On Tue, Mar 19, 2024 at 10:47:26AM +0100, Martin Habovštiak wrote:
> Hello everyone,
> 
> For a while I was thinking that anchor outputs/CPFP are wasteful and I
> believe I have finally found a better way of doing them. I wrote up a
> document describing the solution here:
> https://gist.github.com/Kixunil/6ae6f787db36d0d5ed3220f5bcece7f7

FYI I believe that Jeremy Rubin proposed essentially the same idea before on
this mailing list, using the term "Transaction Sponsorship" to describe it.

> At first sight this looks broken because of the pinning problem.
> Today, if ANYONECANSPEND output is used an attacker could boost a
> transaction of someone else in a way that would make it stuck in the
> mempool.

To be clear, this issue exists because we don't currently do
replace-by-fee-rate with a reasonably low minimum fee-rate ratio.

Correct me if I'm wrong, but I believe at the moment the only significant
transaction pinning attack remaining for ANYONECANSPEND, spending confirmed
outputs, is Rule #3 pinning.

> This is because of policy rules protecting the network against DoS attacks,
> so apparently the rules cannot be relaxed.
> The rules are designed specifically to impose cost on attackers.

I disagree re: DoS attacks. We already have plenty of free-relay attacks. RBFR
does not significantly change that situation.

RBFR is running live right now on Libre Relay nodes on mainnet. If these
free-relay attacks were actually serious, I'd suggest that people demonstrate
them!

> The reason why anyone can boost is not actually broken is that multiple
> independent transactions can boost the same transaction.

Note that introducing this mechanism with a soft-fork will also create entirely
new smart contracting facilities, unrelated to boosting/sponsorship.

For example, I believe that Ark could make use of this mechanism to more
efficiently replace their connector output scheme.

> Notably, such boosting service would *not* be trustless but non-delivery
> could be easily proven using LN invoice and preimage.
> Perhaps it is possible to make the service trustless but that's probably
> not worth the effort given how low the amounts are.

To reduce trust you could do an automated, multiple round, signing scheme where
the service signs transations with higher and higher fee-rates in exchange for
most funds over LN. The minimum amount the sender would need to front would be
the cost of the additional ~32 bytes required. Though arranging this idea with
multiple people at once could be tricky.

> ## Known downsides
> 
> ### This requires a soft fork
> 
> Soft forks can be contentious and difficult to deploy.

I'd suggest you find other use-cases for this mechanism, eg Ark, and present it
as a solution to a bunch of problems at once. I'm not sure that the fee payment
alone is sufficient incentive.

You don't mention it below. But another downside is you provide an easy way for
arbitrary third parties to get a particular transaction mined. I raised this
issue the last time it was discussed on this list, giving the example of my
OpenTimestamps calendars: it would be annoying if people could easily get
out-of-date timestamp txs mined by just paying a bit of money. While this is
always *possible*, implementing a mechanism that makes doing this easy has
downsides. On balance though, if it enables things like Ark, you'll help make
the argument that the upsides are worth it.

-- 
https://petertodd.org 'peter'[:-1]@petertodd.org

-- 
You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/bitcoindev/ZfmgLhETBEDql85w%40petertodd.org.