Hi all,
I think any valid consensus-change based solution to the pinning and replacement cycling issues for Bitcoin L2s should respect the following properties / requirements (ideally):
- non-interactive with contribution of your off-chain counterparty
- minimize level of fee-bumping reserve and number of UTXO locked
- block any malicious pinning or replacement cycling as long as you can compete with ongoing fee rates
- do not make the security of low-value lightning payments conditional on a probabilistic state of local knowledge of historical mempool
- generalize to N > 2 multi-party off-chain construction
- minimize the witness size by using efficient bitcoin script semantics
- do not give an edge to low-hashrate or coalition of low-hashrate miners to play fees games with Lightning / L2 nodes
- be composable with a solution to massive force-closure of time-sensitive off-chain states
- not make it worst things like partial or global mempool partitioning [0]
I think this is already a lot. I had some intuitive solutions aiming to remove package malleability by using something like the annex and sighash_anyamount semantic, though after musing on Peter Todd's op_expire proposal, I wonder if there is not another family of solutions that can be designed using "moon math" cryptos like short-lived proofs and strictly enforced sequential time windows.
I don't have any strong design at all, and in any case given the complexity it would be good to have an end-to-end implementation of any solution, at the very least see it works well for the Lightning case (chatted with Gleb out-of-band he's too busy with Erlay for now to research more on those subjects and on my side bored working more on those issues, sadly I don't know that many bitcoin, lightning and covenant researchers that understand that well those problems). I still think pinning and replacement attacks deserve more real-world mainnet experimentation, under usual ethical guidelines .
Inviting everyone in the Bitcoin research community to research more on those pinning, replacement cycling and miners incentives misalignment with second-layers. Please do so, those issues are serious enough if we wish to have a reliable fee market in a post-subsidy world and a sustainable decentralized miner ecosystem in the long-term (well...dumb ordinal transactions might save the day, though open another wormhole of technical issues).
Best,
Antoine