Return-Path: Received: from smtp4.osuosl.org (smtp4.osuosl.org [IPv6:2605:bc80:3010::137]) by lists.linuxfoundation.org (Postfix) with ESMTP id 74835C0035 for ; Sun, 20 Feb 2022 02:39:59 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id 617FB408FC for ; Sun, 20 Feb 2022 02:39:59 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org X-Spam-Flag: NO X-Spam-Score: -1.602 X-Spam-Level: X-Spam-Status: No, score=-1.602 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, FROM_LOCAL_NOVOWEL=0.5, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: smtp4.osuosl.org (amavisd-new); dkim=pass (2048-bit key) header.d=protonmail.com Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 99YdYOE-FfmF for ; Sun, 20 Feb 2022 02:39:58 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0 Received: from mail-40132.protonmail.ch (mail-40132.protonmail.ch [185.70.40.132]) by smtp4.osuosl.org (Postfix) with ESMTPS id 68901408FB for ; Sun, 20 Feb 2022 02:39:58 +0000 (UTC) Date: Sun, 20 Feb 2022 02:39:50 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail3; t=1645324795; bh=EtW9S6uDxVo/ugRrYtgZm5qgPalVGC5Bue4jEcetKGg=; h=Date:To:From:Cc:Reply-To:Subject:Message-ID:In-Reply-To: References:From:To:Cc:Date:Subject:Reply-To:Feedback-ID: Message-ID; b=HGnlg/l8vfFIOck06xlZNRH8RdOuwoC704r8sMH1vHDAvPTWNaI0m4Zr6w4uo0cr6 ABq48KCS6PeJMYRzwR2sS6dIQhe8VStqAXKyJ69HwShXTyxrXeRVriYkze+uq5FfNT O1/0iBJ/ryuBwKiy5x7Fqgm6N2cjpVKfjRRMkFOUIr501ZdZ0oWh/Qmblb3qhzYRok hq/cGFLWVmZyto8O29+wdbDX97uRJV1YHDhRWY6ME2rz+tTxzt5b6FaBP247t3GgCt FlnwKT0utHtttGu/f7rwDK0SspgwsgSq0l62QKxV8NgZZsR0XwvxWpIQRhX7eL6PES 3X14CLk018Aow== To: ZmnSCPxj , Bitcoin Protocol Discussion From: ZmnSCPxj Reply-To: ZmnSCPxj Message-ID: In-Reply-To: References: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Cc: lightning-dev , Jeremy Subject: Re: [bitcoin-dev] [Lightning-dev] [Pre-BIP] Fee Accounts X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 20 Feb 2022 02:39:59 -0000 Good morning Peter and Jeremy, > Good morning Peter and Jeremy, > > > On Sat, Feb 19, 2022 at 05:20:19PM +0000, darosior wrote: > > > > > > Necromancing might be a reasonable name for attacks that work by ge= tting an > > > > out-of-date version of a tx mined. > > > > > > It's not an "attack"? There is no such thing as an out-of-date transa= ction, if > > > you signed and broadcasted it in the first place. You can't rely on t= he fact that > > > a replacement transaction would somehow invalidate a previous version= of it. > > > > Anyone on the internet can send you a packet; a secure system must be a= ble to > > receive any packet without being compromised. Yet we still call packet = floods > > as DoS attacks. And internet standards are careful to avoid making pack= et > > flooding cheaper than it currently is. > > The same principal applies here: in many situations transactions do bec= ome > > out of date, in the sense that you would rather a different transaction= be > > mined instead, and the out-of-date tx being mined is expensive and anno= ying. > > While you have to account for the possibility of any transaction you ha= ve > > signed being mined, Bitcoin standards should avoid making unwanted necr= omancy a > > cheap and easy attack. > > This seems to me to restrict the only multiparty feebumping method to be = some form of per-participant anchor outputs a la Lightning anchor commitmen= ts. > > Note that multiparty RBF is unreliable. > While the initial multiparty signing of a transaction may succeed, at a l= ater time with the transaction unconfirmed, one or more of the participants= may regret cooperating in the initial signing and decide not to cooperate = with the RBF. > Or for that matter, a participant may, through complete accident, go offl= ine. > > Anchor outputs can be keyed to only a specific participant, so feebumping= of particular transaction can only be done by participants who have been a= uthorized to feebump. > > Perhaps fee accounts can include some kind of proof-this-transaction-auth= orizes-this-fee-account? For example: * We reserve one Tapscript version for fee-account-authorization. * Validation of this tapscript version always fails. * If a transaction wants to authorize a fee account, it should have at leas= t one Taproot output. * This Taproot output must have tapleaf with the fee-account-authorizatio= n Tapscript version. * In order for a fee account to feebump a transaction, it must also present= the Taproot MAST path to the fee-account-authorization tapleaf of one outp= ut of that transaction. This gives similar functionality to anchor outputs, without requiring an ex= plicit output on the initial transaction, saving blockspace. In particular, once the number of participants grows, the number of anchor = outputs must grow linearly with the number of participants being authorized= to feebump. Only when the feerate turns out to be too low do we need to expose the auth= orization. Revelation of the fee-account-authorization is O(log N), and if only one pa= rticipant decides to feebump, then only a single O(log N) MAST treepath is = published. Regards, ZmnSCPxj