Re: [bitcoin-dev] Package Relay Proposal

[Eric Voskuil via bitcoin-dev]

> From: bitcoin-dev  On
Behalf
> Of Anthony Towns via bitcoin-dev
> Sent: Wednesday, May 25, 2022 11:56 AM

> So the other thing is what happens if the peer announcing packages to us
is
> dishonest?
> 
> They announce pkg X, say X has parents A B C and the fee rate is garbage.
But
> actually X has parent D and the fee rate is excellent. Do we request the
> package from another peer, or every peer, to double check? Otherwise we're
> allowing the first peer we ask about a package to censor that tx from us?
> 
> I think the fix for that is just to provide the fee and weight when
announcing
> the package rather than only being asked for its info? Then if one peer
makes
> it sound like a good deal you ask for the parent txids from them, dedupe,
> request, and verify they were honest about the parents.

Single tx broadcasts do not carry an advertised fee rate, however the'
feefilter' message (BIP133) provides this distinction. This should be
interpreted as applicable to packages. Given this message there is no reason
to send a (potentially bogus) fee rate with every package. It can only be
validated by obtaining the full set of txs, and the only recourse is
dropping (etc.) the peer, as is the case with single txs. Relying on the
existing message is simpler, more consistent, and more efficient.

> >> Is it plausible to add the graph in?
> 
> Likewise, I think you'd have to have the graph info from many nodes if
you're
> going to make decisions based on it and don't want hostile peers to be
able to
> trick you into ignoring txs.
> 
> Other idea: what if you encode the parent txs as a short hash of the wtxid
> (something like bip152 short ids? perhaps seeded per peer so collisions
will
> be different per peer?) and include that in the inv announcement? Would
> that work to avoid a round trip almost all of the time, while still giving
you
> enough info to save bw by deduping parents?

As I suggested earlier, a package is fundamentally a compact block (or
block) announcement without the header. Compact block (BIP152) announcement
is already well-defined and widely implemented. A node should never be
required to retain an orphan, and BIP152 ensures this is not required.

Once a validated set of txs within the package has been obtained with
sufficient fee, a fee-optimal node would accept the largest subgraph of the
package that conforms to fee constraints and drop any peer that provides a
package for which the full graph does not.

Let us not reinvent the wheel and/or introduce accidental complexity. I see
no reason why packaging is not simply BIP152 without the 'header' field, an
updated protocol version, and the following sort of changes to names:

sendpkg
MSG_CMPCT_PKG
cmpctpkg
getpkgtxn
pkgtxn

> > For a maximum 25 transactions,
> >23*24/2 = 276, seems like 36 bytes for a child-with-parents package.
> 
> If you're doing short ids that's maybe 25*4B=100B already, then the above
is
> up to 36% overhead, I guess. Might be worth thinking more about, but maybe
> more interesting with ancestors than just parents.
> 
> >Also side note, since there are no size/count params,

Size is restricted in the same manner as block and transaction broadcasts,
by consensus. If the fee rate is sufficient there would be no reason to
preclude any valid size up to what can be mined in one block (packaging
across blocks is not economically rational under the assumption that one
miner cannot expect to mine multiple blocks in a row). Count is incorporated
into BIP152 as 'shortids_length'.

> > wondering if we
> >should just have "version" in "sendpackages" be a bit field instead of
> >sending a message for each version. 32 versions should be enough right?

Adding versioning to individual protocols is just a reflection of the
insufficiency of the initial protocol versioning design, and that of the
various ad-hoc changes to it (including yet another approach in this
proposal) that have been introduced to compensate for it, though I'll
address this in an independent post at some point.

Best,
e

> Maybe but a couple of messages per connection doesn't really seem worth
> arguing about?
> 
> Cheers,
> aj
> 
> 
> --
> Sent from my phone.
> ___
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev

___
bitcoin-dev mailing list
bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev

Re: [bitcoin-dev] Package Relay Proposal

[Anthony Towns via bitcoin-dev]

On 24 May 2022 5:05:35 pm GMT-04:00, Gloria Zhao via bitcoin-dev 
 wrote:
>To clarify, in this situation, I'm imagining something like
>A: 0 sat, 100vB
>B: 1500 sat, 100vB
>C: 0 sat, 100vB
>X: 500 sat, 100vB
>feerate floor is 3sat/vB
>
>With the algo:
>>  * is X alone above my fee rate? no, then forget it
>>  * otherwise, s := X.size, f := X.fees, R := [X]
>>  * for P = P1..Pn:
>>   * do I already have P? then skip to the next parent
>>   * s += P.size, f += P.fees, R += [P]
>>  * if f/s above my fee rate floor? if so, request all the txs in R
>
>We'd erroneously ask for A+B+C+X, but really we should only take A+B.
>But wouldn't A+B also be a package that was announced for B?

In theory, yes, but maybe it was announced earlier (while our node was down?) 
or had dropped from our mempool or similar, either way we don't have those txs 
yet.

>Please lmk if you were imagining something different. I think I may be
>missing something.

That's what I was thinking, yes.

So the other thing is what happens if the peer announcing packages to us is 
dishonest?

They announce pkg X, say X has parents A B C and the fee rate is garbage. But 
actually X has parent D and the fee rate is excellent. Do we request the 
package from another peer, or every peer, to double check? Otherwise we're 
allowing the first peer we ask about a package to censor that tx from us?

I think the fix for that is just to provide the fee and weight when announcing 
the package rather than only being asked for its info? Then if one peer makes 
it sound like a good deal you ask for the parent txids from them, dedupe, 
request, and verify they were honest about the parents.

>> Is it plausible to add the graph in?

Likewise, I think you'd have to have the graph info from many nodes if you're 
going to make decisions based on it and don't want hostile peers to be able to 
trick you into ignoring txs.

Other idea: what if you encode the parent txs as a short hash of the wtxid 
(something like bip152 short ids? perhaps seeded per peer so collisions will be 
different per peer?) and include that in the inv announcement? Would that work 
to avoid a round trip almost all of the time, while still giving you enough 
info to save bw by deduping parents?


> For a maximum 25 transactions,
>23*24/2 = 276, seems like 36 bytes for a child-with-parents package.

If you're doing short ids that's maybe 25*4B=100B already, then the above is up 
to 36% overhead, I guess. Might be worth thinking more about, but maybe more 
interesting with ancestors than just parents.

>Also side note, since there are no size/count params, wondering if we
>should just have "version" in "sendpackages" be a bit field instead of
>sending a message for each version. 32 versions should be enough right?

Maybe but a couple of messages per connection doesn't really seem worth arguing 
about?

Cheers,
aj


-- 
Sent from my phone.
___
bitcoin-dev mailing list
bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev

Re: [bitcoin-dev] Silent Payments – Non-interactive private payments with no on-chain overhead

[Erik Aronesty via bitcoin-dev]

i like the  00 || X_spend || X_scan + mandate address reuse prevention.

might as well start with something strict

easy to loosen it later - if needed - harder to tighten it later because of
back-compatibility with addresses in-use


On Tue, May 24, 2022 at 11:02 AM alicexbt via bitcoin-dev <
bitcoin-dev@lists.linuxfoundation.org> wrote:

> Hi woltx,
>
> Thanks for implementing silent payments in Bitcoin Core. I tried the steps
> shared in tutorial and everything works as expected.
>
> I have updated the silent payment address (signet) as TXT record for
> domain alice.silentbitco.in
>
> $ dig -t txt alice.silentbitco.in +short
> "tb1px3kma8e8y8z9l7e640v0x2chzrzww9cu06mqvwyrz805ffletu3s067sgh"
>
> I have also added basic information about silent payments proposal,
> implementation and tutorial on https://silentbitco.in
>
> I had no issues with performance of the UTXO Set and the blocks scan. I
> don't mind using flag but a new address/descriptor format should be a
> better approach. I could not review the code in detail or test edge cases
> however these suggestions by Pavol Rusnak make sense:
> https://gist.github.com/RubenSomsen/c43b79517e7cb701ebf77eec6dbb46b8?permalink_comment_id=4177027#gistcomment-4177027
>
>
> /dev/fd0
>
> Sent with ProtonMail  secure email.
>
> --- Original Message ---
> On Tuesday, May 24th, 2022 at 7:01 AM, woltx via bitcoin-dev <
> bitcoin-dev@lists.linuxfoundation.org> wrote:
>
> I created a short and simple tutorial on how to make silent payments on
> signet.
> https://gist.github.com/w0xlt/72390ded95dd797594f80baba5d2e6ee
>
> In this tutorial, the user will generate an address, publish it, receive
> and spend coins from it and still no transactions are shown from this
> address in a blockchain explorer.
>
>
> ___
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>
___
bitcoin-dev mailing list
bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev