github.com/decred/dcrlnd@v0.7.6/input/size.go (about) 1 package input 2 3 import ( 4 "github.com/decred/dcrd/dcrec/secp256k1/v4" 5 "github.com/decred/dcrd/wire" 6 "github.com/decred/dcrlnd/keychain" 7 ) 8 9 // offByOneCompatDecrement is used in situations where older versions of 10 // constants were wrongly calculated with an off-by-one error. Since size 11 // estimation isn't versioned nor there's a protocol to decide it during 12 // channel setup, we now need to account for this in the constants so that 13 // older nodes can still open channels and perform payments to new nodes. 14 // 15 // We use this constant to mark all cases where this happened. 16 const offByOneCompatDecrement = int64(-1) 17 18 // Quick review of the serialized layout of decred transactions. This is 19 // applicable for version 1 serialization type, when full serialization is 20 // performed (ie: tx.Version == 1, tx.SerType: TxSerializeFull). 21 // 22 // - Version+SerType ┐ 23 // - Input Count (varint) │ 24 // - (in_count times) Input Prefix ├ Prefix Serialization 25 // - Output Count (varint) │ 26 // - (out_count times) Output │ 27 // - LockTime+Expiry ┘ 28 // - Input Count (varint) ┬ Witness Serialization 29 // - (in_count times) Input Witness ┘ 30 31 const ( 32 // baseTxSize is the size of all transaction-level data elements serialized, 33 // stored and relayed for a transaction. When calculating the full serialized 34 // size of a transaction, add the length of all the inputs, outputs and 3 35 // varints (one for encoding the length of outputs and 2 for encoding the 36 // length of inputs). It is calculated as: 37 // 38 // - version + serialization type 4 bytes 39 // - locktime 4 bytes 40 // - expiry 4 bytes 41 // 42 // Total: 12 bytes 43 baseTxSize int64 = 4 + 4 + 4 44 45 // InputSize is the size of the fixed (always present) elements serialized, 46 // stored and relayed for each transaction input. When calculating the full 47 // serialized size of an input, add the length of the corresponding 48 // sigScript and of the varint that encodes the length of the sigScript. It 49 // is calculated as: 50 // 51 // - PreviousOutPoint: ┐ 52 // - hash 32 bytes │ 53 // - index 4 bytes ├ Part of Prefix Serialization 54 // - tree 1 byte │ 55 // - Sequence 4 bytes │ 56 // ┘ 57 // ┐ 58 // - ValueIn 8 bytes │ 59 // - Height 4 bytes ├ Part of Witness Serialization 60 // - Index 4 bytes │ 61 // ┘ 62 // Total: 57 bytes 63 InputSize int64 = 32 + 4 + 1 + 4 + 8 + 4 + 4 64 65 // OutputSize is the size of the fixed (always present) elements serialized, 66 // stored and relayed for each transaction output. When calculating the full 67 // serialized size of an output, add the length of the corresponding 68 // pkscript and of the varint that encodes the length of the pkscript. It is 69 // calculated as: 70 // 71 // - Value 8 bytes 72 // - ScriptVersion 2 bytes 73 // 74 // Total: 10 bytes 75 OutputSize int64 = 8 + 2 76 77 // The Following P2*PkScriptSize constants record the size of the standard 78 // public key scripts used in decred transactions' outputs. 79 80 // P2PKHPkScriptSize is the size of a transaction output script that 81 // pays to a compressed pubkey hash. It is calculated as: 82 // 83 // - OP_DUP 1 byte 84 // - OP_HASH160 1 byte 85 // - OP_DATA_20 1 byte 86 // - pubkey hash 20 bytes 87 // - OP_EQUALVERIFY 1 byte 88 // - OP_CHECKSIG 1 byte 89 // 90 // Total: 25 bytes 91 P2PKHPkScriptSize int64 = 1 + 1 + 1 + 20 + 1 + 1 92 93 // P2PKHOutputSize is the size of an output that pays to a P2PKH script. 94 // It is calculated as: 95 // 96 // - Output 10 bytes 97 // - Script Size varint 1 byte 98 // - P2PKScript 25 bytes 99 // 100 // Total: 36 bytes. 101 P2PKHOutputSize int64 = OutputSize + 1 + P2PKHPkScriptSize 102 103 // P2SHPkScriptSize is the size of a transaction output script that 104 // pays to a script hash. It is calculated as: 105 // 106 // - OP_HASH160 1 byte 107 // - OP_DATA_20 1 byte 108 // - script hash 20 bytes 109 // - OP_EQUAL 1 byte 110 // 111 // Total: 23 bytes 112 P2SHPkScriptSize int64 = 1 + 1 + 20 + 1 113 114 // P2SHOutputSize is the size of a transaction output that pays to a P2SH 115 // script. It is calculated as: 116 // 117 // - Output 10 bytes 118 // - Script Size varint 1 byte 119 // - P2SH script 23 bytes 120 // 121 // Total: 34 bytes. 