* [bitcoin-dev] Refreshed BIP324
@ 2022-10-08 12:59 Dhruv M
2022-10-26 16:39 ` Pieter Wuille
2023-10-11 20:52 ` Tim Ruffing
0 siblings, 2 replies; 22+ messages in thread
From: Dhruv M @ 2022-10-08 12:59 UTC (permalink / raw)
To: bitcoin-dev
Hi all,
We have refreshed the proposal for BIP324, a new bitcoin P2P protocol
featuring opportunistic encryption, a mild bandwidth reduction, and the
ability
to negotiate upgrades before exchanging application messages. We'd like
to invite community members to review the BIP[1] and the related Bitcoin
Core
code[2].
The proposal has a rich history[3]. The big changes since the last public
appearance[4] are:
* Elligator-swift encoding for the pubkeys in the ECDH exchange to
obtain a pseudorandom bytestream
* x-only ECDH secret derivation
* Transport versioning that allows for upgradability
* Trafic shapability using decoy packets and a shapable handshake
* Complete rewrite of the BIP text
We look forward to your review and comments.
-Dhruv, Tim and Pieter
[1] BIP Pull Request: https://github.com/bitcoin/bips/pull/1378
[2] All historical and current PRs: https://bip324.com/sections/code-review/
[3] https://bip324.com/sections/bip-review/
[4] https://gist.github.com/dhruv/5b1275751bc98f3b64bcafce7876b489
^ permalink raw reply [flat|nested] 22+ messages in thread
* Re: [bitcoin-dev] Refreshed BIP324
2022-10-08 12:59 [bitcoin-dev] Refreshed BIP324 Dhruv M
@ 2022-10-26 16:39 ` Pieter Wuille
2022-10-27 7:28 ` Vasil Dimov
` (2 more replies)
2023-10-11 20:52 ` Tim Ruffing
1 sibling, 3 replies; 22+ messages in thread
From: Pieter Wuille @ 2022-10-26 16:39 UTC (permalink / raw)
To: Dhruv M; +Cc: bitcoin-dev
Hi all,
On Saturday, October 8th, 2022 at 8:59 AM, Dhruv M <dhruv@bip324.com> wrote:
> We have refreshed the proposal for BIP324, a new bitcoin P2P protocol
> featuring opportunistic encryption, a mild bandwidth reduction, and the
> ability
> to negotiate upgrades before exchanging application messages. We'd like
> to invite community members to review the BIP[1] and the related Bitcoin
> Core
> code[2].
One open question we have regarding BIP324's design is how to deal with the
coordination of assigning the message type IDs.
For context, the current BIP324 draft introduces a notion of 1-byte message
type IDs, which take the place of the 12-byte command strings (in a backward
compatible way; it's still possible to send full strings). This offers a
mild bandwidth reduction (3 bytes per message overall), especially since many
messages on the network are fairly small.
However, it obviously raises the question of how the mapping table between the
1-byte IDs and the commands they represent should be maintained:
1. The most straightforward solution is using the BIP process as-is: let BIP324
introduce a fixed initial table, and future BIPs which introduce new
messages can introduce new mapping entries for it. In theory, this is no
worse than the current coordination difficulty about command strings, but
in practice the risk of collisions due to competing proposals is of course
significantly larger with 1-byte IDs vs. 12-byte strings.
2. An alternative approach is not using 1-byte IDs but slightly longer ones;
for example 3-byte IDs, each consisting of a 2-byte BIP number and a 1-byte
message index introduced by that BIP, at the cost of a smaller bandwidth
improvement. This significantly reduces collision risks, but doesn't remove
the coordination process concerns entirely (e.g. revisions changing what a
BIP introduces need to be taken into account and probably still mean BIPs
need to explicitly list which assignments they introduce).
3. Yet another possibility is not having a fixed table at all, and negotiate
the mapping dynamically. E.g. either side could send a message at
connection time with an explicit table of entries "when I send byte X, I
mean command Y".
4. Lastly, the whole feature could just be dropped from BIP324 (sticking with
command strings), and left for a follow-up (or independent) protocol
improvement. Since arguably this is purely an application-layer concern and
not a transport-layer one, it could even be added as an optional feature to
the (pre-BIP324) protocol today. That would however very likely mean that
BIP324 if adopted as-is isn't actually an (albeit small) bandwidth
reduction compared to today, and forego a possibility to fix a fairly
gratuitous inefficiency in the protocol from day one.
Our idea is to start out with approach (1), with a mapping table effectively
managed by the BIP process directly, but if and when collisions become a
concern (maybe due to many parallel proposals, maybe because the number of
messages just grows too big), switch to approach (3), possibly even
differentially (the sent mappings are just additions/overwrites of the
BIP-defined table mappings, rather than a full mapping).
That said, we're not all that convinced this is the best approach, and feel
this more a community/process question than a technical one, so it would be
good to see more opinions on the topic.
Cheers,
--
Dhruv, Pieter, Tim
^ permalink raw reply [flat|nested] 22+ messages in thread
* Re: [bitcoin-dev] Refreshed BIP324
2022-10-26 16:39 ` Pieter Wuille
@ 2022-10-27 7:28 ` Vasil Dimov
2022-11-03 17:53 ` Murch
2022-11-08 3:20 ` Anthony Towns
2 siblings, 0 replies; 22+ messages in thread
From: Vasil Dimov @ 2022-10-27 7:28 UTC (permalink / raw)
To: Pieter Wuille, Bitcoin Protocol Discussion; +Cc: Dhruv M
[-- Attachment #1: Type: text/plain, Size: 699 bytes --]
On Wed, Oct 26, 2022 at 16:39:02 +0000, Pieter Wuille via bitcoin-dev wrote:
[...]
> Our idea is to start out with approach (1)
[...]
> That said, we're not all that convinced this is the best approach, and feel
> this more a community/process question than a technical one, so it would be
> good to see more opinions on the topic.
[...]
It all makes perfect sense to me.
--
Vasil Dimov
gro.DSBeerF@dv
%
If 10 years from now, when you are doing something quick
and dirty, you suddenly visualize that I am looking over your
shoulders and say to yourself, "Dijkstra would not have liked this",
well that would be enough immortality for me.
-- Edsger W. Dijkstra
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 1528 bytes --]
^ permalink raw reply [flat|nested] 22+ messages in thread
* Re: [bitcoin-dev] Refreshed BIP324
2022-10-26 16:39 ` Pieter Wuille
2022-10-27 7:28 ` Vasil Dimov
@ 2022-11-03 17:53 ` Murch
2022-11-03 22:26 ` Jonas Schnelli
2022-11-08 3:20 ` Anthony Towns
2 siblings, 1 reply; 22+ messages in thread
From: Murch @ 2022-11-03 17:53 UTC (permalink / raw)
To: bitcoin-dev
[-- Attachment #1.1: Type: text/plain, Size: 1303 bytes --]
Hi Pieter, hello list,
On 26.10.22 12:39, Pieter Wuille via bitcoin-dev wrote:
> 1. The most straightforward solution is using the BIP process as-is: let BIP324
> introduce a fixed initial table, and future BIPs which introduce new
> messages can introduce new mapping entries for it. In theory, this is no
> worse than the current coordination difficulty about command strings, but
> in practice the risk of collisions due to competing proposals is of course
> significantly larger with 1-byte IDs vs. 12-byte strings.
From what I understand we'll have about 35 message types on the network
with the addition of BIP324. 256 possible IDs sounds like plenty room to
grow, but perhaps we can be a bit more conservative:
We could use the first bit to signal a 2-byte message ID. That allows us
to express 128 IDs with 1 byte, but if we need more, we get a total of
2^15 IDs across 2 bytes.
I would not be too concerned about collisions. Firstly, message types
would probably be announced to the mailing list as part of the
corresponding BIP, secondly, any overlooked collision should become
apparent at implementation time. The risk could perhaps be further
mitigated by encouraging less prevalent message types to use a 2-byte ID.
Cheers,
Murch
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 22+ messages in thread
* Re: [bitcoin-dev] Refreshed BIP324
2022-11-03 17:53 ` Murch
@ 2022-11-03 22:26 ` Jonas Schnelli
0 siblings, 0 replies; 22+ messages in thread
From: Jonas Schnelli @ 2022-11-03 22:26 UTC (permalink / raw)
To: Murch, Bitcoin Protocol Discussion
> From what I understand we'll have about 35 message types on the network with the addition of BIP324. 256 possible IDs sounds like plenty room to grow, but perhaps we can be a bit more conservative:
>
> We could use the first bit to signal a 2-byte message ID. That allows us to express 128 IDs with 1 byte, but if we need more, we get a total of 2^15 IDs across 2 bytes.
Could make sense.
There would be an alternative to preserve more 1 byte IDs on the cost of a (much) smaller 2 byte ID space:
Reserve the short ID 0xFF as an indication for a 2 bytes short ID (additional 256 short IDs with 2 bytes).
That could be done later outside BIP324.
The 0xFF approach would lead to approx. 207 unused 1 byte short IDs (while Murchs approach would give us approx. 79 unused 1 byte short IDs).
The signal bit two byte approach would however lead to ~32k more two byte message IDs.
The main (and only?) benefit of short IDs is bandwidth.
Short ID 1-12 are reserved for string based IDs and thus, new and rarely sent message types must not always use a short ID.
Maybe the BIP should state that only frequent sent messages should reserve a short ID, though, the BIP itself assigns short IDs to all(?) message types (including low frequent messages like SENDHEADERS).
Maybe exclude message types that expected to be only sent once from assigning a short ID?
/j
^ permalink raw reply [flat|nested] 22+ messages in thread
* Re: [bitcoin-dev] Refreshed BIP324
2022-10-26 16:39 ` Pieter Wuille
2022-10-27 7:28 ` Vasil Dimov
2022-11-03 17:53 ` Murch
@ 2022-11-08 3:20 ` Anthony Towns
2022-11-10 21:23 ` Pieter Wuille
2 siblings, 1 reply; 22+ messages in thread
From: Anthony Towns @ 2022-11-08 3:20 UTC (permalink / raw)
To: Pieter Wuille, Bitcoin Protocol Discussion; +Cc: Dhruv M
On Wed, Oct 26, 2022 at 04:39:02PM +0000, Pieter Wuille via bitcoin-dev wrote:
> However, it obviously raises the question of how the mapping table between the
> 1-byte IDs and the commands they represent should be maintained:
>
> 1. The most straightforward solution is using the BIP process as-is: let BIP324
> introduce a fixed initial table, and future BIPs which introduce new
> messages can introduce new mapping entries for it. [...]
> 3. Yet another possibility is not having a fixed table at all, and negotiate
> the mapping dynamically. E.g. either side could send a message at
> connection time with an explicit table of entries "when I send byte X, I
> mean command Y".
FWIW, I think these two options seem fine -- maintaining a purely local
and hardcoded internal mapping of "message string C has id Y" where Y
is capped by the number of commands you actually implement (presumably
less than 65536 total) is easy, and providing a per-peer mapping from
"byte X" to "id Y" then requires at most 512 bytes per peer, along with
up to 3kB of initial setup to tell your peer what mappings you'll use.
> Our idea is to start out with approach (1), with a mapping table effectively
> managed by the BIP process directly, but if and when collisions become a
> concern (maybe due to many parallel proposals, maybe because the number of
> messages just grows too big), switch to approach (3), possibly even
> differentially (the sent mappings are just additions/overwrites of the
> BIP-defined table mappings, rather than a full mapping).
I guess I think it would make sense to not start using a novel 1-byte
message unless you've done something to introduce that message first;
whether that's via approach (3) ("I'm going to use 0xE9 to mean pkgtxns")
or via a multibyte feature support message ("I sent sendaddrv3 as a
10-byte message, that implies 0xA3 means addrv3 from now on").
I do still think it'd be better to recommend against reserving a byte for
one-shot messages, and not do it for existing one-shot messages though.
Cheers,
aj
^ permalink raw reply [flat|nested] 22+ messages in thread
* Re: [bitcoin-dev] Refreshed BIP324
2022-11-08 3:20 ` Anthony Towns
@ 2022-11-10 21:23 ` Pieter Wuille
2022-11-12 3:23 ` Pieter Wuille
0 siblings, 1 reply; 22+ messages in thread
From: Pieter Wuille @ 2022-11-10 21:23 UTC (permalink / raw)
To: Bitcoin Protocol Discussion
Hi,
Thanks for the comments so far. I think these are all reasonable ideas.
Comments inline below.
On Thursday, November 3rd, 2022 at 1:53 PM, Murch wrote:
> From what I understand we'll have about 35 message types on the network
> with the addition of BIP324. 256 possible IDs sounds like plenty room to
> grow, but perhaps we can be a bit more conservative:
>
> We could use the first bit to signal a 2-byte message ID. That allows us
> to express 128 IDs with 1 byte, but if we need more, we get a total of
> 2^15 IDs across 2 bytes.
Yeah, effectively treating the first 1 or 2 bytes as a simple variable
length integer is a nice way of increasing the space at low cost.
This also doesn't need to be decided now. The initial approach could just
be avoiding allocating bytes in the 128-255 range until the need for more
space arises. If and when that is the case, the choice could be to:
* Just continue treating the first byte as the command.
* Start treating the first upper bit as a sign that another command byte
follows.
* Switch to some form of explicit signalling (option 3 is my earlier
mail).
On Thursday, November 3rd, 2022 at 6:26 PM, Jonas Schnelli wrote:
> There would be an alternative to preserve more 1 byte IDs on the cost
> of a (much) smaller 2 byte ID space: Reserve the short ID 0xFF as an
> indication for a 2 bytes short ID (additional 256 short IDs with 2 bytes).
I don't think this is needed, because we arguably already have that! If the
first byte is 0x01, then 1 more command byte follows in the current BIP324
draft. That mechanism is designed for alphabetic 1-character commands, but
nothing prevents it from also being used for other things (by using a
non-alphabetic byte there).
> Maybe the BIP should state that only frequent sent messages should reserve
> a short ID, though, the BIP itself assigns short IDs to all(?) message
> types (including low frequent messages like SENDHEADERS).
>
> Maybe exclude message types that expected to be only sent once from
> assigning a short ID?
I think that makes sense. Especially in combination with the idea avoiding
bytes with the upper bit set there is a bit more pressure on the 1-byte
space. Rarely-sent or at-most-once-sent commands don't really provide much
benefit. I'd suggest scrapping from the list:
* Version messages: version, verack
* Negotiation messages: sendaddrv2, sendheaders, sendcmpct, wtxidrelay
* Rarely-sent messages: mempool
I'm not sure to what extent filteradd/filterload/filterclear/merkleblock
are still actually used; perhaps they could be removed too?
On Monday, November 7th, 2022 at 10:20 PM, Anthony Towns wrote:
> I guess I think it would make sense to not start using a novel 1-byte
> message unless you've done something to introduce that message first;
> whether that's via approach (3) ("I'm going to use 0xE9 to mean pkgtxns")
> or via a multibyte feature support message ("I sent sendaddrv3 as a
> 10-byte message, that implies 0xA3 means addrv3 from now on").
That's fair, but I don't think it matters too much for allocation purposes;
protocol designs should still not assign overlapping values, unless the
protocols are known to never be used simultaneously?
Unless... the assignment works like "whenever the sendaddrv3 is sent, the
next available byte in range 48..127 gets allocated for addrv3". That means
no explicit mapping is needed, as long as the total number of messages from
simultaneously-active extensions isn't too large.
> I do still think it'd be better to recommend against reserving a byte for
> one-shot messages, and not do it for existing one-shot messages though.
Agree.
FWIW, if anyone was wondering about how much is actually saved by having
1-byte commands vs 12-byte commands, I've gathered statistics from two nodes
(one with many inbound connections, one only outbound) for two weeks. This is
obviously very dependent on network topology and local implementation choices,
but it may still give an idea:
* Outbound-only node:
* Around 4.5% of sent bytes are bytes 2-12 of the command.
* Sent 979.98 MiB in total.
* Outbound and inbound node:
* Around 1.6% of sent bytes are bytes 2-12 of the command.
* Sent 124.14 GiB in total.
Cheers,
--
Pieter
^ permalink raw reply [flat|nested] 22+ messages in thread
* Re: [bitcoin-dev] Refreshed BIP324
2022-11-10 21:23 ` Pieter Wuille
@ 2022-11-12 3:23 ` Pieter Wuille
2022-11-12 18:52 ` Yuval Kogman
2022-11-18 8:24 ` Anthony Towns
0 siblings, 2 replies; 22+ messages in thread
From: Pieter Wuille @ 2022-11-12 3:23 UTC (permalink / raw)
To: Bitcoin Protocol Discussion
Another idea...
On Thursday, November 10th, 2022 at 4:23 PM, Pieter Wuille via bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org> wrote:
> On Thursday, November 3rd, 2022 at 1:53 PM, Murch wrote:
>
> > From what I understand we'll have about 35 message types on the network
> > with the addition of BIP324. 256 possible IDs sounds like plenty room to
> > grow, but perhaps we can be a bit more conservative:
> >
> > We could use the first bit to signal a 2-byte message ID. That allows us
> > to express 128 IDs with 1 byte, but if we need more, we get a total of
> > 2^15 IDs across 2 bytes.
>
> Yeah, effectively treating the first 1 or 2 bytes as a simple variable
> length integer is a nice way of increasing the space at low cost.
The above would really result in having two separate variable-length encodings:
* First byte 1-12 to signify length of alphabetic command
* Otherwise first bit to signify length of short command
I think we can just merge the two and have a single variable-length command structure that can be used for both: command encodings are 1 to 12 bytes, each byte's top bit indicating whether another byte follows (the top bit of byte 11 has no special meaning).
This means:
* Every alphabetic command of L characters becomes L bytes.
* 102 non-alphabetic 1-byte commands can be assigned.
* 15708 non-alphabetic 2-byte commands can be assigned.
* etc
So this gives a uniform space which commands can be assigned from, and there is no strict need for thinking of the short-binary and long-alphabetic commands as distinct. In v2, some short ones would be treated as aliases for old long-alphabetic ones. But new commands could also just be introduced as short ones only (even in v1).
WDYT?
Cheers,
--
Pieter
^ permalink raw reply [flat|nested] 22+ messages in thread
* Re: [bitcoin-dev] Refreshed BIP324
2022-11-12 3:23 ` Pieter Wuille
@ 2022-11-12 18:52 ` Yuval Kogman
2022-11-18 8:24 ` Anthony Towns
1 sibling, 0 replies; 22+ messages in thread
From: Yuval Kogman @ 2022-11-12 18:52 UTC (permalink / raw)
To: Pieter Wuille, Bitcoin Protocol Discussion
[-- Attachment #1: Type: text/plain, Size: 1574 bytes --]
On Sat, 12 Nov 2022, 11:01 Pieter Wuille via bitcoin-dev, <
bitcoin-dev@lists.linuxfoundation.org> wrote:
> I think we can just merge the two and have a single variable-length
> command structure that can be used for both: command encodings are 1 to 12
> bytes, each byte's top bit indicating whether another byte follows (the top
> bit of byte 11 has no special meaning).
>
...
> So this gives a uniform space which commands can be assigned from, and
> there is no strict need for thinking of the short-binary and
> long-alphabetic commands as distinct.In v2, some short ones would be
> treated as aliases for old long-alphabetic ones.
This seems a bit dubious, but since command names are ASCII strings
reversing the meaning of the top bit so that 0 signifies a following byte
would allow the alphabetic commands to be reinterpreted as non-alphabetic,
so the space no longer needs to be a disjoint union of two sub-spaces which
arguably takes the "no [...] need for thinking of [them] as distinct" logic
a little bit bit farther.
The main downsides are that this does nothing to re-assign shorter codes to
existing commands, and secondly that even the non-alphabetic code path
completely supersedes the alphabetic one, the numerical values are up to 85
or 86 bits wide, which is not a reasonable word size. Perhaps this is not a
concern since as far as I know there are no collisions in the first 9 bytes
of existing commands, and constrain the non-alphabetic representation to 9
bytes would leave the last top bit free, so the space would be isomorphic
to {0,1}^64.
[-- Attachment #2: Type: text/html, Size: 2201 bytes --]
^ permalink raw reply [flat|nested] 22+ messages in thread
* Re: [bitcoin-dev] Refreshed BIP324
2022-11-12 3:23 ` Pieter Wuille
2022-11-12 18:52 ` Yuval Kogman
@ 2022-11-18 8:24 ` Anthony Towns
2023-01-05 22:06 ` Pieter Wuille
1 sibling, 1 reply; 22+ messages in thread
From: Anthony Towns @ 2022-11-18 8:24 UTC (permalink / raw)
To: Pieter Wuille, Bitcoin Protocol Discussion
On Sat, Nov 12, 2022 at 03:23:16AM +0000, Pieter Wuille via bitcoin-dev wrote:
> Another idea...
> This means:
> * Every alphabetic command of L characters becomes L bytes.
> * 102 non-alphabetic 1-byte commands can be assigned.
> * 15708 non-alphabetic 2-byte commands can be assigned.
(There are 128**L possible L-byte commands, 26**L alphabetic L-byte
commands, and hence 128**L-26**L non-alphabetical L-byte commands)
> * etc
> So this gives a uniform space which commands can be assigned from, and there is no strict need for thinking of the short-binary and long-alphabetic commands as distinct. In v2, some short ones would be treated as aliases for old long-alphabetic ones. But new commands could also just be introduced as short ones only (even in v1).
Isn't that optimising for the wrong thing? Aren't the goals we want:
1) it should be easy to come up with a message identifier without
accidently conflicting with someone else's proposal
2) commonly used messages on the wire should have a short encoding
in order to save bandwidth
Depending on how much the p2p protocol ossifies, which messages are
"commonly used on the wire" might be expected to change; and picking an
otherwise meaningless value from a set of 102 elements seems likely to
produce conflicts...
Doing:
-> VERSION
<- VERSION
<- SHORTMSG ["BIP324", "foo.org/experiment"]
<- VERACK
-> SHORTMSG ["BIP324"]
-> VERACK
-> SENDSHORTMSG "BIP324" [(13, "ADDRV3")]
<- SENDSHORTMSG "BIP324"
-> 34 (SENDHEADERS)
-> 25 (GETHEADERS)
...
where "SHORTMSG" lets you specify an array of tables you support (such as
BIP324's), and, once you know both sides supports a table, you can send
`SENDSHORTMSG` to choose the table you'll use to abbreviate messages
you send, as well as any modifications to that table (like replacing
ADDR with ADDRV3).
Then when writing BIPs, you just choose a meaningful string ("ADDRV3"),
and when implementing you send a one-time "SENDSHORTMSG" message to
optimise the messages you'll send most often... As time goes on and the
most common messages change, issue a new BIP with a new table so that
your one-time SHORTIDs message becomes shorter too, at least when you
connect to peers that also know about the new bip..
Could potentially support that without bip324, by taking over the one
byte message space, presuming you don't have any one-character messages
you actually want to send?
Could do this /as well as/ the encoding above, I guess; then you would
have bips specify alphabetic message ids, and use SENDSHORTMSG to
dynamically (and sequentially) override/allocate non-alphabetic ids?
That would presumably limit the number of non-alphabetic ids to how
many you could specify in a single SENDSHORTIDs message, which I think
would be up to something like 749k different 1/2/3/4/5/6-byte alphabetic
message ids (encoded as 1/2/3-byte non-alphabetic messages). Probably
some more specific limit would be better though.
Cheers,
aj
^ permalink raw reply [flat|nested] 22+ messages in thread
* Re: [bitcoin-dev] Refreshed BIP324
2022-11-18 8:24 ` Anthony Towns
@ 2023-01-05 22:06 ` Pieter Wuille
2023-01-05 23:12 ` Anthony Towns
0 siblings, 1 reply; 22+ messages in thread
From: Pieter Wuille @ 2023-01-05 22:06 UTC (permalink / raw)
To: Anthony Towns; +Cc: Bitcoin Protocol Discussion
------- Original Message -------
On Friday, November 18th, 2022 at 3:24 AM, Anthony Towns <aj@erisian.com.au> wrote:
> > * etc
> > So this gives a uniform space which commands can be assigned from, and there is no strict need for thinking of the short-binary and long-alphabetic commands as distinct. In v2, some short ones would be treated as aliases for old long-alphabetic ones. But new commands could also just be introduced as short ones only (even in v1).
>
> Isn't that optimising for the wrong thing? Aren't the goals we want:
>
> 1) it should be easy to come up with a message identifier without
> accidently conflicting with someone else's proposal
>
> 2) commonly used messages on the wire should have a short encoding
> in order to save bandwidth
>
> Depending on how much the p2p protocol ossifies, which messages are
> "commonly used on the wire" might be expected to change; and picking an
> otherwise meaningless value from a set of 102 elements seems likely to
> produce conflicts...
Oh, yes. I meant this as an encoding scheme, not as a (replacement for) the negotiation/coordination mechanism. There could still be an initial assignment for 1-byte encodings, and/or an explicit mechanism to negotiate other assignment, and/or nothing at all for now.
I just thought it would be interesting to have a uniform encoding without explicit distinction between "short commands" and "long commands" at that layer.
But maybe none of this is worth it, as it's perhaps more complexity than the alternative, and the alternative already has a working implementation and written-up specification.
Cheers,
--
Pieter
^ permalink raw reply [flat|nested] 22+ messages in thread
* Re: [bitcoin-dev] Refreshed BIP324
2023-01-05 22:06 ` Pieter Wuille
@ 2023-01-05 23:12 ` Anthony Towns
2023-01-09 8:11 ` Anthony Towns
0 siblings, 1 reply; 22+ messages in thread
From: Anthony Towns @ 2023-01-05 23:12 UTC (permalink / raw)
To: Pieter Wuille, Bitcoin Protocol Discussion
On Thu, Jan 05, 2023 at 10:06:29PM +0000, Pieter Wuille via bitcoin-dev wrote:
> > > So this gives a uniform space which commands can be assigned from, and there is no strict need for thinking of the short-binary and long-alphabetic commands as distinct. In v2, some short ones would be treated as aliases for old long-alphabetic ones. But new commands could also just be introduced as short ones only (even in v1).
> Oh, yes. I meant this as an encoding scheme, not as a (replacement for) the negotiation/coordination mechanism. There could still be an initial assignment for 1-byte encodings, and/or an explicit mechanism to negotiate other assignment, and/or nothing at all for now.
>
> I just thought it would be interesting to have a uniform encoding without explicit distinction between "short commands" and "long commands" at that layer.
> But maybe none of this is worth it, as it's perhaps more complexity than the alternative, and the alternative already has a working implementation and written-up specification.
Heh, I was just looking at this yesterday, but failing to quite reach
a conclusion.
One thing I hadn't realised about this was that it's not actually
a restriction compared to what we currently allow with p2p v1:
CMessageHeader::IsCommandValid() already rejects commands that use
characters outside of 0x20 to 0x7E, so the high bit is already available
for signalling when we reach the last byte.
The current implementation for 324 does the aliasing
as part of V2TransportDeserializer::GetMessage and
V2TransportSerializer::prepareForTransport. That makes a lot of sense,
but particularly if we were to negotiate short commands sometime around
VERSION or VERACK, it might make more sense for the aliasing to move up
to the protocol layer rather than have it close to the wire layer. In
that case having a uniform encoding means we could just keep using
CSerializedNetMsg whether we're sending a short command or a multibyte
ascii command -- without a uniform encoding, if we wanted to move short
commands up a layer, I think we'd need to change CSerializedNetMsg to
have m_type be a `std::variant<uint8_t,std::string>` instead of just a
string, or something similar.
I think I'm leaning towards "it doesn't matter either way" though:
* if we can negotiate short commands on a per-peer basis, then once
negotiation's finished we'll only be using short commands so saving a
byte on long commands doesn't matter much
* if we've only got around 30 or 40 commands we understand anyway
(even counting one-time-only negotiation stuff), then it doesn't
matter if we can do 102, 126 or 242 short commands since those are
all more than we need
* whether we'd have to tweak an internal struct if we want to change
the way our code is structured shouldn't really be much of an influence
on protocol design...
Cheers,
aj
^ permalink raw reply [flat|nested] 22+ messages in thread
* Re: [bitcoin-dev] Refreshed BIP324
2023-01-05 23:12 ` Anthony Towns
@ 2023-01-09 8:11 ` Anthony Towns
2023-02-16 17:43 ` Dhruv M
0 siblings, 1 reply; 22+ messages in thread
From: Anthony Towns @ 2023-01-09 8:11 UTC (permalink / raw)
To: Bitcoin Protocol Discussion
On Fri, Jan 06, 2023 at 09:12:50AM +1000, Anthony Towns via bitcoin-dev wrote:
> On Thu, Jan 05, 2023 at 10:06:29PM +0000, Pieter Wuille via bitcoin-dev wrote:
> > Oh, yes. I meant this as an encoding scheme, not as a (replacement for) the negotiation/coordination mechanism. There could still be an initial assignment for 1-byte encodings, and/or an explicit mechanism to negotiate other assignment, and/or nothing at all for now.
> The current implementation for 324 does the aliasing
> as part of V2TransportDeserializer::GetMessage and
> V2TransportSerializer::prepareForTransport. That makes a lot of sense,
> [...]
So I think you can make this setup work with a negotiated assignment of
shortids, perhaps starting off something like:
https://github.com/ajtowns/bitcoin/commit/6b8edd754bdcb582e293e4f5d0b41297711bdbb7
That has a 242 element array per peer giving the mappings (which
is just ~250 bytes per peer) for deserialization, which seems
workable. [0]
It also has a single global map for serialization, so we'll always shorten
CFILTER to shortid 39 for every peer that supports shortids, even, eg, for
a peer who's told us they'll send CFILTER as shortid 99 and that we should
interpret shortid 39 from them as NEWFEATUREX. That has three advantages:
* each peer can choose a mapping that minimises their own outbound
traffic, even potentially for asymmetric connections, and don't need
to coordinate with the other peer to decide a common optimal mapping
that they both use across their connection
* you don't have to have different serialization tables per-peer,
reducing memory usage / implementation complexity
* you can leave V2TransportSerializer as a `const` object, and not have
to introduce additional locking logic to be able to update its
state...
I'm not seeing a good way to introduce shortids for future one-shot
negotiation messages though (like VERSION, VERACK, SENDADDRV2,
WTXIDRELAY, SENDTXRCNCL):
* if you explicitly announce the mapping first, you're just wasting
bytes ("99=FOOBAR; 99 baz quux" vs just "FOOBAR baz quux")
* if you negotiate the tables you support between VERSION/VERACK and
then choose a mutually supported table after VERACK, that's too late
for pre-VERACK negotation messages
* announcing the tables you support as part of the VERSION message
would work, but seems a bit klunky
Also, if you did want to shift to a new table, you'd probably want to
always support sending/receiving {37, 44, 46, 47, 36} messages?
I guess I still kind-of think it'd make more sense to just reserve
shortids for post-VERACK messages that are going to be sent more
than once per connection... At that point, even if you don't have any
table in common with your peer, just following VERACK with an immediate
announcement of each shortid you want to use and its meaning would still
make reasonable sense.
If we included the ability to define your own shortids concurrently
with bip324 rollout, then I think nodes could always have a static set
of shortids they use for all their peers for outbound messages, which,
as above, seems like it would make for simpler implementations.
ie, you might send:
VERSION
SHORTIDTBLS ["","awesomeshortids"]
WTXIDRELAY
SENDADDRV2
SENDPACKAGES 1
VERACK
SHORTID "" [(52,"getpkgtxns"), (53, "pkgtxns"), (54, "ancpkginfo")]
...but you'd do all that long form, and only switch to shortids for
messages after you've declared exactly what your shortids are going to
be.
(where "" is the table name for bip324's table, and "awesomeshortids"
is an updated table that includes the package relay commands already,
perhaps)
Cheers,
aj
[0] m_deserializer is used from the SocketHandler thread in
CNode::ReceiveMsgBytes(), but the p2p protocol is managed from the
MessageHandler thread; with multiple messages potentially deserialized
into vRecvMsg() at once -- but that means that if the first message
redefines shortid decoding, and the second message uses one of the
redefined shortids, it will have already been decoded incorrectly.
So that would need some futzing about still.
^ permalink raw reply [flat|nested] 22+ messages in thread
* Re: [bitcoin-dev] Refreshed BIP324
2023-01-09 8:11 ` Anthony Towns
@ 2023-02-16 17:43 ` Dhruv M
2023-02-17 15:51 ` Anthony Towns
0 siblings, 1 reply; 22+ messages in thread
From: Dhruv M @ 2023-02-16 17:43 UTC (permalink / raw)
To: bitcoin-dev
[-- Attachment #1: Type: text/plain, Size: 5923 bytes --]
Attempting to summarize the thread thus far:
Problem:
- 1 byte message type IDs are lacking a co-ordination mechanism when multiple in-flight BIPs are proposing new message types as the id space is reduced form 12 ASCII bytes to 1 byte.
- 1 byte IDs are scarce and should be allocated judiciously, especially given that gains on bandwidth are very much non-uniform across message types.
Solutions:
- Uniform encoding using the high-bit increases the available ID space drastically, however, there's still the issue of making sure that the most frequent message types get the shorter IDs.
- Making type IDs negotiable(editable, really) per direction per connection solves that issue at the cost of some increased complexity.
Since we don't really know the extent to which the protocol will ossify over time and that BIP324 is already quite a large change, we might want to optimize for the least additional complexity that doesn't close the doors on any of the solutions. How about this:
- BIP324 restricts type IDs to [1, 127]
- We remove 1 byte allocations for messages that are sent at most once per connection per direction
- Optionally, in the implementation we can attempt to move the type id mapping to the p2p layer away from the transport layer. I suspect this could also be done after the implementation is merged but might be cleaner as the mapping is a p2p concern.
Best,
-Dhruv
On 1/9/23 00:11, Anthony Towns via bitcoin-dev wrote:
> On Fri, Jan 06, 2023 at 09:12:50AM +1000, Anthony Towns via bitcoin-dev wrote:
>
>> On Thu, Jan 05, 2023 at 10:06:29PM +0000, Pieter Wuille via bitcoin-dev wrote:
>>
>>> Oh, yes. I meant this as an encoding scheme, not as a (replacement for) the negotiation/coordination mechanism. There could still be an initial assignment for 1-byte encodings, and/or an explicit mechanism to negotiate other assignment, and/or nothing at all for now.
>
>> The current implementation for 324 does the aliasing
>> as part of V2TransportDeserializer::GetMessage and
>> V2TransportSerializer::prepareForTransport. That makes a lot of sense,
>> [...]
>
> So I think you can make this setup work with a negotiated assignment of
> shortids, perhaps starting off something like:
> https://github.com/ajtowns/bitcoin/commit/6b8edd754bdcb582e293e4f5d0b41297711bdbb7
> That has a 242 element array per peer giving the mappings (which
> is just ~250 bytes per peer) for deserialization, which seems
> workable. [0]
>
> It also has a single global map for serialization, so we'll always shorten
> CFILTER to shortid 39 for every peer that supports shortids, even, eg, for
> a peer who's told us they'll send CFILTER as shortid 99 and that we should
> interpret shortid 39 from them as NEWFEATUREX. That has three advantages:
>
> * each peer can choose a mapping that minimises their own outbound
> traffic, even potentially for asymmetric connections, and don't need
> to coordinate with the other peer to decide a common optimal mapping
> that they both use across their connection
>
> * you don't have to have different serialization tables per-peer,
> reducing memory usage / implementation complexity
>
> * you can leave V2TransportSerializer as a `const` object, and not have
> to introduce additional locking logic to be able to update its
> state...
>
> I'm not seeing a good way to introduce shortids for future one-shot
> negotiation messages though (like VERSION, VERACK, SENDADDRV2,
> WTXIDRELAY, SENDTXRCNCL):
>
> * if you explicitly announce the mapping first, you're just wasting
> bytes ("99=FOOBAR; 99 baz quux" vs just "FOOBAR baz quux")
> * if you negotiate the tables you support between VERSION/VERACK and
> then choose a mutually supported table after VERACK, that's too late
> for pre-VERACK negotation messages
> * announcing the tables you support as part of the VERSION message
> would work, but seems a bit klunky
>
> Also, if you did want to shift to a new table, you'd probably want to
> always support sending/receiving {37, 44, 46, 47, 36} messages?
>
> I guess I still kind-of think it'd make more sense to just reserve
> shortids for post-VERACK messages that are going to be sent more
> than once per connection... At that point, even if you don't have any
> table in common with your peer, just following VERACK with an immediate
> announcement of each shortid you want to use and its meaning would still
> make reasonable sense.
>
> If we included the ability to define your own shortids concurrently
> with bip324 rollout, then I think nodes could always have a static set
> of shortids they use for all their peers for outbound messages, which,
> as above, seems like it would make for simpler implementations.
>
> ie, you might send:
>
> VERSION
> SHORTIDTBLS ["","awesomeshortids"]
> WTXIDRELAY
> SENDADDRV2
> SENDPACKAGES 1
> VERACK
> SHORTID "" [(52,"getpkgtxns"), (53, "pkgtxns"), (54, "ancpkginfo")]
>
> ...but you'd do all that long form, and only switch to shortids for
> messages after you've declared exactly what your shortids are going to
> be.
>
> (where "" is the table name for bip324's table, and "awesomeshortids"
> is an updated table that includes the package relay commands already,
> perhaps)
>
> Cheers,
> aj
>
> [0] m_deserializer is used from the SocketHandler thread in
> CNode::ReceiveMsgBytes(), but the p2p protocol is managed from the
> MessageHandler thread; with multiple messages potentially deserialized
> into vRecvMsg() at once -- but that means that if the first message
> redefines shortid decoding, and the second message uses one of the
> redefined shortids, it will have already been decoded incorrectly.
> So that would need some futzing about still.
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
>
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
[-- Attachment #2: Type: text/html, Size: 7451 bytes --]
^ permalink raw reply [flat|nested] 22+ messages in thread
* Re: [bitcoin-dev] Refreshed BIP324
2023-02-16 17:43 ` Dhruv M
@ 2023-02-17 15:51 ` Anthony Towns
2023-02-17 22:13 ` Pieter Wuille
0 siblings, 1 reply; 22+ messages in thread
From: Anthony Towns @ 2023-02-17 15:51 UTC (permalink / raw)
To: Dhruv M, Bitcoin Protocol Discussion
On Thu, Feb 16, 2023 at 05:43:22PM +0000, Dhruv M via bitcoin-dev wrote:
> Problem:
> - 1 byte message type IDs are lacking a co-ordination mechanism when multiple in-flight BIPs are proposing new message types as the id space is reduced form 12 ASCII bytes to 1 byte.
> - 1 byte IDs are scarce and should be allocated judiciously, especially given that gains on bandwidth are very much non-uniform across message types.
ACK.
> Solutions:
> - Uniform encoding using the high-bit increases the available ID space drastically, however, there's still the issue of making sure that the most frequent message types get the shorter IDs.
> - Making type IDs negotiable(editable, really) per direction per connection solves that issue at the cost of some increased complexity.
>
> Since we don't really know the extent to which the protocol will ossify over time and that BIP324 is already quite a large change, we might want to optimize for the least additional complexity that doesn't close the doors on any of the solutions.
I think it's probably less complex to close *some* of the doors?
In particular, I think there's two questions that have to get answered:
1) how do you distinguish the command from the payload for
non short-ids -- by a length prefix, or by setting the high-bit
of the final command byte?
2) are short ids available/meaningful to send prior to VERACK being
completed?
> How about this:
> - BIP324 restricts type IDs to [1, 127]
Is this for short ids (currently [13-255] per the bip) or for every byte
in a non-short-id command (for p2p v1, IsCommandValid() restricts each
byte to being in the printable ascii range, ie [32-126])?
Here's another approach:
idea: we use short ids to minimise bandwidth, and don't care about
bandwidth for long ids
implementation:
short id 0 is reserved for long commands. when received, we
decode the first 12 bytes of the payload and treat them
exactly the same as a v1 p2p message (trailing 0-bytes, etc)
(if there's not 12 bytes of payload, it's just treated as an
invalid command and dropped)
short ids 1-255 are available for use as aliases of particular
long commands
(That's exactly compatible with p2p v1, and also avoids the temptation
to try to choose short command names rather than descriptive ones -- the
0-padding to 12 bytes prevents you from saving any bandwidth that way;
but that's what we have short ids for anyway)
If we decide we want >255 short ids, we can figure out how to extend
them later, in a fairly open ended way I think, eg by having [128-255]
imply a 2 byte short id, so that seems fine?
> - We remove 1 byte allocations for messages that are sent at most once per connection per direction
I think this leaves 32 commands that get short ids initially:
misc: ADDR, ADDRV2, BLOCK, FEEFILTER, GETBLOCKS, GETDATA, GETHEADERS,
HEADERS, INV, NOTFOUND, PING, PONG, TX
bip 35/37: FILTERADD, FILTERCLEAR, FILTERLOAD, MEMPOOL, MERKLEBLOCK
bip 152: BLOCKTXN, CMPCTBLOCK, GETBLOCKTXN
bip 157: CFCHECKPT, CFHEADERS, CFILTER, GETCFCHCKPT, GETCFHEADERS,
GETCFILTERS
bip 330: RECONCILDIFF, REQRECON, REQSKETCHEXT, SENDCMPCT, SKETCH
which drops:
VERSION, VERACK, GETADDR, SENDADDRV2, SENDHEADERS, SENDTXRCNCL,
WTXIDRELAY
compared to bip 324 currently.
I think the things missing from the current list (and not currently in
use by bitcoin core) are:
bip 61: REJECT
bip 331: GETPKGTXNS, PKGTXNS, ANCPKGINFO
> - Optionally, in the implementation we can attempt to move the type id mapping to the p2p layer away from the transport layer. I suspect this could also be done after the implementation is merged but might be cleaner as the mapping is a p2p concern.
I agree that's fine, though I expect that we'll probably want to do it
not long after bip 331 is ready for merge (or some other p2p improvement
comes along)...
Cheers,
aj
^ permalink raw reply [flat|nested] 22+ messages in thread
* Re: [bitcoin-dev] Refreshed BIP324
2023-02-17 15:51 ` Anthony Towns
@ 2023-02-17 22:13 ` Pieter Wuille
2023-02-19 23:56 ` Anthony Towns
0 siblings, 1 reply; 22+ messages in thread
From: Pieter Wuille @ 2023-02-17 22:13 UTC (permalink / raw)
To: Anthony Towns, Bitcoin Protocol Discussion; +Cc: Dhruv M
On Friday, February 17th, 2023 at 10:51 AM, Anthony Towns via bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org> wrote:
> I think it's probably less complex to close some of the doors?
> 2) are short ids available/meaningful to send prior to VERACK being
> completed?
Ah, I hadn't considered this nuance. If we don't care about them being available before VERACK negotiation, then it may be possible to introduce a way to negotiate a different short id mapping table without needing a mechanism for *re*-negotiating.
> Here's another approach:
>
> idea: we use short ids to minimise bandwidth, and don't care about
> bandwidth for long ids
>
> implementation:
> short id 0 is reserved for long commands. when received, we
> decode the first 12 bytes of the payload and treat them
> exactly the same as a v1 p2p message (trailing 0-bytes, etc)
> (if there's not 12 bytes of payload, it's just treated as an
> invalid command and dropped)
>
> short ids 1-255 are available for use as aliases of particular
> long commands
>
> (That's exactly compatible with p2p v1, and also avoids the temptation
> to try to choose short command names rather than descriptive ones -- the
> 0-padding to 12 bytes prevents you from saving any bandwidth that way;
> but that's what we have short ids for anyway)
I like this idea. It avoids the variable-length encoding question and related complexity entirely for things where we admittedly don't care about the bandwidth impact anyway.
It may also have another (rather weak) advantage, in that it may reduce how much information a passive observe may learn about application level features (sendheaders, sendaddrv2, ...) from the packet size sent (which would otherwise depend on command lengths), even when decoys are not in use, if no short commands are included for these messages.
> > - We remove 1 byte allocations for messages that are sent at most once per connection per direction
>
> I think this leaves 32 commands that get short ids initially:
>
> misc: ADDR, ADDRV2, BLOCK, FEEFILTER, GETBLOCKS, GETDATA, GETHEADERS,
> HEADERS, INV, NOTFOUND, PING, PONG, TX
> bip 35/37: FILTERADD, FILTERCLEAR, FILTERLOAD, MEMPOOL, MERKLEBLOCK
> bip 152: BLOCKTXN, CMPCTBLOCK, GETBLOCKTXN
> bip 157: CFCHECKPT, CFHEADERS, CFILTER, GETCFCHCKPT, GETCFHEADERS,
> GETCFILTERS
> bip 330: RECONCILDIFF, REQRECON, REQSKETCHEXT, SENDCMPCT, SKETCH
Sounds right.
> which drops:
>
> VERSION, VERACK, GETADDR, SENDADDRV2, SENDHEADERS, SENDTXRCNCL,
> WTXIDRELAY
Indeed.
> compared to bip 324 currently.
>
> I think the things missing from the current list (and not currently in
> use by bitcoin core) are:
>
> bip 61: REJECT
> bip 331: GETPKGTXNS, PKGTXNS, ANCPKGINFO
Do you feel REJECT should be included?
> > - Optionally, in the implementation we can attempt to move the type id mapping to the p2p layer away from the transport layer. I suspect this could also be done after the implementation is merged but might be cleaner as the mapping is a p2p concern.
>
> I agree that's fine, though I expect that we'll probably want to do it
> not long after bip 331 is ready for merge (or some other p2p improvement
> comes along)...
I do prefer that as well; it feels like the transport layer shouldn't be aware of the different command names that exist, but this is very much just an implementation issue.
Perhaps a possibility is having the transport layer translate short-command-number-N to the 12-byte command "\x00\x00..." + byte(N), and hand that to the application layer, which could then do the mapping?
Cheers,
--
Pieter
^ permalink raw reply [flat|nested] 22+ messages in thread
* Re: [bitcoin-dev] Refreshed BIP324
2023-02-17 22:13 ` Pieter Wuille
@ 2023-02-19 23:56 ` Anthony Towns
2023-02-20 15:22 ` Pieter Wuille
0 siblings, 1 reply; 22+ messages in thread
From: Anthony Towns @ 2023-02-19 23:56 UTC (permalink / raw)
To: Pieter Wuille, Bitcoin Protocol Discussion; +Cc: Dhruv M
On Fri, Feb 17, 2023 at 10:13:05PM +0000, Pieter Wuille via bitcoin-dev wrote:
> > I think it's probably less complex to close some of the doors?
> > 2) are short ids available/meaningful to send prior to VERACK being
> > completed?
> Ah, I hadn't considered this nuance. If we don't care about them being available before VERACK negotiation, then it may be possible to introduce a way to negotiate a different short id mapping table without needing a mechanism for *re*-negotiating.
I think you still need/want two negotiation steps -- once to tell each
other what tables you know about, once to choose a mutually recognised
table and specify any additions.
> > I think the things missing from the current list (and not currently in
> > use by bitcoin core) are:
> > bip 61: REJECT
> > bip 331: GETPKGTXNS, PKGTXNS, ANCPKGINFO
> Do you feel REJECT should be included?
I don't think it matters much; reject messages are both rare and include
a reason so you'd only be saving maybe 12 bytes out of 62 (~20%)
for maybe 6000 messages a day per peer that sends reject messages,
so 72kB/day/reject-peer?
> Perhaps a possibility is having the transport layer translate short-command-number-N to the 12-byte command "\x00\x00..." + byte(N), and hand that to the application layer, which could then do the mapping?
Presuming the transport layer also continues to reject commands that
have a '\x00' byte at the start or in the middle (ie !IsCommandValid()),
that seems pretty reasonable...
Cheers,
aj
^ permalink raw reply [flat|nested] 22+ messages in thread
* Re: [bitcoin-dev] Refreshed BIP324
2023-02-19 23:56 ` Anthony Towns
@ 2023-02-20 15:22 ` Pieter Wuille
2023-02-21 16:03 ` Anthony Towns
0 siblings, 1 reply; 22+ messages in thread
From: Pieter Wuille @ 2023-02-20 15:22 UTC (permalink / raw)
To: Anthony Towns; +Cc: Bitcoin Protocol Discussion, Dhruv M
On Sunday, February 19th, 2023 at 6:56 PM, Anthony Towns <aj@erisian.com.au> wrote:
> On Fri, Feb 17, 2023 at 10:13:05PM +0000, Pieter Wuille via bitcoin-dev wrote:
>
> > > I think it's probably less complex to close some of the doors?
> > > 2) are short ids available/meaningful to send prior to VERACK being
> > > completed?
> > > Ah, I hadn't considered this nuance. If we don't care about them being available before VERACK negotiation, then it may be possible to introduce a way to negotiate a different short id mapping table without needing a mechanism for re-negotiating.
>
> I think you still need/want two negotiation steps -- once to tell each
> other what tables you know about, once to choose a mutually recognised
> table and specify any additions.
Right, I wasn't talking about how many steps/messages the negotiation takes. I just meant that if all negotiation of the mapping table happens just once (before VERACK) and that negotiation itself happens without use of short commands, then there is no need for re-negotiating short commands after they are already in use. Nothing concrete, but I can imagine that that may simplify some implementations.
Cheers,
--
Pieter
^ permalink raw reply [flat|nested] 22+ messages in thread
* Re: [bitcoin-dev] Refreshed BIP324
2023-02-20 15:22 ` Pieter Wuille
@ 2023-02-21 16:03 ` Anthony Towns
2023-02-28 18:07 ` Dhruv M
0 siblings, 1 reply; 22+ messages in thread
From: Anthony Towns @ 2023-02-21 16:03 UTC (permalink / raw)
To: Pieter Wuille, Bitcoin Protocol Discussion; +Cc: Dhruv M
On Mon, Feb 20, 2023 at 03:22:30PM +0000, Pieter Wuille via bitcoin-dev wrote:
> On Sunday, February 19th, 2023 at 6:56 PM, Anthony Towns <aj@erisian.com.au> wrote:
> > On Fri, Feb 17, 2023 at 10:13:05PM +0000, Pieter Wuille via bitcoin-dev wrote:
> > > > I think it's probably less complex to close some of the doors?
> > > > 2) are short ids available/meaningful to send prior to VERACK being
> > > > completed?
> > > > Ah, I hadn't considered this nuance. If we don't care about them being available before VERACK negotiation, then it may be possible to introduce a way to negotiate a different short id mapping table without needing a mechanism for re-negotiating.
> > I think you still need/want two negotiation steps -- once to tell each
> > other what tables you know about, once to choose a mutually recognised
> > table and specify any additions.
> Right, I wasn't talking about how many steps/messages the negotiation takes. I just meant that if all negotiation of the mapping table happens just once (before VERACK) and that negotiation itself happens without use of short commands, then there is no need for re-negotiating short commands after they are already in use. Nothing concrete, but I can imagine that that may simplify some implementations.
Yeah; I was just thinking of the fact that currently the negotiation is:
* send your VERSION message
* see what their VERSION message is
* announce a bunch of features, depending on the version (or service
flags)
* send the VERACK (and GETADDR and final ALERT)
* wait for their announcements and VERACK
* negotiation is finished; we know everything; we're ready to go
which only gets you two steps if you send the short id stuff as part of
the VERSION message. Obviously you could just add an extra phase either
just before or just after the VERACK, though.
I suppose being able to choose your own short id mapping from day 0 would
mean that every bip324 node could use a single short id mapping for all
outgoing messages, which might also make implementation marginally easier
(no need to use one table for modern nodes, but also support the original
table for old bip324 implementations)...
Cheers,
aj
^ permalink raw reply [flat|nested] 22+ messages in thread
* Re: [bitcoin-dev] Refreshed BIP324
2023-02-21 16:03 ` Anthony Towns
@ 2023-02-28 18:07 ` Dhruv M
2023-02-28 21:02 ` Erik Aronesty
0 siblings, 1 reply; 22+ messages in thread
From: Dhruv M @ 2023-02-28 18:07 UTC (permalink / raw)
To: bitcoin-dev
The relevant changes from this discussion about short 1-byte message
type IDs are now in a PR for the bips repo:
https://github.com/bitcoin/bips/pull/1428
On 2/21/23 08:03, Anthony Towns via bitcoin-dev wrote:
> On Mon, Feb 20, 2023 at 03:22:30PM +0000, Pieter Wuille via bitcoin-dev wrote:
>> On Sunday, February 19th, 2023 at 6:56 PM, Anthony Towns <aj@erisian.com.au> wrote:
>>> On Fri, Feb 17, 2023 at 10:13:05PM +0000, Pieter Wuille via bitcoin-dev wrote:
>>>>> I think it's probably less complex to close some of the doors?
>>>>> 2) are short ids available/meaningful to send prior to VERACK being
>>>>> completed?
>>>>> Ah, I hadn't considered this nuance. If we don't care about them being available before VERACK negotiation, then it may be possible to introduce a way to negotiate a different short id mapping table without needing a mechanism for re-negotiating.
>>> I think you still need/want two negotiation steps -- once to tell each
>>> other what tables you know about, once to choose a mutually recognised
>>> table and specify any additions.
>> Right, I wasn't talking about how many steps/messages the negotiation takes. I just meant that if all negotiation of the mapping table happens just once (before VERACK) and that negotiation itself happens without use of short commands, then there is no need for re-negotiating short commands after they are already in use. Nothing concrete, but I can imagine that that may simplify some implementations.
> Yeah; I was just thinking of the fact that currently the negotiation is:
>
> * send your VERSION message
> * see what their VERSION message is
>
> * announce a bunch of features, depending on the version (or service
> flags)
> * send the VERACK (and GETADDR and final ALERT)
>
> * wait for their announcements and VERACK
> * negotiation is finished; we know everything; we're ready to go
>
> which only gets you two steps if you send the short id stuff as part of
> the VERSION message. Obviously you could just add an extra phase either
> just before or just after the VERACK, though.
>
> I suppose being able to choose your own short id mapping from day 0 would
> mean that every bip324 node could use a single short id mapping for all
> outgoing messages, which might also make implementation marginally easier
> (no need to use one table for modern nodes, but also support the original
> table for old bip324 implementations)...
>
> Cheers,
> aj
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
^ permalink raw reply [flat|nested] 22+ messages in thread
* Re: [bitcoin-dev] Refreshed BIP324
2023-02-28 18:07 ` Dhruv M
@ 2023-02-28 21:02 ` Erik Aronesty
0 siblings, 0 replies; 22+ messages in thread
From: Erik Aronesty @ 2023-02-28 21:02 UTC (permalink / raw)
To: Dhruv M, Bitcoin Protocol Discussion
[-- Attachment #1: Type: text/plain, Size: 3314 bytes --]
you can always do what protocols usually do. 1 byte is fine for now, but
reserve the top bit for "this is a two byte id" (128 choices). then when
you run out of room, set the top bit which means "this is a 2 byte id
(again with one reserved) and so-on. ie: how protobuf stores integers.
On Tue, Feb 28, 2023 at 1:42 PM Dhruv M via bitcoin-dev <
bitcoin-dev@lists.linuxfoundation.org> wrote:
> The relevant changes from this discussion about short 1-byte message
> type IDs are now in a PR for the bips repo:
> https://github.com/bitcoin/bips/pull/1428
>
> On 2/21/23 08:03, Anthony Towns via bitcoin-dev wrote:
> > On Mon, Feb 20, 2023 at 03:22:30PM +0000, Pieter Wuille via bitcoin-dev
> wrote:
> >> On Sunday, February 19th, 2023 at 6:56 PM, Anthony Towns <
> aj@erisian.com.au> wrote:
> >>> On Fri, Feb 17, 2023 at 10:13:05PM +0000, Pieter Wuille via
> bitcoin-dev wrote:
> >>>>> I think it's probably less complex to close some of the doors?
> >>>>> 2) are short ids available/meaningful to send prior to VERACK being
> >>>>> completed?
> >>>>> Ah, I hadn't considered this nuance. If we don't care about them
> being available before VERACK negotiation, then it may be possible to
> introduce a way to negotiate a different short id mapping table without
> needing a mechanism for re-negotiating.
> >>> I think you still need/want two negotiation steps -- once to tell each
> >>> other what tables you know about, once to choose a mutually recognised
> >>> table and specify any additions.
> >> Right, I wasn't talking about how many steps/messages the negotiation
> takes. I just meant that if all negotiation of the mapping table happens
> just once (before VERACK) and that negotiation itself happens without use
> of short commands, then there is no need for re-negotiating short commands
> after they are already in use. Nothing concrete, but I can imagine that
> that may simplify some implementations.
> > Yeah; I was just thinking of the fact that currently the negotiation is:
> >
> > * send your VERSION message
> > * see what their VERSION message is
> >
> > * announce a bunch of features, depending on the version (or service
> > flags)
> > * send the VERACK (and GETADDR and final ALERT)
> >
> > * wait for their announcements and VERACK
> > * negotiation is finished; we know everything; we're ready to go
> >
> > which only gets you two steps if you send the short id stuff as part of
> > the VERSION message. Obviously you could just add an extra phase either
> > just before or just after the VERACK, though.
> >
> > I suppose being able to choose your own short id mapping from day 0 would
> > mean that every bip324 node could use a single short id mapping for all
> > outgoing messages, which might also make implementation marginally easier
> > (no need to use one table for modern nodes, but also support the original
> > table for old bip324 implementations)...
> >
> > Cheers,
> > aj
> > _______________________________________________
> > bitcoin-dev mailing list
> > bitcoin-dev@lists.linuxfoundation.org
> > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>
[-- Attachment #2: Type: text/html, Size: 4507 bytes --]
^ permalink raw reply [flat|nested] 22+ messages in thread
* Re: [bitcoin-dev] Refreshed BIP324
2022-10-08 12:59 [bitcoin-dev] Refreshed BIP324 Dhruv M
2022-10-26 16:39 ` Pieter Wuille
@ 2023-10-11 20:52 ` Tim Ruffing
1 sibling, 0 replies; 22+ messages in thread
From: Tim Ruffing @ 2023-10-11 20:52 UTC (permalink / raw)
To: bitcoin-dev; +Cc: Dhruv M
Hello,
We'd like to announce two recent updates to BIP324 ("Version 2 P2P
Encrypted Transport Protocol"). Some of these changes affect semantics
and some are backwards-incompatible.
While we are not aware of any implementations of BIP324 except the one
in Bitcoin Core (see https://github.com/bitcoin/bitcoin/issues/27634 ),
the purpose of the email is to inform anyone involved in other
implementation efforts. At this point, we don't expect any further
backwards-incompatible changes.
https://github.com/bitcoin/bips/pull/1496 did multiple small changes:
* Incoming v1 connections are now detected based on first 16 bytes
they sent (instead of 12), which improves accuracy. If the incoming
v1 connection appears to come from a wrong network (due to non-
matching "network magic" bytes), responders may now drop the
connection immediately.
* The BIP330 message types have been dropped from the short encodings
list in the BIP. It feels like it shouldn't be BIP324's goal to
predict future protocol improvements.
https://github.com/bitcoin/bips/pull/1498 introduced a backwards-
incompatible change:
* The garbage authentication packet is removed by merging it with the
version packet. This simplifies the protocol implementation by
consolidating the states and removing the special case of "ignoring
the ignore bit." The freedom to choose the contents of the garbage
authentication packet has also been removed, leading to easier
testing and implementation.
We also did some editorial improvements. The most recent revision of
the BIP324 can be found at:
https://github.com/bitcoin/bips/blob/master/bip-0324.mediawiki
Best,
Dhruv, Tim, and Pieter
On Sat, 2022-10-08 at 12:59 +0000, Dhruv M wrote:
> Hi all,
>
> We have refreshed the proposal for BIP324, a new bitcoin P2P protocol
> featuring opportunistic encryption, a mild bandwidth reduction, and
> the
> ability
> to negotiate upgrades before exchanging application messages. We'd
> like
> to invite community members to review the BIP[1] and the related
> Bitcoin
> Core
> code[2].
>
> The proposal has a rich history[3]. The big changes since the last
> public
> appearance[4] are:
>
> * Elligator-swift encoding for the pubkeys in the ECDH exchange to
> obtain a pseudorandom bytestream
> * x-only ECDH secret derivation
> * Transport versioning that allows for upgradability
> * Trafic shapability using decoy packets and a shapable handshake
> * Complete rewrite of the BIP text
>
> We look forward to your review and comments.
>
> -Dhruv, Tim and Pieter
>
>
> [1] BIP Pull Request: https://github.com/bitcoin/bips/pull/1378
>
> [2] All historical and current PRs:
> https://bip324.com/sections/code-review/
>
> [3] https://bip324.com/sections/bip-review/
>
> [4] https://gist.github.com/dhruv/5b1275751bc98f3b64bcafce7876b489
>
>
>
^ permalink raw reply [flat|nested] 22+ messages in thread
end of thread, other threads:[~2023-10-11 20:58 UTC | newest]
Thread overview: 22+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-10-08 12:59 [bitcoin-dev] Refreshed BIP324 Dhruv M
2022-10-26 16:39 ` Pieter Wuille
2022-10-27 7:28 ` Vasil Dimov
2022-11-03 17:53 ` Murch
2022-11-03 22:26 ` Jonas Schnelli
2022-11-08 3:20 ` Anthony Towns
2022-11-10 21:23 ` Pieter Wuille
2022-11-12 3:23 ` Pieter Wuille
2022-11-12 18:52 ` Yuval Kogman
2022-11-18 8:24 ` Anthony Towns
2023-01-05 22:06 ` Pieter Wuille
2023-01-05 23:12 ` Anthony Towns
2023-01-09 8:11 ` Anthony Towns
2023-02-16 17:43 ` Dhruv M
2023-02-17 15:51 ` Anthony Towns
2023-02-17 22:13 ` Pieter Wuille
2023-02-19 23:56 ` Anthony Towns
2023-02-20 15:22 ` Pieter Wuille
2023-02-21 16:03 ` Anthony Towns
2023-02-28 18:07 ` Dhruv M
2023-02-28 21:02 ` Erik Aronesty
2023-10-11 20:52 ` Tim Ruffing
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox