Abort heads using reference scripts/inputs

[ch1bo]

Why

The current implementation of the Hydra Head cannot always abort a Head initialization. This is because the abort transaction is too big (> 16kB), especially if all it's aborting a mix of both, initial and commit outputs. However, it is vital that we can abort any Head initialized (up to a reasonable number of parties).

What

We want to improve transaction size utilization by not needing to include head, initial and commit scripts in the abort transaction. The upcoming Babbage era features of "reference scripts and inputs" allow us to use scripts from reference inputs as witnesses of spending head, initial and commit outputs. This will allow us to only reference and not include scripts on transactions like abort and collect.

How

After some discussion we decided publishing Head scripts in a distinct transaction on each release of the hydra-node, or more specifically of the hydra-plutus package.

• The scripts are packed into outputs addressed to some v_publish validator, that is parameterized by a HeadVersion, which yields a unique address per Head script version.
• The hydra-node would be aware of this version and the script hashes (compiled into it, like right now) and needs to "discover" these outputs on-chain.
  • We could provide the relevant TxId to the node
  • Or we could "scan the chain" for the relevant addresses (not using the local state query by address) from our starting chain point
• Found reference scripts are checked for integrity against the known script hashes. Any error leads to a shutdown of the hydra-node.
• The v_publish validator shall make the published outputs unspendable, e.g. const False
  • We discussed authorized access or garbage collection, but decided not needing that for now.

We have drafted this design also on Miro here:

Tasks

• Propose an ADR on reference scripts #438
• Update the end-to-end tests to publish reference scripts using such a release transaction
• Update the abortTx to reference these scripts
• Parameterize the hydra-node to take TxId where to find Head script to reference
• Create a tool to publish tagged versions of our scripts onto testnet/mainnet
• Ensure the demo & testnet setups can be still run (i.e. publish scripts there)
• (optional) Scan the chain and verify integrity of published scripts in hydra-node

[ghost]

Random thoughts: Create scripts outputs in the InitTx, tied to a "lock" script that ensures the outputs can only be consumed by an Abort or FanOut transaction.

[ch1bo]

We discussed the approach and agree that we want to focus on the essentials right now:

• no scanning for addresses or checking whether "synched enough"
• no validation of the scripts

just "blindly" use the passed TxId

[ch1bo]

Added changelog entries and some remaining fixes in #459