Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id AE090BAC for ; Tue, 28 Feb 2017 21:20:36 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from zinan.dashjr.org (zinan.dashjr.org [192.3.11.21]) by smtp1.linuxfoundation.org (Postfix) with ESMTP id 4BE4E193 for ; Tue, 28 Feb 2017 21:20:36 +0000 (UTC) Received: from ishibashi.localnet (unknown [IPv6:2001:470:5:265:a45d:823b:2d27:961c]) (Authenticated sender: luke-jr) by zinan.dashjr.org (Postfix) with ESMTPSA id 8843038A230C; Tue, 28 Feb 2017 21:20:30 +0000 (UTC) X-Hashcash: 1:25:170228:shaolinfry@protonmail.ch::dYiwfcM4bk/bfBCO:xiX= X-Hashcash: 1:25:170228:bitcoin-dev@lists.linuxfoundation.org::PlpMmTwh6i2j2X0a:eBps From: Luke Dashjr To: shaolinfry , Bitcoin Protocol Discussion Date: Tue, 28 Feb 2017 21:20:29 +0000 User-Agent: KMail/1.13.7 (Linux/4.4.45-gentoo; KDE/4.14.24; x86_64; ; ) References: In-Reply-To: X-PGP-Key-Fingerprint: E463 A93F 5F31 17EE DE6C 7316 BD02 9424 21F4 889F X-PGP-Key-ID: BD02942421F4889F X-PGP-Keyserver: hkp://pgp.mit.edu MIME-Version: 1.0 Content-Type: Text/Plain; charset="iso-8859-15" Content-Transfer-Encoding: 7bit Message-Id: <201702282120.29614.luke@dashjr.org> X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,RP_MATCHES_RCVD autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Subject: Re: [bitcoin-dev] Moving towards user activated soft fork activation X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Feb 2017 21:20:36 -0000 Without at least a majority hashrate validating blocks, it is possible just a single invalid block could split the chain such that the majority continue building a most-work on that invalid block. This failure to validate a softfork is similar in some respects to a hardfork, but with one critical difference: the default behaviour of old nodes will be to follow the chain with the most-work that was valid under the pre-softfork rules. This actually *inverts* the benefit of the softfork over a hardfork, and makes a softfork deployed in such a manner de facto behave as if it had been a hardfork, IF someone ever mines a single malicious block. For this reason, I think a minority-hashrate softfork requires a much higher degree of social support than merely the widespread agreement typical of softforks. It might perhaps require less than the full ~100% consensus hardforks require, but it likely comes somewhat close. Once it gets over 50% hashrate enforcement, however, the situation improves a lot more: a malicious block may split obsolete miners off the valid chain, but it will eventually resolve on its own given enough time. Due to natural fluctuations in block finding, however, automatic measurement may need to look for >75%. So I would suggest that instead of a simple flag day activation, this proposal would be improved by changing the flag day to merely reduce the hashrate requirement from 95% to 75%. (In addition to the above concerns, if >50% of miners are hostile to the network, we likely have other problems.) Luke