Skip to content

policy: Ephemeral anchors #26403

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 37 commits into from
Closed

policy: Ephemeral anchors #26403

wants to merge 37 commits into from

Conversation

instagibbs
Copy link
Member

@instagibbs instagibbs commented Oct 27, 2022
edited
Loading

TODO:

I'll be updating to segwit variant soon, with updated BIP text.

Builds on top of #25038 for consideration of inclusion to the proposal. Requires V3, for simplicity of reasoning and usage. Implementation of idea written out at https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2022-October/021036.html

BIP text here: https://github.com/instagibbs/bips/blob/ephemeral_anchor/bip-ephemeralanchors.mediawiki

@instagibbs instagibbs changed the title Ephemeral anchors [POLICY] Ephemeral anchors Oct 27, 2022
@instagibbs instagibbs force-pushed the ephemeral-anchors branch 13 times, most recently from 8a1d01f to 38bd244 Compare November 3, 2022 21:04
@instagibbs instagibbs marked this pull request as ready for review November 3, 2022 21:05
@instagibbs instagibbs force-pushed the ephemeral-anchors branch 3 times, most recently from 495960d to a2e1bab Compare November 4, 2022 01:16
This was referenced Nov 4, 2022
Closed
Closed
Merged
@DrahtBot
Copy link
Contributor

DrahtBot commented Nov 4, 2022
edited
Loading

The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

Code Coverage

For detailed information about the code coverage, see the test coverage report.

Reviews

See the guideline for information on the review process.

Type Reviewers
Concept NACK luke-jr

If your review is incorrectly listed, please react with 👎 to this comment and the bot will ignore it on the next update.

Conflicts

Reviewers, this pull request conflicts with the following ones:

  • #bitcoin-core/gui/650 (Add Import to Wallet GUI by KolbyML)
  • #28246 (wallet: Use CTxDestination in CRecipient instead of just scriptPubKey by achow101)
  • #28244 (Break up script/standard.{h/cpp} by achow101)
  • #28217 (set DEFAULT_PERMIT_BAREMULTISIG to false by Retropex)
  • #28201 (Silent Payments: sending by josibake)
  • #28126 (wallet legacy: bugfix, disallow importing invalid scripts via importaddress by furszy)
  • #28122 (Silent Payments: Implement BIP352 by josibake)
  • #28031 (Package Relay 1/3: Introduce TxPackageTracker as Orphan Resolution Module by glozow)
  • #27827 (Silent Payments: send and receive by josibake)
  • #27432 (contrib: add tool to convert compact-serialized UTXO set to SQLite database by theStack)
  • #26840 (refactor: importpubkey, importprivkey, importaddress, importmulti, and importdescriptors rpc by KolbyML)
  • #26711 (validate package transactions with their in-package ancestor sets by glozow)
  • #26451 (Enforce incentive compatibility for all RBF replacements by sdaftuar)
  • #20892 (tests: Run both descriptor and legacy tests within a single test invocation by achow101)

If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first.

@DrahtBot DrahtBot mentioned this pull request Nov 4, 2022
Merged
@instagibbs
Add OP_TRUE as a standard output type
e4fee49 
This will be used in following commits
as the flag for ephemeral anchors, allowing
dust values, but also requiring
the output to be spend in the same relay package.
@instagibbs
Allow dust anchor outputs
0bfd0a5 
Anchor outputs are not yet required
to be spent in same mempool package.
@instagibbs
Add -ephemeralanchors which when set to false disallows anchor outputs
d3d6efb
@instagibbs
Allow one ephemeral anchor per transaction
c2ef3f6
@instagibbs
Enforce that ephemeral anchor transactions are 0 base fee
b0f9385
@instagibbs
GetDustThreshold: Make anchor output dust threshold 0 explicitly
0f93c45
@instagibbs
Functional tests for ephemeral anchors
e0b7643 
Does not have test coverage for making sure EA are spent,
and package RBF cases, neither of which exist currently.
@instagibbs
Only allow ephemeral anchors in v3 transactions
1c83793
@instagibbs
Add anchor argument to transaction creation rpcs
db1e5d3
@instagibbs
Require ephemeral anchors to be spent in mempool atomically
1606792 
Either in the same relay package, or by transactions RBFing
the CPFP.
@instagibbs
Add test for more complicated ephemeral anchor scenarios
a040e2f
@instagibbs instagibbs force-pushed the ephemeral-anchors branch 2 times, most recently from e3622f7 to c21489c Compare August 10, 2023 16:03
This was referenced Aug 11, 2023
Draft
Closed
@DrahtBot
Copy link
Contributor

🐙 This pull request conflicts with the target branch and needs rebase.

@whitslack
Copy link
Contributor

What's the point of having a non-malleable version? Okay, so a miner cannot add extra pushes to the input script that spends the anchor, but there is nothing to stop the miner from mining an alternative child transaction that spends only the anchor. Thus, the party that had broadcast the original child transaction will be forced to construct a new spending transaction with a different TxID anyway. Indeed, anyone (not only a miner) is free to propose a replacement child that spends only the anchor, so it will never be okay to depend upon the TxID of a transaction that spends an ephemeral anchor. So again I ask, what is the point of having a non-malleable ephemeral anchor?

@instagibbs
Copy link
Member Author

instagibbs commented Nov 15, 2023
edited
Loading

Thus, the party that had broadcast the original child transaction will be forced to construct a new spending transaction with a different TxID anyway

Canonical example here which motivated the change was that of LN channel splicing being used to cpfp bump another transaction, would could be another channel's commitment transaction itself. This requires the ephemeral anchor-spending tx(the splice) to retain txid stability otherwise funds are locked up in the new funding output.

I understand that not all use-cases require such things, but two points:

  1. It's easy to expand standardness, and really hard to restrict. In deploying one version, we'll likely learn lessons we'd want to apply to other versions. If we see tons of uptake from wallets that explicitly don't care about txid stability? That's a signal as well.
  2. "I don't see the problem" is much weaker than "there is no problem" and I'd rather be able to reason via modern bitcoin rules

@whitslack
Copy link
Contributor

This requires the ephemeral anchor-spending tx(the splice) to retain txid stability otherwise funds are locked up in the new funding output.

The point I was missing is that a non-malleable anchor ensures that the other output(s) do not get spent in a transaction whose TxID was not known in advance of signing. Thank you for the answer.

@instagibbs instagibbs mentioned this pull request Dec 5, 2023
Closed
@instagibbs instagibbs closed this Dec 5, 2023
@bitcoin bitcoin locked and limited conversation to collaborators Dec 5, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@glozow glozow glozow left review comments

+1 more reviewer

@ajtowns ajtowns ajtowns left review comments

Reviewers whose approvals may not affect merge requirements
Assignees
No one assigned
Labels
CI failed Needs Conceptual Review Needs rebase TX fees and policy
Projects
Package Relay + V3 Project Tracking
Status: Done: Mempool
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
9 participants
@instagibbs @DrahtBot @luke-jr @JeremyRubin @maflcko @ajtowns @naumenkogs @glozow @whitslack