📅 Original date posted:2018-06-19
📝 Original message:
"David A. Harding" <dave at dtrt.org> writes:
> I finished a re-read of y'alls excellent paper describing Eltoo, and
> there was something that confused me:
>
>> If the update transaction represents the last agreed upon state it can
>> use relatively low fees being certain that it will not be replaced.
>
> I don't understand why this is "certain"? State_2 can't replace State_3
> on the block chain (ignoring reorgs) because S_2's nLockTime of n+2
> doesn't satisify S_3's CLTV-enforced minimum state number/locktime of
> n+4. But in the mempool this constraint doesn't hold: if S_3 is in the
> mempool, S_2 can simply pay more fees than S_3 for RBF replacement.
That is true, we can't prevent S_2 to make it into the blockchain, but
we can make sure it doesn't have any effect (aside from wasting some
fees), by simply binding S_3 to it immediately afterwards. So if S_3 is
the last agreed upon state, we can bind it to the funding output or any
intermediate ones, i.e., when an intermediate update makes it into the
blockchain. Eventually S_3, bound to some prior update output and
ideally directly to the funding output, will make it into the blockchain
at which point the game is over. Intermediate updates may have leaked
into the blockchain, but did not unlock the intermediate settlement path
and the blockchain was paid with the fees attached to the intermediate
updates.
> A mempool replacement of S_3 with S_2 also invalidates the transaction
> containing S_3 until one of the participants rewrites it from binding to
> State_1's outpoint to binding to S_2's outpoint.
It should be noted that anyone can perform the rewriting, and it's easy
to do so, by just following the funding output and knowing the final
update.
> Unless I'm misunderstanding, this could perhaps be clarified to make
> clear that, even in the case of a cooperative close, monitoring for old
> states needs to continue until the final state has whatever number of
> confirmations a participant deems sufficient to make it immutable.
Good point, we did not mention that finality has to be ensured, and that
in a case of a reorg that unconfirms the update we might have to perform
additional rewrites. This is similar to LN-penalty where we actually
need to make sure that the penalty transaction is final and doesn't get
reorged out.
Cheers,
Christian
Christian Decker [ARCHIVE] /
npub1wt…gtuyn
2023-06-09 12:50:53
in reply to nevent1q…j04e
Author Public Key
npub1wtx5qvewc7pd6znlvwktq03mdld05mv3h5dkzfwd3dc30gdmsptsugtuynPublished at
2023-06-09 12:50:53Event JSON
{
"id": "130cf5f7627e5bd6021c1ab54329156c71a2d97025c22c2bc5d3aa7c89353534",
"pubkey": "72cd40332ec782dd0a7f63acb03e3b6fdafa6d91bd1b6125cd8b7117a1bb8057",
"created_at": 1686315053,
"kind": 1,
"tags": [
[
"e",
"da800d129bb6f13479aec8335d3350911374ef3c1eb580dbd96e640002b62a32",
"",
"root"
],
[
"e",
"44993363d78a5e30ba027f2498f1df78f409734a84f3d8436e155fd4233dd22a",
"",
"reply"
],
[
"p",
"d3574a24208f4e3d0821bb4a69a0c3ae842043d444fa5c4a8c49c369918a6fb2"
]
],
"content": "📅 Original date posted:2018-06-19\n📝 Original message:\n\"David A. Harding\" \u003cdave at dtrt.org\u003e writes:\n\u003e I finished a re-read of y'alls excellent paper describing Eltoo, and\n\u003e there was something that confused me:\n\u003e\n\u003e\u003e If the update transaction represents the last agreed upon state it can\n\u003e\u003e use relatively low fees being certain that it will not be replaced. \n\u003e\n\u003e I don't understand why this is \"certain\"? State_2 can't replace State_3\n\u003e on the block chain (ignoring reorgs) because S_2's nLockTime of n+2\n\u003e doesn't satisify S_3's CLTV-enforced minimum state number/locktime of\n\u003e n+4. But in the mempool this constraint doesn't hold: if S_3 is in the\n\u003e mempool, S_2 can simply pay more fees than S_3 for RBF replacement.\n\nThat is true, we can't prevent S_2 to make it into the blockchain, but\nwe can make sure it doesn't have any effect (aside from wasting some\nfees), by simply binding S_3 to it immediately afterwards. So if S_3 is\nthe last agreed upon state, we can bind it to the funding output or any\nintermediate ones, i.e., when an intermediate update makes it into the\nblockchain. Eventually S_3, bound to some prior update output and\nideally directly to the funding output, will make it into the blockchain\nat which point the game is over. Intermediate updates may have leaked\ninto the blockchain, but did not unlock the intermediate settlement path\nand the blockchain was paid with the fees attached to the intermediate\nupdates.\n\n\u003e A mempool replacement of S_3 with S_2 also invalidates the transaction\n\u003e containing S_3 until one of the participants rewrites it from binding to\n\u003e State_1's outpoint to binding to S_2's outpoint.\n\nIt should be noted that anyone can perform the rewriting, and it's easy\nto do so, by just following the funding output and knowing the final\nupdate.\n\n\u003e Unless I'm misunderstanding, this could perhaps be clarified to make\n\u003e clear that, even in the case of a cooperative close, monitoring for old\n\u003e states needs to continue until the final state has whatever number of\n\u003e confirmations a participant deems sufficient to make it immutable.\n\nGood point, we did not mention that finality has to be ensured, and that\nin a case of a reorg that unconfirms the update we might have to perform\nadditional rewrites. This is similar to LN-penalty where we actually\nneed to make sure that the penalty transaction is final and doesn't get\nreorged out.\n\n\nCheers,\nChristian",
"sig": "d9b02f58ef5e77d13d3dbab6a051750d4e3d5bba72f4239582c82ea7de57776ecc9ce2004454719fa19a0c48b42d9919efe3c0005dda752e875ee490e1c2c73c"
}