From 97c2e17f5b4fff51ff7e3bef67b85f2d39ecac38 Mon Sep 17 00:00:00 2001 From: Daira Hopwood Date: Wed, 9 Nov 2022 22:18:52 +0000 Subject: [PATCH] Add recommended block template construction algorithm. Signed-off-by: Daira Hopwood --- zip-0317.html | 91 ++++++++++++++++++++++++++++++++++++++++++++++----- zip-0317.rst | 84 +++++++++++++++++++++++++++++++++++++++++++---- 2 files changed, 160 insertions(+), 15 deletions(-) diff --git a/zip-0317.html b/zip-0317.html index 3914aae3..8b282c0b 100644 --- a/zip-0317.html +++ b/zip-0317.html @@ -23,7 +23,7 @@ License: MIT Discussions-To: <https://forum.zcashcommunity.com/t/zip-proportional-output-fee-mechanism-pofm/42808> Pull-Request: <https://github.com/zcash/zips/pull/631>

Terminology

-

The key words "SHOULD" and "SHOULD NOT" in this document are to be interpreted as described in RFC 2119. 1

+

The key words "SHOULD", "SHOULD NOT", and "RECOMMENDED" in this document are to be interpreted as described in RFC 2119. 1

The term "conventional transaction fee" in this document is in reference to the value of a transaction fee that is conventionally used by wallets, and that a user can reasonably expect miners on the Zcash network to accept for including a transaction in a block.

The terms "Mainnet, "Testnet", and "zatoshi" in this document are defined as in 2.

@@ -260,12 +260,85 @@ Pull-Request: <https://githu that is added to the "eviction weight" if the transaction pays a fee less than the conventional transaction fee. This threshold is modified to use the new conventional fee formula.

Block production

-

Miners, mining pools, and other block producers, select transactions for inclusion in blocks using a variety of criteria. Where the criteria previously used the conventional transaction fee defined in ZIP 313 to decide on transaction inclusion, it is expected to instead use the formula specified in this ZIP.

-

Miners have an incentive to make this change because:

-
    -
  • it will tend to increase the fees they are due;
    • -
  • fees will act as a damping factor on the time needed to process blocks, and therefore on orphan rate.
    • -
+

Miners, mining pools, and other block producers, select transactions for inclusion in blocks using a variety of criteria. The algorithm in the following section is planned to be implemented by zcashd and zebrad.

+ +

Rationale for block template construction algorithm

+
    +
  • Regardless of how full the mempool is (according to the ZIP 401 6 cost limiting), a denial-of-service adversary can only fill a block if + \(\frac{remaining\_weight}{N}\) + is nearly + \(1\!\) + , i.e. if the remaining transactions are paying nearly the conventional fee on average. This is exactly what we want, because then the selected transactions in step 5 will each tend to be paying nearly the conventional fee. (It's possible that some low-fee transactions will get in, but the adversary can't include too many of them because it would pull the average down.)
    • +
  • The weighting in step 2 does not create a situation where the adversary gains a significant advantage over other users by paying more than the conventional fee, for two reasons: +
      +
    1. The weight cap limits the relative probability of picking a given transaction to be at most + \(weight\_cap\) + times greater than a transaction that pays exactly the conventional fee.
      2. +
    2. Compare the case where the adversary pays + \(c\) + times the conventional fee for one transaction, to that where they pay the conventional fee for + \(c\) + transactions. In the former case they are more likely to get each transaction into the block relative to competing transactions from other users, but those transactions take up less block space. (The adversary's block space usage relative to fee is optimized by using only Orchard Actions in either case, so they take up + \(c\) + times less space.) This is not what the attacker wants; they get a transaction into the block only at the expense of leaving more block space for the other users' transactions.
      3. +
    +
    • +
  • The rationale for choosing + \(weight\_cap = 4\) + is as a compromise between not allowing any prioritization of transactions relative to those that pay the conventional fee, and allowing arbitrary prioritization based on ability to pay.
    • +
+
+

Incentive compatibility for miners

+

Miners have an incentive to make this change because:

+
    +
  • it will tend to increase the fees they are due;
    • +
  • fees will act as a damping factor on the time needed to process blocks, and therefore on orphan rate.
    • +
+

Security and Privacy considerations

@@ -290,7 +363,7 @@ Pull-Request: <https://githu

Possible alternatives for the parameters:

 @@ -311,7 +384,7 @@ Pull-Request: <https://githu

TODO: Endorsements may depend on specific parameter choices. The ZIP Editors should ensure that the endorsements are accurate before marking this ZIP as Active.

Acknowledgements

-

Thanks to Madars Virza for initially proposing a fee mechanism similar to that proposed in this ZIP 4, and to Kris Nuttycombe, Jack Grigg, Daira Hopwood, Francisco Gindre, Greg Pfeil, and Teor for suggested improvements.

