š
Original date posted:2022-10-29
š Original message:On 2022-10-26 13:52, Anthony Towns via bitcoin-dev wrote:
> The cutoff for that is probably something like "do 30% of listening
> nodes have a compatible policy"? If they do, then you'll have about a
> 95% chance of having at least one of your outbound peers accept your
> tx,
> just by random chance.
I think this might be understating the problem. A 95% chance of having
an outbound peer accept your tx conversely implies 1 in 20 payments will
fail to
propagate on their initial broadcast. That seems to me like an
unacceptably high failure rate both for the UX of regular payments and
for the safety of time-sensitive transactions like onchain HTLC
resolutions.
Additionally, the less reliable propagation is, the more reliably spy
nodes can assume the first IP address they received a transaction from
is the creator of that transaction.
I think those two problems combine in an especially unfortunate way for
lightweight clients. Lightweight clients wanting to find a peer who
supports a more permissive policy than most of the network and whose
client authors want to provide a good UX (or safety in the case of time
sensitive contract protocols like LN) will need to open large numbers of
connections, increasing their chance of connecting to a spy node which
will associate their IP address with their transaction, especially since
lightweight clients can't pretend to be relaying transactions for other
users. Some napkin math: there are about 250,000 transactions a day; if
we round that up to 100 million a year and assume we only want one
transaction per year to fail to initially propagate on a network where
30% of nodes have adopted a more permissive policy, lightweight clients
will need to connect to over 50 randomly selected nodes.[1] For a more
permissive policy only adopted by 10% of nodes, the lightweight client
needs to connect to almost 150 nodes.
This also implies that nodes adopting a more restrictive policy degrades
UX, safety, and privacy for users of transactions violating that policy.
For example, if 30% of nodes used Knots's -spkreuse configuration option
and about 50% of transactions reuse scriptPubKeys, then about 9
transactions a day wouldn't initially propagate (assuming 8 randomly
selected peers[2]) and lightweight clients who wanted 1-in-100-million
safety would need to connect to about 15 random nodes.
Towns's post to which I'm replying describes several alternative
approaches which mitigate the above problems, but he also documents that
they're not without tradeoffs.
-Dave
[1] (1-0.3)**50 * 100_000_000 =~ 1.8
[2] That assumes every transaction is sent to a different
randomly-selected set of peers, which isn't really the case. However,
one day $GIANT_EXCHANGE could suddenly be unable to broadcast hundreds
or
thousands of withdrawal transactions because all of its peers implement
a restrictive policy.
David A. Harding [ARCHIVE] /
npub16dā¦x4wrd
2023-06-07 23:16:01
in reply to nevent1qā¦4w29
Author Public Key
npub16dt55fpq3a8r6zpphd9xngxr46zzqs75gna9cj5vf8pknyv2d7equx4wrdPublished at
2023-06-07 23:16:01Event JSON
{
"id": "17b331dd284dcc39fd5802611da948bb5536936bf603f9ba79e8ee830f717171",
"pubkey": "d3574a24208f4e3d0821bb4a69a0c3ae842043d444fa5c4a8c49c369918a6fb2",
"created_at": 1686179761,
"kind": 1,
"tags": [
[
"e",
"72e405df3aaafafab176501cba9ee9ab7db3f9a3f761dd313e13dd7ef49c1f95",
"",
"root"
],
[
"e",
"20a108d8152dad31217cdeaac9d19ea664338cfb99ae25c4db4866539431fbba",
"",
"reply"
],
[
"p",
"f0feda6ad58ea9f486e469f87b3b9996494363a26982b864667c5d8acb0542ab"
]
],
"content": "š
Original date posted:2022-10-29\nš Original message:On 2022-10-26 13:52, Anthony Towns via bitcoin-dev wrote:\n\u003e The cutoff for that is probably something like \"do 30% of listening\n\u003e nodes have a compatible policy\"? If they do, then you'll have about a\n\u003e 95% chance of having at least one of your outbound peers accept your \n\u003e tx,\n\u003e just by random chance.\n\nI think this might be understating the problem. A 95% chance of having\nan outbound peer accept your tx conversely implies 1 in 20 payments will \nfail to\npropagate on their initial broadcast. That seems to me like an\nunacceptably high failure rate both for the UX of regular payments and\nfor the safety of time-sensitive transactions like onchain HTLC\nresolutions.\n\nAdditionally, the less reliable propagation is, the more reliably spy\nnodes can assume the first IP address they received a transaction from\nis the creator of that transaction.\n\nI think those two problems combine in an especially unfortunate way for\nlightweight clients. Lightweight clients wanting to find a peer who\nsupports a more permissive policy than most of the network and whose\nclient authors want to provide a good UX (or safety in the case of time\nsensitive contract protocols like LN) will need to open large numbers of\nconnections, increasing their chance of connecting to a spy node which\nwill associate their IP address with their transaction, especially since\nlightweight clients can't pretend to be relaying transactions for other\nusers. Some napkin math: there are about 250,000 transactions a day; if\nwe round that up to 100 million a year and assume we only want one\ntransaction per year to fail to initially propagate on a network where\n30% of nodes have adopted a more permissive policy, lightweight clients\nwill need to connect to over 50 randomly selected nodes.[1] For a more\npermissive policy only adopted by 10% of nodes, the lightweight client\nneeds to connect to almost 150 nodes.\n\nThis also implies that nodes adopting a more restrictive policy degrades\nUX, safety, and privacy for users of transactions violating that policy.\nFor example, if 30% of nodes used Knots's -spkreuse configuration option\nand about 50% of transactions reuse scriptPubKeys, then about 9\ntransactions a day wouldn't initially propagate (assuming 8 randomly\nselected peers[2]) and lightweight clients who wanted 1-in-100-million\nsafety would need to connect to about 15 random nodes.\n\nTowns's post to which I'm replying describes several alternative\napproaches which mitigate the above problems, but he also documents that\nthey're not without tradeoffs.\n\n-Dave\n\n[1] (1-0.3)**50 * 100_000_000 =~ 1.8\n\n[2] That assumes every transaction is sent to a different\nrandomly-selected set of peers, which isn't really the case. However,\none day $GIANT_EXCHANGE could suddenly be unable to broadcast hundreds \nor\nthousands of withdrawal transactions because all of its peers implement\na restrictive policy.",
"sig": "780aafcd9ce4e5e280334edd86f821d943498ec19c7f24627c3149073af3e228cdbbf95925058df22fc85a4b956e0244f8d75eb703ccb00bf6078ea0ff66ff9d"
}