Privacy bundle interface #27
Conversation
Previously, MakerStrategy and TakerStrategy accepted cospend proposals unconditionally: any invitation was accepted, any orderbook peer was proposed to, regardless of whether joining the session was actually cost-beneficial for the wallet. Now the makers and takers only make commital actions (agg proposals) if they their best unilateral action is no worse than the agg proposal in terms of subjective cost.
Unilateral actions include all possible subsets of payment obligations as individual plans.
bc1cindy
left a comment
bc1cindy
left a comment
There was a problem hiding this comment.
reviewing this PR made me zoom out and have a much clearer understanding now
im pretty impressed with the progress
dense-subset-sum owns the counting primitives and btsim owns the privacy metric (how primitives combine into a cost) and the decision making (how cost shapes action selection)
| } | ||
|
|
||
| /// Generate all k-element subsets of `{0, 1, ..., n-1}` in lexicographic order. | ||
| fn combinations(n: usize, k: usize) -> Vec<Vec<usize>> { |
There was a problem hiding this comment.
does it make sense to convert to iter? the call site only consumes sequentially and currently allocs the entire powerset in Vec<Vec<usize>>
There was a problem hiding this comment.
yes that makes sense
| let cospend_proposals = wallet.pending_cospend_proposals(); | ||
| let payment_obligations = wallet.unhandled_payment_obligations(); | ||
| let registered_inputs = wallet.registered_input_outpoints(); | ||
| let scorer = wallet.data().scorer.clone(); |
There was a problem hiding this comment.
can we use &wallet.data().scorer here? all usages are &self
with PrivacyBundle inside the scorer, its not cheap
There was a problem hiding this comment.
no but we can use a reference. Thanks
with PrivacyBundle inside the scorer, its not cheap
PrivacyBundle is stateless.
Note that privacy metrics should live in the tx-indexer (there is a comment in the diff). Eventually the primitives you are working on should graduate to that repo as well. |
makers and takers should behave uniformally. This will make future work on the cost function easier to reason about and implement. This distinction was initially created as part of a POC / testing scaffolding. Agenst will make co spends as long as there are orderbook utxos and PO's in the queue
stub the privacy cost to differentiate unilateral from cospend: unilateral transactions should cost more, but we have no privacy terms rn. This stubs a privacy weight for unilateral txs making cospends more preferabably when they are not under time pressure. Lastly, `ContributeOutputsToSession` was comparing single-PO contribution cost against the global best unilateral cost (which batches all POs), causing wallets to never contribute once accepted. Remove the cost gate from contribution
Bundles are collections of privacy metrics / measures that evaluate over a plan. A measure can output a value specific to its domain. The individual metrics define how to convert that into a satoshi amount wrt a privacy budget.
Just removing clutter
arminsabouri
force-pushed
the
bracketing
branch
from
d071717 to
05eac10
Compare
2 participants
This is a large refactor. The major changes here are: