Ephemeral Dust #1524

pull instagibbs wants to merge 1 commits into bitcoin:master from instagibbs:ephemeral_anchor changing 2 files +153 −0
  1. instagibbs commented at 7:56 pm on December 10, 2023: member
  2. instagibbs commented at 8:00 pm on December 10, 2023: member

    @ariard bring comment from https://github.com/instagibbs/bolts/commit/4830650f0d45e7ff2c8637e05dc89d14d0d9a506#diff-6bed824879b760d329ec379b16a1d0e78ffba034fdfa13b95cf0480e09fa7c4bR156

    This is uncertain to me how this rule works with trimmed HTLCs on LN commitment transactions making their fees non-zero, even assuming anchor outputs where second-stage txn are signed with 0-feerate.

    I gave an example spec at the top, and implementation(of most of it) for CLN. Links again here:

    Example usage: https://github.com/instagibbs/bolts/commits/zero_fee_commitment https://github.com/instagibbs/lightning/commits/commit_zero_fees

    TLDR: trimmed value can go into the anchor itself, and is simply spent to fees by the spender.

    Otherwise a time-sensitive package can be tampered by third-parties entering into replacement cycling games, without being a direct off-chain counterparty to the target transaction traffic.

    In the BIP I can mention that it allows any party to spend, therefore any party can attempt a cycling attack. We’re not going to agree on the severity of the attack, so it’s up to implementer to do their own research.

  3. instagibbs force-pushed on Dec 11, 2023
  4. ariard commented at 0:43 am on December 21, 2023: member

    TLDR: trimmed value can go into the anchor itself, and is simply spent to fees by the spender.

    I believe this is broken - Let’s say you have Alice and Bob sharing a Lightning channel, with max_accepted_htlcs (483) on both sides. Alice is a routing hop allowing HTLC forward going through Alice-Bob link. Bob circularly routes 483 offered HTLCs of value 330 satoshis (total amount 159390 satoshis). Those HTLCs are symmetrically committed on both Alice and Bob states. Assuming Bob can broadcast privately to a transaction accelerator with a child pocketing the anchor itself, Bob can mine the commitment transaction and steals 159390 satoshis from Alice’s balance.

    Thanks to correct me if my understanding of option_commit_zero_fee is incorrect.

    As of today, Bob could do the same attack by routing the HTLCs, however as the trimmed HTLCs are committed as miner fees, if Bob does not have low-hashrate capabilities, he cannot steal from Alice. Moving trimmed HTLC amounts from miners fees to a anyone-can-spend amount changes notably the threat model, in my opinion.

    In the BIP I can mention that it allows any party to spend, therefore any party can attempt a cycling attack. We’re not going > to agree on the severity of the attack, so it’s up to implementer to do their own research.

    While I agree that we won’t agree on the severity of a replacement cycling attack, I disagree on the deference to put on implementers the responsibility to do their own research on the security of such proposal. Not only this is unfavorable practice for Internet protocol standardization works (all IETF RFCs must have mandatory security sections - RFC 3552), beyond for the given proposal it modifies the attacker incentives model as anyone on the peer-to-peer transaction-relay network can enter into replacement cycling attacks against your time-sensitive packages or massive transaction batch.

    Allowing anyone to tamper with packages is not only an issue for the safety of your use-case funds, it does open the door to adversaries tamper with the global transaction traffic, with potential way to realize gains. In the past, miners-harvesting attacks have been considered, and here it’s opening one. If you know that the transaction issuer of this transaction pattern will automatically fee-bump its package after X blocks without confirmation, anyone-can-spend ephemeral anchor allows you to substitute a “honest” CPFP at 20 sat/vbytes with a “malicious" CPFP at 30 sat/vbytes and then evicts this CPFP to trigger an eviction of the 0-fee parent itself from network mempools.

    For this last reason, I think that anyone-can-spend ephemeral anchor should be reconsidered and locking the ephemeral anchor under a counterparty pubkey should be introduced, as we’re doing with anchor outputs on lightning commitment transactions today. I understand the efficiency reasons to use an OP_TRUE though I’m unsure it’s worth the newly introduced safety weaknesses.

  5. bitcoin deleted a comment on Dec 21, 2023
  6. luke-jr commented at 7:31 pm on December 26, 2023: member
    Node policy is not a standardizable subject matter in itself, and I’m not really seeing anything here to standardize?
  7. illesdavid approved
  8. instagibbs force-pushed on Jan 5, 2024
  9. instagibbs commented at 5:25 pm on January 8, 2024: member

    As of today, Bob could do the same attack by routing the HTLCs, however as the trimmed HTLCs are committed as miner fees, if Bob does not have low-hashrate capabilities, he cannot steal from Alice. Moving trimmed HTLC amounts from miners fees to a anyone-can-spend amount changes notably the threat model, in my opinion. @ariard it’s an implementation detail for both Bitcoin Core and LN spec, but your hesitancy has caused me to look for a better solution than I was previously thinking: https://delvingbitcoin.org/t/ephemeral-anchors-and-mev/383

    While I agree that we won’t agree on the severity of a replacement cycling attack

    I’m fine adding some warning text wherever to inform implementors. Propose some please.

    For this last reason, I think that anyone-can-spend ephemeral anchor should be reconsidered and locking the ephemeral anchor under a counterparty pubkey should be introduced, as we’re doing with anchor outputs on lightning commitment transactions today. I understand the efficiency reasons to use an OP_TRUE though I’m unsure it’s worth the newly introduced safety weaknesses.

    I think the story for keyless is much simpler, even if you personally disagree with the relative security of it.

    Anything that’s relay-standard now would be a potential “rug” if it suddenly required you to be V3, that you must RBF all sibling spends, etc. If we instituted a rule anyways safely somehow, it may interfere with future relaxations where we don’t care about dust(say, widespread utreexo deployment). Regardless today it also has a weaker anti-dust story as it can’t be cleaned up except by key owners.

    We’re just not going to agree on this given our nearly year long discussions of cycle replacement attacks and similar, and it’ll be up to others to weigh in on this point for specific use-cases. I apologize for not moving forward with this line of discussion from here on out.

  10. instagibbs commented at 5:30 pm on January 8, 2024: member

    Node policy is not a standardizable subject matter in itself, and I’m not really seeing anything here to standardize?

    I’ll let others weigh in, but in general I’d like to have a common place to have a tx format, like this, publicly documented, with some suggestions for implementors, even if we cannot force anyone to do so.

    Related, I see no mention of banning policy in BIP rules; let me know if I missed something.

    I’ll leave this PR open for now.

  11. luke-jr commented at 6:30 am on January 17, 2024: member
    BIPs are for standardization across implementations. Policy is an individual per-node decision, not something standardized in itself.
  12. darosior commented at 7:44 am on January 18, 2024: member

    I’ll let others weigh in

    For what it’s worth i think ti’s useful to have a BIP for this.

    BIPs are for standardization across implementations. Policy is an individual per-node decision, not something standardized in itself.

    By this same token why bother writing BIPs for output script descriptors? For deterministic key generation? It’s most of the time an individual decision whether to use a feature. But that doesn’t change the fact that it’s useful to have a public, implementation-agnostic, documentation for anything where inter-compatibility is needed.

