Re: [bitcoin-dev] OP_BEFOREBLOCKVERIFY - discussing and opcode that invalidates a spend path after a certain block

From: Billy Tetrud <billy.tetrud@gmail•com>
To: "Russell O'Connor" <roconnor@blockstream•com>,
	 Bitcoin Protocol Discussion
	<bitcoin-dev@lists•linuxfoundation.org>
Subject: Re: [bitcoin-dev] OP_BEFOREBLOCKVERIFY - discussing and opcode that invalidates a spend path after a certain block
Date: Sat, 12 Jun 2021 00:59:16 -0700	[thread overview]
Message-ID: <CAGpPWDZaTytZxVwG3D7MKe6kSb4JrSaA46rxEaiAOj2S1G3kOg@mail.gmail.com> (raw)
In-Reply-To: <CAMZUoKmytZm5boBKSYbrJdNa0LduxtTyUUheq=tjD1J_GO0TjA@mail.gmail.com>

[-- Attachment #1: Type: text/plain, Size: 4647 bytes --]

>  taproot annex

From what I can tell, the annex is basically additional inputs to a script
that might have additional constraints put on it. Is that right? I don't
quite follow how moving the max height to the annex helps script caching
here. I wasn't able to find much information on how the annex is envisioned
to be used. Would you mind elaborating on how this would work?

Also, I think the proposal as it stands already addresses script caching
(in the Transaction Evaluation section
<https://github.com/fresheneesz/bip-efficient-bitcoin-vaults/blob/main/bbv/bip-beforeblockverify.md#transaction-evaluation>).
The result of the script can be cached as long as the cache item also
contains information requiring just the OP_BBV to be re-evaluated (for the
relevant block).

> this auto-double-spend wallet would send every payment with an annex value
that limits the payment to being valid only up to the next block

One possible solution to that would be to require that the input to OP_BBV
to be in the script itself and not originate from the witness.

Regardless, I think the ideal solution is to not have any of these such
rules if we can simply change the definition for what counts as
finalization to account for the fact that BBV transactions mined close to
their expiration. Is there a reason this finalization-redefinition is not
an adequate solution?

On Fri, Jun 11, 2021 at 4:44 AM Russell O'Connor via bitcoin-dev <
bitcoin-dev@lists•linuxfoundation.org> wrote:

>
>
> On Fri, Jun 11, 2021 at 7:12 AM James MacWhyte <macwhyte@gmail•com> wrote:
>
>> @Billy I like the idea. It is very obvious how useful an opcode like this
>> would be! (My background is in wallet implementation)
>>
>> @Russell I do understand your concerns of monotonism, however I'm having
>> a hard time really coming up with an attack vector. You said "one can
>> design a wallet to passively take advantage of reorgs by always spending
>> through an OP_BBV that is on the verge of becoming invalid." Unless I'm
>> mistaken, this means you would need to send yourself a fresh transaction
>> using OP_BBV set to, say, 2 blocks in the future, then immediately spend
>> that output in a new payment to someone else and hope a reorg happens. Does
>> this mean the theoretical double-spend wallet you are proposing would have
>> to send two transactions every time you make a single payment, doubling the
>> transaction fees and adding more uncertainty around when the second
>> transaction would get confirmed?
>>
>
> Assuming the proposal is rewritten to place the maxheight into the taproot
> annex in order to address the issue with caching of script validity, then
> this auto-double-spend wallet would send every payment with an annex value
> that limits the payment to being valid only up to the next block.  If the
> payment doesn't make it into the next block, then resign it with the annex
> incremented to the next block, and repeat.
>
>
>> In a normal double spend scenario, there is no cost to a failed attempt,
>> but much to gain from a success. With your design, there is a real cost to
>> every single attempt (transaction fees) and no evidence that the rate of
>> success would be higher (you still have to bet on the reorg not including
>> your transaction in the first few blocks). It sounds like this new system
>> would actually be less attractive to double spenders than the current model!
>>
>> I also agree with Billy's idea for relay rules. We already have abusable
>> chain rules (e.g. a tx can be included in a block with 0 transaction fee
>> [spam?]) but we add protection with relay rules (e.g. minimum fee to
>> relay). I don't see how this would be any different, if the chain rules
>> only enforced the block height for confirmation and the relay rules forced
>> a minimum OP_BBV value in order to protect against reorg double spends.
>>
>
> The inclusion of a tx with 0 transaction fee in a block is not in of
> itself an abuse.  There is nothing wrong with blocks containing such
> transactions.  The *relay* of 0 transaction fee transactions is what is an
> abuse because it allows one to usurp Bitcoin's gossip network for their own
> arbitrary communications platform without cost.  Most Bitcoin users aren't
> signing up for being a usenet provider.  So, by policy, nodes require a
> cost to relay transactions so that broadcasting isn't free. Even when that
> price is paid to someone else, it still is an effective limitation on abuse.
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists•linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>

[-- Attachment #2: Type: text/html, Size: 5983 bytes --]