Re: [bitcoin-dev] CTV dramatically improves DLCs
Hi all, A lot is being discussed but just wanted to react on some points. # CSFS Lloyd, good point about CSFS not providing the same privacy benefits, and OP_CAT being required in addition. And thanks Philipp for the link to your post, it was an interesting read! Jeremy >CSFS might have independent benefits, but in this case CTV is not being used in the Oracle part of the DLC, it's being used in the user generated mapping of Oracle result to Transaction Outcome. My point was that CSFS could be used both in the oracle part but also in the transaction restriction part (as in the post by Philipp), but again it does not really provide the same model as DLC as pointed out by Lloyd. # Performance Regarding how much performance benefit this CTV approach would provide, without considering the benefit of not having to transmit and store a large number of adaptor signatures, and without considering any further optimization of the anticipation points computation, I tried to get a rough estimate through some benchmarking. Basically, if I'm not mistaken, using CTV we would only have to compute the oracle anticipation points, without needing any signing or verification. I've thus made a benchmark comparing the current approach with signing + verification with only computing the anticipation points, for a single oracle with 17 digits and 1 varying payouts (between 45000 and 55000). The results are below. Without using parallelization: baseline:[7.8658 s 8.1122 s 8.3419 s] no signing/no verification: [321.52 ms 334.18 ms 343.65 ms] Using parallelization: baseline:[3.0030 s 3.1811 s 3.3851 s] no signing/no verification: [321.52 ms 334.18 ms 343.65 ms] So it seems like the performance improvement is roughly 24x for the serial case and 10x for the parallel case. The two benchmarks are available (how to run them is detailed in the README in the same folder): * https://github.com/p2pderivatives/rust-dlc/blob/ctv-bench-simulation-baseline/dlc-manager/benches/benchmarks.rs#L290 * https://github.com/p2pderivatives/rust-dlc/blob/ctv-bench-simulation/dlc-manager/benches/benchmarks.rs#L290 Let me know if you think that's a fair simulation or not. One thing I'd like to see as well is what will be the impact of having a very large taproot tree on the size of the witness data when spending script paths that are low in the tree, and how it would affect the transaction fee. I might try to experiment with that at some point. Cheers, Thibaut On Mon, Feb 7, 2022 at 2:56 AM Jeremy Rubin via bitcoin-dev < bitcoin-dev@lists.linuxfoundation.org> wrote: > I'm not sure what is meant concretely by (5) but I think overall > performance is ok here. You will always have 10mins or so to confirm the > DLC so you can't be too fussy about performance! > > > I mean that if you think of the CIT points as being the X axis (or > independent axes if multivariate) of a contract, the Y axis is the > dependent variable represented by the CTV hashes. > > > For a DLC living inside a lightning channel, which might be updated > between parties e.g. every second, this means you only have to recompute > the cheaper part of the DLC only if you update the payoff curves (y axis) > only, and you only have to update the points whose y value changes. > > For on chain DLCs this point is less relevant since the latency of block > space is larger. > ___ > bitcoin-dev mailing list > bitcoin-dev@lists.linuxfoundation.org > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev > ___ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
Re: [bitcoin-dev] [dlc-dev] CTV dramatically improves DLCs
Hi, Lloyd, thanks for this excellent writeup. I must say that indeed using CTV seems like it would very much lower the complexity of the DLC protocol (and it seems like APO would also work, thanks Jonas for pointing that out). Though thinking about it, I can't help wondering if the ideal op code for DLC wouldn't actually be CHECKSIGFROMSTACK? It feels to me that this would give the most natural way of doing things. If I'm not mistaken, this would enable simply requiring an oracle signature over the outcome, without any special trick, and without even needing the oracle to release a nonce in advance (the oracle could sign `event_outcome + event_id` to avoid signature reuse). I must say that I haven't studied covenant opcodes in detail yet so is that line of thinking correct or am I missing something? Cheers, Thibaut On Wed, Jan 26, 2022 at 1:27 AM Jonas Nick via bitcoin-dev < bitcoin-dev@lists.linuxfoundation.org> wrote: > Thank you, that's an interesting application of OP_CTV. > > Perhaps worth pointing out that this does not require OP_CTV but could > also be > enabled by other covenant constructions. For example, it seems like > ANYPREVOUT-based covenants provide similar benefits. The script of the > Taproot > leaves could be set to > > CHECKSIGVERIFY CHECKSIGVERIFY > > where is an ANYPREVOUTANYSCRIPT signature of the CET for public key > P = G. > When using nonce R = G, signature creation has negligible computational > cost (s > = 1 + H(R, P, m)). A downside compared to CTV is the additional overhead > of 64 > witness bytes (). > ___ > bitcoin-dev mailing list > bitcoin-dev@lists.linuxfoundation.org > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev > ___ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
Re: [bitcoin-dev] [Bitcoin Advent Calendar] Derivatives and Options
Hi all, Did someone say rust-dlc? Just kidding, but wanted to mention that indeed it's under active development, supports multi oracle contracts and many other cool things (pretty much everything you can find in the dlc specs)! Otherwise nice article Jeremy. Maybe you should drop by our monthly DLC spec meeting one of these days. I'm sure everybody would be happy to hear how we could improve the Bitcoin derivatives ecosystem with CTV and what infrastructures or code could be reused from DLCs. Cheers, Thibaut On Mon, Dec 27, 2021 at 7:39 AM yancy via bitcoin-dev < bitcoin-dev@lists.linuxfoundation.org> wrote: > Prayank, > > I believe the p2pderivatives DLC application is still under active > development here (single oracle): > https://github.com/p2pderivatives/rust-dlc > > I was once involved in the project in a galaxy far far away but haven't > kept up with the project. Also, I'm a few days behind in the Bitcoin > Advent Calendar :) > > Cheers, > -Yancy > > > On 2021-12-24 17:42, Prayank via bitcoin-dev wrote: > > Hi Jeremy, > > > >> Wheres the info come from? Well, multiple places. We could get it > > from a third party (maybe using an attestation chain of some sort?), > > or there are certain ways it could be self-referential (like for > > powswap [1]). > > > >> Now let’s define a threshold oracle – we wouldn’t want to > > trust just one lousy oracle, so let’s trust M out of N of them! > > > > Similar approach is used in discreet log contracts for multi oracles. > > There is even a project for P2P derivatives but it was not used for > > any real trades on mainnet or further developed. What difference would > > OP_CTV make in this project if its implemented in Bitcoin? > > > > https://github.com/p2pderivatives/p2pderivatives-client > > > > https://github.com/p2pderivatives/p2pderivatives-server > > > > https://github.com/p2pderivatives/p2pderivatives-oracle > > > >> Does this NEED CTV? > > > > No, not in particular. Most of this stuff could be done with online > > signer server federation between you and counterparty. CTV makes some > > stuff nicer though, and opens up new possibilities for opening these > > contracts unilaterally. > > > > Nicer? How would unilateral derivatives work because my understanding > > was that you always need a peer to take the other side of the trade. I > > wish we could discuss this topic in a trading community with some > > Bitcoiners that even had some programming knowledge. > > > > Derivatives are interesting and less explored or used in Bitcoin > > projects. They could be useful in solving lot of problems. > > > > -- > > > > Prayank > > > > A3B1 E430 2298 178F > > > > > > Links: > > -- > > [1] https://powswap.com > > ___ > > bitcoin-dev mailing list > > bitcoin-dev@lists.linuxfoundation.org > > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev > ___ > bitcoin-dev mailing list > bitcoin-dev@lists.linuxfoundation.org > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev > ___ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