  13. in bip-ephemeralanchors.mediawiki:112 in 527b007dbf outdated
    107+
    108+Ephemeral anchor transaction: A transaction that has an ephemeral anchor
    109+
    110+==Specification==
    111+
    112+A new output script type is made policy standard to spend, known as an ephemeral anchor.
    


    ajtowns commented at 2:33 am on January 22, 2024:
    The main policy change is making the script standard to create as an ouput. I think it’s only that you’re defining a new valid witness program (rather than using OP_TRUE directly) that means you also need to make spending standard.
  14. in bip-ephemeralanchors.mediawiki:114 in 527b007dbf outdated
    109+
    110+==Specification==
    111+
    112+A new output script type is made policy standard to spend, known as an ephemeral anchor.
    113+
    114+Ephemeral anchors of any satoshi value are standard for relay.
    


    ajtowns commented at 2:34 am on January 22, 2024:
    Might want to emphasise here that dust limits do not apply?
  15. in bip-ephemeralanchors.mediawiki:130 in 527b007dbf outdated
    125+as this is a policy-only change.
    126+
    127+It is recommended that miners should not mine ephemeral anchor transactions
    128+without also mining the spend in the same block. This means miners should not
    129+prioritise transactions that create ephemeral anchors but instead should just prioritise the spend;
    130+mining software is encouraged to enforce that limitation.
    


    ajtowns commented at 2:36 am on January 22, 2024:
    Does this mean the bitcoin core PR should (does?) reject attempts to prioritisetransaction when it notices the tx being prioritised creates an EA output?

    glozow commented at 4:01 pm on June 11, 2024:
    IIRC an older implementation had this
  16. in bip-ephemeralanchors.mediawiki:133 in 527b007dbf outdated
    128+without also mining the spend in the same block. This means miners should not
    129+prioritise transactions that create ephemeral anchors but instead should just prioritise the spend;
    130+mining software is encouraged to enforce that limitation.
    131+
    132+No witness data for ephemeral anchors spends should be allowed, to preclude witness
    133+stuffing.
    


    ajtowns commented at 2:38 am on January 22, 2024:

    Mixes MUST and should; these are all relay policies, so shouldn’t they all be at the same level of compulsion?

    Arguably it may be attractive for miners to stuff witness data in here – if they want to include modest amounts of arbitrary data in a block, then doing it in the witness is cheaper than anywhere else, and if someone else is paying for the tx that’s associated with the witness, that’s cheaper than them creating a dummy tx themselves.

  17. michaelfolkson commented at 4:43 pm on January 22, 2024: contributor

    BIPs are for standardization across implementations. Policy is an individual per-node decision, not something standardized in itself.

    I suspect if this is a non-negotiable for this repo and this BIP editor (and hence won’t get a BIP number) then we’ll need a bips-policy repo or something (under the same GitHub organization perhaps). I get Luke’s perspective to some extent (default policy proposals are certainly a very different animal to say consensus rule proposals) but this shouldn’t be stunting collaboration between Core developers and Lightning developers on policy proposals. Personally I’d rather these draft proposals were incorporated into the BIP process but if that isn’t going to happen then the documents need to be worked on in a different repo and with a different numbering system. Of course there is no guarantee these policy proposals will ever be merged into Core or an alternative implementation (they’d need to go through the Core etc review process to be merged) but that doesn’t mean people can’t draft and collaborate on proposals. Applies to #1541 too.

  18. glozow commented at 11:25 am on January 24, 2024: member
    The idea of only using BIPs for standards that need to be adopted by “everybody” or are consensus rules has no precedent and makes no sense. There are lots of wallet standards, p2p messages, and services dedicated to SPV clients that are used by a small fraction of Bitcoin users and software. A large number of BIPs are not relevant to node software, but they are Bitcoin-specific and should have canonical implementation-agnostic specifications and documentation for multiple people to refer to.
  19. michaelfolkson commented at 11:52 am on January 24, 2024: contributor

    @glozow: I personally agree with you. I asked Luke about this on X/Twitter (it is public so I hope he doesn’t mind me copying it over here) and he responded:

    “Transaction pinning” AFAIK is a result of policy centralization efforts, not a real problem. The alternative is to encourage diverse policies, and at the technical level, to prepare multiple alternative transaction variants to ensure one being rejected won’t be a problem.

    So his perspective is not that BIPs need to be adopted by everybody or have to be consensus rules (as you state) but that he thinks attempts to standardize policy aren’t a good idea and are perhaps even harmful. Again I personally disagree with that perspective (and I suspect everyone working on these proposals also disagree with that perspective) but just clarifying what Luke’s perspective is.

  20. michaelfolkson commented at 12:17 pm on January 24, 2024: contributor

    I suspect if this is a non-negotiable for this repo and this BIP editor (and hence won’t get a BIP number) then we’ll need a bips-policy repo or something (under the same GitHub organization perhaps).

    In the absence of convincing Luke otherwise or adding a new BIP editor who disagrees directly with Luke on this topic it seems to me like a new repo for policy related BIPs is the best way forward.

  21. in bip-ephemeralanchors.mediawiki:8 in 527b007dbf outdated
    0@@ -0,0 +1,160 @@
    1+<pre>
    2+  BIP: ?
    3+  Layer: Mempool Policy
    4+  Title: Ephemeral Anchors
    5+  Author: Gregory Sanders <gsanders87@gmail.com>
    6+  Status: Draft
    7+  License: BSD-3-Clause
    8+  Type: Standards Track
    


    jonatack commented at 10:08 pm on April 26, 2024:
    0  Type: Informational
    

    Perhaps “Informational” rather than “Standards Track”, as policy is an individual, per-node decision, but it may be helpful to document policy R&D as informational BIPs.


    instagibbs commented at 1:38 pm on April 29, 2024:
    done
  22. in bip-ephemeralanchors.mediawiki:3 in 527b007dbf outdated
    0@@ -0,0 +1,160 @@
    1+<pre>
    2+  BIP: ?
    3+  Layer: Mempool Policy
    


    jonatack commented at 10:18 pm on April 26, 2024:
    Note that this isn’t one of the BIP123 / BIP2 classification layers. I’m not sure, but it looks like BIPs 2 and 123 would need to be updated if there is consensus on classifying BIPs as Mempool Policy layer.

    ajtowns commented at 11:39 am on April 29, 2024:
    BIP 125 (RBF) uses “Layer: Application” here. Having a standard here is pretty much about coordination between node behaviour (“this sort of tx will be relayed”) and applications (“how do i make txs that will be relayed?”) so that seems reasonable?

    instagibbs commented at 1:38 pm on April 29, 2024:
    did @ajtowns suggestion for now
  23. in bip-ephemeralanchors.mediawiki:149 in 527b007dbf outdated
    144+==Acknowledgements==
    145+
    146+Thank you to all those listed for foundational work
    147+and insightful feedback(in last name order):
    148+
    149+* Richard Meyers
    


    jonatack commented at 1:15 am on April 27, 2024:

    (if this refers to https://twitter.com/remyers_)

    0* Richard Myers
    

    instagibbs commented at 1:38 pm on April 29, 2024:
    done
  24. instagibbs commented at 1:37 pm on April 29, 2024: member

    pushed fixups, but marking as draft until I come back to this. Scope has changed substantially so this essentially needs a complete re-write.

    short motivation for changes for those interested here: https://github.com/bitcoin/bitcoin/pull/29001#issuecomment-2025830996

  25. instagibbs force-pushed on Apr 29, 2024
  26. instagibbs marked this as a draft on Apr 29, 2024
  27. murchandamus added the label New BIP on May 8, 2024
  28. murchandamus added the label PR Author action required on May 8, 2024
  29. in bip-ephemeralanchors.mediawiki:30 in f08392a2fc outdated
    25+of a getting a transaction mined that would otherwise be rational for the miner
    26+to include in the next block without the attacker paying anything in many cases.
    27+This can result in wallets simply not supporting fee bumping due to complexity,
    28+or in certain smart contract cases such as Hash Time Locked Contracts, outright theft.
    29+
    30+[https://github.com/bitcoin/bitcoin/pull/28948 V3] transactions, which this proposal is built on, greatly mitigates [https://github.com/bitcoin/bips/blob/master/bip-0125.mediawiki BIP125]
    


    glozow commented at 4:02 pm on June 11, 2024:
    Needs update for TRUC / BIP 431 across doc
  30. glozow commented at 4:04 pm on June 11, 2024: member
    jw are you planning to update this since n30239 is open?
  31. instagibbs commented at 4:06 pm on June 11, 2024: member

    @glozow yes thanks for reminding me, a number of things have changed like the output format requirements, sibling eviction being broken out into its own TRUC feature, etc.

    I’ll revive this this week

  32. instagibbs force-pushed on Jun 11, 2024
  33. instagibbs marked this as ready for review on Jun 11, 2024
  34. instagibbs commented at 6:36 pm on June 11, 2024: member
    re-did the text to reflect the updated changes to the new PR https://github.com/bitcoin/bitcoin/pull/30239 with updated(shorter!) motivation section
  35. in bip-ephemeralanchors.mediawiki:5 in a54ca17001 outdated
    0@@ -0,0 +1,123 @@
    1+<pre>
    2+  BIP: ?
    3+  Layer: Application
    4+  Title: Ephemeral Anchors
    5+  Author: Gregory Sanders <gsanders87@gmail.com>
    


    murchandamus commented at 6:47 pm on June 11, 2024:
    0  Author: Gregory Sanders <gsanders87@gmail.com>
    1  Comments-URI: https://github.com/bitcoin/bips/wiki/Comments:BIP-?
    
  36. in bip-ephemeralanchors.mediawiki:9 in a54ca17001 outdated
    0@@ -0,0 +1,123 @@
    1+<pre>
    2+  BIP: ?
    3+  Layer: Application
    4+  Title: Ephemeral Anchors
    5+  Author: Gregory Sanders <gsanders87@gmail.com>
    6+  Status: Draft
    7+  License: BSD-3-Clause
    8+  Type: Informational
    9+  Created: 2023-01-11
    


    murchandamus commented at 6:47 pm on June 11, 2024:

    Order must be “Type, Created, License”

    0  Type: Informational
    1  Created: 2023-01-11
    2  License: BSD-3-Clause
    
  37. in bip-ephemeralanchors.mediawiki:29 in a54ca17001 outdated
    24+bloating the UTXO set and increasing the validation burden for validating
    25+nodes.
    26+
    27+With [https://github.com/bitcoin/bips/blob/master/bip-0431.mediawiki TRUC] transactions
    28+and basic package relay, users can generate and propogate 0-fee transactions provided
    29+a descendant spend includes the proper fee for the package. In many cases
    


    murchandamus commented at 6:49 pm on June 11, 2024:
    0a descendant transaction includes the proper fee for the package. In many cases
    
  38. in bip-ephemeralanchors.mediawiki:39 in a54ca17001 outdated
    34+from, and in these cases an "anchor" is employed.
    35+
    36+[https://github.com/lightning/bolts/blob/master/03-transactions.md#to_local_anchor-and-to_remote_anchor-output-option_anchors LN]
    37+allows a small amount of contract value to be given to an output to merely allow network relay
    38+by avoiding dust checks, but not as the primary source of fee funds. Instead the child
    39+spend of the anchor is given the responsibility of bringing funds.
    


    murchandamus commented at 6:51 pm on June 11, 2024:

    Maybe:

    0by avoiding dust checks, but not as the primary source of fee funds. Instead the child transaction
    1spending the anchor is given the responsibility of bringing funds.
    
  39. in bip-ephemeralanchors.mediawiki:41 in a54ca17001 outdated
    36+[https://github.com/lightning/bolts/blob/master/03-transactions.md#to_local_anchor-and-to_remote_anchor-output-option_anchors LN]
    37+allows a small amount of contract value to be given to an output to merely allow network relay
    38+by avoiding dust checks, but not as the primary source of fee funds. Instead the child
    39+spend of the anchor is given the responsibility of bringing funds.
    40+
    41+It is be cleaner for this abstraction and others if instead of requiring
    


    murchandamus commented at 6:51 pm on June 11, 2024:

    Maybe

    0It is cleaner for this abstraction and others if instead of requiring
    

    or

    0It would be cleaner for this abstraction and others if instead of requiring
    
  40. in bip-ephemeralanchors.mediawiki:46 in a54ca17001 outdated
    41+It is be cleaner for this abstraction and others if instead of requiring
    42+dust values in anchors, the anchor itself can be 0 value.
    43+
    44+===Typical Configurations===
    45+
    46+For anchors using TRUC transactions, it's expected that they would take two scriptPubKey forms:
    


    murchandamus commented at 6:52 pm on June 11, 2024:
    0For anchors using TRUC transactions, it's expected that they would take two output script forms:
    
  41. in bip-ephemeralanchors.mediawiki:48 in a54ca17001 outdated
    43+
    44+===Typical Configurations===
    45+
    46+For anchors using TRUC transactions, it's expected that they would take two scriptPubKey forms:
    47+
    48+1. Keyed anchor: A key, shared by possibly multiple privelaged parties, is used to encumber the anchor. This could also be `tr()`, `p2wsh()` or any
    


    murchandamus commented at 6:53 pm on June 11, 2024:

    Opinionated suggestion, feel free to ignore:

    01. Keyed anchor: A key, shared by possibly multiple privileged parties, is used to encumber the anchor. This could also be `tr()`, `p2wsh()` or any
    
  42. in bip-ephemeralanchors.mediawiki:51 in a54ca17001 outdated
    46+For anchors using TRUC transactions, it's expected that they would take two scriptPubKey forms:
    47+
    48+1. Keyed anchor: A key, shared by possibly multiple privelaged parties, is used to encumber the anchor. This could also be `tr()`, `p2wsh()` or any
    49+output type that allows key material.
    50+1. Un-keyed anchor: `P2SH(OP_TRUE)` or `P2WSH(OP_TRUE)`, depending on the the user's need for lack of txid malleability. Further policy
    51+extensions could allow output templates such as the scriptPubKey <code>OP_1 <0x4e73></code> or a bare `OP_TRUE`.
    


    murchandamus commented at 6:54 pm on June 11, 2024:

    Opinionated suggestion, feel free to ignore:

    0extensions could allow output templates such as the output script <code>OP_1 <0x4e73></code> or a bare `OP_TRUE`.
    