+

Thanks to Madars Virza for initially proposing a fee mechanism similar to that proposed in this ZIP 4, and to Kris Nuttycombe, Jack Grigg, Daira Hopwood, Francisco Gindre, Greg Pfeil, and Teor for suggested improvements.

References

diff --git a/zip-0317.rst b/zip-0317.rst index 809a8035..ad00b4e3 100644 --- a/zip-0317.rst +++ b/zip-0317.rst @@ -20,8 +20,8 @@ Terminology =========== -The key words "SHOULD" and "SHOULD NOT" in this document are to be interpreted -as described in RFC 2119. [#RFC2119]_ +The key words "SHOULD", "SHOULD NOT", and "RECOMMENDED" in this document +are to be interpreted as described in RFC 2119. [#RFC2119]_ The term "conventional transaction fee" in this document is in reference to the value of a transaction fee that is conventionally used by wallets, @@ -263,10 +263,82 @@ Block production ---------------- Miners, mining pools, and other block producers, select transactions for -inclusion in blocks using a variety of criteria. Where the criteria -previously used the conventional transaction fee defined in ZIP 313 to -decide on transaction inclusion, it is expected to instead use the formula -specified in this ZIP. +inclusion in blocks using a variety of criteria. The algorithm in the +following section is planned to be implemented by `zcashd` and `zebrad`. + +Recommended algorithm for block template construction +''''''''''''''''''''''''''''''''''''''''''''''''''''' + +Define a constant :math:`weight\_cap = 4`. + +Let :math:`conventional\_fee(tx)` be the conventional fee for transaction +:math:`tx` calculated according to the section `Fee calculation`_. + +The following algorithm is RECOMMENDED for constructing block templates +from a set of transactions in a node's mempool: + +1. For each transaction :math:`tx` in the mempool, calculate + :math:`tx.\!weight = \mathsf{min}\!\left(\frac{tx.fee}{conventional\_fee(tx)}, weight\_cap\right)\!`. + +2. Repeat while there is any mempool transaction that pays at least the + conventional fee and fits in the block: + + a. Pick one of those transactions at random with probability in direct + proportion to its weight, and add it to the block. + +3. Let :math:`N` be the number of remaining transactions with :math:`tx.\!weight < 1\!`. + Calculate their sum of weights, call this :math:`remaining\_weight\!`. + +4. Calculate :math:`size\_target = size\_of\_block\_so\_far + \mathsf{floor}\!\left(remaining\_block\_size \cdot \mathsf{min}\big(1.0, \frac{remaining\_weight}{N}\big)\!\right)\!`. + +5. Repeat: + + a. Pick a transaction with probability in direct proportion to its + weight and add it to the block. If that transaction would exceed + the :math:`size\_target\!`, stop without adding it. + +Note: it is sufficient to use floating point arithmetic to calculate +the argument to :math:`\mathsf{floor}` when computing :math:`size\_target\!`, +since there is no consensus requirement for this to be exactly the same +between implementations. + +Rationale for block template construction algorithm +''''''''''''''''''''''''''''''''''''''''''''''''''' + +* Regardless of how full the mempool is (according to the ZIP 401 [#zip-0401]_ + cost limiting), a denial-of-service adversary can only fill a block if + :math:`\frac{remaining\_weight}{N}` is nearly :math:`1\!`, i.e. if the remaining + transactions are paying nearly the conventional fee on average. This is + exactly what we want, because then the selected transactions in step 5 will + each tend to be paying nearly the conventional fee. (It's possible that some + low-fee transactions will get in, but the adversary can't include too many of + them because it would pull the average down.) + +* The weighting in step 2 does not create a situation where the adversary gains + a significant advantage over other users by paying more than the conventional + fee, for two reasons: + + 1. The weight cap limits the relative probability of picking a given transaction + to be at most :math:`weight\_cap` times greater than a transaction that pays + exactly the conventional fee. + + 2. Compare the case where the adversary pays :math:`c` times the conventional + fee for one transaction, to that where they pay the conventional fee for + :math:`c` transactions. In the former case they are more likely to get *each* + transaction into the block relative to competing transactions from other users, + *but* those transactions take up less block space. (The adversary's block space + usage relative to fee is optimized by using only Orchard Actions in either + case, so they take up :math:`c` times less space.) This is not what the + attacker wants; they get a transaction into the block only at the expense of + leaving more block space for the other users' transactions. + +* The rationale for choosing :math:`weight\_cap = 4` is as a compromise between + not allowing any prioritization of transactions relative to those that pay + the conventional fee, and allowing arbitrary prioritization based on ability + to pay. + +Incentive compatibility for miners +'''''''''''''''''''''''''''''''''' Miners have an incentive to make this change because: