Re: [bitcoin-dev] User Activated Soft Fork Split Protection

author: James Hilliard <james.hilliard1@gmail.com> 2017-06-06 20:54:37 -0500
committer: bitcoindev <bitcoindev@gnusha.org> 2017-06-07 01:54:40 +0000
commit: fc0ab8440690b57dcf87c3982e15f2cbdceb1f2b (patch)
tree: 910cc7ec6ddc8769f8ba7be07044abfd0d01d2da
parent: 089689d7be2b23eac5b3906463d4a04ce7861dfd (diff)
download: pi-bitcoindev-fc0ab8440690b57dcf87c3982e15f2cbdceb1f2b.tar.gz
pi-bitcoindev-fc0ab8440690b57dcf87c3982e15f2cbdceb1f2b.zip
1 files changed, 281 insertions, 0 deletions
diff --git a/9e/9e4016749f0314af1180c6bbb84fa16f34091e b/9e/9e4016749f0314af1180c6bbb84fa16f34091e
new file mode 100644
index 000000000..ce67c5c93
--- /dev/null
+++ b/9e/9e4016749f0314af1180c6bbb84fa16f34091e
@@ -0,0 +1,281 @@
+Return-Path: <james.hilliard1@gmail.com>
+Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
+	[172.17.192.35])
+	by mail.linuxfoundation.org (Postfix) with ESMTPS id 174ECB76
+	for <bitcoin-dev@lists.linuxfoundation.org>;
+	Wed,  7 Jun 2017 01:54:40 +0000 (UTC)
+X-Greylist: whitelisted by SQLgrey-1.7.6
+Received: from mail-oi0-f43.google.com (mail-oi0-f43.google.com
+	[209.85.218.43])
+	by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 2A23C1DF
+	for <bitcoin-dev@lists.linuxfoundation.org>;
+	Wed,  7 Jun 2017 01:54:39 +0000 (UTC)
+Received: by mail-oi0-f43.google.com with SMTP id p7so5949311oif.2
+	for <bitcoin-dev@lists.linuxfoundation.org>;
+	Tue, 06 Jun 2017 18:54:39 -0700 (PDT)
+DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
+	h=mime-version:in-reply-to:references:from:date:message-id:subject:to
+	:cc; bh=dzqm6L1bgsIWuZ2GZ8eVmKLbC7heWqw7qU+diOCXCjA=;
+	b=U4sgU1N/GxalKHQzRU1f6fTBY33+gyoT8d++kkvAxL1NqPkh7l9eiUxtUlbxoodv9O
+	27PW3MfdtMO0r8TJA29QPuoYe/EWMUQkJkR1I+SypjG5qshBqyGVpj1aykhL3JvWWRAE
+	oIW8DlY8AB6yn++oTa/AehcaYfm+67bTQ9B/lTjUdZntdpSLIKwCK7wYkJVXIy/ySjQ6
+	rKFX3TkueCgV72qccvCJvRz40jP/r5u7t9/WdTxLJ8yIZSoH7PKfSpcsuUipyVUwl6RU
+	6F7pxKQnEO17xSMQgWFUpywKPC/Kh8TYGAcFm7Qda3ZpT5EWv4ubfSaORJ/yGVmJ1vu3
+	UTCQ==
+X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
+	d=1e100.net; s=20161025;
+	h=x-gm-message-state:mime-version:in-reply-to:references:from:date
+	:message-id:subject:to:cc;
+	bh=dzqm6L1bgsIWuZ2GZ8eVmKLbC7heWqw7qU+diOCXCjA=;
+	b=oFN0LuJ1to3PkOg2ZgiIO/FyoYbT5K3N48WHPB8rZAzxMMOe0aYXvhLMTjhZ2uSgYw
+	JIVFgC4TBSQABvplKwoh6Eyqv7AmMp9Pnmww0ENIlsXZ3M7p5aEg2biXI46W7mcy346+
+	AJ6zYM/IfCsgDClmgnCi4qR0Mn2YiRBmNPckeBnz7p7l5PMnMXM61qu88NL0GZYNLCMd
+	deFVWv9iGSYwsI2u7ztTfjk6D6e5X6Rmi45ko7NDEdJSh9KbT7TG2ODnTyR61yKNLoZ/
+	X9ebIaWRRzuBZs1NjBRZcyWbm9ZBYNTSb6htMGyI4fNHGCawt/Zb5jhnxB3TTYrkh2/k
+	19Kw==
+X-Gm-Message-State: AODbwcAL6ZBch8F+F7qXrPnnav9x0+61+nJrvAwreSnZWaBZvYtTs7Vr
+	zU2XtxpzpwRt6y2b2Vzeo14BXGMZmKSX
+X-Received: by 10.202.87.21 with SMTP id l21mr13781219oib.214.1496800478362;
+	Tue, 06 Jun 2017 18:54:38 -0700 (PDT)
+MIME-Version: 1.0
+Received: by 10.182.224.230 with HTTP; Tue, 6 Jun 2017 18:54:37 -0700 (PDT)
+In-Reply-To: <AE5BA251-9DA6-4E34-A748-11C8CF91977C@taoeffect.com>
+References: <CADvTj4qpH-t5Gx6qyn3yToyUE_GFaBE989=AWNHLKMpMNW3R+w@mail.gmail.com>
+	<AE5BA251-9DA6-4E34-A748-11C8CF91977C@taoeffect.com>
+From: James Hilliard <james.hilliard1@gmail.com>
+Date: Tue, 6 Jun 2017 20:54:37 -0500