122 P2SHOutputSize int64 = OutputSize + 1 + P2SHPkScriptSize 123 124 // P2UnknownScriptOutputSize is the max size of a transaction output 125 // that pays to an unknwon but still standard output script. This is 126 // set to the same value as a P2PKH script as that is the largest size 127 // of a standard output script. 128 P2UnknownScriptOutputSize int64 = P2PKHOutputSize 129 130 // The Following *SigScriptSize constants record the worst possible 131 // size of the standard signature scripts used to redeem the corresponding 132 // public key scripts in decred transactions' input. 133 134 // P2PKHSigScriptSize is the worst case (largest) serialize size of a 135 // transaction input script that redeems a compressed P2PKH output. It is 136 // calculated as: 137 // 138 // - OP_DATA_73 1 byte 139 // - signature+hash_type 73 bytes 140 // - OP_DATA_33 1 byte 141 // - compressed pubkey 33 bytes 142 // 143 // Total: 108 bytes 144 P2PKHSigScriptSize int64 = 1 + 73 + 1 + 33 145 146 // The following **RedeemScriptSize constants record sizes for LN-specific 147 // redeem scripts that are pushed to SigScripts when redeeming LN-specific 148 // P2SH outputs. 149 150 // multiSig2Of2RedeemScriptSize is the size of a 2-of-2 multisig script. It is 151 // calculated as: 152 // 153 // - OP_2 1 byte 154 // - OP_DATA_33 1 byte 155 // - pubkey_alice 33 bytes 156 // - OP_DATA_33 1 byte 157 // - pubkey_bob 33 bytes 158 // - OP_2 1 byte 159 // - OP_CHECKMULTISIG 1 byte 160 // 161 // Total: 71 bytes 162 multiSig2Of2RedeemScriptSize int64 = 1 + 1 + 33 + 1 + 33 + 1 + 1 163 164 // toLocalRedeemScriptSize is the worst (largest) size of a redeemScript used in 165 // RSMC outputs for the "local" node; in other words, it's the size of the 166 // script for those outputs that may be redeemed by the local node after a 167 // delay or by the counterparty by using a breach remedy key/transaction. 168 // The size is calculated as: 169 // 170 // - OP_IF 1 byte 171 // - OP_DATA_33 1 byte 172 // - revoke_key 33 bytes 173 // - OP_ELSE 1 byte 174 // - OP_DATA_5 1 byte 175 // - csv_delay 5 bytes 176 // - OP_CHECKSEQUENCEVERIFY 1 byte 177 // - OP_DROP 1 byte 178 // - OP_DATA_33 1 byte 179 // - delay_key 33 bytes 180 // - OP_ENDIF 1 byte 181 // - OP_CHECKSIG 1 byte 182 // 183 // Total: 80 bytes 184 // 185 // TODO(decred) verify whether the maximum csv_delay can actually occupy the 186 // full 5 bytes (which is the maximum used by OP_CHECKSEQUENCEVERIFY). 187 toLocalRedeemScriptSize int64 = 1 + 1 + 33 + 1 + 1 + 5 + 1 + 1 + 1 + 33 + 1 + 1 188 189 // acceptedHtlcRedeemScriptSize is the worst (largest) size of a 190 // redeemScript used by the local node when receiving payment via an HTLC 191 // output. In BOLT03 this is called a "Received HTLC Output". 192 // 193 // Currently generated by receiverHTLCScript(). 194 // 195 // This is calculated as: 196 // 197 // - OP_DUP 1 byte 198 // - OP_HASH160 1 byte 199 // - OP_DATA_20 1 byte 200 // - RIPEMD160(SHA256(revocationkey)) 20 bytes 201 // - OP_EQUAL 1 byte 202 // - OP_IF 1 byte 203 // - OP_CHECKSIG 1 byte 204 // - OP_ELSE 1 byte 205 // - OP_DATA_33 1 byte 206 // - remotekey 33 bytes 207 // - OP_SWAP 1 byte 208 // - OP_SIZE 1 byte 209 // - OP_DATA_1 1 byte 210 // - 32 1 byte 211 // - OP_EQUAL 1 byte 212 // - OP_IF 1 byte 213 // - OP_SHA256 1 byte 214 // - OP_RIPEMD160 1 byte 215 // - OP_DATA_20 1 byte 216 // - RIPEMD160(payment_hash) 20 bytes 217 // - OP_EQUALVERIFY 1 byte 218 // - OP_2 1 byte 219 // - OP_SWAP 1 byte 220 // - OP_DATA_33 1 byte 221 // - localkey 33 bytes 222 // - OP_2 1 byte 223 // - OP_CHECKMULTISIG 1 byte 224 // - OP_ELSE 1 byte 225 // - OP_DROP 1 byte 226 // - OP_DATA_5 1 byte 227 // - cltv_expiry 5 bytes 228 // - OP_CHECKLOCKTIMEVERIFY 1 byte 229 // - OP_DROP 1 byte 230 // - OP_CHECKSIG 1 byte 231 // - OP_ENDIF 1 byte 232 // - OP_DATA_1 1 byte // The following 3 ops starting here 233 // - OP_CHECKSEQUENCEVERIFY 1 byte // (OP_DATA_1, OP_CSV, OP_DROP) are 234 // - OP_DROP 1 byte // only used in the confirmed version. 235 // - OP_ENDIF 1 byte 236 // 237 // Total: 142 bytes 238 // 239 // Note: Unfortunately a previous version of this had an off-by-one 240 // error where it failed to account for the OP_DATA_1 (in addition to 241 // the 32 int data push). We subtract that byte here to enable new nodes 242 // to complete payments to old nodes. 243 // 244 // TODO(decred) verify whether the maximum cltv_expirt can actually occupy 245 // the full 5 bytes (which is the maximum used by OP_CHECKLOCKTIMEVERIFY). 246 acceptedHtlcRedeemScriptSize int64 = 3*1 + 20 + 5*1 + 33 + 9*1 + 20 + 4*1 + 247 33 + 5*1 + 5 + 5*1 + offByOneCompatDecrement 248 249 // acceptedHtlcRedeemScriptSizeConfirmed is the size of an accepted HTLC 250 // redeem script with the added ops for anchor outputs. 251 // acceptedHtlcRedeemScriptSizeConfirmed int64 = acceptedHtlcRedeemScriptSize + 252 // htlcConfirmedScriptOverhead 253 254 // offeredHtlcRedeemScriptSize is the worst (largest) size of a redeemScript used 255 // by the local node when sending payment via an HTLC output. 256 // 257 // Currently generated by senderHTLCScript(). 258 // 259 // This is calculated as: 260 // 261 // - OP_DUP 1 byte 262 // - OP_HASH160 1 byte 263 // - OP_DATA_20 1 byte 264 // - RIPEMD160(SHA256(revocationkey)) 20 bytes 265 // - OP_EQUAL 1 byte 266 // - OP_IF 1 byte 267 // - OP_CHECKSIG 1 byte 268 // - OP_ELSE 1 byte 269 // - OP_DATA_33 1 byte 270 // - remotekey 33 bytes 271 // - OP_SWAP 1 byte 272 // - OP_SIZE 1 byte 273 // - OP_DATA_32 1 byte 274 // - 32 1 byte 275 // - OP_EQUAL 1 byte 276 // - OP_NOTIF 1 byte 277 // - OP_DROP 1 byte 278 // - OP_2 1 byte 279 // - OP_SWAP 1 byte 280 // - OP_DATA_33 1 byte 281 // - localkey 33 bytes 282 // - OP_2 1 byte 283 // - OP_CHECKMULTISIG 1 byte 284 // - OP_ELSE 1 byte 285 // - OP_SHA256 1 byte 286 // - OP_RIPEMD160 1 byte 287 // - OP_DATA_20 1 byte 288 // - RIPEMD160(payment_hash) 20 bytes 289 // - OP_EQUALVERIFY 1 byte 290 // - OP_CHECKSIG 1 byte 291 // - OP_ENDIF 1 byte 292 // - OP_1 1 byte // The following 3 ops 293 // - OP_CHECKSEQUENCEVERIFY 1 byte // are only used in the 294 // - OP_DROP 1 byte // "confirmed" version. 295 // - OP_ENDIF 1 byte 296 // 297 // Total: 134 bytes 298 offeredHtlcRedeemScriptSize int64 = 3*1 + 20 + 5*1 + 33 + 10*1 + 33 + 6*1 + 20 + 4*1 299 300 // offeredHtlcRedeemScriptSizeConfirmed is the size of an offered HTLC 301 // redeem script with the added ops that require output confirmation. 302 // offeredHtlcRedeemScriptSizeConfirmed = offeredHtlcRedeemScriptSize + 303 // htlcConfirmedScriptOverhead 304 305 // AnchorRedeemScriptSize is the size of the redeem script used for 306 // anchor outputs of commitment transactions. 307 // 308 // This is calculated as: 309 // 310 // - pubkey_length 1 byte 311 // - pubkey 33 bytes 312 // - OP_CHECKSIG 1 byte 313 // - OP_IFDUP 1 byte 314 // - OP_NOTIF 1 byte 315 // - OP_16 1 byte 316 // - OP_CSV 1 byte 317 // - OP_ENDIF 1 byte 318 // 319 // Total: 40 bytes 320 AnchorRedeemScriptSize = 1 + 33 + 6*1 321 322 // The following *SigScript constants record sizes for various types of 323 // LN-specific sigScripts, spending outputs that use one of the custom 324 // redeem scripts. These constants are the sum of the script data push 325 // plus the actual sig script data required for redeeming one of the 326 // script's code paths. 327 // 328 // All constants are named according to the schema 329 // [tx-type][code-path]sigScriptSize. See the above *RedeemScriptSize 330 // comments for explanations of each possible tx type/redeem script. 331 332 // FundingOutputSigScriptSize is the size of a sigScript used when 333 // redeeming a funding transaction output. This includes signatures for 334 // both alice's and bob's keys plus the 2-of-2 multisig redeemScript. It 335 // is calculated as: 336 // 337 // - OP_DATA_73 1 byte 338 // - alice_sig+hash_type 73 bytes 339 // - OP_DATA_73 1 byte 340 // - bob_sig+hash_type 73 bytes 341 // - OP_DATA_71 1 byte 342 // - multisig_2of2_script 71 bytes 343 // 344 // Total: 220 bytes 345 FundingOutputSigScriptSize int64 = 1 + 73 + 1 + 73 + 1 + 346 multiSig2Of2RedeemScriptSize 347 348 // ToLocalTimeoutSigScriptSize is the size of sigScript used when 349 // redeeming a toLocalScript using the "timeout" code path. 350 // 351 // - OP_DATA_73 1 byte 352 // - local_delay_sig+hash_type 73 bytes 353 // - OP_0 1 byte 354 // - OP_PUSHDATA1 1 byte 355 // - 80 1 byte 356 // - to_local_timeout script 80 bytes 357 // 358 // Total: 157 bytes 359 ToLocalTimeoutSigScriptSize int64 = 1 + 73 + 1 + 1 + 1 + 360 toLocalRedeemScriptSize 361 362 // ToLocalPenaltySigScriptSize is the size of a sigScript used when 363 // redeeming a toLocalScript using the "penalty" code path. 364 // 365 // - OP_DATA_73 1 byte 366 // - revocation_sig+hash_type 73 bytes 367 // - OP_TRUE 1 byte 368 // - OP_PUSHDATA1 1 byte 369 // - 80 1 byte 370 // - to_local_timeout script 80 bytes 371 // 372 // Total: 157 bytes 373 // old ToLocalPenaltyWitnessSize 374 ToLocalPenaltySigScriptSize int64 = 1 + 73 + 1 + 1 + 1 + 375 toLocalRedeemScriptSize 376 377 // ToRemoteConfirmedRedeemScriptSize 378 // - OP_DATA 1 byte 379 // - to_remote_key 33 bytes 380 // - OP_CHECKSIGVERIFY 1 byte 381 // - OP_1 1 byte 382 // - OP_CHECKSEQUENCEVERIFY 1 byte 383 // 384 // Total: 37 bytes 385 ToRemoteConfirmedRedeemScriptSize = 1 + 33 + 1 + 1 + 1 386 387 // ToRemoteConfirmedWitnessSize 388 // 389 // - OP_DATA_73 1 byte 390 // - sender_sig + hash_type 73 bytes 391 // - OP_DATA_37 1 byte 392 // - confirmed_redeem_script 37 bytes 393 // 394 // Total: 395 ToRemoteConfirmedWitnessSize = 1 + 73 + 1 + ToRemoteConfirmedRedeemScriptSize 396 397 // AcceptedHtlcTimeoutSigScriptSize is the size of a sigScript used 398 // when redeeming an acceptedHtlcScript using the "timeout" code path. 399 // 400 // - OP_DATA_73 1 byte 401 // - sender_sig+hash_type 73 bytes 402 // - OP_0 1 byte 403 // - OP_PUSHDATA1 1 byte 404 // - 140 1 byte 405 // - accepted_htlc script 142 bytes 406 // 407 // Total: 219 bytes 408 AcceptedHtlcTimeoutSigScriptSize int64 = 1 + 73 + 1 + 1 + 1 + 409 acceptedHtlcRedeemScriptSize 410 411 // AcceptedHtlcTimeoutSigScriptSizeConfirmed is the same as 412 // AcceptedHtlcTimeoutSigScriptSize with the added overhead for the 413 // additional ops that require output confirmation. 414 // 415 // Total: 222 bytes 416 AcceptedHtlcTimeoutSigScriptSizeConfirmed = AcceptedHtlcTimeoutSigScriptSize + 417 htlcConfirmedScriptOverhead 418 419 // AcceptedHtlcSuccessSigScriptSize is the size of a sigScript used 420 // when redeeming an acceptedHtlcScript using the "success" code path. 421 // 422 // - OP_DATA_73 1 byte 423 // - sig_alice+hash_type 73 bytes 424 // - OP_DATA_73 1 byte 425 // - sig_bob+hash_type 73 bytes 426 // - OP_DATA_32 1 byte 427 // - payment_preimage 32 bytes 428 // - OP_PUSHDATA1 1 byte 429 // - 145 1 byte 430 // - accepted_htlc script 142 bytes 431 // 432 // Total: 325 bytes 433 AcceptedHtlcSuccessSigScriptSize int64 = 1 + 73 + 1 + 73 + 1 + 32 + 434 1 + 1 + acceptedHtlcRedeemScriptSize 435 436 // AcceptedHtlcSuccessSigScriptSizeConfirmed is the size of a sigScript 437 // used when redeeming an acceptedHtlcScript using the "success" code 438 // path when the redeem script includes the additional OP_CSV check. 439 AcceptedHtlcSuccessSigScriptSizeConfirmed = AcceptedHtlcSuccessSigScriptSize + 440 htlcConfirmedScriptOverhead 441 442 // AcceptedHtlcPenaltySigScriptSize is the size of a sigScript used 443 // when redeeming an acceptedHtlcScript using the "penalty" code path. 444 // 445 // - OP_DATA_73 1 byte 446 // - revocation_sig+hash_type 73 bytes 447 // - OP_DATA_33 1 byte 448 // - revocation_key 33 bytes 449 // - OP_PUSHDATA1 1 byte 450 // - 140 1 byte 451 // - accepted_htlc script 142 bytes 452 // 453 // Total: 252 bytes 454 AcceptedHtlcPenaltySigScriptSize int64 = 1 + 73 + 1 + 33 + 1 + 1 + 455 acceptedHtlcRedeemScriptSize 456 457 // AcceptedHtlcPenaltySigScriptSizeConfirmed is the same as 458 // AcceptedHtlcPenaltySigScriptSize with the added overhead for the 459 // ops that require output confirmation. 460 // 461 // Total: 255 bytes 462 AcceptedHtlcPenaltySigScriptSizeConfirmed = AcceptedHtlcPenaltySigScriptSize + 463 htlcConfirmedScriptOverhead 464 465 // OfferedHtlcTimeoutSigScriptSize is the size of a sigScript used 466 // when redeeming an offeredHtlcScript using the "timeout" code path. 467 // 468 // - OP_DATA_73 1 byte 469 // - sig_alice+hash_type 73 bytes 470 // - OP_DATA_73 1 byte 471 // - sig_bob+hash_type 73 bytes 472 // - OP_0 1 byte 473 // - OP_PUSHDATA1 1 byte 474 // - 134 1 byte 475 // - offered_htlc script 134 bytes 476 // 477 // Total: 285 bytes 478 OfferedHtlcTimeoutSigScriptSize int64 = 1 + 73 + 1 + 73 + 1 + 1 + 479 1 + offeredHtlcRedeemScriptSize 480 481 // OfferedHtlcTimeoutSigScriptSizeConfirmed is the size of a sigScript used 482 // when redeeming an offeredHtlcScript using the "timeout" code path, 483 // when the script includes the additional OP_CSV check. 484 // 485 // Total: 288 bytes 486 OfferedHtlcTimeoutSigScriptSizeConfirmed = OfferedHtlcTimeoutSigScriptSize + 487 htlcConfirmedScriptOverhead 488 489 // OfferedHtlcSuccessSigScriptSize is the size of a sigScript used 490 // when redeeming an offeredHtlcScript using the "success" code path. 491 // 492 // - OP_DATA_73 1 byte 493 // - receiver_sig+hash_type 73 bytes 494 // - OP_DATA_32 1 byte 495 // - payment_preimage 32 bytes 496 // - OP_PUSHDATA1 1 byte 497 // - 137 1 byte 498 // - offered_htlc script 134 bytes 499 // 500 // Total: 243 bytes 501 OfferedHtlcSuccessSigScriptSize int64 = 1 + 73 + 1 + 32 + 502 1 + 1 + offeredHtlcRedeemScriptSize 503 504 // OfferedHtlcSuccessSigScriptSizeConfirmed is the same as 505 // OfferedHtlcSuccessSigScriptSizeConfirmed with the added overhead 506 // for the ops that require output confirmation. 507 // 508 // Total: 246 bytes 509 OfferedHtlcSuccessSigScriptSizeConfirmed = OfferedHtlcSuccessSigScriptSize + 510 htlcConfirmedScriptOverhead 511 512 // OfferedHtlcPenaltySigScriptSize is the size of a sigScript used 513 // when redeeming an offeredHtlcScript using the "penalty" code path. 514 // 515 // - OP_DATA_73 1 byte 516 // - revocation_sig+hash_type 73 bytes 517 // - OP_DATA_33 1 byte 518 // - revocation_key 33 bytes 519 // - OP_PUSHDATA1 1 byte 520 // - 137 1 byte 521 // - offered_htlc script 134 bytes 522 // 523 // Total: 243 bytes 524 OfferedHtlcPenaltySigScriptSize int64 = 1 + 73 + 1 + 33 + 1 + 1 + 525 offeredHtlcRedeemScriptSize 526 527 // OfferedHtlcPenaltySigScriptSizeConfirmed is the same as OfferedHtlcPenaltySigScriptSize, 528 // with the added overhead for the ops that require output confirmation. 529 // 530 // Total: 247 bytes 531 OfferedHtlcPenaltySigScriptSizeConfirmed = OfferedHtlcPenaltySigScriptSize + 532 htlcConfirmedScriptOverhead 533 534 // AnchorSigScriptSize is the size of the signature script used when 535 // redeeming anchor outputs of commitment transactions. 536 // 537 // It is calculated as: 538 // 539 // - signature_length 1 byte 540 // - signature 73 bytes 541 // - anchor_script_length 1 byte 542 // - anchor_script 40 bytes 543 // 544 // Total: 115 bytes 545 AnchorSigScriptSize = 1 + 73 + 1 + AnchorRedeemScriptSize 546 547 // AnchorAnyoneSigScriptSize is the size of the signature script used 548 // when redeeming anchor outputs via the anyone-can-redeem branch of 549 // the anchor script. 550 // 551 // It is calculated as: 552 // 553 // - OP_FALSE 1 byte 554 // - anchor_script_length 1 byte 555 // - anchor_script 40 bytes 556 // 557 // Total: 42 bytes 558 AnchorAnyoneSigScriptSize = 1 + 1 + AnchorRedeemScriptSize 559 560 // The following constants record pre-calculated inputs, outputs and 561 // transaction sizes for common transactions found in the LN ecosystem. 562 563 // HTLCOutputSize is the size of an HTLC Output (a p2sh output) used in 564 // commitment transactions. 565 // 566 // - Output (value+version) 10 bytes 567 // - pkscript varint 1 byte 568 // - p2sh pkscript 23 bytes 569 // 570 // Total: 34 bytes 571 HTLCOutputSize int64 = OutputSize + 1 + P2SHPkScriptSize 572 573 // CommitmentTxSize is the base size of a commitment transaction without any 574 // HTLCs. 575 // 576 // Note: This uses 2 byte varints for output counts to account for the fact 577 // that a full commitment transaction using the maximum allowed number of 578 // HTLCs may use one extra byte for the output count varint. 579 // 580 // It is calculated as: 581 // 582 // - base tx size 12 bytes 583 // - input count prefix varint 1 byte 584 // - input 57 bytes 585 // - output count prefix varint 3 bytes 586 // - remote output 10 bytes 587 // - p2pkh remote varint 1 byte 588 // - p2pkh remote pkscript 25 bytes 589 // - local output 10 bytes 590 // - p2sh local varint 1 byte 591 // - p2sh local pkscript 23 bytes 592 // - input count witness varint 1 byte 593 // - funding tx sigscript varint 1 byte 594 // - funding tx sigscript 220 bytes 595 // 596 // Unfortunately, a previous version of this constant erroneously 597 // listed the "output count prefix varint" as 2 bytes instead of the 598 // correct 3 bytes, so we need to subtract this one byte otherwise 599 // opening channels between new and old versions get broken and 600 // channels are automatically closed upon new HTLCs. 601 // 602 // Total: 364 bytes 603 CommitmentTxSize int64 = baseTxSize + 1 + InputSize + 3 + 604 OutputSize + 1 + P2PKHPkScriptSize + OutputSize + 1 + P2SHPkScriptSize + 605 1 + 1 + FundingOutputSigScriptSize + offByOneCompatDecrement 606 607 // CommitmentWithAnchorsTxSize is the base size of a commitment 608 // transaction that also contains 2 anchor outputs. It is based on the 609 // original commitment tx size with the additional outputs added to it. 610 // 611 // Given the current limits for maximum number of HTLCs in a single 612 // commitment tx, the addition of two outputs doesn't trigger a bump in 613 // the varints for output counts. 614 // 615 // It is calculated as: 616 // 617 // - CommitmentTxSize 364 bytes 618 // - remote anchor output 10 bytes 619 // - p2sh remote varint 1 byte 620 // - p2sh remote pkscript 23 bytes 621 // - p2sh local anchor output 10 bytes 622 // - p2sh local varint 1 byte 623 // - p2sh local pkscript 23 bytes 624 // 625 // Total: 432 bytes 626 CommitmentWithAnchorsTxSize int64 = CommitmentTxSize + 2*OutputSize + 627 2*1 + 2*P2SHPkScriptSize 628 629 // htlcConfirmedScriptOverhead is the extra length of an HTLC script 630 // that requires confirmation before it can be spent. These extra bytes 631 // is a result of the extra CSV check. 632 htlcConfirmedScriptOverhead = 3 633 634 // HTLCTimeoutSize is the worst case (largest) size of the HTLC timeout 635 // transaction which will transition an outgoing HTLC to the 636 // delay-and-claim state. The worst case for a timeout transaction is 637 // when redeeming an offered HTCL (which uses a larger sigScript). It 638 // is calculated as: 639 // 640 // - base tx size 12 bytes 641 // - input count prefix varint 1 byte 642 // - input 57 bytes 643 // - output count prefix varint 1 byte 644 // - output 10 bytes 645 // - p2sh pkscript varint 1 byte 646 // - p2sh pkscript 23 bytes 647 // - input count witness varint 1 byte 648 // - offered_htlc_timeout sigscript varint 3 bytes 649 // - offered_htlc_timeout sigscript 284 bytes 650 // 651 // Total: 393 bytes 652 // 653 // Also note that due to a previous mistake in calculating the varint 654 // size, the "offered_htlc_timeout sigscript varint" was initially one 655 // byte smaller than it should have been (2 vs 3). We subtract this 656 // byte so that new nodes can still send payments to older nodes. Not 657 // doing this would mean HTLC timeout signatures exchanged duting a 658 // commit_sig message become invalid. 659 // 660 // TODO(decred) Double check correctness of selected sigScript 661 // alternative 662 HTLCTimeoutTxSize int64 = baseTxSize + 1 + InputSize + 1 + OutputSize + 1 + 663 P2SHPkScriptSize + 1 + 3 + OfferedHtlcTimeoutSigScriptSize + 664 offByOneCompatDecrement 665 666 // HTLCTimeoutConfirmedTxSize is the size of the HTLC timeout 667 // transaction which will transition an outgoing HTLC to the 668 // delay-and-claim state, for the confirmed HTLC outputs. It is 3 bytes 669 // larger because of the additional CSV check in the input script. 670 HTLCTimeoutConfirmedTxSize = HTLCTimeoutTxSize + htlcConfirmedScriptOverhead 671 672 // HTLCSuccessSize is the worst case (largest) size of the HTLC success 673 // transaction which will transition an HTLC tx to the delay-and-claim 674 // state. The worst case for a success transaction is when redeeming an 675 // accepted HTLC (which has a larger sigScript). It is calculated as: 676 // 677 // - base tx Size 12 bytes 678 // - input count prefix varint 1 byte 679 // - input 57 bytes 680 // - output count prefix varint 1 byte 681 // - output 10 bytes 682 // - p2pkh pkscript varint 1 byte 683 // - p2pkh pkscript 25 bytes 684 // - input count witness varint 1 byte 685 // - accepted_htlc_success sigscript varint 3 bytes 686 // - accepted_htlc_timeout sigscript 323 bytes 687 // 688 // Total: 434 bytes 689 // 690 // TODO(decred) Double check correctness of selected sigScript 691 // alternative 692 HTLCSuccessTxSize int64 = baseTxSize + 1 + InputSize + 1 + OutputSize + 1 + 693 P2PKHPkScriptSize + 1 + 3 + AcceptedHtlcSuccessSigScriptSize + 694 offByOneCompatDecrement 695 696 // HTLCSuccessConfirmedTxSize is the size of the HTLC success 697 // transaction which will transition an incoming HTLC to the 698 // delay-and-claim state, for the confirmed HTLC outputs. It is 3 bytes 699 // larger because of the conditional CSV check in the input script. 700 HTLCSuccessConfirmedTxSize = HTLCSuccessTxSize + htlcConfirmedScriptOverhead 701 702 // LeaseRedeemScriptSizeOverhead represents the size overhead in bytes 703 // of the redeem scripts used within script enforced lease commitments. 704 // This overhead results from the additional CLTV clause required to 705 // spend. 706 // 707 // - OP_DATA: 1 byte 708 // - lease_expiry: 4 bytes 709 // - OP_CHECKLOCKTIMEVERIFY: 1 byte 710 // - OP_DROP: 1 byte 711 LeaseRedeemScriptSizeOverhead = 1 + 4 + 1 + 1 712 713 // MaxHTLCNumber is the maximum number HTLCs which can be included in a 714 // commitment transaction. This limit was chosen such that, in the case 715 // of a contract breach, the punishment transaction is able to sweep 716 // all the HTLC's yet still remain below the widely used standard size 717 // limits. 718 // 719 // This number is derived (as explained in BOLT-0005) by assuming a 720 // penalty transaction will redeem the following elements (along with 721 // their respective sizes): 722 // 723 // - base tx size 12 bytes 724 // - output count varint 1 byte 725 // - p2pkh output 36 bytes 726 // - input count prefix varint 3 bytes 727 // - input count witness varint 3 bytes 728 // - to_remote commitment output 729 // - input 57 bytes 730 // - sigscript varint 1 byte 731 // - 2-of-2 multisig sigscript 220 bytes 732 // - to_local commitment output 733 // - input 57 bytes 734 // - sigscript varint 1 byte 735 // - to_local penalty sigscript 157 bytes 736 // - n accepted_htlc_penalty inputs 737 // - input 57 bytes 738 // - sigscript varint 3 bytes 739 // - sigscript 255 bytes 740 // 741 // The "n" maximum number of redeemable htlcs can thus be calculated 742 // (where static_data is everything _except_ the variable number of 743 // htlc outputs): 744 // 745 // = (max_tx_size - static_data) / accepted_htlc_penalty_size 746 // = ( 100000 - 548 ) / (57 + 3 + 255) 747 // = 315 htlcs 748 // 749 // To guard for the fact that we might have made a mistake in the above 750 // calculations, we'll further reduce this down by ~5% for the moment 751 // until others have thoroughly reviewed these numbers. 752 MaxHTLCNumber = 300 753 ) 754 755 type dummySignature struct{} 756 757 func (d *dummySignature) Serialize() []byte { 758 // Always return worst-case signature length, excluding the one byte 759 // sighash flag. 760 return make([]byte, 73-1) 761 } 762 763 func (d *dummySignature) Verify(_ []byte, _ *secp256k1.PublicKey) bool { 764 return true 765 } 766 767 // dummySigner is a fake signer used for size (upper bound) calculations. 768 type dummySigner struct { 769 Signer 770 } 771 772 // SignOutputRaw generates a signature for the passed transaction according to 773 // the data within the passed SignDescriptor. 774 func (s *dummySigner) SignOutputRaw(tx *wire.MsgTx, 775 signDesc *SignDescriptor) (Signature, error) { 776 777 return &dummySignature{}, nil 778 } 779 780 var ( 781 // dummyPubKey is a pubkey used in script size calculation. 782 dummyPubKey = secp256k1.PublicKey{} 783 784 // dummyAnchorScript is a script used for size calculation. 785 dummyAnchorScript, _ = CommitScriptAnchor(&dummyPubKey) 786 787 // dummyAnchorWitness is a witness used for size calculation. 788 dummyAnchorWitness, _ = CommitSpendAnchor( 789 &dummySigner{}, 790 &SignDescriptor{ 791 KeyDesc: keychain.KeyDescriptor{ 792 PubKey: &dummyPubKey, 793 }, 794 WitnessScript: dummyAnchorScript, 795 }, 796 nil, 797 ) 798 799 // AnchorWitnessSize 116 bytes 800 AnchorWitnessSize = int64(dummyAnchorWitness.WitnessSerializeSize()) 801 ) 802 803 // EstimateCommitmentTxSize estimates the size of a commitment transaction 804 // assuming that it has an additional 'count' HTLC outputs appended to it. 805 func EstimateCommitmentTxSize(count int) int64 { 806 // Size of 'count' HTLC outputs. 807 htlcsSize := int64(count) * HTLCOutputSize 808 809 return CommitmentTxSize + htlcsSize 810 } 811 812 // TxSizeEstimator is able to calculate size estimates for transactions based on 813 // the input and output types. For purposes of estimation, all signatures are 814 // assumed to be of the maximum possible size, 73 bytes. Each method of the 815 // estimator returns an instance with the estimate applied. This allows callers 816 // to chain each of the methods 817 type TxSizeEstimator struct { 818 inputCount uint32 819 outputCount uint32 820 InputSize int64 821 OutputSize int64 822 } 823 824 // AddP2PKHInput updates the size estimate to account for an additional input 825 // spending a P2PKH output. 826 func (twe *TxSizeEstimator) AddP2PKHInput() *TxSizeEstimator { 827 scriptLenSerSize := int64(1) // varint for the following sigScript 828 twe.InputSize += InputSize + scriptLenSerSize + P2PKHSigScriptSize 829 twe.inputCount++ 830 831 return twe 832 } 833 834 // AddCustomInput updates the size estimate to account for an additional input, 835 // such that the caller is responsible for specifying the full estimated size of 836 // the sigScript. 837 // 838 // Note that the caller is entirely responsible for calculating the correct size 839 // of the sigScript. This function only adds the overhead of the fixed input 840 // data (prefix serialization) and of the varint for recording the sigScript 841 // size. 842 func (twe *TxSizeEstimator) AddCustomInput(sigScriptSize int64) *TxSizeEstimator { 843 scriptLenSerSize := int64(wire.VarIntSerializeSize(uint64(sigScriptSize))) 844 twe.InputSize += InputSize + scriptLenSerSize + sigScriptSize 845 twe.inputCount++ 846 847 return twe 848 } 849 850 // AddTxOutput adds a known TxOut to the weight estimator. 851 func (twe *TxSizeEstimator) AddTxOutput(txOut *wire.TxOut) *TxSizeEstimator { 852 twe.OutputSize += int64(txOut.SerializeSize()) 853 twe.outputCount++ 854 855 return twe 856 } 857 858 // AddP2PKHOutput updates the size estimate to account for an additional P2PKH 859 // output. 860 func (twe *TxSizeEstimator) AddP2PKHOutput() *TxSizeEstimator { 861 scriptLenSerSize := int64(1) // varint for the following pkScript 862 twe.OutputSize += OutputSize + scriptLenSerSize + P2PKHPkScriptSize 863 twe.outputCount++ 864 865 return twe 866 } 867 868 // AddP2SHOutput updates the size estimate to account for an additional P2SH 869 // output. 870 func (twe *TxSizeEstimator) AddP2SHOutput() *TxSizeEstimator { 871 scriptLenSerSize := int64(1) // varint for the following pkScript 872 twe.OutputSize += OutputSize + scriptLenSerSize + P2SHPkScriptSize 873 twe.outputCount++ 874 875 return twe 876 } 877 878 // Size gets the estimated size of the transaction. 879 func (twe *TxSizeEstimator) Size() int64 { 880 return baseTxSize + 881 int64(wire.VarIntSerializeSize(uint64(twe.inputCount))) + // prefix len([]TxIn) varint 882 twe.InputSize + // prefix []TxIn + witness []TxIn 883 int64(wire.VarIntSerializeSize(uint64(twe.outputCount))) + // prefix len([]TxOut) varint 884 twe.OutputSize + // []TxOut prefix 885 int64(wire.VarIntSerializeSize(uint64(twe.inputCount))) // witness len([]TxIn) varint 886 }