From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp4.osuosl.org (smtp4.osuosl.org [IPv6:2605:bc80:3010::137]) by lists.linuxfoundation.org (Postfix) with ESMTP id 9FC63C000B for ; Sat, 12 Jun 2021 18:48:45 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id 807FA4028F for ; Sat, 12 Jun 2021 18:48:45 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org X-Spam-Flag: NO X-Spam-Score: -2.099 X-Spam-Level: X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: smtp4.osuosl.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lvbi7sVIfuws for ; Sat, 12 Jun 2021 18:48:44 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.8.0 Received: from mail-ej1-x636.google.com (mail-ej1-x636.google.com [IPv6:2a00:1450:4864:20::636]) by smtp4.osuosl.org (Postfix) with ESMTPS id F351B40211 for ; Sat, 12 Jun 2021 18:48:43 +0000 (UTC) Received: by mail-ej1-x636.google.com with SMTP id h24so9584014ejy.2 for ; Sat, 12 Jun 2021 11:48:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=1ZzLAk2afjKOQH9zgN+AcF0pZAa3q4A7Q+sHdIdVr5s=; b=lR7eX69EiPf1fmdQdAPU6FXrOMToeIWrCn0qypNNFy1r52SRyJWeh+Y/2p8wVqUdnw L0EQ9NqW+aKZVx7YNzLAOiOuaXCVl+ACwh9A1s//YAaL+16ePPXd0vJVnC8WDOqOfc1S K/0lFapAqkEIy1ekeSJh2ZgqHyr03m7JLXIegkuF497nQaw//iJD0+wbErwoMflby18J LizrlnKhRVywfnNoyRaZ5B/NqB04WxK0DRLsSTkSDM8b8lJ+CrHB1byrmhQWGno5dA4C tLeMNe4dCtGxwh4uda7UEqw5+LHeSBI0umJSObMCpSXFpjiva5t/tPi8WNNJuZiEVj71 dHkQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=1ZzLAk2afjKOQH9zgN+AcF0pZAa3q4A7Q+sHdIdVr5s=; b=uZtczh0BUwTTRX/ihCJUWo37r+aUnz4PYQ/bWAP4Z7pyzo2Ek1f6BieXrp/lHYsYKX SYVPYz9hxvQrkbn9N0g7omdFiWAid5N6UEzetWgZpJTwYfd5d5zziq7V7wiuc7mido7G td9b4ZlaUMys8FTCC36glMTN+nqGHOZu8xuGqT7p6uwml/HLsxwq8Cx4QEMjza7EEmb/ yGYPS2t2bYmFyaVgTPcgCTn24tWv0NmCaWnPnAFInTPwcBYIkAn2+mL7nYClKcfpgHQG 06Qh/fjKxdcAjuaFxVSrymZzd95HSJbAXrnkCTOAfiXG8GOWIxCwRZ+m9SLwI+Ib00wN 8/tQ== X-Gm-Message-State: AOAM53368EO7j7k0QKEu/2n7HJnRqFapcTY828y7ptrr+eNouqq5YJqJ 1aa+0vtpmQBjYDP7/KrM3S2lXu/0JQid0hDP9l0= X-Google-Smtp-Source: ABdhPJyfQ38tILbbtZYMi1O+R+5UKmufSc7voxnWoMZVTBtjoEXg0PsBLocN2dEyE33VAbzpq4K1d0qFUjbbfpmR5Fo= X-Received: by 2002:a17:906:b4b:: with SMTP id v11mr8721566ejg.359.1623523722152; Sat, 12 Jun 2021 11:48:42 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Billy Tetrud Date: Sat, 12 Jun 2021 11:48:24 -0700 Message-ID: To: "Russell O'Connor" Content-Type: multipart/alternative; boundary="000000000000be4f5c05c4961275" X-Mailman-Approved-At: Sat, 12 Jun 2021 20:58:37 +0000 Cc: Bitcoin Protocol Discussion Subject: Re: [bitcoin-dev] OP_BEFOREBLOCKVERIFY - discussing and opcode that invalidates a spend path after a certain block X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 12 Jun 2021 18:48:45 -0000 --000000000000be4f5c05c4961275 Content-Type: text/plain; charset="UTF-8" > I'll just send my about-to-expire transactions directly to miners and they will probably mine them because they are, in fact, valid, and pay fees. Why wouldn't they mine it? You've misunderstood me. When I said "change what counts as finalization", what I meant is for the receiver of coins, not for mining or relay. For example, if you buy coffee with an OP_BBV output that expires in the next block, the merchant will be able to see that there's one confirmation on your transaction. But they should also be able to see a warning saying that the transaction has not finalized and they must wait for 6 confirmations before treating payment as complete. This way, in the case that a reorg happens and it doesn't contain the transaction, the merchant will not have given the coffee yet, and their software will be able to tell them that the payment has been reversed. > I think the RBF flag ought to be removed from consideration and every transaction should be considered RBFable I agree with that. Making the assumption that a non-RBF transaction won't be replaced isn't a great assumption. > This indirection is how OP_CLTV and OP_CSV work I see. Thanks for the explanation. On Sat, Jun 12, 2021 at 8:58 AM Russell O'Connor wrote: > > On Sat, Jun 12, 2021 at 3:59 AM Billy Tetrud > wrote: > >> > taproot annex >> >> From what I can tell, the annex is basically additional inputs to a >> script that might have additional constraints put on it. Is that right? I >> don't quite follow how moving the max height to the annex helps script >> caching here. I wasn't able to find much information on how the annex is >> envisioned to be used. Would you mind elaborating on how this would work? >> >> Also, I think the proposal as it stands already addresses script caching >> (in the Transaction Evaluation section >> ). >> The result of the script can be cached as long as the cache item also >> contains information requiring just the OP_BBV to be re-evaluated (for the >> relevant block). >> > > The normal approach for this problem would be a design that adds an "annex > field" (where the details on how to delimit annex fields is not yet > standardized) for a maxheight value, and add a consensus rule that > transaction with one (or more?) maxheight fields are invalid in blocks > whose height exceeds this (or any) maxheight value. Then you could/would > add an OP code to push a copy of the (smallest) maxheight value from the > annex onto the stack or maybe an opcode to compare a stack item with this > (every) maxheight value from the annex. This indirection is how OP_CLTV > and OP_CSV work and this indirection makes script validity cacheable > because script remains a function of the transaction data only. Since > transaction data doesn't change, neither does the outcome of script > evaluation. The rule that invalidates late transactions looks only at the > annex and is independent of any script evaluation considerations. > > >> > this auto-double-spend wallet would send every payment with an annex value >> that limits the payment to being valid only up to the next block >> >> One possible solution to that would be to require that the input to >> OP_BBV to be in the script itself and not originate from the witness. >> >> Regardless, I think the ideal solution is to not have any of these such >> rules if we can simply change the definition for what counts as >> finalization to account for the fact that BBV transactions mined close to >> their expiration. Is there a reason this finalization-redefinition is not >> an adequate solution? >> > > Generally speaking, you cannot solve security problems through optional > and completely voluntary transaction relay policy. I'll just send my > about-to-expire transactions directly to miners and they will probably mine > them because they are, in fact, valid, and pay fees. Why wouldn't they > mine it? > > (Yes, I know this logic also applies to RBF flagged transactions. Indeed, > you cannot rely on an RBF flag to prevent double spending, Yes I think the > RBF flag ought to be removed from consideration and every transaction > should be considered RBFable. Maybe that even happens to be my own node's > relay policy.) > > I apologize, but I don't think I have further time to engage in an idea > that I don't consider likely to achieve broad community support. > --000000000000be4f5c05c4961275 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
>=C2=A0 I'll just send my about-to-expire tran= sactions directly to miners and they will probably mine them because they a= re, in fact, valid, and pay fees.=C2=A0 Why wouldn't they mine it?

You've misunderstood me. When I said "change = what counts as finalization", what I meant is for the receiver of coin= s, not for mining or relay. For example, if you buy coffee with an OP_BBV o= utput that expires in the next block, the merchant will be able to see that= there's one confirmation on your transaction. But they should also be = able to see a warning saying that the transaction has not finalized and the= y must wait for 6 confirmations before treating payment as complete. This w= ay, in the case that a reorg happens and it doesn't contain=C2=A0the tr= ansaction, the merchant will not have given the coffee yet, and their softw= are will be able to tell them that the payment has been reversed.=C2=A0

> I think the RBF flag ought to be removed from co= nsideration and every transaction should be considered RBFable
I agree with that. Making the assumption that a non-RBF transa= ction won't be replaced isn't a great assumption.=C2=A0
<= br>
>=C2=A0This indirection is how OP_CLTV and OP_CSV work
I see. Thanks for the explanation.


On Sat, Jun 12, 2021 at 8:58 AM Russell O'Connor <roconnor@blockstream.com> wro= te:

O= n Sat, Jun 12, 2021 at 3:59 AM Billy Tetrud <billy.tetrud@gmail.com> wrote:
<= /div>
>= ;=C2=A0 taproot=C2=A0annex

From what I can tell, the annex is basically additional inputs to a= script that might have additional constraints put on it. Is that right? I = don't quite follow how moving the max height to the annex helps script = caching here. I wasn't able to find much information on how the annex i= s envisioned to be used. Would you mind elaborating on how this would work?=

Also, I think the proposal as= it stands already addresses script caching (in the Transaction Evaluatio= n section). The result of the script can be cached as long as the cache= item also contains information requiring just the OP_BBV to be re-evaluate= d (for the relevant block).
=C2=A0
T= he normal approach for this problem would be a design that adds an "an= nex field" (where the details on how to delimit annex fields is not ye= t standardized) for a maxheight value, and add a consensus rule that transa= ction with one (or more?) maxheight fields are invalid in blocks whose heig= ht exceeds this (or any) maxheight value.=C2=A0 Then you could/would add an= OP code to push a copy of the (smallest) maxheight value from the annex on= to the stack or maybe an opcode to compare a stack item with this (every) m= axheight value from the annex.=C2=A0 This indirection is how OP_CLTV and OP= _CSV work and this indirection makes script validity cacheable because scri= pt remains a function of the transaction data only.=C2=A0 Since transaction= data doesn't change, neither does the outcome of script evaluation. Th= e rule that invalidates late transactions looks only at the annex and is in= dependent of any script evaluation considerations.
=C2=A0
<= span>> this=C2=A0auto-double-spend wallet would send every paymen= t with an=C2=A0annex=C2=A0value that limits the payment to bei= ng valid only up to the next block

One possible so= lution to that would be to require that the input to OP_BBV to be in the sc= ript itself and not originate from the witness.=C2=A0

<= div>Regardless, I think the ideal solution is to not have any of these such= rules if we can simply change the definition for what counts as finalizati= on to account for the fact that BBV transactions mined close to their expir= ation. Is there a reason this finalization-redefinition is not an adequate = solution?

Generally speaking, y= ou cannot solve security problems through optional and completely voluntary= transaction relay policy.=C2=A0 I'll just send my about-to-expire tran= sactions directly to miners and they will probably mine them because they a= re, in fact, valid, and pay fees.=C2=A0 Why wouldn't they mine it?

(Yes, I know this logic also applies to RBF flagged tr= ansactions.=C2=A0 Indeed, you cannot rely on an RBF flag to prevent double = spending,=C2=A0 Yes I think the RBF flag ought to be removed from considera= tion and every transaction should be considered RBFable.=C2=A0 Maybe that e= ven happens to be my own node's relay policy.)

I apologize, but I don't think I have further time to engage in an ide= a that I don't consider likely to achieve broad community support.
<= /div>
--000000000000be4f5c05c4961275--