On 2023-12-28 08:06, jlspc via bitcoin-dev wrote:
On Friday, December 22nd, 2023 at 8:36 AM, Nagaev Boris
<bnag...@gmail.com> wrote:
To validate a transaction with FDT [...]
a light client would have to determine the median fee
rate of the recent blocks. To do that without involving trust, it has
to download the blocks. What do you think about including median
feerate as a required OP_RETURN output in coinbase transaction?
Yes, I think that's a great idea!
I think this points to a small challenge of implementing this soft fork
for pruned full nodes. Let's say a fee-dependent timelock (FDT) soft
fork goes into effect at time/block _t_. Both before and for a while
after _t_, Alice is running an older pruned full node that did not
contain any FDT-aware code, so it prunes blocks after _t_ without
storing any median feerate information about them (not even commitments
in the coinbase transaction). Later, well after _t_, Alice upgrades her
node to one that is aware of FDTs. Unfortunately, as a pruned node, it
doesn't have earlier blocks, so it can't validate FDTs without
downloading those earlier blocks.
I think the simplest solution would be for a recently-upgrade node to
begin collecting median feerates for new blocks going forward and to
only enforce FDTs for which it has the data. That would mean anyone
depending on FDTs should be a little more careful about them near
activation time, as even some node versions that nominally enforced FDT
consensus rules might not actually be enforcing them yet.
Of course, if the above solution isn't satisfactory, upgraded pruned
nodes could simply redownload old blocks or, with extensions to the P2P
protocol, just the relevant parts of them (i.e., coinbase transactions
or, with a soft fork, even just commitments made in coinbase
transactions[1]).
-Dave
[1] An idea discussed for the segwit soft fork was requiring the witness
merkle root OP_RETURN to be the final output of the coinbase transaction
so that all chunks of the coinbase transaction before it could be
"compressed" into a SHA midstate and then the midstate could be extended
with the bytes of the OP_RETURN commitment to produce the coinbase
transaction's txid, which could then be connected to the block header
using the standard Bitcoin-style merkle inclusion proof. This would
allow trailing commitments in even a very large coinbase transaction to
be communicated in just a few hundred bytes (not including the size of
the commitments themselves). This idea was left out of segwit because
at least one contemporary model of ASIC miner had a hardware-enforced
requirement to put a mining reward payout in the final output.
_______________________________________________
Lightning-dev mailing list
Lightning-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/lightning-dev