Add Shared Input support in interactive TX construction

[optout21]

In interactive TX construction, add support for shared input:

• if we expect a shared input, make sure that the remote node provides it
• if we provide a shared input, make sure that it's accounted appropriately

Additionally, the prevtx field of the TxAddInput message is changed to Optional, as it should not be set for the shared input (it cannot, as the full funding transaction is not stored on the acceptor side) (spec discussion: lightning/bolts#1160 (comment))

To be used by splicing, see #3736 .

Note: this PR does not include splicing negotiation.

[ldk-reviews-bot]

👋 Thanks for assigning @wpaulino as a reviewer!
I'll wait for their review and will help manage the review process.
Once they submit their review, I'll check if a second reviewer would be helpful.

[wpaulino]

This is actually TLV 0, and there's no TLV for prevtx

[wpaulino]

Looks like we'll need to unroll the serialization macro. We need to read prevtx_len and only if it's 0, do we need to read the shared_input_txid TLV.

[optout21]

I think I need help with that

[wpaulino]

Something like this:

diff --git a/lightning/src/ln/msgs.rs b/lightning/src/ln/msgs.rs
index 76db8e67a..6f43ca8c1 100644
--- a/lightning/src/ln/msgs.rs
+++ b/lightning/src/ln/msgs.rs
@@ -29,7 +29,7 @@ use bitcoin::hash_types::Txid;
 use bitcoin::script::ScriptBuf;
 use bitcoin::secp256k1::ecdsa::Signature;
 use bitcoin::secp256k1::PublicKey;
-use bitcoin::{secp256k1, Witness};
+use bitcoin::{secp256k1, Transaction, Witness};
 
 use crate::blinded_path::payment::{
 	BlindedPaymentTlvs, ForwardTlvs, ReceiveTlvs, UnauthenticatedReceiveTlvs,
@@ -2668,15 +2668,59 @@ impl_writeable_msg!(SpliceLocked, {
 	splice_txid,
 }, {});
 
-impl_writeable_msg!(TxAddInput, {
-	channel_id,
-	serial_id,
-	prevtx_out,
-	sequence,
-}, {
-	(0, prevtx, option),
-	(1, shared_input_txid, option), // `funding_txid`
-});
+impl Writeable for TxAddInput {
+	fn write<W: Writer>(&self, w: &mut W) -> Result<(), io::Error> {
+		self.channel_id.write(w)?;
+		self.serial_id.write(w)?;
+		if let Some(prevtx) = self.prevtx.as_ref() {
+			debug_assert!(self.shared_input_txid.is_none());
+			prevtx.write(w)?;
+		} else {
+			debug_assert!(self.shared_input_txid.is_some());
+			0u16.write(w)?;
+		}
+		self.prevtx_out.write(w)?;
+		self.sequence.write(w)?;
+
+		if let Some(shared_input_txid) = self.shared_input_txid.as_ref() {
+			encode_tlv_stream!(w, { (0, shared_input_txid, required) });
+		} else {
+			encode_tlv_stream!(w, {});
+		}
+
+		Ok(())
+	}
+}
+impl LengthReadable for TxAddInput {
+	fn read_from_fixed_length_buffer<R: LengthLimitedRead>(r: &mut R) -> Result<Self, DecodeError> {
+		let channel_id = Readable::read(r)?;
+		let serial_id = Readable::read(r)?;
+		let prevtx_len = <u16 as Readable>::read(r)?;
+		let mut prevtx = None;
+		if prevtx_len > 0 {
+			let mut tx_reader = FixedLengthReader::new(r, prevtx_len as u64);
+			let tx: Transaction = Readable::read(&mut tx_reader)?;
+			if tx_reader.bytes_remain() {
+				return Err(DecodeError::BadLengthDescriptor);
+			}
+			prevtx =
+				Some(TransactionU16LenLimited::new(tx).map_err(|_| DecodeError::InvalidValue)?);
+		}
+		let prevtx_out = Readable::read(r)?;
+		let sequence = Readable::read(r)?;
+
+		let mut shared_input_txid = None;
+		if prevtx_len > 0 {
+			decode_tlv_stream!(r, {});
+		} else {
+			decode_tlv_stream!(r, {
+				(0, shared_input_txid, required),
+			});
+		}
+
+		Ok(Self { channel_id, serial_id, prevtx, prevtx_out, sequence, shared_input_txid })
+	}
+}
 
 impl_writeable_msg!(TxAddOutput, {
 	channel_id,

[optout21]

Thanks, implemented.

[jkczyz]

Related to my previous comment, using a custom serialization isn't needed because we can implement serialization for Option<TransactionU16LenLimited> instead of directly on TransactionU16LenLimited.

However, in order to do so we need to address #3842 (comment) to placate the compiler. I've done both in https://github.com/jkczyz/rust-lightning/commits/pr-3842-fix/, which drops the HEAD commit on your branch. Feel free to cherrypick the top two commits and interleave them / squash with your commits accordingly.

[optout21]

I see, I'll do.

[wpaulino]

We could make this an enum along with shared_input_txid, but I'm not sure what's a good name to call it

[dunxen]

Probably not a good suggestion, but how about just TxInputOrigin with Txid and PrevTx variants?

[optout21]

I think it's a good idea to keep the message struct field names close to the names in the spec.

[jkczyz]

Discussed this offline with @wpaulino. While ideally we could use an enum to represent the correct semantics, in practice we don't want to fail parsing if they are incorrect. Otherwise, we'd disconnect rather than simply abandoning the negotiation.

[ldk-reviews-bot]

🔔 1st Reminder

Hey @dunxen @jkczyz! This PR has been waiting for your review.
Please take a look when you have a chance. If you're unable to review, please let us know so we can find another reviewer.

[ldk-reviews-bot]

🔔 1st Reminder

Hey @dunxen @jkczyz! This PR has been waiting for your review.
Please take a look when you have a chance. If you're unable to review, please let us know so we can find another reviewer.

[ldk-reviews-bot]

🔔 2nd Reminder

Hey @dunxen @jkczyz! This PR has been waiting for your review.
Please take a look when you have a chance. If you're unable to review, please let us know so we can find another reviewer.

[ldk-reviews-bot]

🔔 2nd Reminder

Hey @dunxen @jkczyz! This PR has been waiting for your review.
Please take a look when you have a chance. If you're unable to review, please let us know so we can find another reviewer.

[optout21]

Great, can you push those changes here then and rework the shared funding input work to follow a similar approach?

I managed to do it: first I refactored the shared output support as discussed, then added shared input support in a similar style. Although this PR does not include spicing, I also checked the changes with splicing (shared input is used there).

[wpaulino]

The script_sig is initialized to empty right above this. We should just pass in the actual TxOut and track it as part of shared_funding_input.

[optout21]

Right, but... In the shared case, the TxAddInput messages does not contain prev tx or prev txout. In shared_funding_input we track the prev OutPoint only. Are you suggesting to place a TxOut there? But in case of the acceptor, we don't have that to initialize it. I think in this case we just don't have to create a TxOut. Maybe we can make that optional in SharedOwnedInput?

[wpaulino]

Same comment here about maybe using SharedOwnedInput for shared_funding_input

[wpaulino]

Wasn't all of this already done when we initialized the InteractiveTxConstructor?

[wpaulino]

We shouldn't need to carry around the prev_tx anymore, seems like InteractiveTxInput::input should be of a different type

[wpaulino]

This needs to be the weight of the full witness (see FUNDING_TRANSACTION_WITNESS_WEIGHT) plus the base input weight

[wpaulino]

Is this supposed to be the full channel value of the shared input, or just the locally owned portion of it?

[optout21]

The locally owned portion, as this calculation is for ensuring that the contribution is enough to cover the (locally owned) outputs and fees.

[optout21]

I have some doubts about the possible rounding errors due to the msat->sat conversion.

[optout21]

@wpaulino thanks for the comments. I will process them (I've re-requested review accidentally, please ignore that).

[ldk-reviews-bot]

🔔 3rd Reminder

Hey @dunxen @jkczyz @wpaulino! This PR has been waiting for your review.
Please take a look when you have a chance. If you're unable to review, please let us know so we can find another reviewer.

[ldk-reviews-bot]

🔔 3rd Reminder

Hey @dunxen @jkczyz @wpaulino! This PR has been waiting for your review.
Please take a look when you have a chance. If you're unable to review, please let us know so we can find another reviewer.

[ldk-reviews-bot]

🔔 1st Reminder

Hey @dunxen @jkczyz @wpaulino! This PR has been waiting for your review.
Please take a look when you have a chance. If you're unable to review, please let us know so we can find another reviewer.

[graphite-app]

There appears to be a logic mismatch between the read and write implementations for TxAddInput.

In the write method, the presence of shared_input_txid determines whether prevtx is written:

if let Some(prevtx) = self.prevtx.as_ref() {
    debug_assert!(self.shared_input_txid.is_none());
    prevtx.write(w)?;
} else {
    debug_assert!(self.shared_input_txid.is_some());
    0u16.write(w)?;
}

However, in the read_from_fixed_length_buffer method, the decision to decode the TLV stream with or without shared_input_txid is based on prevtx_len > 0:

if prevtx_len > 0 {
    decode_tlv_stream!(r, {});
} else {
    decode_tlv_stream!(r, {
        (0, shared_input_txid, required),
    });
}

For consistency, the read logic should match the write logic. Consider checking for the presence of a shared input rather than just the length of prevtx. This would ensure that the TLV stream is decoded correctly in all cases.

Suggested change

	if prevtx_len > 0 {
	decode_tlv_stream!(r, {});
	} else {
	decode_tlv_stream!(r, {
	(0, shared_input_txid, required),
	});
	}
	if prevtx_len > 0 {
	decode_tlv_stream!(r, {});
	shared_input_txid = None;
	} else {
	decode_tlv_stream!(r, {
	(0, shared_input_txid, required),
	});
	}

Spotted by Diamond

Is this helpful? React 👍 or 👎 to let us know.

[codecov]

Codecov Report

Attention: Patch coverage is 86.65710% with 93 lines in your changes missing coverage. Please review.

Project coverage is 90.92%. Comparing base (30ab411) to head (96236df).
Report is 58 commits behind head on main.

Files with missing lines	Patch %	Lines
lightning/src/ln/interactivetxs.rs	91.99%	41 Missing and 8 partials ⚠️
lightning/src/ln/msgs.rs	40.00%	34 Missing and 8 partials ⚠️
lightning/src/ln/channel.rs	81.81%	2 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #3842      +/-   ##
==========================================
+ Coverage   89.95%   90.92%   +0.97%     
==========================================
  Files         164      164              
  Lines      131981   142768   +10787     
  Branches   131981   142768   +10787     
==========================================
+ Hits       118718   129812   +11094     
+ Misses      10586    10350     -236     
+ Partials     2677     2606      -71     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[graphite-app]

There appears to be an issue with the script_pubkey generation for shared inputs. The code is using txin.script_sig.to_p2wsh(), but script_sig is empty by default in a newly created TxIn. This would create an incorrect P2WSH script that doesn't match the actual funding output.

For shared inputs, the script_pubkey should either be derived from the actual funding script or passed as a parameter to ensure it correctly matches the previous output being spent. Consider adding the funding script as a parameter to the shared input constructor or deriving it from other available data.

Suggested change

	script_pubkey: txin.script_sig.to_p2wsh(),
	script_pubkey: funding_script.to_p2wsh(),

Spotted by Diamond

Is this helpful? React 👍 or 👎 to let us know.