ariard> t-bast: i think the makes sense notion is interesting, because it might differ in function of the receiver's mempool you're considering
19:13 < glozow> rgrant: i have a list here https://gist.github.com/glozow/7064717e727a3eb27fad4f8504513add#1-package-validation-and-package-specific-policies
19:14 <@ariard> like should you assemble package based on mempool min feerate or should you assemble package based on sender-defined feerate?
19:14 < glozow> Chris_Stewart_5: that makes sense
19:15 < t-bast> ariard: I agree, it's quite hand-wavy because we have to accept that the network is heterogeneous and we can't have a rule that will make sense for everybody
19:15 < michaelfolkson> Chris_Stewart_5: And in DLC world you want the funding tx and CET in the same block?
19:15 < rgrant> ariard: i do see package relay and block assemblage as related, but i can see how just paying to send messages through the flood network might not always rely on acceptance in a block.
19:16 < Chris_Stewart_5> michaelfolkson: No, that was a bad example on my part. Perhaps a fee bumping spend from the CET though. I think lightning makes more sense with these analogies because there is 3 layers of tx. Funding, commitement, and htlc/penalty txs
19:16 < rgrant> ariard: if there's any chance for message not expected to land in blocks to go through, that could burden the network (and LN would be able to handle it better)
19:17 < michaelfolkson> Chris_Stewart_5: Ok thanks, makes sense
19:18 <@ariard> t-bast: sure i meant more as a local node mechanism, what could be the different triggers of a package generation? e.g you have transaction A of which the feerate doesn't pass Alice's `feefilter`, and you have multiple childs of A present in your mempool
19:18 < glozow> Chris_Stewart_5: so in that use case, a 2-transaction package would work?
19:19 < glozow> to CPFP fee-bump the CET?
19:20 < michaelfolkson> glozow Chris_Stewart_5: With DLCs there are lots of alternative transactions but only only one can get confirmed (afaiu). So yeah a 2 transaction package with the "winning" transaction and the CPFP
19:20 < Chris_Stewart_5> glozow: Yes. We have built in refund transactions for the case that an oracle disappears. If you do not get your CET confirmed before this refund tx, you could possibly lose funds.
19:20 < t-bast> glozow: reading through your link, I think LN would have enough flexibility with `Two generations only, with 1 or more sponsored parents + 1 sponsoring child`, and could get away with `Simply 1 parent + 1 child` if we forget about batching (and accept being a little less fee efficient)
19:21 <@ariard> rgrant: though "not expected to land in blocks" is relative of your mempool top feerate, should you relay low-feerate transaction still higher than your peers's mempool min feerate?
19:21 < rgrant> do we have simple rules yet like "if packages cause eviction of some number of bytes from the mempool, then the average feerate of the bytes added must be higher than te average feerate of the bytes evicted?
19:21 < t-bast> ariard: I didn't realize you were asking about the node logic to build packages when relaying, I was just thinking as a higher layer user of that feature
19:21 < glozow> t-bast: awesome! 😍
19:22 < Chris_Stewart_5> glozow: thanks for the link, will read through later
19:22 < harding> Chris_Stewart_5: out of curiousity, how tight are the typical bounds on the refund? LN has been setting very tight bounds (e.g. 40 blocks or less) to prevent attacks where funds can be locked up for long amounts of time. I think DLCs can probably use much loose bounds (e.g. 1000s of blocks maybe) and so would be fundamentally much less vulnerable to feerate management problems and pinning attacks.
19:22 <@ariard> rgrant: yes that's already how LimitMempoolSize works iirc
19:22 < darosior> glozow: don't want to derail the meeting but have you thought about a package-based CBlockPolicyEstimator? If CPFP is used a lot it seems to me that it could bias the estimation. Hmm i'd have to think more about it.
19:23 < t-bast> glozow: does `Two generations only, with 1 or more sponsored parents + 1 sponsoring child` create more technical problems than `Simply 1 parent + 1 child` for you? Or do they have the same drawbacks for layer 1 (with slightly more implementation complexity)?
19:23 < glozow> darosior: i must admit i haven't thought about it - I hardly knew `CBlockPolicyEstimator` existed until very recently 😅
19:23 < michaelfolkson> And you could have an alternative competing package if the initial CPFP wasn't effective? A CPFP package that RBFs the previous (too low fee) CPFP package?
19:23 < darosior> ok :) i'll look into it, maybe smarter people actually solved this years ago as often!
19:24 < rgrant> ariard: then relay rules should be aligned well enough with block acceptance rules that you should relay a fairly-low feerate transaction that is higher than your peer's min feerate.
19:24 <@ariard> t-bast: so as a higher-layer user you can broadcast A then high-feerate B, but in your mempool you might already have A and another child C, with a lower-feerate
19:25 < glozow> t-bast: 2 gen multi parent single child is a significant simplification, actually. it is slightly more complex than parent+child but still makes me very happy to hear
19:25 < Chris_Stewart_5> harding: the refund is user configurable. We haven't really decided on what best policy is yet. But i think your analysis is probably correct. We have a new type of DLCs in pipeline called "disjoint union" DLCs where you can have logic like "liqudiation thr
eshold breached where i liquidate collateral at $30,000" OR a certain time threshold is met. This opens the question of what happens
19:25 < Chris_Stewart_5> when the liquidation threshold is reached slightly before the time threshold. I haven't thought too deeply about this in the package relay context
19:25 <@ariard> and if you package-relay the pair {A,C}, which might be higher than your peers's mempool min feerate it can still downgrades its odds of confirmation?
19:25 -!- murchandamus is now known as murch
19:26 < t-bast> ariard: for LN it's not an issue because you usually are the only one to be able to broadcast A, so people couldn't sneak in C before B if you put them as a package `A + B`
19:26 < harding> Chris_Stewart_5: does the oracle do the timekeeping or do you use MTP?
19:26 < t-bast> ariard: (A being a commit tx or htlc tx)
19:26 < Chris_Stewart_5> harding: they can be two separate oracles, attesting to independent events and completely unaware of each other. The DLC is built custom client side.
19:26 <@ariard> michaelfolkson: yes you mean RBF-package in case of competing LN's commitment transactions
19:26 < t-bast> glozow: great, good to know!
19:27 < rgrant> glozow: thanks for the link, very helpful! i don't understand why we can't support RBF in packages. is that an implementation limitation or a policy limitation?
19:27 < t-bast> ariard: but someone else could relay `A+C` once you've broadcast `A+B`, you're right, but in that case RBF rule to get B to replace C should save us, doesn't it?
19:27 <@ariard> rgrant: ah might question was more oriented if it would make sense to not broadcast your whole mempool content to save on bandwidth, but that's quite a side-topic
19:28 < glozow> rgrant: it's a simplification that makes package validation easier to implement and reason about
19:28 < harding> Chris_Stewart_5: ok. To me, as long as the timekeeping is being done by an oracle, then I think your only concern related to package acceptance is still related to the refund condition, and I think that's a case where DLCs are in a much healthier position than current LN.
19:28 < Chris_Stewart_5> harding: in general, oracles are blockchain agnostic. The same oracle for DLCs works on zcash, litecoin, bitcoin, bcash etc. No network specific configurations oracle side
19:28 < glozow> is BIP125 RBF for packages something that we want?
19:29 < Chris_Stewart_5> probably ETH lol
19:29 < michaelfolkson> rgrant: There are lots of DoS vectors that Suhas, glozow, ariard have to wrestle with when trying to implement this
19:29 <@ariard> t-bast: you broadcast A+B at first time, your peer broadcast C spending A's remote anchor output then you fee-bump/rebroadcast with A+D, i think it can happen?
19:29 < t-bast> glozow: it depends, in a `parents + single child` package I think we do need to be able to replace the child with RBF (but not the parents)
19:30 < t-bast> ariard: I'm hoping this scenario can happen too! :)
19:30 < harding> glozow: I think some type of replacement for packages will be important in the long run. Otherwise, even in the best case, you're limited to (n-1)/x feebumps where n is the descendent limit and x is the number of parties in a protocol who can fee bump a commitment or whatever transaction.
19:31 <@ariard> glozow: yeap i think so otherwise your counterparty might have a low-feerate package already in the mempool?
19:31 < darosior> glozow: if we limit the size to 2, we can just RBF the child the non-package way?
19:31 < glozow> t-bast: i think that's perfectly doable now if you've got the package in, and the child doesn't already have descendants in the mempool
19:31 <@ariard> t-bast: yes but now you're back to the issue of your mempool assemblage logic potentially lured to relay a lower-feerate package than the one expected?
19:32 < t-bast> glozow: and if the child has descendants, can we rely on the current BIP125 rule to still replace it or does it add new issues?
19:32 < harding> I take back what I just said, I think darosior has it right.
19:32 <@ariard> darosior: right, but your expected parent might have been evicted in between, and we can assume you don't have global view of the mempool?
19:33 < glozow> t-bast: darosior: yeah, it's just a BIP125 RBF of the child.
19:33 < harding> ariard: oh, good point.
19:34 < t-bast> ariard: I see what you mean, I hadn't thought about that. If packages are small (two generations) is it really an issue though?
19:35 < harding> ariard: what I understand you to be saying is that commitment tx A is currently in the mempool along with anchor spend B giving it fees. You want to increase the fees by creating B' but, in the meantime, A has been replaced by A'.
19:35 < glozow> can you make a child for A' or no?
19:36 <@ariard> t-bast: well your counterparty can downgrade the feerate of your expected package? so maybe the package assemblage logic should just search for the best feerate subset among your in-mempool chain of transactions?
19:36 < darosior> ariard: wait but eviction would be based on the entire package? If you need to RBF, RBF the child. If it so happens that the package was evicted re-broadcast the entire package. I don't see how it differs from current behaviour
19:36 < harding> glozow: yes, but you don't know about A'.
19:36 < t-bast> glozow: in the case of LN yes, we can, so it may save us
19:36 <@ariard> harding: yes exactly
19:36 < t-bast> but as harding says, we can't know if it's a revoked commit tx (and we may have thousands of versions of the tx, so can't blindly try them all)
19:36 < harding> glozow: so if you relay A->B', your fee bump works, but if you just relay B' it can't bind to A.
19:37 < t-bast> ariard: I think that would make sense (searching for the best feerate subset)
19:37 < glozow> ah so you might want to submit B' as a single transaction to get the RBF, but you want to relay {A, B'} together to tell peers to validate them as a package
19:37 < darosior> ok got it.
19:37 <@ariard> darosior: sure you can re-broadcast the entire package though you need a replacement rule for this one to replace an-already in-mempool chain of transactions?
19:38 < harding> That's kind of a nasty problem, though, because it requires relay nodes to relay {A,B'} as a package even through nodes that already know about A.
19:38 <@ariard> harding: yep bad for bandwidth :/
19:38 < glozow> right, i think we should trim packages when we already know about a transaction in it
19:38 < darosior> Yes. It might be a pretty limiting factor if we ever want to increasing package size
19:38 < glozow> also i don't think we should relay entire transactions when talking about packages on p2p
19:39 < t-bast> glozow: but you don't know if your peer knows about it, so you may need to relay as a package to your peers, don't you?
19:39 < harding> ariard: is this related to your criticism on https://github.com/bitcoin/bitcoin/pull/22252 ? I was having trouble understanding your concern from a quick skim, but this makes sense to me.
19:40 < t-bast> I'd see that as an argument for `single parent + single child` instead of `multiple parents + single child`, to limit bandwidth waste
19:40 < glozow> i have perhaps a different view of package relay? I think all you need to do is communicate hints about when to use package validation. so I'm thinking you don't need to relay the transactions themselves, just the wtxids of transactions you think should be package validated. and tx relay still happens the normal way
19:40 <@ariard> t-bast: well we track per-peer announced txids in `filterInventoryKnown`
19:40 <@ariard> assuming you rely on the INV announcement mechanism
19:41 < rgrant> glozow: that's my intuition as well
19:41 < glozow> like, package relay is less about communicating transactions, and more about communicating how to validate them
19:41 < t-bast> ariard: but you can't know if the tx has been evicted since your peer last announced it had it?
19:42 <@ariard> harding: yes your counterparty might have a same-txid-different-txid lower-feerate proposal already in the mempool?
19:42 < t-bast> glozow: in that case you'd send B + A's txid, and your peer can then ask you to send A if it doesn't have it to validate it as a package on its side?
19:42 < harding> glozow: how far away do your hints travel? If they just go to your direct peer, then I think this problem exists where Alice wants to send {A, B'} to Bob who knows about {A, B} to miner Carol who knows about {A'}. The hint to Bob doesn't help and Bob doesn't know to send a hint to Carol, so B' never gets to her for mining.
19:42 < glozow> t-bast: yeah. they can still request the transactions they need
19:43 < t-bast> glozow: at first glance, it makes sense to me and shouldn't be very wasteful in terms of bandwidth/latency
19:43 <@ariard> glozow: agree we can rely on TX messages, it's more the INV-GETDATA that might be updated?
19:45 <@ariard> t-bast: right, you're not aware of the replacement happening in your peer's mempool
19:45 < glozow> ariard: mm, right. I don't have a BIP proposal or anything, just don't think we should worry too much that bigger packages take up more bandwidth
19:45 < glozow> harding: oo hm, hadn't thought about that
19:45 < harding> glozow: me neither! Hat tip to ariard!
19:45 < livestradamus> http://audiobookbay.nl/
19:45 < t-bast> And Carol doesn't even know that B's parent conflicts with A' if we only send A's txid at first
19:46 < livestradamus> Oops wrong window sorry for the link
19:46 <@ariard> livestradamus: you can stay if you're interested :p
19:47 < livestradamus> I'll catch up, it's night time here
19:47 < rgrant> harding: do we need to make some claim of "achievable average feerate of this package" when sending hints? then Bob would say "i don't have a tx that achievesthat feerate, send B'".
19:48 < t-bast> I agree with rgrant, I think it makes sense to send a feerate hint so that your peer can decide whether it makes sense to fetch the rest of the package or not
19:48 < harding> rgrant: I don't think so, I think as long as we can hint that the package is over the peer's BIP133 minrelayfeerate, we're ok.
19:49 <@ariard> glozow: well i think the question of "does bigger package take more bandwidth is function of the package announcement mechanism ?" like if you say explicit package hints with the whole list of wtxids to atomically validate
19:49 < rgrant> harding: then why doesn't Bob ask for B'? and why doesn't the miner build {A B'}?
19:49 < t-bast> actually maybe it doesn't solve what I think it solves since your peer doesn't even know whether your package conflicts with some of the txs in his mempool until he fetched the whole package...
19:49 < glozow> harding: so what we want is Bob to replace B with B', and then sends {A, B'} to Carol, who replaces A' with A, then does {A, B'} ?
19:50 < glozow> maybe when you get your package hint, first you try all of them as replacements, and then you package validate...
19:50 < harding> rgrant: Bob does ask for B', but when he tries sending it to Carol, she considers it an orphan.
19:50 < harding> glozow: correct.
19:50 < michaelfolkson> Full nodes don't calculate the average fee rate (satoshis per vbyte) in a block do they? Wallets typically get network fee rate stats from centralized APIs?
19:50 <@ariard> t-bast: i believe one downside of feerate-based announcement mechanism is you need to announce the utxo, so maybe you leak a bit of bandwidth hmmm?
19:51 < t-bast> but Bob could send A's txid as a hint? Is there a reason *not* to send it (unless your peer already said he had seen A)?
19:51 < t-bast> ariard: yes exactly, we'd need to send the utxo to check for conflicts, and it may be a rabbit hole if we follow that logic further...
19:52 < rgrant> harding: oh, i may be misunderstanding notation. i assumed that Carol would evict A' from the block's consideration if {A B'} has high enough feerate. what am i missing? was A' already buried in a block?
19:52 < harding> t-bast: I guses the only reason not to send it is that we're possible talking about a massive increase in INV overhead here by announcing all the parents of every transaction with mempool ancestors.
19:53 < t-bast> harding: of course, but if we're limiting package to `1 parent + 1 child` is it still too much?
19:54 < t-bast> harding: it feels like whenever we'll try to be clever and omit the hint, there will be an edge case where propagation stops
19:54 < harding> t-bast: I don't know, I think that's the kind of thing that would need to be backtested against typical mempool contents, and we'd want to talk to gleb about how that would affect erlay's assumptions.
19:54 < glozow> so what we might want is 1 parent + 1 child, with RBF enabled?
19:55 < rgrant> what if packages are never retouched by nodes along the flood network? what if they live or die as they were initially injected?
19:55 < harding> rgrant: sorry, it is an awful ad hoc notation.
19:56 <@ariard> michaelfolkson: you mean something as per-block feerate ? nope i can't remember doing that though block feerate information is consumed by the fee estimator
19:56 < t-bast> I think that 1 parent + 1 child, with RBF enabled at the package level (I can send `A + B` to replace `A' + B'`) should give a wide enough design space for L2 protocols (maybe they wouldn't be the most fee efficient because they couldn't batch, but we'd live with it)
19:57 < t-bast> It feels like having bigger packages will have too much potential negative impact on layer 1
19:57 < glozow> t-bast: i think that's doable
19:58 < harding> glozow: relaying 1+1 as a package seems like it would be powerful, but it would have to allow for the parent already having other children in the mempool (e.g. through standard BIP125 rules).
19:58 < glozow> harding: right
19:59 <@ariard> rgrant: well i did this approach in my PoC a while back but it's super DoSy as you have to cache the package ids...(and didn't figure out a robust mitigation)
19:59 < glozow> many fun whiteboarding sessions to come
20:00 < rgrant> ariard: understood. it would be cool if we could pull hints from a paid network like LN.
20:00 < glozow> should we talk about replacing witnesses as well? ariard do you think that's appropriate to discuss here?
20:00 < harding> I guess for txid hints in packages, you don't need to use the full txid, you can use something like BIP152 short ids.
20:00 < t-bast> glozow: that's great, I think that almost any L2 protocol can always design two-steps process where the first tx has a feerate of 0 and the second is there to set the fees
20:00 < harding> That would save lots of bandwidth.
20:00 < glozow> harding: oo!
20:01 <@ariard> t-bast: here a new chan type for you :)
20:02 <@ariard> glozow: yes for sure, though iirc 19645 was orthogonal from package-relay discussion at time, though maybe we should consider as one now?
20:02 < glozow> t-bast is t-best
20:02 < glozow> ariard: yeah. i think it's relevant, especially since we're talking about having replacements with packages
20:02 < harding> lol
20:03 < glozow> 19645: https://github.com/bitcoin/bitcoin/pull/19645
20:03 < darosior> michaelfolkson: and where do these services get this estimation from? either a broken mempool estimation or a bitcoind's estimation: https://bitcoin.stackexchange.com/a/96491/101498 . Note also how relying on a centralized fee est service for L2 is a huge SPOF
20:03 <@ariard> t-bast: i believe there is an awful edge-case in our orphan logic which would recommend to do always 1-CSV in chain of transactions with competing interest, here https://github.com/bitcoin/bitcoin/pull/21148#discussion_r587522262 though need more thinking :/
20:04 < darosior> michaelfolkson: but to answer your question no it does not compute the feerate of an entire block
20:04 <@ariard> glozow: i agree it's relevant, though maybe a reduction of the issue is already having wtxid-replacement at the transaction level?
20:05 < t-bast> ariard: thanks for the link, I'll look into that
20:05 < glozow> ariard: yeah, having it at the single-transaction level is probably the harder part
20:05 < harding> ariard: in 19645, I just quick skimmed the diff and it looks like it's using the regular replacement rules, e.g. higher feerate, higher absolute fee?
20:05 < t-bast> ariard: I think CSV-1 is usually acceptable for L2 protocols
20:05 < harding> ariard: is that correct?
20:06 <@ariard> harding: yes it's not modifying bip125 rule so unless you have `incrementalrelayfee`=0 wtxid-replacement won't work
20:06 <@ariard> like rbf rule 4 requires to increase the absolue fee, but that's locked-in in the same-txid part of any tx?
20:06 < glozow> for witness replacement, i don't think it should go through the normal route. perhaps a similar evaluation of whether it's paying for its bandwidth, but it wouldn't need to rip anything out of mempool. you'd just need to update ancestor/descendant entries
20:07 < michaelfolkson> darosior: Thanks. An unlimited sized mempool would be best for network fee rate monitoring but if you had smaller mempool network fee rate in block(s) might be useful (I think...)
20:07 < harding> ariard: oh, right, I'm dumb.
20:08 <@ariard> glozow: ah that's interesting never considered the approach of conserving the branch of transaction
20:08 <@ariard> yep i like it, more conservative with the bandwidth
20:09 < harding> Yeah, I'd be supportive of that approach as long as it was increasing the feerate by some amount to limit bandwidth wasting.
20:09 < glozow> yeah. witness needs to shrink enough to bump the feerate by at least min relay fee
20:09 < glozow> you'd just go through and change the ancestor/descendant sizes of the entries
20:09 <@ariard> yeah it would move rule 4 from a check on a relay fee in absolue fee to one in feerate? like with a ratio?
20:10 < glozow> mhm, absolute fee wouldn't change, so that rule wouldn't make as much sense for witness replacement
20:10 < glozow> ratio of witness data to nonwitness data?
20:10 < glozow> or old witness data to new witness data?
20:11 <@ariard> glozow: i mean a feerate ratio, though it's really intuitive
20:11 < t-bast> in practice though I'm not sure there is a lot of room to change the witness enough to meaningfully influence the feerate, as what you put in the witness is probably very constrained (in order to correctly satisfy scripts), isn't it?
20:12 < harding> t-bast: taproot.
20:12 <@ariard> like let's say your wtxid-replacement must pay 10% more in feerate than the replaced one, something like this hmmm?
20:12 < t-bast> harding: oh, right, that activated :D
20:12 < t-bast> well not activated but locked in
20:12 < glozow> i think there's also the idea of someone trying to pin your transaction with a very bloated witness?
20:12 < t-bast> good point, I'm not thinking with a taproot mindset yet
20:13 < glozow> so either they're not pinning it very much, or you'll be able to do a significant witness shrink?
20:13 < harding> t-bast: tapscripts can be unlimited in size, so with current rules you could in theory go from a ~100,000 vbyte witness to an empty witness.
20:13 < michaelfolkson> Can someone give me the TL;DR on replacing witnesses? You broadcast a witness and then work out you could have used a cheaper witness?
20:13 <@ariard> t-bast: if you're spending the 30th in depth tapscript gonna be hard to be most fee-efficient than the first one :) ?
20:13 < t-bast> harding: yeah so you need to carefully take this into account when designing your tree
20:14 < harding> michaelfolkson: it's more a case of you have a UTXO shared by two parties (e.g. LN) and Alice's witness for her branch is 1,000 vbytes but Bob's is only 250 vbytes.
20:14 <@ariard> michaelfolkson: yep for example a 1-1 + timelock is shorter than a 4-4 multisig?
20:14 < harding> t-bast: if you're near the limits, yeah, but we obviously can't support many people creating 100,000 vbyte transactions.
20:15 <@ariard> harding: oooh, forget about that so yeah it's kind of a pinning vector as glozow pointed out?
20:15 < t-bast> It's interesting, I didn't realize that this is a very important point to take into account when designing L2 protocols on top of Taproot
20:15 < rgrant> michaelfolkson: an adversary forces CPFP consideration with a large witness, so you need to either create another level of CPFP, or propose a smaller package.
20:15 < harding> t-bast: miniscript should tell you your worst case tx size, so anyone using that should be safe.
20:15 < t-bast> harding: thanks for the explanations!
20:17 < harding> glozow: I don't know how bad the witness pinning risk is because, in a contract protocol, only your counterparties can do that and y'all agreed to the contract up front, so hopefully somebody ran it through miniscript and looked at what the worst case witness size was.
20:17 < michaelfolkson> harding: And in your example you want to use Bob's witness instead of Alice's witness even though Alice's witness was previously broadcast?
20:18 <@ariard> glozow: hmmm we might have a theoritical issue in the future with the in-place replacement approach where a bigger witness is smaller in feerate than the replaced one but override package-limits, like an annex tag
20:18 < harding> For something like LN, the best case is going to be a taproot keypath spend (16 vbyte witness) and the worst case is going to be, what, 150 vbyte witness? That's not a huge difference, I think, even when fees are very high.
20:18 <@ariard> (super-edgy-case)
20:18 <@ariard> harding: agree it's more defense-in-depth here?
20:19 < glozow> harding: ah, i didn't know you could see worst case witness size :O
20:19 < harding> ariard: yeah, and we do want make it easier for people to get smaller transactions confirmed. It's good for the contract protocol users and it's good for everyone else too.
20:20 < harding> glozow: miniscript is AMAZING.
20:20 < michaelfolkson> glozow: I didn't know that either
20:20 < darosior> harding: +1, no +2 even
20:20 < michaelfolkson> A distribution of witness sizes (including means, medians etc)? Lol
20:21 <@ariard> wanna chat about package-relay in the context of N-party, like more than 2?
20:22 < glozow> ariard: er what do you mean by annex tag and override package-limits? sorry
20:22 < glozow> ariard: yes sure
20:23 <@ariard> glozow: well the bip341 annex could allow a small witness to have its feerate inflated due to a special marker
20:23 <@ariard> and then you could have a same-txid-different-wtxid coming after with a lower feerate but higher vbytes size, just overflow package limits?
20:23 <@ariard> but not sure it's worthy to mind, it's assuming some soft-fork to define the annex
20:23 < harding> ariard: I don't think that's correct.
20:24 < darosior> Not yet
20:24 < t-bast> ariard: does N party change anything? As long as the N parties collaborate on one tx, N>2 should be the same as N=2, doesn't it?
20:24 < darosior> But it was a proposed idea
20:24 < harding> ariard: first, feerate is purely a policy concept and annex operates at the consensus level.
20:24 <@ariard> harding: ah sorry, which part?
20:24 < harding> ariard: second, an annex can increase the weight of a transaction; it cannot decrease it.
20:24 < darosior> harding: iirc aj suggested it could be a soft fork for giving a meaning to annex
20:25 < darosior> (for context this is because the ratio of sigop per WU was moved to consensus in Taproot and instead of stuffing your witness to pass the limit you could just set the annex to a given value)
20:26 < harding> If you can't decrease the weight of a transaction and a new witness can't change its absolute fee, then I don't believe you can increase the feerate by increasing the size of a transaction.
20:26 < darosior> Sorry i misread what ariard said, i thought it was about *lowering* the feerate.
20:27 < harding> (Obviously, because feerate is a policy concept, you can write economically irrational transaction selection code, but I don't think that's what's being described here.)
20:27 <@ariard> harding: but the replacement witness might not have an annex ? where the replaced said-annex would artificially bump the WU
20:28 <@ariard> though not sure it's worthy to go further, we're talking about something without consensus-meaning for now
20:28 < harding> ariard: hmm, I'll look into that more, but agree we're getting far afield now.
20:29 <@ariard> ah right assuming the artificial-WU-bump is reflected in our mempool policy, we should be good, forget about what i was saying
20:29 < glozow> sooo i've gathered that it would be really beneficial to have replacements enabled, 1 parent + 1 child packages? and we should get cracking on witness replacements.
20:30 < t-bast> glozow: ACK, ship it ;)
20:30 < harding> glozow: SGTM.
20:30 < darosior> glozow: this is what i got too
20:30 < rgrant> does anything prevent my node from proposing package {A B}, and {B C}?
20:30 < rgrant> (as a way to propose {A B C}?
20:31 <@ariard> yep SGTM, though we might have to reconsider RBF rule 3 and the higher-fee requirement
20:31 <@ariard> s/and/on/g
20:31 < t-bast> rgrant: would it be different from proposing {A B} and then simply adding C?
20:31 < glozow> wonderful, thank you! I really really appreciate you all providing this info :D
20:31 < harding> ariard: rule three doesn't require a higher fee, at least as written, it requires an equal or greater fee.
20:32 < t-bast> rgrant: it feels to me that the goal of package relay here is really to get A to propagate
20:32 < harding> ariard: please don't tell my I screwed that up too. :-(
20:32 < harding> s/my/me/
20:32 <@ariard> harding: well if you combine with rule 4 that's a higher fee requirement ;)
20:33 < rgrant> t-bast: yeah, okay. it just feels a bit wrong to only solve one level, so intuitively i want to push for more. but there are other proposal for that.
20:33 <@ariard> assuming the default setting of `incrementalrelayfee` ?
20:33 <@ariard> of 1000 sat per KB iirc
20:33 < t-bast> rgrant: I think that if you got {A B} to propagate as a package, it usually means that if A had been confirmed, B would have propagated on its own, so C wouldn't add anything. But I may be missing some cases though.
20:34 < darosior> ariard: but it's a feerate
20:34 < glozow> rgrant: no, i don't think {A, B} + {B, C} would work if, for example, A and B were zero fee and C was supposed to pay for both
20:34 < t-bast> rgrant: and if A has been evicted, the {B C} package wouldn't propagate because it would be an orphan package
20:34 < rgrant> t-bast: well, if neither A nor B are enough, then you need {A B C}. but yeah my question wasn't well formed because then {A B} won't happen.
20:34 < t-bast> rgrant: got it
20:34 < glozow> that's not a "perfect" package relay but it would make it a bit harder to implement
20:35 < t-bast> rgrant: I think it shouldn't fundamentally restrict the design space for L2 protocols (but I may be wrong)
20:35 < t-bast> rgrant: what we'd do with a chain of 3 txs, we should be able to split into packages of 2 at a time
20:36 < darosior> ariard: for the absolute fee i'm pretty sure it's >= old_abs_fee
20:36 < t-bast> rgrant: at potentially the cost of a 1-block relative delay somewhere and a bit more fees to pay, but that's an ok trade-off IMHO
20:36 < rgrant> t-bast: once we get into BIP119, then some of the MAST possibilities are not resolved in one transaction, but may ratchet state through several on-chain transactions.
20:36 <@ariard> darosior: yeah i was thinking about nDeltaFees < ::incrementalRelayFee
20:37 < darosior> Gotta run now. Thanks for working on this and participating glozow. And thanks ariard for organizing, i think your efforts moved things forward :)
20:37 < t-bast> rgrant: OP_CTV is on my rabbit hole list, but I don't have enough context on that one yet!
20:37 < rgrant> darosior: CU
20:38 <@ariard> darosior: thanks for participating
20:38 <@ariard> yeah let's end here
20:38 <@ariard> #endmeeting
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment