[bitcoin-dev] On mempool policy consistency

2022-10-26 Thread Anthony Towns via bitcoin-dev 
Hi *,

TLDR: Yes, this post is too long, and there's no TLDR. If it's any
consolation, it took longer to write than it does to read?

On Tue, Jun 15, 2021 at 12:55:14PM -0400, Antoine Riard via bitcoin-dev wrote:
> Subject: Re: [bitcoin-dev] Proposal: Full-RBF in Bitcoin Core 24.0
> I'm writing to propose deprecation of opt-in RBF in favor of full-RBF

> If there is ecosystem agreement on switching to full-RBF, but 0.24 sounds
> too early, let's defer it to 0.25 or 0.26. I don't think Core has a
> consistent deprecation process w.r.t to policy rules heavily relied-on by
> Bitcoin users, if we do so let sets a precedent satisfying as many folks as
> we can.

One precedent that seems to be being set here, which to me seems fairly
novel for bitcoin core, is that we're about to start supporting and
encouraging nodes to have meaningfully different mempool policies. From
what I've seen, the baseline expectation has always been that while
certainly mempools can and will differ, policies will be largely the same:

  Firstly, there is no "the mempool". There is no global mempool. Rather
  each node maintains its own mempool and accepts and rejects transaction
  to that mempool using their own internal policies. Most nodes have
  the same policies, but due to different start times, relay delays,
  and other factors, not every node has the same mempool, although they
  may be very similar.

  - 
https://bitcoin.stackexchange.com/questions/98585/how-to-find-if-two-transactions-in-mempool-are-conflicting

Up until now, the differences between node policies supported by different
nodes running core have been quite small, with essentially the following
options available:

 -minrelaytxfee, -maxmempool - changes the lowest fee rate you'll accept

 -mempoolexpiry - how long to keep txs in the mempool

 -datacarrier - reject txs creating OP_RETURN outputs

 -datacarriersize - maximum size of OP_RETURN data

 -permitbaremultisig - prevent relay of bare multisig

 -bytespersigop - changes how SIGOP accounting works for relay and
 mining prioritisation

as well as these, marked as "debug only" options (only shown with
-help-debug):

 -incrementalrelayfee - make it easier/harder to spam txs by only
 slightly bumping the fee; marked as a "debug only" option

 -dustrelayfee - make it easier/harder to create uneconomic utxos;
 marked as a "debug only" option

 -limit{descendant,ancestor}{count,size} - changes how large the
 transaction chains can be; marked as a "debug only" option

and in theory, but not available on mainnet:

 -acceptnonstdtxn - relay/mine non standard transactions

There's also the "prioritisetransaction" rpc, which can cause you to keep
a low feerate transaction in your mempool longer than you might otherwise.

I think that -minrelaytxfee, -maxmempool and -mempoolexpiry are the only
ones of those options commonly set, and those only rarely result in any
differences in the txs at the top of the mempool.

There are also quite a few parameters that aren't even runtime
configurable:

 - MAX_STANDARD_TX_WEIGHT
 - MIN_STANDARD_TX_NONWITNESS_SIZE (see also #26265)
 - MAX_P2SH_SIGOPS (see also #26348)
 - MAX_STANDARD_TX_SIGOPS_COST
 - MAX_STANDARD_P2WSH_STACK_ITEMS
 - MAX_STANDARD_P2WSH_STACK_ITEM_SIZE
 - MAX_STANDARD_TAPSCRIPT_STACK_ITEM_SIZE
 - MAX_STANDARD_P2WSH_SCRIPT_SIZE
 - MAX_STANDARD_SCRIPTSIG_SIZE
 - EXTRA_DESCENDANT_TX_SIZE_LIMIT
 - MAX_REPLACEMENT_CANDIDATES

And other plausible options aren't configurable even at compile time
-- eg, core doesn't implement BIP 125's inherited signalling rule so
there's no way to enable it; core doesn't allow opting out of BIP 125
rule 3 ratchet on absolute fee; core doesn't allow CPFP carveout with
more than 1 ancestor; core doesn't allow opting out of LOW_S checks
(even via -acceptnonstdtxn); etc.

We also naturally have different mempool policies between different
releases: eg, expansions of policy, such as allowing OP_RETURN or
expanding it from 40 to 80 bytes or new soft forks where old nodes won't
relay transactions that use the new; and also occassional restrictions
in policy, such as the LOW_S requirement.


While supporting and encouraging different mempool polices might be new
for core, it's not new for knots: knots changes some of these defaults
(-permitbaremultisig defaults to false, -datacarriersize is reduced to
42), allows the use of -acceptnonstdtxn on mainnet, and introduces new
options including -spkreuse and -mempoolreplacement (giving the latter
full rbf behaviour by default). Knots also includes a `-corepolicy`
option to make it easy to get a configuration matching core's defaults.


I think gmaxwell's take from Feb 2015 (in the context of how restrictive
policy on OP_RETURN data should be) was a reasonable description for
core's approach up until now:

  There is also a matter of driving competent design rather than lazy
  first thing that works. E.g. In stealth addresses the early proposals
  use highly inefficient single ECDH point per output instead

Re: [bitcoin-dev] Refreshed BIP324

2022-10-26 Thread Pieter Wuille via bitcoin-dev 
Hi all,

On Saturday, October 8th, 2022 at 8:59 AM, Dhruv M  wrote:

> We have refreshed the proposal for BIP324, a new bitcoin P2P protocol
> featuring opportunistic encryption, a mild bandwidth reduction, and the
> ability
> to negotiate upgrades before exchanging application messages. We'd like
> to invite community members to review the BIP[1] and the related Bitcoin
> Core
> code[2].

One open question we have regarding BIP324's design is how to deal with the
coordination of assigning the message type IDs.

For context, the current BIP324 draft introduces a notion of 1-byte message
type IDs, which take the place of the 12-byte command strings (in a backward
compatible way; it's still possible to send full strings). This offers a
mild bandwidth reduction (3 bytes per message overall), especially since many
messages on the network are fairly small.

However, it obviously raises the question of how the mapping table between the
1-byte IDs and the commands they represent should be maintained:

1. The most straightforward solution is using the BIP process as-is: let BIP324
   introduce a fixed initial table, and future BIPs which introduce new
   messages can introduce new mapping entries for it. In theory, this is no
   worse than the current coordination difficulty about command strings, but
   in practice the risk of collisions due to competing proposals is of course
   significantly larger with 1-byte IDs vs. 12-byte strings.

2. An alternative approach is not using 1-byte IDs but slightly longer ones;
   for example 3-byte IDs, each consisting of a 2-byte BIP number and a 1-byte
   message index introduced by that BIP, at the cost of a smaller bandwidth
   improvement. This significantly reduces collision risks, but doesn't remove
   the coordination process concerns entirely (e.g. revisions changing what a
   BIP introduces need to be taken into account and probably still mean BIPs
   need to explicitly list which assignments they introduce).

3. Yet another possibility is not having a fixed table at all, and negotiate
   the mapping dynamically. E.g. either side could send a message at
   connection time with an explicit table of entries "when I send byte X, I
   mean command Y".

4. Lastly, the whole feature could just be dropped from BIP324 (sticking with
   command strings), and left for a follow-up (or independent) protocol
   improvement. Since arguably this is purely an application-layer concern and
   not a transport-layer one, it could even be added as an optional feature to
   the (pre-BIP324) protocol today. That would however very likely mean that
   BIP324 if adopted as-is isn't actually an (albeit small) bandwidth
   reduction compared to today, and forego a possibility to fix a fairly
   gratuitous inefficiency in the protocol from day one.

Our idea is to start out with approach (1), with a mapping table effectively
managed by the BIP process directly, but if and when collisions become a
concern (maybe due to many parallel proposals, maybe because the number of
messages just grows too big), switch to approach (3), possibly even
differentially (the sent mappings are just additions/overwrites of the
BIP-defined table mappings, rather than a full mapping).

That said, we're not all that convinced this is the best approach, and feel
this more a community/process question than a technical one, so it would be
good to see more opinions on the topic.

Cheers,

-- 
Dhruv, Pieter, Tim
___
bitcoin-dev mailing list
bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev

Re: [bitcoin-dev] Relaxing minimum non-witness transaction size policy restriction

2022-10-26 Thread Greg Sanders via bitcoin-dev 
As there has been some feedback to the same effect, I've opened a competing
PR for separate evaluation here:
https://github.com/bitcoin/bitcoin/pull/26398

Please give feedback if anyone has any.

On Thu, Oct 20, 2022 at 8:13 PM Peter Todd  wrote:

> On Thu, Oct 20, 2022 at 08:07:54PM -0400, Greg Sanders wrote:
> > I don't doubt the use case(it's why I opened the issue!). I didn't want
> the
> > proposal to die in case people found it odd that 61, 62, 63, but not 64
> > bytes ended up being broadcast able.
> >
> > Perhaps this is not an issue, especially since this isn't a consensus
> > change like the Great Consensus Cleanup. Willing to change my proposal
> and
> > PR if people have no strong objections.
>
> I think it's fine if we only restrict 64 bytes. We have a specific reason
> to do
> that and it's ok if we just tell people that. Only fairly-technical
> use-cases
> are affected anyway.
>
> --
> https://petertodd.org 'peter'[:-1]@petertodd.org
>
___
bitcoin-dev mailing list
bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev