public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
From: Anthony Towns <aj@erisian•com.au>
To: angus <angus@toaster•cc>,
	Bitcoin Protocol Discussion
	<bitcoin-dev@lists•linuxfoundation.org>
Cc: John Carvalho <john@synonym•to>
Subject: Re: [bitcoin-dev] [Opt-in full-RBF] Zero-conf apps in immediate danger (angus)
Date: Tue, 13 Dec 2022 22:55:08 +1000	[thread overview]
Message-ID: <Y5h2LD/Zi3NVAhIK@erisian.com.au> (raw)
In-Reply-To: <j5xgF7aMEAtOtWJ1CfZv-gRIw-gUUe8jMvuZzY9z3K9cRNo91ApiXbtaoXdHdSx61sMmyEHPZu8BWvSSszEAmV0v-g-k2-YTNRFim3hEljw=@toaster.cc>

On Fri, Dec 09, 2022 at 03:58:37PM +0000, angus via bitcoin-dev wrote:
> Those in favour of Full RBF see trusting and relying on predictable
> mempool policy as a fundamentally flawed bad idea.

I don't believe that claim is true, at least in general: the motivation
for the -mempoolfullrbf PR was to make mempool policy behave in a way
that was (believed to be) more reliable and predictable than the current
behaviour.

In particular, if you can't rely on predictable relay/mempool policy,
you can't build "fraud proof" protocols on top of the blockchain: whether
that be like lightning today, which relies on people being able to get a
penalty transaction mined in a reasonable amount of time, or lightning in
the future which in an eltoo world relies on getting an update transaction
mined in a similar amount of time, or optimistic rollups that offer the
ability for people to challenge with a fraud proof.

I think the basis for the fullrbf vision is more that fullrbf advocates
think miners will always want to optimise fees in the short term: that is,
given two conflicting transactions H and L, if including H in the block
gives a higher total reward for that block than including L, they will
always want to include H. Presuming that is a common attitude amongst
miners, fullrbf is a natural outcome: those miners will advertise how
to connect to their nodes, and anyone who prefers H over L will send H
to them directly, and H will be mined and L will not be.

I think it's fair to say that's what people mean when they talk about
"incentive compatible" -- miners want to see the highest fee alternative
of a transaction, and are "incentivised" by fees to do so, so relaying
that transaction is "incentive compatible" while relaying lower fee
alternatives is "incentive incompatible".

That can be a stable outcome too: if it's common to have multiple
transactions like that, then the pools that take the higher fee
transactions will give higher payouts per hashrate, and owners of mining
hardware will switch to those pools, so that the amount of hashrate
accepting replacements will tend towards 100%. That scenario is already
the case for opt-in RBF.

However, expecting pools/miners to optimise fees in the short term is an
assumption, not the economic fact of life that some seem to assume it is.

It's also possible that owners of ASICs or pool operators will decide that
they're in this for the long term, and therefore that it's smarter to look
at fee income over multiple blocks, rather than taking each block as its
own entity. Similar to treating the prisoner's dilemma as a one-off game
(where the dominant strategy is to always defect) versus an iterated game
(where cooperation or tit-for-tat may be better strategies).

In particular, the outcome of fullrbf might not simply be the rosy
scenario:

  + there are just as many txs paying similar fees as there now,
    except that
  + it's easy for people to cancel mistakes, and
  + people stop complaining to wallet authors when their opt-in 
    rbf tx takes longer to confirm than they expected

but might instead be either:

  + everyone using BTC for payments switches to lightning, causing
  - on-chain traffic to drop and fee income to drop with it

or

  - everyone paying for goods/services online with cryptocurrency
    switches to stablecoins or ETH or Liquid or RSK,
  - bitcoin traffic and tx fees drop substantially as a result,
  - and bitcoin price drops too as people switch to hodling their
    hot wallet balances in stablecoins and ETH

which pool operators or hashrate owners might consider to not be in
their best interests.

Sergej's numbers at
https://github.com/bitcoin/bitcoin/pull/26525#issuecomment-1332823282
suggest bitefill's zeroconf txs alone account for something like 0.5%
of on-chain txs. I'm not really sure how to interpret the numbers Daniel
Lipshitz/Max Krupyshev reported; "700+ inputs a month" doesn't sound like
very many, but "300k incoming transactions" would be 35 years worth of
700 inputs per month, so something doesn't add up... The gap600 webpage
from 2018 cites 3 million Bitcoin txs over about 13 months, which would
be about 230k/month, which would be roughly 3% of on-chain txs at the
moment.

It's not clear to me what that adds up to; is reducing tx volume
by perhaps 5% or 10% a big deal? Given fee income is maybe 2% of the
block reward at the best of times, reducing it by 5% (to 1.9%) probably
doesn't matter directly, but then, nor would increasing it by 5%. So
if there's a negative effect on demand for bitcoin because it becomes
slower and less widely accepted, driving its price down, though, that
probably dominates. Is that likely to be signficant? No idea. Is there
some counterveiling effect where mempoolfullrbf would make bitcoin more
desirable, increasing demand and hence increasing its price? I can't
see one.

