On Wed, May 7, 2025 at 10:49 AM pithosian <pithosian@i2pmail.org> wrote:

On Fri, 2 May 2025 06:47:44 +0000 (UTC)
Greg Maxwell <gmaxwell@gmail.com> wrote:

>
> On Thursday, April 17, 2025 at 7:09:23 PM UTC Antoine Poinsot wrote:
>
>
> Since the restrictions on the usage of OP_RETURN outputs encourage
> harmful practices while being ineffective in deterring unwanted
> usage, i propose to drop them.
>
>
> The situation is even somewhat worse than that: There are a number
> of design decisions where it's generally assumed that relay and
> mining policy generally match, or at least that mismatches are short
> lived.
>
> When relay policy is more restrictive than what is actually being
> mined there are at least two serious negative effects.
>
> The first is that the latency of block propagation is greatly harmed,
> a single missed transaction causes a tripling of the per hop
> transmission delay. If the missed transaction(s) are larger than the
> TCP window then the increase may be many round trip times. Also if
> the missed data is large the currently unused prefill mechanism in
> compact blocks wouldn't help (and would instead likely make things
> worse as then nodes will get several times the same transaction data
> from different peers and you cannot decode the compact block until
> all the prefill data has been received due to the message checksum.
> Delays in block propagation can have a disproportionate effect on
> mining centralization because they cause larger miners to have
> improved profitability over smaller ones. This happens regardless of
> which party was on which side of the delay, no matter which side is
> delayed its the smaller miner's expected profits that are diminisned
> and the nature of mining competition means that less profitable
> miners go bankrupt.
>
> This also encourages the establishment of direct miner submission
> which can undermine the permissionless nature of bitcoin and in
> particular again shifts profits towards larger miners because e.g.
> few would bother connecting to a 1% miner's direct submission
> interface (if they could even afford to make one).
>
> There are also a number of less significant harms, e.g. more
> restrictive relay policy makes fee estimation less accurate/complete
> (though at least estimation is designed to be fairly robust in that
> direction).
>
> So on this basis I suggest a principle for these sorts of policy:
> Relay rules should admit all transactions which are reliably being
> mined.
>
> I think node software should adopt this principal as a general rule.
>
> Admitting the transactions is not endorsing them, it's just a
> recognition of reality. This policy or equivalent is also the
> requirement to not suffer from the downsides of relay being more
> restrictive than mining. If we imagine that a miner is mining some
> kind of harmful attack transaction e.g. a validation DOS attack, then
> the miner needs to be convinced to stop, the implementation changed
> to not have bad performance, and/or consensus rules must be changed
> ... but relay policy can't address it.
>
> By general rule I mean that should something like a miner begin
> mining e.g. quadratic hashing bloat legacy txn, or using unused
> opcode/successcode/version number or whatever by mistake or technical
> ignorance there is no need to rush off enabling their relay. A
> general rule isn't a suicide pact. But if it were the case that
> transactions misusing a particular forward compatibility feature were
> reliably getting mined then that feature would just no longer be
> useful for forward compatibility regardless of what relay policy says
> about it and it would be better to relay them than have the downsides
> of not doing so.
>
> As Antoine Poinsot points out, the existent rule is entirely
> ineffectual: Parties current bypass these rules with other
> transaction forms (such as very harmful address stuffing which is
> impossible to block) or by direct miner submission, which will
> continue considering the millions of dollars miners have received
> mining transactions with violate the relay rules. Because of this it
> will not become effectual with time or tweaking. It is a dead
> parrot^policy. This is no surprise, since it's a product of
> Bitcoin's anti-censorship properties that *generally* filtering will
> not work except on the fringes. As such there isn't practical upside
> to keeping filtering beyond what miners currently perform.
>
> Some Bitcoiners are of the opinion that they still want a knob, I
> think doing so is a disrespectful placebo[*] but I don't have a
> strong opinion if an option remains-- the code is safer and cleaner
> without some filtering rules that few users would use but that really
> just a question between software maintainers and users. That said,
> Bitcoin core has generally not had knobs to adjust relay policy as
> distinct from mining policy in large part because of the design
> assumption that the two need to be the same. But in this case if
> there were a knob here I think would make more sense for it to
> control mining policy rather than relay policy, since it would
> actually have some effect in the mining context (in excluding the txn
> from your own blocks) while as a relay only thing it is impotent.
>
> [*] It doesn't even conserve their resources meaningfully. They'll
> still receive and process the txn, then discard. Then they likely
> have to fetch it a second time when it shows up in a block. Although
> they may save re-transmitting it, on average network wide each
> transaction is sent once and received once so the extra transmission
> for the block should offset the relay savings.
>
>
>

On block propagation:
> When relay policy is more restrictive than what is actually being
> mined there are at least two serious negative effects.
> The first is that the latency of block propagation is greatly harmed,
> a single missed transaction causes a tripling of the per hop
> transmission delay.

If I'm reading this correctly (and there's every chance I'm not):

1. When a node receives a compact block, it completely checks the
block's validity before relying it.
2. If the block includes txs which aren't in the node's mempool, it
needs to request those txs from peers before it can validate (and
subsequently relay) it.
3. This can slow down propagation of blocks significantly (as this cost
can, in the worst case, be incurred 'per hop').

If my above understanding is correct, then as far as I can tell, this
problem has nothing to do with mempool tx relay policy, and can be
solved by tweaking block relay policy.

On receiving a block:
1. Check whether the block meets the POW target.
2. If it does, relay it.
3. Validate the contents of the block.
4. Apply it.

This removes the 'per hop' block propagation delay caused by retrieving
missing transactions, and the only threat, so far as I can tell, is
that someone might waste a lot of money mining an invalid block to get
nodes to relay it (but then quickly discard it), which doesn't seem
particularly worth it.

Of course, if a miner doesn't have an included transaction locally,
they still need to go get it before they can safely include txs in
their next block, but the propagation delay is removed, and that miner
can always make sure to run, and connect to peers running permissive
relay policy, such as librerelay, to decrease the odds of that
happening.

--
You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/20250507012038.3EAE07C10F1%40smtp.postman.i2p.