[bitcoin-dev] [Lightning-dev] Waiting SIGHASH_ANYPREVOUT and Packing Packages

David A. Harding dave at dtrt.org
Sat Jun 19 13:36:53 UTC 2021 

On Fri, Jun 18, 2021 at 06:11:38PM -0400, Antoine Riard wrote:
> 2) Solving the Pre-Signed Feerate problem : Package-Relay or
> SIGHASH_ANYPREVOUT
> 
> For Lightning, either package-relay or SIGHASH_ANYPREVOUT should be able to
> solve the pre-signed feerate issue [3]
>
> [...]
>
> [3] I don't think there is a clear discussion on how SIGHASH_ANYPREVOUT
> solves pinnings beyond those LN meetings logs:
> https://gnusha.org/lightning-dev/2020-06-08.log

For anyone else looking, the most relevant line seems to be:

  13:50 < BlueMatt> (sidenote: sighash_no_input is *really* elegant here
  - assuming a lot of complicated logic in core to do so, you could
  imagine blind-cpfp-bumping *any* commitment tx without knowing its
  there or which one it is all with one tx.......in theory)

That might work for current LN-penalty, but I'm not sure it works for
eltoo.  If Bitcoin Core can rewrite the blind CPFP fee bump transaction
to refer to any prevout, that implies anyone else can do the same.
Miners who were aware of two or more states from an eltoo channel would
be incentivized to rewrite to the oldest state, giving them fee revenue
now and ensuring fee revenue in the future when a later state update is
broadcast.

If the attacker using pinning is able to reuse their attack at no cost,
they can re-pin the channel again and force the honest user to pay
another anyprevout bounty to miners.  Repeat this a bunch of times and
the honest user has now spent more on fees than their balance from the
closed channel.

Even if my analysis above is wrong, I would encourage you or Matt or
someone to write up this anyprevout idea in more detail and distribute
it before you promote it much more.

> package-relay sounds a reasonable, temporary "patch".

Even if every protocol based on presigned transactions can magically
allow dynamically adding inputs and modifying outputs for fees, and we
also have a magic perfect transaction replacement protocol, package
relay is still fundamentally useful for CPFP fee bumping very low
feerate transactions received from an external party.  E.g. Alice pays
Bob, mempool min feerates increase and Alice's transaction is dropped,
Bob still wants the money, so he submits a package with Alice's
transaction plus his own high feerate spend of it.

Package relay is a clear improvement now, and one I expect to be
permanent for as long as we're using anything like the current protocol.
 
> # Deployment timeline
> 
> So what I believe as a rough deployment timeline.

I don't think it's appropriate to be creating timelines like this that
depend on the work of a large number of contributors who I don't believe
you've consulted.  For details on this point of view, please see
https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-July/014726.html

Stuff will get done when it gets done.

-Dave
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20210619/cfff070b/attachment.sig>

More information about the bitcoin-dev mailing list