Ephemeral anchors in LN #9105
Replies: 1 comment
-
|
Great writeup! I hadn't considered the additional savings with taproot channels
Assuming TRUC is being used I think the real concern is the counter-party racking up value via circular trimmed HTLCs or something, allowing you to be influenced into funding another child transaction's fees. Trimmed HTLC values is pretty weird today too, I think capping its value is the most direct route. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
A Brief History
Imagine a new output that's different from the LN anchor output that,
We then have the original ephemeral anchor, which is a special output that,
OP_1 <0x4e73>(bc1pfeessrawgf).A tx that contains an ephemeral anchor must,
However, as pointed out here, there's no need to restrict ephemeral anchors to v3 transactions, thus the original ephemeral anchor is now split into two proposals,
P2AOutputA new standard output (
ANCHOR), pay-to-anchor output has been added to bitcoind v0.28. In this keyless output,OP_1 <0x4e73>(bc1pfeessrawgf).For LN, this means we can now replace the local/remote anchor pair with this
P2Aoutput as,P2Ais cheaper to create and spend.[commitment tx -> anchor tx]is used, the cost to resolve a pinning attack should be capped at 1000 sats, check here for details.In addition, for simple taproot channels, we can now use a smaller
to_localscript. Atm we disable the key spending path forto_localto force the disclosure oflocal_delayedpubkeyto make sure the anchor output can be spent by anyone after 16 blocks, which is no longer needed. Theto_localoutput can now have therevocation_pubkeyas the internal key.Ephemeral Dust
Ephemeral dust is still under development, which IMO is orthogonal to
P2Aas it focuses on the "dust" part, as it allows output to carry any satoshi value, including zero. This means aP2Acan be an ephemeral dust, aka a keyless anchor. Or, an ephemeral dust may have a normal witness program, aka keyed anchor.For LN, this means we can save an extra 240 sats when using anchor output. In addition, this output can behave like a container for trimmed HTLCs, tho I don't see any benefits here.
Why
OP_1 <0x4e73>It's a clever way to make a valid non-taproot witness program,
OP_1followed by a 32-byte data as taproot output. When it's version 1 output with a length other than 32 bytes, it's valid but the validation rules are undefined.0x4e73are "cutesy to spell fees", which I don't quite follow.0x4e73is also the unicode for nipples in chinese, which I believe is unintended...3rd Party Sweeping
Although it's not restricted to be used in v3 only, the commitment tx uses
P2Aoutput must be a v3 tx to be protected by the TRUC policy, where the anchor spending tx must be a v3 and have a size no larger than 1000 vB, otherwise, it can easily be pinned.We should also pay attention to the actual satoshi value used in keyless ephemeral anchors. As of today, there are 3rd parties who monitor the blockchain to create sweeping txns that aggregate anchor outputs, which has accidentally created pinning issue for
lndnodes. Given an anyone-can-spend anchor, we can assume the larger the value, the more likely a 3rd party service will try to spend it. To remove such an incentive, we should derive a value such that, without attaching additional UTXOs, the package[commitment tx -> anchor sweeptx] would stay below the min relay feerate, to remove 3rd party's incentive to collect it.TODO(yy): calculate the details.
Beta Was this translation helpful? Give feedback.
All reactions