📅 Original date posted:2019-11-11
📝 Original message:
Joost Jager <joost.jager at gmail.com> writes:
>>
>> > We could
>> > simplify this to a single to_self_delay that is proposed by the
>> initiator,
>> > but what was the original reason to allow distinct values?
>>
>> Because I didn't fight hard enough for simplicity :(
>>
>
> But the people you were fighting with, what reason did they have? Just
> flexibility in general, or was there an actual use case? Maybe these people
> are reading this email and can comment?
Compromise among the committee meant adding everything to the spec if
there was a conceivable reason for it; the simplicity argument was less
strong then (maybe because we hadn't implemented it all yet!).
> So then because unilateral close is the only way to resolve atm, it is
> correct also in theory that there will never be a commitment tx where the
> non-initiator pays fees? But the point is clear, channels can get stuck.
Yeah. Generally, it doesn't happen because we insist on a reasonable
balance in the channel, but it's theoretically possible.
>> > If we hard-code a constant, we won't be able to adapt to changes of
>> > `dustRelayFee` in the bitcoin network. And we'd also need to deal with a
>> > peer picking a value higher than that constant for its regular funding
>> flow
>> > dust limit parameter.
>>
>> Note that we can't adapt to dustRelayFee *today*, since we can't change
>> it after funding (another thing we probably need to fix).
>>
>
> You can't for an existing channel, but at least for a new channel you can
> pick a different value. Which wouldn't be possible if we'd put a fixed
> (anchor) amount in the spec.
That's not really much consolation though for the existing network.
Still Matt assures me that the relay dust limit is not going to change,
so I think we're best off cutting down our test matrix by choosing a
value and putting it directly into the spec.
By my calculations, at minfee it will cost you ~94 satoshis to spend.
Dust limit is 294 for Segwit outputs (basically assuming 3x minfee).
So I'm actually happy to say "anchor outputs are 294 satoshi". These
are simply spendable, and still only $3 each if BTC is $1M. Lower is
better (as long as we stick with funder-pays), as long as they do
eventually get spent.
>> If we really want to make it adjustable, could we make each side pay for
>> its own; if you can't afford it, you don't get one? There's no point
>> the funder paying for a fundee-anchor if the fundee has no skin in the
>> game.
>>
>> That reduces the pressure somewhat, I think?
>>
>
> If you can't afford you don't get one, not sure about that. I could open a
> channel, send out the total capacity an in htlc to myself via some other
> hops, force close with a very low commit fee, then pull in the htlc (one
> time the money). The victim then needs to get the commit confirmed to claim
> the money, but there is no anchor unfortunately. I wait for the htlc to
> expire, then anchor down the commit tx and time out the htlc (twice the
> money).
Excellent point. And the complexity of some "you can only use a little
bit of capacity until I have an anchor too" is worse, so let's stick
with your proposal as the simplest: funder pays for two, always.
>> Or what about we rotate the anchors and nothing else, which (assuming we
>> make it anyone-can-spend-after-N-blocks) reduces the amount of onchain
>> spam if someone completely loses their keys?
>>
>> That's a bigger change, but maybe it's worth it?
> We now have David's great proposal to reuse the funding keys for the anchor
> output. That allows us to always let anyone spend after confirmation,
> because they can reconstruct the spend script. But I think this also means
> that we cannot do rotation on the anchor keys. We need to use the funding
> pubkey as is.
I missed that proposal, thanks!
It's stronger than my scheme, in that it works even if neither anchor is
spent; which, if we keep update_fee, is a distinct possibility. And
makes the script shorter (my fee calc above assume this).
We *could* tweak both anchors by the same amount, but then you'd still
need to see one of them to spend the other.
Cheers,
Rusty.
Rusty Russell [ARCHIVE] /
npub1zw…hkhpx
2023-06-09 12:57:01
in reply to nevent1q…qglq
Author Public Key
npub1zw7cc8z78v6s3grujfvcv3ckpvg6kr0w7nz9yzvwyglyg0qu5sjsqhkhpxPublished at
2023-06-09 12:57:01Event JSON
{
"id": "8015c49625909f8214514cb42df50fcd572e4e9eab4cd1458be47365a379e391",
"pubkey": "13bd8c1c5e3b3508a07c92598647160b11ab0deef4c452098e223e443c1ca425",
"created_at": 1686315421,
"kind": 1,
"tags": [
[
"e",
"ab5aee113a8dbee3ddcc4762799f4e2f5154112baf06ecbd2fed19b611a67033",
"",
"root"
],
[
"e",
"812cf353e312faec005b137ea4e8ac06a80bd26f87e963ce72ce5937d4a6ce1a",
"",
"reply"
],
[
"p",
"ec3fb08b335b94aace30d13181f2ad0280df9bc34f1a99832c4e2da8fb125eb3"
]
],
"content": "📅 Original date posted:2019-11-11\n📝 Original message:\nJoost Jager \u003cjoost.jager at gmail.com\u003e writes:\n\u003e\u003e\n\u003e\u003e \u003e We could\n\u003e\u003e \u003e simplify this to a single to_self_delay that is proposed by the\n\u003e\u003e initiator,\n\u003e\u003e \u003e but what was the original reason to allow distinct values?\n\u003e\u003e\n\u003e\u003e Because I didn't fight hard enough for simplicity :(\n\u003e\u003e\n\u003e\n\u003e But the people you were fighting with, what reason did they have? Just\n\u003e flexibility in general, or was there an actual use case? Maybe these people\n\u003e are reading this email and can comment?\n\nCompromise among the committee meant adding everything to the spec if\nthere was a conceivable reason for it; the simplicity argument was less\nstrong then (maybe because we hadn't implemented it all yet!).\n\n\u003e So then because unilateral close is the only way to resolve atm, it is\n\u003e correct also in theory that there will never be a commitment tx where the\n\u003e non-initiator pays fees? But the point is clear, channels can get stuck.\n\nYeah. Generally, it doesn't happen because we insist on a reasonable\nbalance in the channel, but it's theoretically possible.\n\n\u003e\u003e \u003e If we hard-code a constant, we won't be able to adapt to changes of\n\u003e\u003e \u003e `dustRelayFee` in the bitcoin network. And we'd also need to deal with a\n\u003e\u003e \u003e peer picking a value higher than that constant for its regular funding\n\u003e\u003e flow\n\u003e\u003e \u003e dust limit parameter.\n\u003e\u003e\n\u003e\u003e Note that we can't adapt to dustRelayFee *today*, since we can't change\n\u003e\u003e it after funding (another thing we probably need to fix).\n\u003e\u003e\n\u003e\n\u003e You can't for an existing channel, but at least for a new channel you can\n\u003e pick a different value. Which wouldn't be possible if we'd put a fixed\n\u003e (anchor) amount in the spec.\n\nThat's not really much consolation though for the existing network.\n\nStill Matt assures me that the relay dust limit is not going to change,\nso I think we're best off cutting down our test matrix by choosing a\nvalue and putting it directly into the spec.\n\nBy my calculations, at minfee it will cost you ~94 satoshis to spend.\nDust limit is 294 for Segwit outputs (basically assuming 3x minfee).\n\nSo I'm actually happy to say \"anchor outputs are 294 satoshi\". These\nare simply spendable, and still only $3 each if BTC is $1M. Lower is\nbetter (as long as we stick with funder-pays), as long as they do\neventually get spent.\n\n\u003e\u003e If we really want to make it adjustable, could we make each side pay for\n\u003e\u003e its own; if you can't afford it, you don't get one? There's no point\n\u003e\u003e the funder paying for a fundee-anchor if the fundee has no skin in the\n\u003e\u003e game.\n\u003e\u003e\n\u003e\u003e That reduces the pressure somewhat, I think?\n\u003e\u003e\n\u003e\n\u003e If you can't afford you don't get one, not sure about that. I could open a\n\u003e channel, send out the total capacity an in htlc to myself via some other\n\u003e hops, force close with a very low commit fee, then pull in the htlc (one\n\u003e time the money). The victim then needs to get the commit confirmed to claim\n\u003e the money, but there is no anchor unfortunately. I wait for the htlc to\n\u003e expire, then anchor down the commit tx and time out the htlc (twice the\n\u003e money).\n\nExcellent point. And the complexity of some \"you can only use a little\nbit of capacity until I have an anchor too\" is worse, so let's stick\nwith your proposal as the simplest: funder pays for two, always.\n\n\u003e\u003e Or what about we rotate the anchors and nothing else, which (assuming we\n\u003e\u003e make it anyone-can-spend-after-N-blocks) reduces the amount of onchain\n\u003e\u003e spam if someone completely loses their keys?\n\u003e\u003e\n\u003e\u003e That's a bigger change, but maybe it's worth it?\n\u003e We now have David's great proposal to reuse the funding keys for the anchor\n\u003e output. That allows us to always let anyone spend after confirmation,\n\u003e because they can reconstruct the spend script. But I think this also means\n\u003e that we cannot do rotation on the anchor keys. We need to use the funding\n\u003e pubkey as is.\n\nI missed that proposal, thanks!\n\nIt's stronger than my scheme, in that it works even if neither anchor is\nspent; which, if we keep update_fee, is a distinct possibility. And\nmakes the script shorter (my fee calc above assume this).\n\nWe *could* tweak both anchors by the same amount, but then you'd still\nneed to see one of them to spend the other.\n\nCheers,\nRusty.",
"sig": "d671716f6a6af25dd94b25824d32baf73802fad96313fe5c9c2b6c143c6515f291de6d482c4463c77db5cb655a1bb64b30a34d02539e82cd6442c697f179ac9a"
}