+Message-ID: <CADvTj4q+oOS=DKfpiNQ6PAbksQfa1gKNfokr2Zc6PNGWqLyL4A@mail.gmail.com>
+To: Tao Effect <contact@taoeffect.com>
+Content-Type: text/plain; charset="UTF-8"
+X-Spam-Status: No, score=-1.7 required=5.0 tests=BAYES_00,DKIM_SIGNED,
+	DKIM_VALID,DKIM_VALID_AU,FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,
+	RCVD_IN_DNSWL_NONE autolearn=no version=3.3.1
+X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
+	smtp1.linux-foundation.org
+Cc: Bitcoin Dev <bitcoin-dev@lists.linuxfoundation.org>
+Subject: Re: [bitcoin-dev] User Activated Soft Fork Split Protection
+X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
+X-Mailman-Version: 2.1.12
+Precedence: list
+List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
+List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
+	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
+List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
+List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
+List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
+List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
+	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
+X-List-Received-Date: Wed, 07 Jun 2017 01:54:40 -0000
+
+This is a BIP8 style soft fork so mandatory signalling will be active
+after Aug 1st regardless.
+
+On Tue, Jun 6, 2017 at 8:51 PM, Tao Effect <contact@taoeffect.com> wrote:
+> What is the probability that a 65% threshold is too low and can allow a
+> "surprise miner attack", whereby miners are kept offline before the
+> deadline, and brought online immediately after, creating potential havoc?
+>
+> (Nit: "simple majority" usually refers to >50%, I think, might cause
+> confusion.)
+>
+> -Greg Slepak
+>
+> --
+> Please do not email me anything that you are not comfortable also sharing
+> with the NSA.
+>
+> On Jun 6, 2017, at 5:56 PM, James Hilliard via bitcoin-dev
+> <bitcoin-dev@lists.linuxfoundation.org> wrote:
+>
+> Due to the proposed calendar(https://segwit2x.github.io/) for the
+> SegWit2x agreement being too slow to activate SegWit mandatory
+> signalling ahead of BIP148 using BIP91 I would like to propose another
+> option that miners can use to prevent a chain split ahead of the Aug
+> 1st BIP148 activation date.
+>
+> The splitprotection soft fork is essentially BIP91 but using BIP8
+> instead of BIP9 with a lower activation threshold and immediate
+> mandatory signalling lock-in. This allows for a majority of miners to
+> activate mandatory SegWit signalling and prevent a potential chain
+> split ahead of BIP148 activation.
+>
+> This BIP allows for miners to respond to market forces quickly ahead
+> of BIP148 activation by signalling for splitprotection. Any miners
+> already running BIP148 should be encouraged to use splitprotection.
+>
+> <pre>
+>  BIP: splitprotection
+>  Layer: Consensus (soft fork)
+>  Title: User Activated Soft Fork Split Protection
+>  Author: James Hilliard <james.hilliard1@gmail.com>
+>  Comments-Summary: No comments yet.
+>  Comments-URI:
+>  Status: Draft
+>  Type: Standards Track
+>  Created: 2017-05-22
+>  License: BSD-3-Clause
+>           CC0-1.0
+> </pre>
+>
+> ==Abstract==
+>
+> This document specifies a coordination mechanism for a simple majority
+> of miners to prevent a chain split ahead of BIP148 activation.
+>
+> ==Definitions==
+>
+> "existing segwit deployment" refer to the BIP9 "segwit" deployment
+> using bit 1, between November 15th 2016 and November 15th 2017 to
+> activate BIP141, BIP143 and BIP147.
+>
+> ==Motivation==
+>
+> The biggest risk of BIP148 is an extended chain split, this BIP
+> provides a way for a simple majority of miners to eliminate that risk.
+>
+> This BIP provides a way for a simple majority of miners to coordinate
+> activation of the existing segwit deployment with less than 95%
+> hashpower before BIP148 activation. Due to time constraints unless
+> immediately deployed BIP91 will likely not be able to enforce
+> mandatory signalling of segwit before the Aug 1st activation of
+> BIP148. This BIP provides a method for rapid miner activation of
+> SegWit mandatory signalling ahead of the BIP148 activation date. Since
+> the primary goal of this BIP is to reduce the chance of an extended
+> chain split as much as possible we activate using a simple miner
+> majority of 65% over a 504 block interval rather than a higher
+> percentage. This BIP also allows miners to signal their intention to
+> run BIP148 in order to prevent a chain split.
+>
+> ==Specification==
+>
+> While this BIP is active, all blocks must set the nVersion header top
+> 3 bits to 001 together with bit field (1<<1) (according to the
+> existing segwit deployment). Blocks that do not signal as required
+> will be rejected.
+>
+> ==Deployment==
+>
+> This BIP will be deployed by "version bits" with a 65%(this can be
+> adjusted if desired) activation threshold BIP9 with the name
+> "splitprotecion" and using bit 2.
+>
+> This BIP starts immediately and is a BIP8 style soft fork since
+> mandatory signalling will start on midnight August 1st 2017 (epoch
+> time 1501545600) regardless of whether or not this BIP has reached its
+> own signalling threshold. This BIP will cease to be active when segwit
+> is locked-in.
+>
+> === Reference implementation ===
+>
+> <pre>
+> // Check if Segregated Witness is Locked In
+> bool IsWitnessLockedIn(const CBlockIndex* pindexPrev, const
+> Consensus::Params& params)
+> {
+>    LOCK(cs_main);
+>    return (VersionBitsState(pindexPrev, params,
+> Consensus::DEPLOYMENT_SEGWIT, versionbitscache) ==
+> THRESHOLD_LOCKED_IN);
+> }
+>
+> // SPLITPROTECTION mandatory segwit signalling.
+> if ( VersionBitsState(pindex->pprev, chainparams.GetConsensus(),
+> Consensus::DEPLOYMENT_SPLITPROTECTION, versionbitscache) ==
+> THRESHOLD_LOCKED_IN &&
+>     !IsWitnessLockedIn(pindex->pprev, chainparams.GetConsensus()) &&
+> // Segwit is not locked in
+>     !IsWitnessEnabled(pindex->pprev, chainparams.GetConsensus()) ) //
+> and is not active.
+> {
+>    bool fVersionBits = (pindex->nVersion & VERSIONBITS_TOP_MASK) ==
+> VERSIONBITS_TOP_BITS;
+>    bool fSegbit = (pindex->nVersion &
+> VersionBitsMask(chainparams.GetConsensus(),
+> Consensus::DEPLOYMENT_SEGWIT)) != 0;
+>    if (!(fVersionBits && fSegbit)) {
+>        return state.DoS(0, error("ConnectBlock(): relayed block must
+> signal for segwit, please upgrade"), REJECT_INVALID, "bad-no-segwit");
+>    }
+> }
+>
+> // BIP148 mandatory segwit signalling.
+> int64_t nMedianTimePast = pindex->GetMedianTimePast();
+> if ( (nMedianTimePast >= 1501545600) &&  // Tue 01 Aug 2017 00:00:00 UTC
+>     (nMedianTimePast <= 1510704000) &&  // Wed 15 Nov 2017 00:00:00 UTC
+>     (!IsWitnessLockedIn(pindex->pprev, chainparams.GetConsensus()) &&
+> // Segwit is not locked in
+>      !IsWitnessEnabled(pindex->pprev, chainparams.GetConsensus())) )
+> // and is not active.
+> {
+>    bool fVersionBits = (pindex->nVersion & VERSIONBITS_TOP_MASK) ==
+> VERSIONBITS_TOP_BITS;
+>    bool fSegbit = (pindex->nVersion &
+> VersionBitsMask(chainparams.GetConsensus(),
+> Consensus::DEPLOYMENT_SEGWIT)) != 0;
+>    if (!(fVersionBits && fSegbit)) {
+>        return state.DoS(0, error("ConnectBlock(): relayed block must
+> signal for segwit, please upgrade"), REJECT_INVALID, "bad-no-segwit");
+>    }
+> }
+> </pre>
+>
+> https://github.com/bitcoin/bitcoin/compare/0.14...jameshilliard:splitprotection-v0.14.1
+>
+> ==Backwards Compatibility==
+>
+> This deployment is compatible with the existing "segwit" bit 1
+> deployment scheduled between midnight November 15th, 2016 and midnight
+> November 15th, 2017. This deployment is also compatible with the
+> existing BIP148 deployment. This BIP is compatible with BIP91 only if
+> BIP91 activates before it and before BIP148. Miners will need to
+> upgrade their nodes to support splitprotection otherwise they may
+> build on top of an invalid block. While this bip is active users
+> should either upgrade to splitprotection or wait for additional
+> confirmations when accepting payments.
+>
+> ==Rationale==
+>
+> Historically we have used IsSuperMajority() to activate soft forks
+> such as BIP66 which has a mandatory signalling requirement for miners
+> once activated, this ensures that miners are aware of new rules being
+> enforced. This technique can be leveraged to lower the signalling
+> threshold of a soft fork while it is in the process of being deployed
+> in a backwards compatible way. We also use a BIP8 style timeout to
+> ensure that this BIP is compatible with BIP148 and that BIP148
+> compatible mandatory signalling activates regardless of miner
+> signalling levels.
+>
+> By orphaning non-signalling blocks during the BIP9 bit 1 "segwit"
+> deployment, this BIP can cause the existing "segwit" deployment to
+> activate without needing to release a new deployment. As we approach
+> BIP148 activation it may be desirable for a majority of miners to have
+> a method that will ensure that there is no chain split.
+>
+> ==References==
+>
+> *[https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-March/013714.html
+> Mailing list discussion]
+> *[https://github.com/bitcoin/bitcoin/blob/v0.6.0/src/main.cpp#L1281-L1283
+> P2SH flag day activation]
+> *[[bip-0009.mediawiki|BIP9 Version bits with timeout and delay]]
+> *[[bip-0016.mediawiki|BIP16 Pay to Script Hash]]
+> *[[bip-0091.mediawiki|BIP91 Reduced threshold Segwit MASF]]
+> *[[bip-0141.mediawiki|BIP141 Segregated Witness (Consensus layer)]]
+> *[[bip-0143.mediawiki|BIP143 Transaction Signature Verification for
+> Version 0 Witness Program]]
+> *[[bip-0147.mediawiki|BIP147 Dealing with dummy stack element malleability]]
+> *[[bip-0148.mediawiki|BIP148 Mandatory activation of segwit deployment]]
+> *[[bip-0149.mediawiki|BIP149 Segregated Witness (second deployment)]]
+> *[https://bitcoincore.org/en/2016/01/26/segwit-benefits/ Segwit benefits]
+>
+> ==Copyright==
+>
+> This document is dual licensed as BSD 3-clause, and Creative Commons
+> CC0 1.0 Universal.
+> _______________________________________________
+> bitcoin-dev mailing list
+> bitcoin-dev@lists.linuxfoundation.org
+> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
+>
+>
+
author	James Hilliard <james.hilliard1@gmail.com>	2017-06-06 20:54:37 -0500
committer	bitcoindev <bitcoindev@gnusha.org>	2017-06-07 01:54:40 +0000
commit	fc0ab8440690b57dcf87c3982e15f2cbdceb1f2b (patch)
tree	910cc7ec6ddc8769f8ba7be07044abfd0d01d2da
parent	089689d7be2b23eac5b3906463d4a04ce7861dfd (diff)
download	pi-bitcoindev-fc0ab8440690b57dcf87c3982e15f2cbdceb1f2b.tar.gz pi-bitcoindev-fc0ab8440690b57dcf87c3982e15f2cbdceb1f2b.zip