š
Original date posted:2022-05-12
š Original message:On 2022-05-10 08:53, Greg Sanders via bitcoin-dev wrote:
> We add OPTX_SELECT_WEIGHT(pushes tx weight to stack, my addition to
> the proposal) to the "state" input's script.
> This is used in the update transaction to set the upper bound on the
> final transaction weight.
> In this same input, for each contract participant, we also
> conditionally commit to the change output's scriptpubkey
> via OPTX_SELECT_OUTPUT_SCRIPTPUBKEY and OPTX_SELECT_OUTPUTCOUNT==2.
> This means any participant can send change back
> to themselves, but with a catch. Each change output script possibility
> in that state input also includes a 1 block
> CSV to avoid mempool spending to reintroduce pinning.
I like the idea! However, I'm not sure the `1 CSV` trick helps much.
Can't an attacker just submit to the mempool their other eltoo state
updates? For example, let's assume Bob and Mallory have a channel with
>25 updates and Mallory wants to prevent update[-1] from being committed onchain before its (H|P)TLC timeout. Mallory also has at least 25 unencumbered UTXOs, so she submits to the mempool update[0], update[1], update[...], update[24]---each of them with a different second input to pay fees.
If `OPTX_SELECT_WEIGHT OP_TX` limits each update's weight to 1,000
vbytes[1] and the default node relay/mempool policy of allowing a
transaction and up to 24 descendants remains, Mallory can pin the
unsubmitted update[-1] under 25,000 vbytes of junk---which is 25% of
what she can pin under current mempool policies.
Alice can't RBF update[0] without paying for update[1..24] (BIP125 rule
#3), and an RBF of update[24] will have its additional fees divided by
its size plus the 24,000 vbytes of update[1..24].
To me, that seems like your proposal makes escaping the pinning at most
75% cheaper than today. That's certainly an improvement---yay!---but
I'm not sure it eliminates the underlying concern. Also depending on
the mempool ancestor/descendant limits makes it harder to raise those
limits in the future, which is something I think we might want to do if
we can ensure raising them won't increase node memory/CPU DoS risk.
I'd love to hear that my analysis is missing something though!
Thanks!,
-Dave
[1] 1,000 vbytes per update seems like a reasonable value to me.
Obviously there's a tradeoff here: making it smaller limits the amount
of pinning possible (assuming mempool ancestor/descendant limits remain)
but also limits the number and complexity of inputs that may be added.
I don't think we want to discourage people too much from holding
bitcoins in deep taproot trees or sophisticated tapscripts.
David A. Harding [ARCHIVE] /
npub16dā¦x4wrd
2023-06-07 23:09:37
in reply to nevent1qā¦3q7e
Author Public Key
npub16dt55fpq3a8r6zpphd9xngxr46zzqs75gna9cj5vf8pknyv2d7equx4wrdPublished at
2023-06-07 23:09:37Event JSON
{
"id": "99a179b784616f8bab58dff372b64ac3b09d061feab1eab98630e937a52f91d8",
"pubkey": "d3574a24208f4e3d0821bb4a69a0c3ae842043d444fa5c4a8c49c369918a6fb2",
"created_at": 1686179377,
"kind": 1,
"tags": [
[
"e",
"bae4b2b0acd4b54f60f266d4f38f54c2bd2c2e7450a700441e2706700a514076",
"",
"root"
],
[
"e",
"a042a8219fae0ecd831f2c6c139bbbc600c22beb914fc885795efab47d67738a",
"",
"reply"
],
[
"p",
"937f10fc4f78d8676348562d9d886843fbb351d99d6c96423fe9970819962e19"
]
],
"content": "š
Original date posted:2022-05-12\nš Original message:On 2022-05-10 08:53, Greg Sanders via bitcoin-dev wrote:\n\u003e We add OPTX_SELECT_WEIGHT(pushes tx weight to stack, my addition to\n\u003e the proposal) to the \"state\" input's script.\n\u003e This is used in the update transaction to set the upper bound on the\n\u003e final transaction weight.\n\u003e In this same input, for each contract participant, we also\n\u003e conditionally commit to the change output's scriptpubkey\n\u003e via OPTX_SELECT_OUTPUT_SCRIPTPUBKEY and OPTX_SELECT_OUTPUTCOUNT==2.\n\u003e This means any participant can send change back\n\u003e to themselves, but with a catch. Each change output script possibility\n\u003e in that state input also includes a 1 block\n\u003e CSV to avoid mempool spending to reintroduce pinning.\n\nI like the idea! However, I'm not sure the `1 CSV` trick helps much. \nCan't an attacker just submit to the mempool their other eltoo state \nupdates? For example, let's assume Bob and Mallory have a channel with \n \u003e25 updates and Mallory wants to prevent update[-1] from being committed onchain before its (H|P)TLC timeout. Mallory also has at least 25 unencumbered UTXOs, so she submits to the mempool update[0], update[1], update[...], update[24]---each of them with a different second input to pay fees.\n\nIf `OPTX_SELECT_WEIGHT OP_TX` limits each update's weight to 1,000 \nvbytes[1] and the default node relay/mempool policy of allowing a \ntransaction and up to 24 descendants remains, Mallory can pin the \nunsubmitted update[-1] under 25,000 vbytes of junk---which is 25% of \nwhat she can pin under current mempool policies.\n\nAlice can't RBF update[0] without paying for update[1..24] (BIP125 rule \n#3), and an RBF of update[24] will have its additional fees divided by \nits size plus the 24,000 vbytes of update[1..24].\n\nTo me, that seems like your proposal makes escaping the pinning at most \n75% cheaper than today. That's certainly an improvement---yay!---but \nI'm not sure it eliminates the underlying concern. Also depending on \nthe mempool ancestor/descendant limits makes it harder to raise those \nlimits in the future, which is something I think we might want to do if \nwe can ensure raising them won't increase node memory/CPU DoS risk.\n\nI'd love to hear that my analysis is missing something though!\n\nThanks!,\n\n-Dave\n\n[1] 1,000 vbytes per update seems like a reasonable value to me. \nObviously there's a tradeoff here: making it smaller limits the amount \nof pinning possible (assuming mempool ancestor/descendant limits remain) \nbut also limits the number and complexity of inputs that may be added. \nI don't think we want to discourage people too much from holding \nbitcoins in deep taproot trees or sophisticated tapscripts.",
"sig": "2d0038d813a076c7765685e476270b92ca5baa24b3c791b89d80ce8edd7b4ac91ce2b325fdb5c35f1a3bb8a926487b4d4e3428163f83448ed8a06dcc11c0b7dc"
}