-
Notifications
You must be signed in to change notification settings - Fork 2
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
RCP-240731A: Improvements to consensus ordering of state processing #10
Comments
I'm not sure about this. First of all the statement:
state transitions are explicit in which are the RGB inputs and associated UTXOs so I don't see how HTLCs could come before the commitment transactions. Then, about this statement:
I'm not sure we actually need ordering offchain transactions. All commitment TXs will be spending the funding TX and RGB should not care about the order of these commitment TXs, it should be agnostic about the LN. |
basing on the current RGB Core code :)
Consensus uses this information, so it is needed. Otherwise the system won't work and will be buggy/attackable. This is not a question
yes, it is agnostic. It has nothing to do with LN specifically, just any off chain transaction graph.
This is unrelated. It is relevant notwithstanding anything we do with specific LN details. |
What do you mean?
IMO it would be useful if you shared more information on this, what attack/bug would be possible? |
I mean that RGB Core uses consensus ordering inside AluVM and for organizing global state reported to the clients. It is part of the existing code base.
I gave a full description in the proposal, "Motivation" section. Once mined, the ordering of the state processing may change, leading to invalid contracts which were already accepted (or resulting from an uncooperatively-closed channels) |
Consensus ordering was introduced in RGB-WG/rgb-core#117 (those days |
I think there's been a misundestanding. Let's recap the conversation about HTLC ordering:
From this discussion it seems RGB core is already able to order transactions, therefore I fail to understand the "Motivation" part of this RFC. I understand ordering of onchain transactions is not the same of ordering offchain transactions, where you cannot use the height to order TXs. But 1) this could happen also onchain, think about CPFP and 2) it's always possible to order TXs following the inputs/outputs chain (in other words TXs can be ordered by which inputs are spending which outputs). So to me it's impossible that HTLC TX can "come before the commitment transaction" since the input of the HTLC TX is one of the UTXOs created by the commitment TX.
As just explained, I don't see how the order may change. But maybe I'm failing to understand what you're trying to say. Please try to explain this again, giving more details |
It is not. It has no idea of bitcoin transaction ordering, and should not has. Otherwise it has to be re-designed embedding (partially) Bitcoin Core in itself. That is what I say: the current RGB Core code has no idea of bitcoin transaction ordering. Since there is no 1-to-1 relation between bitcoin transaction and state transitions, even if it had, it wouldn't help. So the issue is the state transitions ordering. And without the proposed consensus rules there is no way how to order them to match the lightning channel structure (and some other cases, so this is lightning-agnostic problem, just highlighted by lightning case) |
You constantly confuse bitcoin transactions with RGB state transitions. They are not matching each other, not 1-to-1. |
I think I understood the issue. In RGB-WG/rgb-core#117 you say:
therefore RGB doesn't order onchain TXs based on inputs/outputs relations but based on TX height and TX position in the block, which means that it's impossible with current code to order offchain transactions, since they don't have a height nor position in the block. Now I understand the necessity to find a solution to order offchain TXs. In the
? Would the |
Correct. The problem is that bitcoin transactions and RGB state transitions have many-to-many relationship, and one can't deterministically/unambiguously reconstruct an ordering for RGB state transitions just from how blockchain transactions are ordered - not even touching the case of mempool and state channels. And RGB state transitions are DAG, meaning that there is no linear order which can be always build from the DAG itself (which is a 2D net). We can't use a flow of seals (both in RGB transitions and bitcoin transactions) due to this reason: you have a DAG of seals and no linear ordering is possible. Using witness transaction ordering is the only thing which may work, but still we need something on top of it to solve ambiguity (since there is no bitcoin ordering for witness transactions in the same block).
Without that solution contract has no defined state, and all contract state introspections op-codes (reading global state) are impossible - and without those op codes and global state no DeFi apps can be made with RGB.
The nonce becomes part of the state transitions, it is there - no need to restore anything:
Consensus doesn't put any requirements on the value of the nonce other than it is used for the ordering. I doubt any application can use random numbers to do the ordering :)
I do not understand the way you use the terminology. How you relate commitments and spends?? |
I don't have the time to look at the code right now, I will do it on Monday. I'm not sure about this though:
it might become an issue in the way we think LN should work. In LN we would like to be able to avoid saving a bunch of data to reconstruct the RGB information to re-color previous commitment TXs. The desired workflow would be that we just save the RGB amounts that were assigned to the commitment TX vouts and then deterministically recreate the |
I do not see how this can interfere with LN. Maybe you keep thinking that nonce is random, but I already pointed out that random nonces wouldn't work since you can't get deterministic ordering with them. Thus, nonce it is deterministic. QED |
I'm not thinking it's random, I'm thinking it's not deterministic in the context of LN channel updates. I'll rephrase what we would like to achieve: For each LN channel update we want to save only the RGB amounts assigned to each commitment TX vout (we don't want to save the nonce too). To achieve this the nonce needs to be the same for all commitment TXs (e.g. 1) and the same for all HTLC TXs (e.g. 2) (examples are assuming an ascending ordering, but since you've set the genesis to
The code you've linked unfortunately doesn't answer my question (i.e. who/where the nonce is "decided"). Anyway, I looked at the code myself and I've found what I think is a bug: by following the code from TLDR: it seems all transitions use the same |
TL;DR: No,
The proposal defines consensus part of the Specifically, On the other hand, when we have a state channel, like in lightning, we need to make sure that related state transitions (meaning state transitions spending outputs of each other, like HTLCs spend commitment outputs in LN) we should not use the same Which specific value should be used in case of LN? While there is no consensus-rule for that and there might be different approaches to the question, the one that makes most of sense for me is the following:
This approach guarantees that global state of HTLCs spending commitment outputs are always accounted after the global state of commitment state transition. Yes, if a multiple HTLCs are present, they would share the same One may choose some different approach, but with nearly any approach (unless you are using random numbers, which will break the consensus meaning of |
Now it makes sense, thanks for explaining this in detail. There's no |
Transition builders has method But the idea is that all state transitions for the same witness transaction (including blank ones) should have the same priority, so it is advised to use batch A question: right now we use nonce as However, on each depth level state transitions will be ordered basing on their op ids, i.e. deterministically, but arbitrary. What I mean is that if we have 1000 HTLCs, they will share the same |
I don't see why it would be better. Could you please share the use case or benefit of ordering them? Another consideration instead: wouldn't it be more handy if we use |
Let's assume we have a lightning channel operating DeFi protocol - for instance a lending, something alike AAVE. It makes a little sense for the ancient BOLT balkanized by Lightning Labs, but quite a lot for some multi-peer channels like Nucleus, which eventually become part of the LNP generalization of state channels. In such a channel, state transitions will create new global state, updating the information about the number of the global values, like LTV etc. Such global state will be defined with I understand that you may say "ancient BOLTs doesn't need that advancement", but since it is nearly zero-effort better to do things properly from the start, even though nobody will use it in that form and everybody will switch to Nucleus and LNP, when available :)
I do not see why and how that is more handy: it takes the same amount of code to say My logic is that in decentralized protocols everybody would compete to become the "last value" (see example with decentralized lending above). Thus, if you put |
If this just requires changing the
I think you missed my point. Using a progressive nonce starting from |
But we do not need to increase the
We still need it to order HTLCs after the commitment transaction. There might be some limited applications requiring global state update, like with engravings in NFTs (for some LN-based games etc).
Using 0 for |
Giving it a second thought I have to admit that @zoedberg is right: to properly support eltoo we need Implemented in RGB-WG/rgb-core#267 |
We'll need the nonce for that, not the depth
I'm not sure what do you mean here, could you please clarify? |
I'm a bit confused on how transactions in the same block should be ordered:
Is it enough to have a deterministic ordering or do we need to ensure that this ordering always coincides with the RGB DAG one? In other words, are there major issues if two chained operations (the second spends an allocation created by the first) are ordered backwards (second before first)? |
See RGB-WG/rgb-core#275 (comment) At this moment there is no written specification for the ordering; this specific RCP was proposing nonce, and no RCP were written for the change from txid to opid for ordering within the block. Once we finalize the v0.11 the whole algorithm would need to be written as a RFC.
Not sure I understand: blank state transitions are state transitions, which do have witness transactions, and they are related to the bitcoin blocks the same way as normal ones.
Good question! That's why we have introduced |
I never mentioned blank transitions. Let's say we have two transactions, one assigning assets to a blinded UTXO and one spending that UTXO, both mined in the same block. The second one can appear in a block before the first one without breaking bitcoin consensus, but it would not be the expected order from RGB point of view. Can this cause issues? |
Nope, they can't appear in that sequence. If transition 2 spends outputs of transition 1, than it means its witness transaction spends utxos which were defined as seals in transition 1. Thus, bitcoin consensus would prevent witness 2 to be mined before witness 1. |
Transition 1 may be allocating assets to an existing blinded UTXO, which was created by a transaction mined in a previous block. Bitcoin consensus does not even know that transition 1 is defining a seal on that UTXO, am I missing something? |
Transition 2 spends outputs from transition 1, right? Even though they are assigned to UTXOs which are mined for a long time, transition 2 can't be valid unless transition 1 is valid; and transition 1 becomes valid only when its witness transaction is mined. Thus, witness transaction 1 has to be mined before witness transaction 2, and not a block or few after. Yes, there might be a reorg which will put witness 2 into block n and witness 1 to block n+1, but if this would affect the contract it is up to the transaction producer to ensure that reorg in not possible (for instance waiting for 2 blocks before doing the second transition). Yes, putting witness tx for transition 2 before the witness tx for transition 1 would change their RGB consensus ordering. I can theoretically imagine very wired validation script which will make transition 2 invalid in this case - but, if I said above, the user of such weird contract must wait for secure depth before doing transition 2. RGB consensus ordering is not about deciding "the right order" (according to the contract rules). It is about using a deterministic ordering, which doesn't change once we are mined at sufficient depth where re-orgs would not happen. Re-org can destroy transaction 2 anyway even without consensus ordering, and there is nohow we can prevent that from happening other than recommending users to transact in a safe manner. |
So, I will separate two independent issues. First, "what happens if witness transaction for transition B spending output of transition A gets mined (or re-orged) before witness transaction A"? This question is not specific to consensus ordering and affects RGB contracts even if no ordering is applied. The answer is simple: it may not be a problem, or may cause problems, depending on the structure of transitions, validation scripts etc. The user (wallet) always knows when it is safe to do, and if it is not save, a user (wallet) must ensure that it waits enough blocks between publishing witness transaction A and B - or ensure that witness B spends from witness A transaction, taking bitcoin consensus into help. Second, "what can we do to make RGB consensus ordering better"? Your idea was to take into account the DAG of RGB operations; but the problem here is that consensus ordering needs a linear sequence and not a DAG; and mathematically not each DAG can be deterministically turned into a sequence! Thus, in bitcoin we need PoW consensus for that, and in RGB we rely on bitcoin consensus as well + nonce mechanism + opid. Can we do better? I do not think so. We can chose a different tradeoff - like making |
@dr-orlovsky sorry for bringing this up again, after discussing this for a while, but could you please clarify your statement in the RCP description:
I'm starting to think that consensus ordering is not actually needed |
Consensus ordering is used to organize DAG of operations into a linear history in a deterministic way, which from there goes to validation and VM. VM reconstructs the state of the contract, against which each new operation is validated. If you do not have a linear order, you do jot have a contracts state. |
Current validation seems to not care about ordering of operations. Is this feature meant for future possible contracts?
From the code I see that operations are ordered only in the context of the validation, where ordering doesn't seem to affect the contract state. |
No idea how you have got that impression. It heavily rely on it and can't be done in any other way, once you get the concept of a global contract state (which I was finally able to complete this summer)
This is not true. You probably read something else, and not the current RGB consensus validation code |
Please run the tests applying this commit to rgb-core You'll see that
I also removed usage of Hence I think consensus ordering is not needed and validation is already able to validate operations based on the DAG of RGB operations, which can be considered linear in the context of "taking a terminal operation and validate every operation from there to the genesis and repeat this for every terminal I'm validating" |
As we discussed yesterday and I explained in our personal meeting,
Writing it here for the community as a memo note |
As we re-discussed in a follow-up meeting:
Peeking at the new validation code from the future v0.12 we discussed the explicit check that has been added to make sure the given operations are ordered following the consensus ordering rules. This check may be too restrictive since it would break cases that were possible in v0.11, like:
As discussed, waiting 6 confirmations after receiving on a blinded UTXO doesn't seem a viable solution, thus we should not enforce the ordering of witness TXs to be the same as the RGB transitions one (like it's happening in v0.11). |
You understood it right |
Background
RGB contracts have global state; which is assembled from the contributions of individual operations (genesis, state transitions and state extensions). Since schema defines a maximum number of global state items of each type, the ordering of this processing affects what is reported to the clients. The global state is also accessible via AluVM op codes (
CnC
,LdC
) and can be used in validating consequent operations. Thus, the order in which operations are processed during the validation and state computing affects consensus and validity of future operations. This order is named "consensus ordering" (of operations or global state).At this moment the ordering happens according to the following ruleset:
priority
provided as a part of their off chain status, such that HTLCs can be indicated to be processed after the commitment transaction.Motivation
The provided ruleset has one inconsistency: in lightning channels we order HTLCs after commitment using a dedicated off chain
priority
field, which will not be reflected if these transactions get mined, when they will get re-ordered basing on their txids, such that there is no guarantee that the state of HTLCs will not come before the commitment transaction (which may render it invalid)Proposal
It is proposed to:
priority
field from off chain transaction ordering;nonce
field to state transactions and state transitions, such their operation id commits to itnonce
for ordering operations with witnesses mined in the same blocknonce
must be a 64-bit integernonce
.This will allow to order graphs of off chain transactions in a consistent way, preserved even when they are mined.
Rationale
The text was updated successfully, but these errors were encountered: