đź“… Original date posted:2021-06-17
đź“ť Original message:
The workshop was previously announced by ariard on the bitcoin-dev
mailing list here:
https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2021-April/018841.html
A reminder was posted to the bitcoin-dev mailing list here:
https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2021-June/019068.html
The conversation log for the workshop is here:
https://gist.github.com/ariard/5f28dffe82ddad763b346a2344092ba4
I’ll summarize what was discussed during the meeting but please refer
to the L2 zoology repo ariard has set up for background context and
additional notes: https://github.com/ariard/L2-zoology
General considerations
I think it is worth first reiterating the obvious that there will
never be perfect security guarantees on network transaction fee rates
or transaction relay. Network fee rates can in theory go up to
anything (upper limit of infinity) and will always to some degree be
inherently unpredictable. In addition transaction acceptance can never
be guaranteed even if you attempt a direct connection to a miner. At
the same time L2 protocols (e.g. Lightning and DLCs) elevate
transaction propagation and inclusion in a time sensitive mined block
to a security assumption from what used to just be a usability
assumption (BlueMatt). Within those confines these workshops are
attempting to strengthen that security assumption knowing that
guaranteeing it is out of reach.
There are considerations that blocked transaction propagation isn’t
necessarily a problem for the victim if it is also blocked for the
attacker. In addition some successful attacks present an opportunity
for the victim to divert their funds to miner fees (e.g. scorched
earth) ensuring the attacker doesn’t financially benefit from the
attack (harding). Personally I would argue neither of these present
much assurance to the victim. Out of conservatism one should assume
that the attacker has greater resources than the victim (e.g. a direct
line to a miner) and knowing a victim’s lost funds went to the miner
instead of the attacker isn’t of much comfort to the victim (other
than potentially presenting a disincentive for the attack in the first
place). This is obviously further complicated if the miner is the
attacker. In addition any incentive for miners to not mine
transactions to wait for a potential pay-all-to-fee are troubling
(t-bast).
New(ish) ideas
RubenSomsen brought up the idea of fee sensitive timelocks, they would
need a soft fork. ariard briefly discussed the idea of a transaction
relay overlay network. harding stated his opinion that we should be
leaning more on miners’ profit incentive rather than attempting to
normalize mempool policy (e.g.
https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-April/002664.html).
t-bast raised the prospect of mining pools exposing public APIs to
push them transactions directly.
The impact of changes to Bitcoin Core on L2 protocols
Some changes to Core (e.g. some privacy improvements) can conflict
with the goal of minimizing transaction propagation times.
Chris_Stewart_5 raised the idea of a nightly bitcoind build to give L2
developers a way to write regression tests against the latest builds
of bitcoind. He added that L2 devs should write automated regression
test suites against bitcoind exposed RPC commands. t-bast would like a
bitcoind “evicttx” RPC to remove a transaction from the mempool on
regtest.
Full RBF
In advance of the workshop ariard posted to the mailing list a
proposal for full RBF in a future version of Bitcoin Core:
https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2021-June/019074.html
Progress in this direction has been attempted in the past (e.g.
https://github.com/bitcoin/bitcoin/pull/10823) BlueMatt pointed out
that even with full RBF it is trivial to create mempool partitions. As
long as RBF has a fee rate increase minimum an attacker can trivially
split the mempool by broadcasting two conflicting transactions with
the same fee.
ariard plans to contact businesses (e.g. Lightning onboarding services
relying on zero confirmations) to check that this possible eventual
move to full RBF doesn’t present a problem for them. There could well
be engineering work required in advance of the possible change being
made.
Next week’s meeting
Next week’s meeting (Tuesday 22nd June, 19:00 UTC,
#l2-onchain-support, Libera) will be on fee bumping and package relay
that glozow has recently been working to advance in Bitcoin Core.
--
Michael Folkson
Email: michaelfolkson at gmail.com
Keybase: michaelfolkson
PGP: 43ED C999 9F85 1D40 EAF4 9835 92D6 0159 214C FEE3