jeffro256
commented
3 months ago As for the the timelocks, I would like to specifically discuss whether or not banning by relay rule until the next network upgrade is an effective short-term solution. I obviously think that it is, if nothing else, a way to reduce the propagation, and if we're committed to deprecating it in the future, this is a step we should take even if it's not perfect. Also, just removing the ability of the user to craft timelocked transactions in the core wallet software will likely reduce the number on-chain, even if no network or relay rules were modified.
Secondly, I want to toss up the idea of a small modification to the consensus rules also related to the unlock time. In short, I want to make Blockchain::get_adjusted_time() monotonic (barring reorgs) on the next network upgrade. The reason for this is that if you have time-locked outputs in your input rings, decoy or true-spend, and you send a transaction into the mempool, it may be accepted now but actually be invalid for several blocks based on the timestamps of the new blocks on top of the chain pushing the value of Blockchain::get_adjusted_time() into the past. This is because of these lines: https://github.com/monero-project/monero/blob/059028a30a8ae9752338a7897329fe8012a310d5/src/cryptonote_core/blockchain.cpp#L4029-L4035. They take into account the latest block timestamp instead of only the median timestamp, and take the minimum between them. If we only make the adjusted time a function only of the median timestamp, we will have a monotonic clock since the median timestamp increases monotonically. This means that if any transaction output is unlocked now, it will always be unlocked in the future if there isn't a reorg.
Thirdly, I'd like to discuss disallowing v1 transactions for "unmixable" input amounts in the next network upgrade. The reason for this is that the output amounts of v1 transactions obviously aren't confidential, which reduces overall network privacy. And since CLSAG signatures can still work on a ring of size 1, this shouldn't lead to anyone having their dust locked like with MLSAG signatures. There have only ever been 462 v1 transactions since Hardfork v6 in September 2017 as of the time of this writing.
Fourthly, I think we can improve how the nodes handle alternative blocks in a way that might naturally reduce the number of reorgs on the network. On this line of Blockchain::handle_alternative_block(), we can see that the blockchain code will attempt to switch to an alternative chain if the cumulative work is strictly higher than the main chain. It is important to note that the work calculated for a given block is NOT a function of the contents of that specific block, but rather the timestamps of a window of blocks before that block. This means that two individuals who are mining a top block for the same chain will create blocks who have equal cumulative work. If these two individuals propagate their blocks at roughly the same time, this will leave the network temporarily split with two different top blocks. There should be a deterministic, fair method to decide between these two chains. This way, shallow alternate chains are handled quickly and all mining participants can mine on the same chain. Some methods could include picking the "smaller"/"larger" block ID, "smaller"/"larger" PoW hash, etc.
Cactii1
iamamyth
Rucknium
Location: Libera.chat, #monero-research-lab | Matrix
Join the Monero Matrix server if you don't already have a Matrix account.
Time: 17:00 UTC Check in your timezone
Main discussion topics:
Greetings
Discuss: Removing/Fixing/Encrypting monero's timelocks
Any other business
Confirm next meeting agenda
Please comment on GitHub in advance of the meeting if you would like to propose an agenda item.
Logs will be posted here after the meeting.
Meeting chairperson: Rucknium
Previous meeting agenda/logs:
965