Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

BIP431: Opt In Topologically Restricted Until Confirmation Transactions For More Robust Fee-bumping #1541

Merged
merged 1 commit into from
May 29, 2024

Conversation

glozow
Copy link
Member

@glozow glozow commented Jan 18, 2024

This is a BIP for Topologically Restricted Until Confirmation (TRUC) Transactions. It's also called "v3 transaction policy" since the marker is nVersion=3.

A specification is useful for coordination between node impls that want to implement the same policy and applications that want to use it. For those that are not interested in the details of v3 policy, this also serves as a writeup of the specific pinning problems we aim to address. There has been discussion of using this in other protocol design and multiple requests for its documentation to exist in the BIPs repository, so I'm opening a PR here.

Implementation:

Example usage and things built on top:

Discussion and history:

@t-bast
Copy link
Contributor

t-bast commented Jan 18, 2024

FWIW, concept ACK :)

Copy link
Contributor

@murchandamus murchandamus left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ACK 4bd12d5

bip-v3.mediawiki Outdated Show resolved Hide resolved
bip-v3.mediawiki Outdated Show resolved Hide resolved
bip-v3.mediawiki Outdated Show resolved Hide resolved
bip-v3.mediawiki Outdated Show resolved Hide resolved
bip-v3.mediawiki Outdated Show resolved Hide resolved
bip-v3.mediawiki Outdated Show resolved Hide resolved
@glozow
Copy link
Member Author

glozow commented Jan 22, 2024

Thanks @murchandamus, took all your suggestions (4bd12d5...af8e903)

Copy link
Member

@ismaelsadeeq ismaelsadeeq left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Concept ACK

bip-v3.mediawiki Outdated Show resolved Hide resolved
bip-v3.mediawiki Outdated Show resolved Hide resolved
bip-v3.mediawiki Outdated Show resolved Hide resolved
@glozow glozow force-pushed the 2024-01-v3-prio branch 3 times, most recently from 752a287 to 542f833 Compare January 22, 2024 12:35
@michaelfolkson michaelfolkson mentioned this pull request Jan 22, 2024
@glozow
Copy link
Member Author

glozow commented Feb 19, 2024

@luke-jr this has been open for a month, would you mind taking a look?

@ariard
Copy link

ariard commented Feb 19, 2024

I think this should document that 1000 vb child limit is experimental and it cannot be relied on by downstream projects.
This opt-in policy is not robust towards NTA pinning (cf. “The Good, The Bad, The Ugly” 2020 mail) and “loophole” pinning exposed in Core’s #28948. This can note that additional opt-in policy might be applied on top of nversion=3 see Core’s #29454.

@glozow glozow changed the title Opt-In Policy For More Robust Fee-bumping Opt In Topologically Restricted Until Confirmation Transactions For More Robust Fee-bumping Mar 22, 2024
Copy link
Contributor

@murchandamus murchandamus left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ACK 63e8a71

bip-truc.mediawiki Outdated Show resolved Hide resolved
bip-truc.mediawiki Outdated Show resolved Hide resolved
bip-truc.mediawiki Outdated Show resolved Hide resolved
bip-truc.mediawiki Outdated Show resolved Hide resolved
bip-truc.mediawiki Outdated Show resolved Hide resolved
Copy link
Member Author

@glozow glozow left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @murchandamus! Accepted your suggestions.

bip-truc.mediawiki Outdated Show resolved Hide resolved
bip-truc.mediawiki Outdated Show resolved Hide resolved
bip-truc.mediawiki Outdated Show resolved Hide resolved
bip-truc.mediawiki Outdated Show resolved Hide resolved
bip-truc.mediawiki Outdated Show resolved Hide resolved
bip-truc.mediawiki Outdated Show resolved Hide resolved
bip-truc.mediawiki Outdated Show resolved Hide resolved
@luke-jr
Copy link
Member

luke-jr commented Apr 23, 2024

As with #1524, node policy is not a standardizable subject matter in itself - every node decides its own policy. BIP 125 already defined a way for wallets to indicate they prefer RBF-like treatment of their transactions, and I don't see why the same signal can't be used for this.

@vostrnad
Copy link
Contributor

Every node deciding its own policy is not mutually exclusive with it being standardizable – each node decides which (if any) standards to follow. Policy standards make just as much sense as e.g. wallet standards or P2P protocol standards.

@Roasbeef
Copy link
Contributor

BIP 125 already defined a way for wallets to indicate they prefer RBF-like treatment of their transactions, and I don't see why the same signal can't be used for this.

BIP 125 defines a set of rules w.r.t transaction replacement. Some of those rules have edge cases that can lead to defects where transactions that should otherwise be replaced, can't be replaced. This class of replacement defects loosely falls under the umbrella of "transaction pinning". The TRUC rules resolve those issues, creating a replacement semantics that better serve off-chain protocols, and address some known pinning vectors. For many off-chain protocols, TRUC will supersede base RBF. As the semantics are distinct, it cannot use the existing sequence fields carved out by BIP 125 (the rules are also incompatible). Instead, it uses transaction v3 (no longer non standard) as a way to signal replacement under a distinct set of rules.

@luke-jr
Copy link
Member

luke-jr commented Apr 23, 2024

BIP 125 defines a signalling mechanism, not policy (which is again outside the scope of BIPs) even if it describes a particular policy. The intent of the signal is clear, and it can be implemented in other ways such as the one that seems to be desired here.

@Roasbeef
Copy link
Contributor

BIP 125 defines a signalling mechanism, not policy

It clearly defines both:

The opt-in full Replace-by-Fee (opt-in full-RBF) signaling policy described here allows spenders to add a signal to a transaction indicating that they want to be able to replace that transaction in the future

This policy specifies two ways a transaction can signal that it is replaceable.

Inherited signaling: Transactions that don't explicitly signal replaceability are replaceable under this policy for as long as any one of their ancestors signals replaceability and remains unconfirmed.

Because descendant transactions may also be replaceable under this policy through inherited signaling, any method used to process opt-in full-RBF transactions should be inherited by any descendant transactions for as long as any ancestor opt-in full-RBF transactions remain unconfirmed.

It also defines a precise set of rules for the policy. If an implementation deviates from those rules, then it isn't BIP 125. From the OP, there's a clear need to define a new policy and signalling mechanism, which this document does.

@luke-jr
Copy link
Member

luke-jr commented Apr 23, 2024

It may be poorly worded, but that isn't the point.

@luke-jr
Copy link
Member

luke-jr commented Apr 23, 2024

(Note that BIP 125's relationship with policy was a matter of discussion back when it was submitted, and it was nearly rejected - the only reason it was accepted in the end, was as a signalling BIP. And even if you want to insist it defines policy, mistakes made in the past would not be a reason to repeat them in the future, and thus would actually work against accepting this proposal)

@jonatack jonatack changed the title Opt In Topologically Restricted Until Confirmation Transactions For More Robust Fee-bumping BIP431: Opt In Topologically Restricted Until Confirmation Transactions For More Robust Fee-bumping May 22, 2024
@jonatack jonatack removed the PR Author action required Needs updates, has unaddressed review comments, or is otherwise waiting for PR author label May 22, 2024
bip-0431.mediawiki Outdated Show resolved Hide resolved
@glozow glozow force-pushed the 2024-01-v3-prio branch 2 times, most recently from a9a9aad to 32e4e44 Compare May 23, 2024 07:07
Copy link

@carlaKC carlaKC left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ACK 32e4e44

With the tiny non-blocking nitpick that a few places in the doc use markdown _ for italics (I think) where they should use '' for mediawiki italics.

Copy link
Contributor

@murchandamus murchandamus left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks good to me and ready to go except for a couple nits (which I don’t think would need to hold up a merge) and a formatting issue:

  1. The JEDEC standard specifies that uppercase K (kilo) refers to 1024¹ (and M (mega), G (giga) as 1024² and 1024³ respectively). However, since the numbers in your example are referring to a factor of 1000¹, they should be using lowercase k, the symbol of the metric prefix kilo referring to a factor of 1000¹. Therefore, it would be preferable if the units were updated to read "kvB" instead of "KvB", and "ksats" instead of "Ksats".

  2. AFAIU, technical writing standards generally recommend a space between the numerical value and unit symbol.

E.g. using a space is recommended by the SI Standard,
image via https://www.nist.gov/pml/special-publication-330/sp-330-section-5

by NIST,
image via https://physics.nist.gov/cuu/Units/checklist.html

as well as IEEE:
image via https://academia.stackexchange.com/q/54885/8305

My personal preference is to separate the value and symbol with a Narrow No-Break Space (U+202F) as that provides the expected visual offset, renders as a smaller gap than a full length space, but still prevents unfortunate line breaks. My suggested changes already make use of NNBSPs.

bip-0431.mediawiki Outdated Show resolved Hide resolved
bip-0431.mediawiki Outdated Show resolved Hide resolved
bip-0431.mediawiki Outdated Show resolved Hide resolved
bip-0431.mediawiki Outdated Show resolved Hide resolved
bip-0431.mediawiki Outdated Show resolved Hide resolved
Copy link
Contributor

@murchandamus murchandamus left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oops, I overlooked a couple more values

bip-0431.mediawiki Outdated Show resolved Hide resolved
bip-0431.mediawiki Outdated Show resolved Hide resolved
bip-0431.mediawiki Outdated Show resolved Hide resolved
bip-0431.mediawiki Outdated Show resolved Hide resolved
@glozow glozow force-pushed the 2024-01-v3-prio branch from 32e4e44 to c0fb417 Compare May 23, 2024 14:27
Copy link
Member Author

@glozow glozow left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @carlaKC @murchandamus! I've fixed the italics, spacing, and "k".

bip-0431.mediawiki Outdated Show resolved Hide resolved
bip-0431.mediawiki Outdated Show resolved Hide resolved
bip-0431.mediawiki Outdated Show resolved Hide resolved
bip-0431.mediawiki Outdated Show resolved Hide resolved
bip-0431.mediawiki Outdated Show resolved Hide resolved
bip-0431.mediawiki Outdated Show resolved Hide resolved
bip-0431.mediawiki Outdated Show resolved Hide resolved
bip-0431.mediawiki Outdated Show resolved Hide resolved
bip-0431.mediawiki Outdated Show resolved Hide resolved
bip-0431.mediawiki Outdated Show resolved Hide resolved
@glozow glozow force-pushed the 2024-01-v3-prio branch from c0fb417 to 04d3a06 Compare May 23, 2024 15:33
Copy link

@carlaKC carlaKC left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

re-ACK 04d3a06 🤩

@glozow
Copy link
Member Author

glozow commented May 28, 2024

(I think this is ready, please lmk if there's anything left to do on my end)

@jonatack jonatack self-assigned this May 29, 2024
Copy link
Member

@jonatack jonatack left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ACK 04d3a06

Re-checked the RBF rules vs description headers.

<br />At least 1 descendant is required to allow CPFP of the presigned transaction. Without package RBF, multiple anchor outputs would be required to allow each counterparty to fee-bump any presigned transaction. With package RBF, since the presigned transactions can replace each other, 1 anchor output is sufficient.
</ref>

4. A TRUC transaction cannot have a sigop-adjusted virtual size larger than 10,000 vB.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Updated for bitcoin/bitcoin#29873 👍


===RBF pinning through absolute fees===

Imagine that counterparties Alice and Mallory have transactions (or packages) A and B, respectively, which conflict with each other. Alice broadcasts A and Mallory broadcasts B. RBF rules require the replacement transaction pay a higher absolute fee than the aggregate fees paid by all original transactions ([https://github.com/bitcoin/bitcoin/blob/master/doc/policy/mempool-replacements.md#current-replace-by-fee-policy "Rule 3"]). This means Mallory may increase the fees required to replace B beyond what Alice was planning to pay for A's fees.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

With bitcoin/bitcoin#29496 on the table, note to possibly consider updating/appending to https://github.com/bitcoin/bitcoin/blob/master/doc/policy/mempool-replacements.md#current-replace-by-fee-policy with TRUC at some point (and making sure the multiple links to it in this BIP remain valid).

@jonatack jonatack merged commit 10650be into bitcoin:master May 29, 2024
3 checks passed
@petertodd
Copy link
Contributor

This BIP is missing an explanation of how it is expected to work with future nVersion upgrades.

Eg if we add a third consensus critical transaction version, how should that interact with TRUC? Do we just add another version?

Obviously this is a serious drawback of mixing up mempool behavior and consensus code.

@murchandamus
Copy link
Contributor

murchandamus commented Jul 8, 2024

It seems to me that BIP 431 only applies to version 3 transactions. So, I’m not sure I understand your concern. If someone e.g. proposed giving meaning to version 4 in say a BIP-v4, it could propose how transactions with version 3 should interact with transactions of version 4 and then whoever implements BIP-v4 would follow those recommendations, while those that don’t implement it, would not.

@petertodd
Copy link
Contributor

petertodd commented Jul 8, 2024 via email

@glozow glozow deleted the 2024-01-v3-prio branch July 8, 2024 15:03
@glozow
Copy link
Member Author

glozow commented Jul 8, 2024

I'd imagine that the author of a proposal that defines a new consensus rule under version=3 would consider what usage exists on the network, particularly if the rules described in this BIP are adopted by the network when that proposal is created. They would probably also want to explain why gating it on version=3 (or any version-related marker at all) is necessary.

Of course, coordinating between all the many proposals may not be easy. Are you perhaps making an argument for why we should document proposed uses of version=3 in a central place to avoid creating and deploying conflicting uses?

@murchandamus
Copy link
Contributor

TRUC behavior is not desirable for all transactions; it is not a clear upgrade. Thus, the obvious question is how do we expect a future soft fork version upgrade to deal with this? For example, consider what would have happened had we tried to introduce TRUC prior to v2 transactions.

It’s not clear to me where you see a problem. This BIP applies to transactions with version 3, not transactions signaling a version of 3 and higher.

@petertodd
Copy link
Contributor

So an obvious example of where TRUC's use of v3 transactions would cause a problem is if we had a situation similar to v2 transactions, where an upgrade happened that had wide applicability. Since TRUC is so limited, we'd need to have two different versions of the consensus upgrade for TRUC and non-TRUC transactions. Obviously, that would be a mess. This gets even worse when you consider that we all know that TRUC only mitigates pinning for a very narrow use-case, and people are already discussing extensions to TRUC with new version bits.

Meanwhile, it would be quite easy for TRUC to achieve it's actual main goal of enabling empheral anchor outputs as quick fix by defining TRUC behavior as being enabled for zero-fee transactions.

Choosing V3 didn't even do "TRUC behavior" cleanly as a bit: bin(3) = 0b11, two bits set.

@ariard
Copy link

ariard commented Jul 16, 2024

Choosing V3 didn't even do "TRUC behavior" cleanly as a bit: bin(3) = 0b11, two bits set.

Let’s say we have a hypothetical soft-fork in the future to clean all the pinning and transaction-relay jamming broken mess, nVersion is a 32-bit field, so we can still split it in two 16-bit halves: one set for truc-like policy behavior and one set for consensus validation.

Without an example, it’s quite theoretical as there are always other signaling options: the taproot annex, the input nsequence, the nlocktime field...

@ProofOfKeags
Copy link
Contributor

one set for truc-like policy behavior and one set for consensus validation.

I do think that bifurcating things along consensus vs policy is likely a good idea. It would fully orthogonalize the problems. While consensus-invalid implies policy-invalid, I believe these are otherwise independent concerns and we should treat them as such in their signaling/encoding schemes.

@glozow
Copy link
Member Author

glozow commented Jul 17, 2024

My understanding was that the version field is the place for policy/application signals because it's not expected to be reinterpreted in the future for consensus things. That is why I chose it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.