{"type":"rich","version":"1.0","title":"darosior [ARCHIVE] wrote","author_name":"darosior [ARCHIVE] (npub1pj…x22xp)","author_url":"https://yabu.me/npub1pj9022f74rzq7d5x7gnxje6wpsgk4r5jgeck8y5awd423ydhan3q7x22xp","provider_name":"njump","provider_url":"https://yabu.me","html":"📅 Original date posted:2020-01-30\n📝 Original message:\nHi Lisa and all,\n\nGiven the discussion about utxos snooping, I wondered if there was any obvious drawbacks of using a transaction chain construction ?\n\nSince the obvious target of the probing is the accepter, it seems that the opener needs to at least have something at stake in order to be revealed some of the accepter's utxos.\nThus, the opener giving the accepter a signed transaction commited to the channel opening is one way of avoiding the opener to probe gratuitously. I was thinking of something like:\n\nA is opener, B is accepter.\nA could sign the first input (and accordingly the 2of2 output) with SIGHASH_SINGLE|SIGHASH_ANYONECANPAY. Unfortunately this doesn't handle A's change, but it can be solved using a chain of transaction.\nA creates a first transaction txA1:\n\n    txA1 (SIGHASH_ALL)\n     _________________ __________________________\n    | A's input 1    | A's channel participation |\n    |----------------|---------------------------\n    | A's input 2    | A's change                |\n    |----------------|---------------------------\n    | A's input n    |\n    |________________|\n    \n\n\nAnd then creates /signs the funding transaction out of the first output of txA1:\n\n    txA2 (SIGHASH_SINGLE|SIGHASH_ANYONECANPAY)\n     _________________ _______________\n    | txA1 vout 0    | 2of2 with B    |\n    |________________|________________\n\nSince txA2 is signed with SINGLE|ANYONECANPAY, B can add inputs to fulfill the value requirement of the 2of2, and add outputs for its own change.\n\nThis comes at the cost of more setup fees opener-side, but avoids the accepter to be gratuitously probed, so this is arguably a far lesser evil.\nIs there any other downside I'm missing here ?\n\nAntoine\n\n‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐\nLe mardi, janvier 28, 2020 2:51 AM, lisa neigut \u003cniftynei at gmail.com\u003e a écrit :\n\n\u003e Some of the feedback I received from the check-in for the dual-funding proposal this past Monday was along the lines that we look at simplifying for breaking it into smaller, more manageable chunks.\n\u003e \n\n\u003e The biggest piece of the dual-funding protocol update is definitely the move from a single peer constructing a transaction to two participants. We're also going to likely want to reuse this portion of the protocol for batched closings and splicing. To that extent, it seemed useful to highlight it in a separate email.\n\u003e \n\n\u003e This is a change from the existing proposal in the dual-funding PR #524 -- it allows for the removal of inputs and outputs.\n\u003e \n\n\u003e The set of messages are as follows.\n\u003e \n\n\u003e Note that the 'initiation' of this protocol will be different depending on the case of the transaction (open, close or splice):\n\u003e \n\n\u003e 1. type:   440 `tx_add_input`\n\u003e \n\n\u003e 2. data:\n\u003e \n\n\u003e     * [`32*byte`:`channel_identifier`]\n\u003e \n\n\u003e     * [`u64`:`sats`]\n\u003e \n\n\u003e     * [`sha256`:`prevtx_txid`]\n\u003e \n\n\u003e     * [`u32`:`prevtx_vout`]\n\u003e \n\n\u003e     * [`u16`:`prevtx_scriptpubkey_len`]\n\u003e \n\n\u003e     * [`prevtx_scriptpubkey_len*byte`:`prevtx_scriptpubkey`]\n\u003e \n\n\u003e     * [`u16`:`max_witness_len`]\n\u003e \n\n\u003e     * [`u16`:`scriptlen`]\n\u003e \n\n\u003e     * [`scriptlen*byte`:`script`]\n\u003e \n\n\u003e     * [`byte`:`signal_rbf`]\n\u003e \n\n\u003e 1. type: 442 `tx_add_output`\n\u003e \n\n\u003e 2. data:\n\u003e \n\n\u003e     * [`32*byte`:`channel_identifier`]\n\u003e \n\n\u003e     * [`u64`:`sats`]\n\u003e \n\n\u003e     * [`u16`:`scriptlen`]\n\u003e \n\n\u003e     * [`scriptlen*byte`:`script`]\n\u003e \n\n\u003e 1. type: 444 `tx_remove_input`\n\u003e \n\n\u003e 2. data:\n\u003e \n\n\u003e     * [`32*byte`:`channel_identifier`]\n\u003e \n\n\u003e     * [`sha256`:`prevtx_txid`]\n\u003e \n\n\u003e     * [`u32`:`prevtx_vout`]\n\u003e \n\n\u003e 1. type: 446 `tx_remove_output`\n\u003e \n\n\u003e 2. data:\n\u003e \n\n\u003e     * [`32*byte`:`channel_identifier`]\n\u003e \n\n\u003e     * [`u64`:`sats`]\n\u003e \n\n\u003e     * [`u16`:`scriptlen`]\n\u003e \n\n\u003e     * [`scriptlen*byte`:`script`]\n\u003e \n\n\u003e 1. type: 448 `tx_complete`\n\u003e \n\n\u003e 2. data:\n\u003e \n\n\u003e     * [`32*byte`:`channel_identifier`]\n\u003e \n\n\u003e     * [`u16`:`num_inputs`]\n\u003e \n\n\u003e     * [`u16`:`num_outputs`]\n\u003e \n\n\u003e 1. type:  448 `tx_sigs`\n\u003e \n\n\u003e 2. data:\n\u003e \n\n\u003e     * [`channel_id`:`channel_identifier`]\n\u003e \n\n\u003e     * [`u16`:`num_witnesses`]\n\u003e \n\n\u003e     * [`num_witnesses*witness_stack`:`witness_stack`]\n\u003e \n\n\u003e 1. subtype: `witness_stack`\n\u003e \n\n\u003e 2. data:\n\u003e \n\n\u003e     * [`sha256`:`prevtx_txid`]\n\u003e \n\n\u003e     * [`u32`:`prevtx_vout`]\n\u003e \n\n\u003e     * [`u16`:`num_input_witness`]\n\u003e \n\n\u003e     * [`num_input_witness*witness_element`:`witness_element`]\n\u003e \n\n\u003e 1. subtype: `witness_element`\n\u003e \n\n\u003e 2. data:\n\u003e \n\n\u003e     * [`u16`:`len`]\n\u003e \n\n\u003e     * [`len*byte`:`witness`]\n\u003e \n\n\u003e ## General Notes\n\u003e \n\n\u003e - Validity of inputs/outputs is not checked until both peers have sent consecutive `tx_complete`  messages.\n\u003e \n\n\u003e - Duplicate inputs or outputs is a protocol error.\n\u003e \n\n\u003e - Feerate is set by the initiator, or in the case of a closing transaction, negotiated before the transaction construction is initiated.\n\u003e \n\n\u003e - Every peer pays fees for the inputs + outputs they contribute, plus enough to cover the maximum estimate of their witnesses. Overpayment of fees is permissible.\n\u003e \n\n\u003e - Initiator is responsible for contributing the output/input in question, i.e. the \n\u003e \n\n\u003e   funding output in the case of an opening, or the funding input in the case of a close. \n\u003e \n\n\u003e   (This means that the opener will pay for the opening output). In the case of a splice,\n\u003e \n\n\u003e   the initiator of the splice pays for the funding tx's inclusion as an input and the\n\u003e \n\n\u003e   new 'funding tx' output.\n\u003e \n\n\u003e - Any contributor may signal that their input is RBF'able. The nSequence for this input should be set to 0xFEFF FFFF, 0xFFFFFFFF otherwise.\n\u003e \n\n\u003e - The initiating peer is understood to be paying the fee for the shared transaction fields (nVersion [4], segwit marker + flag [2], input + output counts [2-18], witness count [1-9], nLocktime [4]; total [13-40bytes])\n\u003e \n\n\u003e - Inputs MUST be segwit compatible (PW* or P2SH-PW*)\n\u003e \n\n\u003e - All output scripts must be standard\n\u003e \n\n\u003e - nLocktime is always set to 0x00000000.\n\u003e \n\n\u003e - The `num_inputs` and `num_outputs` in `tx_complete` is a count of that peer’s final input and output contributions, net any removals.\n\u003e \n\n\u003e - Either peer may add or remove inputs and outputs until both peers have successfully\n\u003e \n\n\u003e   exchanged a `tx_complete` message in succession.\n\u003e \n\n\u003e - Either peer may only add or remove their own input or output.\n\u003e \n\n\u003e - In the case that a `tx_complete` agreement cannot be reached, either peer may\n\u003e \n\n\u003e   fail the channel or open protocol (whatever is reasonable for the particular case)\n\u003e \n\n\u003e   - In the case of a splice, this would be a soft error (channel returns to normal operation until      \n\u003e \n\n\u003e     otherwise failed or closed.)\n\u003e \n\n\u003e   - In the case of an open, this would be a failure to open the channel.\n\u003e \n\n\u003e   - In the case of a close, a failed collaborative close would result in an error and a unilateral close.\n\u003e \n\n\u003e ### Considering the Simple Open case (2 parties)\n\u003e \n\n\u003e - Both peers signal `opt_dual_fund`\n\u003e \n\n\u003e - Opener initiates a channel open with `open_channel2` message, indicating the feerate for the opening transaction\n\u003e \n\n\u003e - Accepter signals acceptance of channel open as proposed, including proposed feerate, via `accept_channel2`\n\u003e \n\n\u003e - Opener sends `tx_add_output`, with the funding output for the sum of both peer’s funding_amount\n\u003e \n\n\u003e - Opener sends `tx_add_input` for each input the wish to add to the funding transaction\n\u003e \n\n\u003e - Opener sends `tx_add_output` for their change \n\u003e \n\n\u003e - Opener sends `tx_complete`\n\u003e \n\n\u003e - Accepter sends `tx_add_input` for each input they wish to add to the funding transaction\n\u003e \n\n\u003e - Accepter sends `tx_add_output` for their change.\n\u003e \n\n\u003e - Accepter sends `tx_complete`\n\u003e \n\n\u003e - Opener sends `tx_complete`\n\u003e \n\n\u003e - Opener and accepter exchange commitment signatures; etc.\n\u003e \n\n\u003e ### Considering the Splice case:\n\u003e \n\n\u003e - Both peers signal `opt_splice_ok`\n\u003e \n\n\u003e - One peer initiates a splice, also signaling the feerate for the transaction. Exact protocol unspecified herein.\n\u003e \n\n\u003e - Initiator sends `tx_add_input` with the original funding output\n\u003e \n\n\u003e - Initiator sends `tx_add_output` with the new, post-splice funding output\n\u003e \n\n\u003e - Initiator sends `tx_add_input/output` as needed to add all desired inputs + outputs\n\u003e \n\n\u003e - Initiator sends `tx_complete`\n\u003e \n\n\u003e - Peer sends `tx_add_input/output` as needed to add all desired inputs + outputs\n\u003e \n\n\u003e - Initiator sends `tx_complete`\n\u003e \n\n\u003e - Peer sends `tx_complete`\n\u003e \n\n\u003e - Initiator + peer exchange commitment signatures, etc.\n\u003e \n\n\u003e ### Considering the Close case:\n\u003e \n\n\u003e - Both peers signal `opt_collaborative_close` in their `node_announcement`.\n\u003e \n\n\u003e - A peer initiates a close sending a `shutdown`, as per usual. \n\u003e \n\n\u003e - A feerate is negotiated. Out of band for this particular portion of the protocol.\n\u003e \n\n\u003e -The closing initiator (peer which first sent `shutdown`), sends `tx_add_input` to spend the funding output and `tx_add_output` to add their output for the channel closure.\n\u003e \n\n\u003e - The peer responds with `tx_add_output`, adding their output to the close transaction.\n\u003e \n\n\u003e - If `option_upfront_shutdown_script` is flagged but no such output with a value at or within a reasonable feerate gap of the peer's funding output is present, then the peer must fail the channel. \n\u003e \n\n\u003e ## Updating a collaborative transaction with RBF:\n\u003e \n\n\u003e - If any input is flagged as RBF’able, then the transaction is considered eligible for RBF\n\u003e \n\n\u003e - RBF can be initiated by either party, and serves as an initiation for another round of transaction composition, as outlined above.\n\u003e \n\n\u003e - Note that this section has been cribbed and re-purposed from the original RBF proposal for splicing, see https://lists.linuxfoundation.org/pipermail/lightning-dev/2018-November/001621.html\n\u003e \n\n\u003e 1. type: 45 (`init_rbf`) (`option_collaborative_rbf`)\n\u003e \n\n\u003e 2. data:\n\u003e \n\n\u003e    * [`32`:`channel_id`]\n\u003e \n\n\u003e    * [`4`:`fee_step`]\n\u003e \n\n\u003e Each `fee_step` adds 1/4 (rounded down) to the initial \n\u003e \n\n\u003e transaction feerate. eg. if the initial feerate was 512 satoshis per kiloweight, `fee_step` 1\n\u003e \n\n\u003e is  512 + 512 / 4 = 640, `fee_step` 2 is 640 + 640 / 4 = 800.\n\u003e \n\n\u003e The sender:\n\u003e \n\n\u003e   - MUST set `fee_step` greater than zero and greater than any prior `fee_step`.\n\u003e \n\n\u003e The recipient:\n\u003e \n\n\u003e   - if the new fee exceeds the sender's current balance minus reserve\n\u003e \n\n\u003e     after it is applied to the splice transaction:\n\u003e \n\n\u003e     - MUST error.\n\u003e \n\n\u003e NOTES:\n\u003e \n\n\u003e 1. 1/4 is a reasonable minimal RBF, but as each one requires more\n\u003e \n\n\u003e    tracking by the recipient, serves to limit the number you can create.\n\u003e \n\n\u003e 2. Rule 4 of BIP125 requires a feerate increase to at least surpass the minimum transaction relay setting. Ratcheting by 25% should satisfy this requirement\n\u003e \n\n\u003e 3. An additional rule will be added to the checks of an RBF transaction that it must include at least one identical, replaceable input as the original transaction.\n-------------- next part --------------\nAn HTML attachment was scrubbed...\nURL: \u003chttp://lists.linuxfoundation.org/pipermail/lightning-dev/attachments/20200130/d137558a/attachment-0001.html\u003e\n-------------- next part --------------\nA non-text attachment was scrubbed...\nName: signature.asc\nType: application/pgp-signature\nSize: 477 bytes\nDesc: OpenPGP digital signature\nURL: \u003chttp://lists.linuxfoundation.org/pipermail/lightning-dev/attachments/20200130/d137558a/attachment-0001.sig\u003e"}