  43. in bip-ephemeralanchors.mediawiki:65 in a54ca17001 outdated
    60+* Ark transactions
    61+* Timeout Trees
    62+
    63+===Related Work===
    64+
    65+[https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2023-January/021334.html SIGHASH_GROUP] style proposals are an alternative method of bringing funds to a transaction without involving CPFP by enacting a softfork. Making these pin-resistant may require follow-on policy work, or [https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2022-May/020458.html more general covenants] to directly stop pins we want to avoid. The drawbacks of these are the necessity of a softfork and all that entails.
    


    murchandamus commented at 6:59 pm on June 11, 2024:

    It feels like “all that entails” is missing something. Should that be “all that that entails”, or “all that a softfork entails”?

    0[https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2023-January/021334.html SIGHASH_GROUP] style proposals are an alternative method of bringing funds to a transaction without involving CPFP by enacting a softfork. Making these pin-resistant may require follow-on policy work, or [https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2022-May/020458.html more general covenants] to directly stop pins we want to avoid. The drawback of these proposals are the necessity of a softfork and all that that entails.
    

    instagibbs commented at 1:34 pm on June 12, 2024:
    I just dropped the clause since it’s superfluous
  44. in bip-ephemeralanchors.mediawiki:81 in a54ca17001 outdated
    76+The discussion lacked a solution to the issue of the dust entering into the utxo set
    77+causing negative externalities.
    78+
    79+==Definitions==
    80+
    81+Ephemeral anchor: An output with dust values which are spent by a child transaction.
    


    murchandamus commented at 7:00 pm on June 11, 2024:

    There is only one, right?

    0Ephemeral anchor: An output with dust value which is immediately spent by a child transaction.
    
  45. in bip-ephemeralanchors.mediawiki:87 in a54ca17001 outdated
    82+
    83+Ephemeral anchor transaction: A transaction that has an ephemeral anchor
    84+
    85+==Specification==
    86+
    87+When received by a peer for inclusion to the mempool an ephemeral anchors transaction MUST:
    


    murchandamus commented at 7:01 pm on June 11, 2024:
    0When received by a peer for inclusion to the mempool an ephemeral anchor transaction MUST:
    
  46. in bip-ephemeralanchors.mediawiki:7 in a54ca17001 outdated
    0@@ -0,0 +1,123 @@
    1+<pre>
    2+  BIP: ?
    3+  Layer: Application
    4+  Title: Ephemeral Anchors
    5+  Author: Gregory Sanders <gsanders87@gmail.com>
    6+  Status: Draft
    7+  License: BSD-3-Clause
    


    murchandamus commented at 7:03 pm on June 11, 2024:
    The proposal is missing the mandatory copyright section. Since BSD-3 is a software license, perhaps consider a CC0 1.0 Universal license.

    instagibbs commented at 1:34 pm on June 12, 2024:
    sure
  47. in bip-ephemeralanchors.mediawiki:121 in a54ca17001 outdated
    116+* Jeremy Rubin
    117+* Bastien Teinturier
    118+* Anthony Towns
    119+* Gloria Zhao
    120+
    121+==References and Rationale==
    


    murchandamus commented at 7:06 pm on June 11, 2024:
    This is a section header without content in the section

    instagibbs commented at 1:34 pm on June 12, 2024:
    removed
  48. murchandamus commented at 7:12 pm on June 11, 2024: contributor
    Just a quick first pass
  49. instagibbs force-pushed on Jun 12, 2024
  50. luke-jr commented at 7:11 pm on June 12, 2024: member
    Again, policy isn’t a subject of standardization. While things like BIP 125 and TRUC got BIPs for signalling, there isn’t anything like that here.
  51. instagibbs commented at 7:56 pm on June 12, 2024: member
    Again, I don’t see that policy written anywhere, but don’t want to overly bother people. I’ll just make a BINANA or something if that’s the general consensus.
  52. murchandamus commented at 6:25 pm on June 13, 2024: contributor
    I don’t think that it’s general consensus. While I agree with Luke that it would be troublesome if someone prescribed that all implementations must follow a specific mempool policy, I don’t see an issue with proposing a mempool policy that implementations can choose to adopt.
  53. luke-jr commented at 10:51 pm on June 20, 2024: member
    It’s not a policy, it’s the nature of it. There’s nothing to coordinate between implementations.
  54. jonatack commented at 2:46 pm on June 21, 2024: contributor
    Ephemeral Anchors seem potentially useful for LN implementations to coordinate on (see documentation in https://bitcoinops.org/en/topics/ephemeral-anchors/), in the context of BOLT3 for instance, or for other ecosystem projects (e.g. example use cases) to possibly adopt for inter-op. If yes, it seems valuable to add a draft here (it would need to see wider adoption to progress to final).
  55. jonatack removed the label PR Author action required on Jun 21, 2024
  56. in bip-ephemeralanchors.mediawiki:122 in 64370fa8b0 outdated
    117+* Jeremy Rubin
    118+* Bastien Teinturier
    119+* Anthony Towns
    120+* Gloria Zhao
    121+
    122+=Copyright==
    


    ProofOfKeags commented at 11:18 pm on June 24, 2024:
    0==Copyright==
    

    instagibbs commented at 1:21 pm on June 28, 2024:
    done
  57. murchandamus commented at 8:56 pm on June 26, 2024: contributor

    It’s not a policy, it’s the nature of it. There’s nothing to coordinate between implementations.

    The point is that multiple LN implementations would like to use a specific output construction under specific circumstances. Currently, most nodes would not relay transactions with such outputs. Node operators might be sympathetic to the specific use-case, but will not want to be more permissive than necessary, while on the other hand, the carve-out needs to enable the use-case to make sense. It would neither make sense if there were multiple different variants for the output constructions nor to more broadly accept output constructions than necessary.

    Therefore, this proposal only makes sense when there is coordination on what nodes would relay on the network and the precise parameters for the output construction that fits the use-case. The design of this output construction is subject of this draft.

  58. instagibbs force-pushed on Jun 28, 2024
  59. in bip-ephemeralanchors.mediawiki:17 in e09bddbfc7 outdated
    12+
    13+==Introduction==
    14+
    15+===Abstract===
    16+
    17+Ephemeral Anchors are a mempool policy carve-out that allows any value utxos,
    


    murchandamus commented at 6:21 pm on June 28, 2024:
    0Ephemeral Anchors are a mempool policy carve-out that allows UTXOs of any value,
    
  60. in bip-ephemeralanchors.mediawiki:18 in e09bddbfc7 outdated
    13+==Introduction==
    14+
    15+===Abstract===
    16+
    17+Ephemeral Anchors are a mempool policy carve-out that allows any value utxos,
    18+even 0-value dust, to be created, provided it is also spent within the same
    


    murchandamus commented at 6:22 pm on June 28, 2024:

    Previously plural:

    0even 0-value dust, to be created, provided they are also spent within the same
    
  61. in bip-ephemeralanchors.mediawiki:26 in e09bddbfc7 outdated
    21+===Motivation===
    22+
    23+Relay dust limits have been in place in most implementations of the Bitcoin
    24+protocol to discourage the creation of UTXOs that are never spent in the future,
    25+bloating the UTXO set and increasing the validation burden for validating
    26+nodes.
    


    murchandamus commented at 6:23 pm on June 28, 2024:

    Switching tenses:

    0Relay dust limits have been in place in most implementations of the Bitcoin
    1protocol to discourage the creation of UTXOs that are never spent in the future,
    2bloat the UTXO set, and increase the validation burden for validating
    3nodes.
    
  62. in bip-ephemeralanchors.mediawiki:40 in e09bddbfc7 outdated
    35+from, and in these cases an "anchor" is employed.
    36+
    37+[https://github.com/lightning/bolts/blob/master/03-transactions.md#to_local_anchor-and-to_remote_anchor-output-option_anchors LN]
    38+allows a small amount of contract value to be given to an output to merely allow network relay
    39+by avoiding dust checks, but not as the primary source of fee funds. Instead the child transaction
    40+spending the anchor is given the responsibility of bringing funds.
    


    murchandamus commented at 6:26 pm on June 28, 2024:

    What do you think about:

    0[https://github.com/lightning/bolts/blob/master/03-transactions.md#to_local_anchor-and-to_remote_anchor-output-option_anchors LN]
    1allows a small amount of contract value to be given to an output to allow network relay
    2by passing dust checks, but not as the primary source of fee funds. Instead, the child transaction
    3spending the anchor is responsible for providing the funds.
    
  63. in bip-ephemeralanchors.mediawiki:43 in e09bddbfc7 outdated
    38+allows a small amount of contract value to be given to an output to merely allow network relay
    39+by avoiding dust checks, but not as the primary source of fee funds. Instead the child transaction
    40+spending the anchor is given the responsibility of bringing funds.
    41+
    42+It is cleaner for this abstraction and others if instead of requiring
    43+dust values in anchors, the anchor itself can be 0 value.
    


    murchandamus commented at 6:29 pm on June 28, 2024:

    “requiring dust values” ⇒ Isn’t the issue that they must have above dust amounts?

    How about:

    0In this and similar abstractions it would be cleaner if the anchor itself could be 0-value
    1instead of requiring anchors to exceed dust amounts.
    
  64. in bip-ephemeralanchors.mediawiki:49 in e09bddbfc7 outdated
    44+
    45+===Typical Configurations===
    46+
    47+For anchors using TRUC transactions, it's expected that they would take two output script forms:
    48+
    49+1. Keyed anchor: A key, shared by possibly multiple privileged parties, is used to encumber the anchor. This could also be `tr()`, `p2wsh()` or any
    


    murchandamus commented at 6:31 pm on June 28, 2024:

    How about “shared by possibly multiple” → “possibly shared by multiple”?

    01. Keyed anchor: A key, possibly shared by multiple privileged parties, is used to encumber the anchor. This could be `tr()`, `p2wsh()` or any
    
  65. in bip-ephemeralanchors.mediawiki:57 in e09bddbfc7 outdated
    52+extensions could allow output templates such as the output script <code>OP_1 <0x4e73></code> or a bare `OP_TRUE`.
    53+
    54+===Example Use Cases===
    55+
    56+* Batched payments with segregated fee pools: Batched payments that can be fee bumped without access to customer deposit-related key material
    57+* Simplified watchtowers/accelerators: No requirement for watchtowers to be registered with privileged key material, and no value to steal by those watchtowers
    


    murchandamus commented at 6:33 pm on June 28, 2024:

    How about:

    0* Simplified watchtowers/accelerators: No requirement to equip watchtowers with privileged key material, and no value to steal by those watchtowers
    
  66. in bip-ephemeralanchors.mediawiki:69 in e09bddbfc7 outdated
    64+===Related Work===
    65+
    66+[https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2023-January/021334.html SIGHASH_GROUP] style proposals are an alternative method of bringing funds to a transaction without involving CPFP by enacting a softfork. Making these pin-resistant may require follow-on policy work, or [https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2022-May/020458.html more general covenants] to directly stop pins we want to avoid. The drawbacks of these are the necessity of a softfork.
    67+
    68+[https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2020-September/018168.html Transaction Sponsors] is a softfork proposal to allow transactions to
    69+indirectly sponsor transactions with no explicit relationship in the classical utxo
    


    murchandamus commented at 6:35 pm on June 28, 2024:

    Wouldn’t it be a direct relationship?

    0sponsor transactions with no explicit relationship in the classical UTXO
    
  67. in bip-ephemeralanchors.mediawiki:82 in e09bddbfc7 outdated
    77+The discussion lacked a solution to the issue of the dust entering into the utxo set
    78+causing negative externalities.
    79+
    80+==Definitions==
    81+
    82+Ephemeral anchor: An output with dust value which is immediately spent by a child transaction.
    


    murchandamus commented at 6:41 pm on June 28, 2024:
    This contradicts the abstract which specified that the ephemeral anchor output would be allowed to have any value. Either the abstract should be improved to state that ephemeral anchors are confined to dust amounts, or this definition should be clarified that any amount is acceptable including dust amounts.

    instagibbs commented at 2:54 pm on July 1, 2024:
    rejiggered it a bit to be clearer this policy change only deals with dust.
  68. in bip-ephemeralanchors.mediawiki:90 in e09bddbfc7 outdated
    85+
    86+==Specification==
    87+
    88+When received by a peer for inclusion to the mempool an ephemeral anchor transaction MUST:
    89+
    90+* Be an otherwise valid [https://github.com/bitcoin/bips/blob/master/bip-0431.mediawiki TRUC] transaction which enforces topology constraints
    


    murchandamus commented at 6:44 pm on June 28, 2024:

    TRUC transactions do not enforce topology constraints. TRUC transactions request nodes to enforce topological constraints. How about:

    0* Be an otherwise valid [https://github.com/bitcoin/bips/blob/master/bip-0431.mediawiki TRUC] transaction adhering to the corresponding topological constraints
    
  69. in bip-ephemeralanchors.mediawiki:92 in e09bddbfc7 outdated
    87+
    88+When received by a peer for inclusion to the mempool an ephemeral anchor transaction MUST:
    89+
    90+* Be an otherwise valid [https://github.com/bitcoin/bips/blob/master/bip-0431.mediawiki TRUC] transaction which enforces topology constraints
    91+* Be 0-fee
    92+* Have only one dust value output
    


    murchandamus commented at 6:49 pm on June 28, 2024:

    This could be understood to e.g. forbid a nulldata output without an amount. Did you mean:

    0* Have exactly one ephemeral anchor and may not create additional dust value UTXOs
    

    instagibbs commented at 2:54 pm on July 1, 2024:
    the “dust threshold” of OP_RETURN is 0, but I’ll try and be more explicit
  70. in bip-ephemeralanchors.mediawiki:93 in e09bddbfc7 outdated
    88+When received by a peer for inclusion to the mempool an ephemeral anchor transaction MUST:
    89+
    90+* Be an otherwise valid [https://github.com/bitcoin/bips/blob/master/bip-0431.mediawiki TRUC] transaction which enforces topology constraints
    91+* Be 0-fee
    92+* Have only one dust value output
    93+* Have the dust value spent in the same TRUC cluster
    


    murchandamus commented at 6:51 pm on June 28, 2024:
    0* Have its emphemeral anchor spent in the same TRUC cluster
    
  71. in bip-ephemeralanchors.mediawiki:97 in e09bddbfc7 outdated
    92+* Have only one dust value output
    93+* Have the dust value spent in the same TRUC cluster
    94+
    95+or will be rejected by policy. All other policy checks are left in place.
    96+If included in an otherwise valid block, these additional constraints do not apply
    97+as this is a policy-only change.
    


    murchandamus commented at 7:01 pm on June 28, 2024:

    Perhaps:

    0These constraints apply only to mempool policy. Otherwise valid blocks are not
    1invalidated by breaking these policy-only rules as they have no bearing on consensus.
    
  72. in bip-ephemeralanchors.mediawiki:111 in e09bddbfc7 outdated
    106+https://github.com/bitcoin/bitcoin/pull/30239
    107+
    108+==Acknowledgements==
    109+
    110+Thank you to all those listed for foundational work
    111+and insightful feedback(in last name order):
    


    murchandamus commented at 7:03 pm on June 28, 2024:
    0and insightful feedback (in last name order):
    

    Or maybe:

    0and insightful feedback (ordered by last name):
    
  73. in bip-ephemeralanchors.mediawiki:66 in e09bddbfc7 outdated
    61+* Ark transactions
    62+* Timeout Trees
    63+
    64+===Related Work===
    65+
    66+[https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2023-January/021334.html SIGHASH_GROUP] style proposals are an alternative method of bringing funds to a transaction without involving CPFP by enacting a softfork. Making these pin-resistant may require follow-on policy work, or [https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2022-May/020458.html more general covenants] to directly stop pins we want to avoid. The drawbacks of these are the necessity of a softfork.
    


    murchandamus commented at 7:10 pm on June 28, 2024:

    Since it is one drawback shared by all of these proposals, ISTM that it should just be “drawback” instead of “drawbacks”.

    0[https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2023-January/021334.html SIGHASH_GROUP] style proposals are an alternative method of bringing funds to a transaction without involving CPFP by enacting a softfork. Making these pin-resistant may require follow-on policy work, or [https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2022-May/020458.html more general covenants] to directly stop pins we want to avoid. The drawback of these are the necessity of a softfork.
    
  74. in bip-ephemeralanchors.mediawiki:124 in e09bddbfc7 outdated
    119+* Anthony Towns
    120+* Gloria Zhao
    121+
    122+==Copyright==
    123+
    124+This document is licensed as Creative Commons CC0 1.0 Universal.
    


    murchandamus commented at 7:14 pm on June 28, 2024:
    0This document is licensed under the Creative Commons CC0 1.0 Universal license.
    
  75. murchandamus commented at 8:06 pm on June 28, 2024: contributor
    Did another pass, looks pretty good to me. I noticed that there is no Rationale section, although that seems to be somewhat covered in motivation and related works. If you wanted to add more explanation to design decisions, it might make sense to add such a section.
  76. in bip-ephemeralanchors.mediawiki:10 in e09bddbfc7 outdated
     5+  Author: Gregory Sanders <gsanders87@gmail.com>
     6+  Comments-URI: https://github.com/bitcoin/bips/wiki/Comments:BIP-?
     7+  Status: Draft
     8+  Type: Informational
     9+  Created: 2023-01-11
    10+  License: CC0 1.0 Universal
    


    murchandamus commented at 8:07 pm on June 28, 2024:

    Oh, and since you build on TRUC Transactions, you should have:

    0  License: CC0 1.0 Universal
    1  Requires: 431
    
  77. instagibbs force-pushed on Jul 1, 2024
  78. instagibbs commented at 2:54 pm on July 1, 2024: member
    updated taking or adapting all suggestions and added a small rationale section
  79. in bip-ephemeralanchors.mediawiki:40 in 8852274d86 outdated
    35+from, and in these cases an "anchor" is employed.
    36+
    37+[https://github.com/lightning/bolts/blob/master/03-transactions.md#to_local_anchor-and-to_remote_anchor-output-option_anchors LN]
    38+allows a small amount of contract value to be given to an output to allow network relay
    39+by passing dust checks, but not as the primary source of fee funds. Instead the child transaction
    40+spending the anchor is responsibile for providing the funds.
    


    murchandamus commented at 4:40 pm on July 1, 2024:
    0spending the anchor is responsible for providing the funds.
    
  80. in bip-ephemeralanchors.mediawiki:103 in 8852274d86 outdated
     98+
     99+==Rationale==
    100+
    101+To incentivize the mining of the spends of ephemeral anchors we require three things to be true:
    102+
    103+1. The ephemeral anchor transaciton should be 0-fee itself
    


    murchandamus commented at 4:41 pm on July 1, 2024:
    01. The ephemeral anchor transaction should be 0-fee itself
    
  81. in bip-ephemeralanchors.mediawiki:109 in 8852274d86 outdated
    104+2. The transaction should only have a single child
    105+3. The ephemeral anchor must be spent
    106+
    107+With these restrictions in place, the only endogenous incentives to mine the ephemeral
    108+anchor transaction is to mine the transaction along with the child transaction
    109+spending the acnhor. TRUC transaction restrictions inherently follow the single
    


    murchandamus commented at 4:41 pm on July 1, 2024:
    0spending the anchor. TRUC transaction restrictions inherently follow the single
    
  82. in bip-ephemeralanchors.mediawiki:29 in 8852274d86 outdated
    24+protocol to discourage the creation of UTXOs that are never spent in the future,
    25+bloat the UTXO set, and increase the validation burden for validating
    26+nodes.
    27+
    28+With [https://github.com/bitcoin/bips/blob/master/bip-0431.mediawiki TRUC] transactions
    29+and basic package relay, users can generate and propogate 0-fee transactions provided
    


    murchandamus commented at 4:45 pm on July 1, 2024:
    0and basic package relay, users can generate and propagate 0-fee transactions provided
    
  83. in bip-ephemeralanchors.mediawiki:51 in 8852274d86 outdated
    46+
    47+For anchors using TRUC transactions, it's expected that they would take two output script forms:
    48+
    49+1. Keyed anchor: A key, possibly shared by multiple privileged parties, is used to encumber the anchor. This could also be `tr()`, `p2wsh()` or any
    50+output type that allows key material.
    51+1. Un-keyed anchor: `P2SH(OP_TRUE)` or `P2WSH(OP_TRUE)`, depending on the the user's need for lack of txid malleability. Further policy
    


    murchandamus commented at 4:46 pm on July 1, 2024:
    01. Un-keyed anchor: `P2SH(OP_TRUE)` or `P2WSH(OP_TRUE)`, depending on the user's need for lack of txid malleability. Further policy
    
  84. in bip-ephemeralanchors.mediawiki:77 in 8852274d86 outdated
    72+
    73+Using a 0-value CPFP anchor is not a new idea, see:
    74+
    75+* [https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2018-May/015931.html LN-dev discussion on 0-value anchors]
    76+
    77+The discussion lacked a solution to the issue of the dust entering into the utxo set
    


    murchandamus commented at 4:47 pm on July 1, 2024:
    0The discussion lacked a solution to the issue of the dust entering into the UTXO set
    
  85. murchandamus commented at 4:48 pm on July 1, 2024: contributor

    Changes look good to me, found a few typos

    ACK 8852274d86a7f8b203a5fcae85726769671dffd9

  86. instagibbs force-pushed on Jul 1, 2024
  87. instagibbs commented at 4:52 pm on July 1, 2024: member
    fixed typos, thanks
  88. murchandamus commented at 5:19 pm on July 1, 2024: contributor
  89. murchandamus commented at 7:16 pm on July 1, 2024: contributor
    Let’s call this BIP 432
  90. in bip-ephemeralanchors.mediawiki:120 in 9e463fe466 outdated
    115+Ephemeral anchor spends were previously non-standard, so there are no known conflicts
    116+with previous usage.
    117+
    118+==Implementation==
    119+
    120+https://github.com/bitcoin/bitcoin/pull/30239
    


    jonatack commented at 7:27 pm on July 1, 2024:

    Question (as I may be confused): Per this current implementation PR, “it makes sense to retarget this feature more narrowly by not introducing a new output type for now, and simple focusing on the feature of allowing temporary dust in the mempool.” Is it the full expected implementation, or a partial one, with the tentative plan to add a new output type down the road?

    (Edit: If a partial implementation, perhaps mention that aspect.)


    instagibbs commented at 7:46 pm on July 1, 2024:

    That’s the full implementation.

    https://github.com/bitcoin/bitcoin/pull/30352 is a now separate PR and concept that introduces a new output type for the specific use-case of key-less anchors


    jonatack commented at 7:50 pm on July 1, 2024:
    Thanks for the clarification.
  91. petertodd commented at 7:51 pm on July 1, 2024: contributor

    “Be an otherwise valid TRUC transaction adhering to the corresponding topological constraints”

    What is the rational to limit ephemeral outputs to being spent by transactions adhering to the TRUC standard? The goal of ensuring that dust outputs are immediately spent in the same block has nothing to do with TRUC.

  92. in bip-ephemeralanchors.mediawiki:52 in 9e463fe466 outdated
    47+For anchors using TRUC transactions, it's expected that they would take two output script forms:
    48+
    49+1. Keyed anchor: A key, possibly shared by multiple privileged parties, is used to encumber the anchor. This could also be `tr()`, `p2wsh()` or any
    50+output type that allows key material.
    51+1. Un-keyed anchor: `P2SH(OP_TRUE)` or `P2WSH(OP_TRUE)`, depending on the user's need for lack of txid malleability. Further policy
    52+extensions could allow output templates such as the output script <code>OP_1 <0x4e73></code> or a bare `OP_TRUE`.
    


    reardencode commented at 8:00 pm on July 1, 2024:
    0# Keyed anchor: A key, possibly shared by multiple privileged parties, is used to encumber the anchor. This could also be `tr()`, `p2wsh()` or any output type that allows key material.
    1# Un-keyed anchor: `P2SH(OP_TRUE)` or `P2WSH(OP_TRUE)`, depending on the user's need for lack of txid malleability. Further policy extensions could allow output templates such as the output script <code>OP_1 <0x4e73></code> or a bare `OP_TRUE`.
    

    instagibbs commented at 3:42 pm on July 2, 2024:
    removed this section as it’s speaking on script templates rather than the key dust concept
  93. in bip-ephemeralanchors.mediawiki:105 in 9e463fe466 outdated
    100+
    101+To incentivize the mining of the spends of ephemeral anchors we require three things to be true:
    102+
    103+1. The ephemeral anchor transaction should be 0-fee itself
    104+2. The transaction should only have a single child
    105+3. The ephemeral anchor must be spent
    


    reardencode commented at 8:00 pm on July 1, 2024:
    0# The ephemeral anchor transaction should be 0-fee itself
    1# The transaction should only have a single child
    2# The ephemeral anchor must be spent
    
  94. luke-jr commented at 8:01 pm on July 1, 2024: member

    Let’s call this BIP 432

    It’s still not BIP material, thus not eligible for assignment or acceptance

  95. reardencode commented at 8:04 pm on July 1, 2024: none

    Good start for TRUC-ephemeral anchor, looking forward to OP_TRUE and/or OP_1 0x4e73 anchors.

    I learned from this transaction that paying to short segwit v1 addresses is already standard, so it’s a smaller change than I had realized to standardize short witness ephemeral anchors.

  96. instagibbs commented at 8:22 pm on July 1, 2024: member

    What is the rational to limit ephemeral outputs to being spent by transactions adhering to the TRUC standard? The goal of ensuring that dust outputs are immediately spent in the same block has nothing to do with TRUC.

    Indeed it’s not strictly required as noted in the rationale section. I leveraged the TRUC implementation in Core to have the 0-fee requirement of the parent(pre-cluster mempool non-TRUC tx are restricted to minrelay or higher), and “only one child”, to incentivize the mining of the spend of the dust.

    This may be too much implementation bleeding into the BIP, and instead the implementation section could note its own limitations which is changed as the implementation changes?

  97. petertodd commented at 8:39 pm on July 1, 2024: contributor

    What is the rational to limit ephemeral outputs to being spent by transactions adhering to the TRUC standard? The goal of ensuring that dust outputs are immediately spent in the same block has nothing to do with TRUC.

    Indeed it’s not strictly required as noted in the rationale section. I leveraged the TRUC implementation in Core to have the 0-fee requirement of the parent(pre-cluster mempool non-TRUC tx are restricted to minrelay or higher), and “only one child”, to incentivize the mining of the spend of the dust.

    This may be too much implementation bleeding into the BIP, and instead the implementation section could note its own limitations which is changed as the implementation changes?

    Yes, I would say removing mentions of TRUC from the BIP would make sense. Due to the many limitations of TRUC it will certainly be replaced in the future, most likely with some kind of general repace-by-fee-rate mechanism (as I’ve noted on bitcoindev, replace-by-fee-rate is already solving real transaction pinning in the wild right now, even without miner support). So there’s no need for the BIP to be dependent on it. I would also strongly suggest that the actual implementation fix this issue; I’ll try to find time to review it later and see if there’s an easy way to do that.

    I believe the “only one child” limitation would affect certain types of connector outputs, as used in Ark. Zero-value outputs are useful to implement a connector output, and there will probably be situations where having more than one of them in a single transaction is useful. That said, the one-child limitation is a more fundamental question of how exactly packages are relayed, so it’s probably more reasonable to punt on fixing this limitation for now.

  98. instagibbs commented at 8:52 pm on July 1, 2024: member

    I would also strongly suggest that the actual implementation fix this issue; I’ll try to find time to review it later and see if there’s an easy way to do that.

    It’s all doable(maybe in near future), I’ll leave notes in the other PR.

    I believe the “only one child” limitation would affect certain types of connector outputs, as used in Ark. Zero-value outputs are useful to implement a connector output, and there will probably be situations where having more than one of them in a single transaction is useful.

    Good point, I think in my mind I was conflating requirements for connector outputs(which don’t have to be sitting in utxo set) vs control outputs which do in constructions like hierarchical payment channels. I have some unclear thoughts on how to relax this restriction so punting for now.

  99. glozow commented at 2:51 pm on July 2, 2024: member

    What is the rational to limit ephemeral outputs to being spent by transactions adhering to the TRUC standard? The goal of ensuring that dust outputs are immediately spent in the same block has nothing to do with TRUC.

    Indeed it’s not strictly required as noted in the rationale section. I leveraged the TRUC implementation in Core to have the 0-fee requirement of the parent(pre-cluster mempool non-TRUC tx are restricted to minrelay or higher), and “only one child”, to incentivize the mining of the spend of the dust.

    TRUCness is just a way of making it feasible to enforce the rules. There’s not a reliance on TRUC, but the point is to clearly describe a specific solution that works and why. BIP 431 itself generally describes topological restrictions on which you can build less pinning-prone policies, with 1 section more specifically about a 1-parent-1-child ruleset. One can imagine another ruleset in a different context but with the same design goals.

    Similarly, you could structure this BIP as:

    • Motivation: 0-value anchors would be nice
    • Design Goals: loosen policy to allow ephemeral dust, but easily enforce that it’s always spent.
    • 1 possible concrete method: 1 child only + 0-fee + TRUC. Link implementation, list rationale.
    • Mention that, in the future, you could come up with another way to allow dust + enforce its ephemeralness in a completely different way.
  100. instagibbs commented at 3:12 pm on July 2, 2024: member

    Thanks for the feedback. I attempted to move all “implementation details” into that section, while keeping the specification clear enough.

    I also renamed this to “ephemeral dust”, because really this is all about handling dust and not about a new output script type ala Pay To Anchor(P2A) https://github.com/bitcoin/bitcoin/pull/30352

    Think I also broke something by changing names of the file.

  101. instagibbs renamed this:
    Ephemeral anchors
    Ephemeral Dust
    on Jul 2, 2024
  102. in bip-0432.mediawiki:96 in 31041f627d outdated
    81+* Be only considered for mining with ephemeral dust spent
    82+* Have only one ephemeral dust output (output values which would normally cause rejection)
    83+
    84+or will be rejected by policy. All other policy checks are left in place.
    85+These constraints apply only to mempool policy. Blocks are not
    86+invalidated by breaking these policy-only rules as they have no bearing on consensus.
    


    petertodd commented at 6:24 am on July 3, 2024:
    0
    1As an exception to the dust rule, a transaction with dust outputs will be considered for acceptance to a node's mempool if:
    2
    3* It has arrived as part of a package of two or more transactions
    4* Other transactions in that package spend every dust output
    5* The transaction(s) spending the dust outputs have an effective fee-rate equal or greater than the fee-rate of the transaction creating the dust
    6
    7This specification is aspirational. Actual implementations may place further restrictions for implementation reasons.
    

    Rational: I think it’s more clear and less wordy if we explain the specification in terms of how ephemeral dust is a relaxation of the dust rule, allowing transactions to do something they otherwise could not have done.


    instagibbs commented at 9:13 pm on July 8, 2024:

    Took the clarity suggestion on making it a more straight forward relaxation.

    I also rewrote the section hoping to stay as close as possible to the ideal, which is “don’t make a block template that would result in dust entering UTXO set”

  103. in bip-0432.mediawiki:95 in 31041f627d outdated
    90+This policy is a relaxation to dust policies that most node software enforces.
    91+
    92+If a dust output never ends up unspent in a mining template, then the marginal
    93+exposure of the network to dust is minimized. Most identified use-cases
    94+of ephemeral dust only require a single dust output, so multiple dust outputs
    95+are left for a possible future extension.
    


    petertodd commented at 6:27 am on July 3, 2024:
    0If dust outputs never ends up unspent in a mining template, then the marginal
    1exposure of the network to dust is minimized. Requiring the transactions spending the dust to have a higher fee-rate ensures that miners do in fact have an incentive to immediately spend the dust.
    

    Deleting since the “aspirational” spec isn’t limited to a single dust output, and explaining the fee-rate rule.


    instagibbs commented at 9:13 pm on July 8, 2024:

    Removing the single-anchor mention.

    As for the other parts, you could imagine a linear chain of dust being spent(each tx 0-fee), with the ultimate transaction bringing exogenous fees to pay for the chain, so I’m not sure being specific about feerates of children is helpful for aspirational section.

    In cluster mempool terms, the implementation could allow dust as long as it’s all created and spent intra-chunk(or would be trimmed), since the miner template would never select a block that would result in the dust entering the UTXO set. It may not be worth the complexity, but seems possible at least, and much more general than current implementation.

  104. petertodd changes_requested
  105. in bip-0432.mediawiki:105 in 31041f627d outdated
    100+
    101+== Backward compatibility ==
    102+
    103+Ephemeral dust creation was previously non-standard, so there are no known conflicts
    104+with previous usage.
    105+
    


    petertodd commented at 7:03 am on July 3, 2024:
    0
    1== Security Considerations ==
    2
    3While CPFP anchors are expected to be a main use-case for ephemeral dust, their use can pose a mining centralization risk. Since it is more space-efficient to pay a miner out-of-band to get a transaction mined than to actually use a CPFP anchor output, large miners could potentially profit from offering out-of-band fee payment services that smaller miners can't offer. In cases where this space efficiency difference is significant, such as using CPFP anchors to pay fees on small transactions, this could act to steer fee revenue to more centralized miners, a threat to Bitcoin's overall decentralization security. Out-of-band fee payment will also result in dust being added to the UTXO set.
    4
    5Protocols and application developers SHOULD only use anchor outputs for fee payment as a last resort, if alternatives such as RBF with pre-signed transactions at different fee-rates are truly impractical.
    

    IMO we need this section to give devs a nudge. We should put similar language in any keyless anchor BIP too.


    instagibbs commented at 9:13 pm on July 8, 2024:
    I added a fee-efficiency section since I do think it’s worth noting the relative ineffciency of multi-tx exogenous fee patterns(like anchors) compared to the other configurations possible with or without softforks.
  106. murchandamus commented at 7:38 pm on July 3, 2024: contributor

    Think I also broke something by changing names of the file.

    It looks like you are missing the README table entry for this PR to pass the build checks

  107. instagibbs force-pushed on Jul 8, 2024
  108. Add ephemeral dust BIP fdaf837fc5
  109. instagibbs force-pushed on Jul 9, 2024
  110. murchandamus commented at 5:50 pm on July 9, 2024: contributor
    Looking over this draft again after the recent reframing from Ephemeral Anchors to Ephemeral Dust, I am no longer confident that the idea needs to be a BIP: it seems to me that the entire spec could be comprehensively described in a few sentences and it would likely suffice to publish it directly in the context of the implementation or project specific documentation.
  111. instagibbs commented at 5:55 pm on July 9, 2024: member
    @murchandamus Appreciate the feedback. I’ll see if there are other places this kind of document can live when it comes to motivating a particular implementation.
  112. instagibbs closed this on Jul 9, 2024


github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bips. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2024-12-26 18:10 UTC

This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me