(The original reasoning for the mempoolfullrbf option was that it
would allow new use cases, namely collaborative funding of coinjoins or
lightning channels with less risk of getting your utxo stuck without
being able to blame whoever was causing it to get stuck, which would
have added a potential for both more fees from additional txs, and more
demand due to those use cases.  Without that actually working as hoped,
we just have fewer on chain txs and worse demand in every scenario,
as far as I can see)


This isn't necessarily an incredibly stable equilibrium: once somewhere
around 10%-30% of hashrate is mining with fullrbf, presumably that
would make it too easy to cheat anyone willing to accept txs signalling
first-seen-final with 0 confirmations and they'll stop doing that, and if
the consequences are that everyone switches to lightning or stablecoins
and ETH, then that's all there is to it; it doesn't really matter what
the remaining 70%-90% of hashrate does, so at that point they might as
well do fullrbf as well, even if it only gets them a few pennies more.

But it's certainly possible for 95%+ of hashrate to decide that continuing
to ignore high fee replacements is in their best interests over the
long term -- that's how things are working currently, and how they've
worked for some years now. It's also how we'll want things to work if
we want anti-pinning schemes like those proposed for version-3 relay to
be effective.


One reason we might hope that miners will take a long-term view and
(presuming the long-term view is actually in favour of zeroconf) decide to
keep supporting zeroconf, even if we don't care about zeroconf ourselves,
is that miners prioritising long term income is arguably one of plausible
ways we can prevent 51% attacks from being a dominant strategy. If miners
are only focussing on immediate revenue, then case #4 in section 3.1 of
[0] applies, so 51% attacks are likely to be possible and profitable,
whereas if miners are focussing on bitcoin's long term value proposition,
then reorgs due to successful 51% attacks can be expected to trigger a
decline in the value of their investment in mining equipment, causing
case #4 not to apply. This is a similar argument to that presented in
section 2.3 of [1].

[0] https://www.nber.org/papers/w24717
[1] https://uncommoncore.co/wp-content/uploads/2019/10/A-model-for-Bitcoins-security-and-the-declining-block-subsidy-v1.02.pdf

Of course, that only needs perhaps 30%-50% of hashpower to be thinking
long term, rather than 70%-90%, and a lack of regular reorgs is probably
a clearer benefit than zeroconf transactions. Which is a bit of a win-win:
success at keeping zeroconf going should give confidence that miners will
help prevent 51% attacks; but failure at keeping zeroconf going doesn't
mean they won't be of help. And, of course it assumes that there is a
negative impact on either BTC price or block reward from killing off
zeroconf, which might not be true.

> I have sympathy for the utility argument, but to me it's completely
> overpowered by the "node policy is not consensus and not trustworthy"
> argument.

Anyway, in summary: consistent and predictable relay policy across nodes
remains important and possible whether or not that's a relay policy of
first seen is final, or highest fee rate wins, or something else.

> But for now, I want to run a Full RBF node because I see it as ultimately making Bitcoin stronger. It eliminates a use-case that takes risk.

It seems strange to advocate for preventing other people from voluntarily
taking on a small risk, that's demonstrably quite easily managed, and
also already quite easily avoided.

> Bitcoin is money for enemies.

I mean, if you want to live in a world where everyone's trying to help
someone else steal your money from you, it seems like the existing
banking system already had you covered?

If everyone's actually your enemy, your payments are going to get 51%
attacked, nodes are going to blacklist your utxos, miners are going
to ignore your penalty transactions so you'll lose all your L2 funds,
on-ramps and off-ramps will run KYC and put a hold on all your withdrawals
and confiscate your deposits, and in general Bitcoin isn't going to work
for you.

The point of "money for enemies" isn't that we need to treat other
Bitcoiners as enemies and stop them from doing things we dislike; it's
that to be a Bitcoiner you only need to agree on a few things, almost
none of which are the things that usually cause people to become enemies.

An alternative aphorism might be: Bitcoin is the money of the honest
majority.

That is, it puts the power in the hands of everyone running a node,
operating a miner, or holding their own private keys, rather than in a
few regulators or people with printing presses -- trusting an eclectic
majority rather than an elite minority, perhaps on the basis that you're
more likely to have a few dishonest people getting power out of a mass
of upstanding ordinary folks, rather than the reverse.

YMMV, of course, but I know how I'd prefer to view fellow Bitcoiners,
even the ones that disagree with me. (OTOH, if you claim we're enemies,
and I claim you're honest, where's that end up?)

Cheers,
aj



  reply	other threads:[~2022-12-13 12:55 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <mailman.48662.1670246787.956.bitcoin-dev@lists.linuxfoundation.org>
2022-12-05 15:19 ` John Carvalho
2022-12-05 21:14   ` Erik Aronesty
2022-12-09 15:58     ` angus
2022-12-13 12:55       ` Anthony Towns [this message]
2022-12-12  2:27   ` ZmnSCPxj
2022-12-12  9:57     ` John Carvalho

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=Y5h2LD/Zi3NVAhIK@erisian.com.au \
    --to=aj@erisian$(echo .)com.au \
    --cc=angus@toaster$(echo .)cc \
    --cc=bitcoin-dev@lists$(echo .)linuxfoundation.org \
    --cc=john@synonym$(echo .)to \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox