MIME-Version: 1.0
Date: Sat, 30 May 2015 01:00:28 +0100
Message-ID: <CALqxMTFoMkAmwpMmB9mbAi8rx4B_iH14t=U4XGtpzhjVYLUR+g@mail.gmail.com>
From: Adam Back <adam@cypherspace.org>
To: "Raystonn ." <raystonn@hotmail.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
Subject: [Bitcoin-development] soft-fork block size increase (extension
 blocks) Re: Proposed alternatives to the 20MB stepfunction
Precedence: list

I discussed the extension block idea on wizards a while back and it is
a way to soft-fork an opt-in block-size increase.  Like everything
here there are pros and cons.

The security is better than Raylstonn inferred from Tier's explanation
I think..  It works as Tier described - there is an extension block
(say 10MB) and the existing 1MB block.  The extension block is
committed to in the 1MB chain.  Users can transfer bitcoin into the
extension block, and they can transfer them out.

The interesting thing is this makes block sizes changes opt-in and
gives users choice.  Choice is good.  Bitcoin has a one-size-fits-all
blocksize at present hence the block size debate.  If a bigger
block-size were an opt-in choice, and some people wanted 10MB or even
100MB blocks for low value transactions I expect it would be far
easier a discussion - people who think 100MB blocks are dangerously
centralising, would not opt to use them (or would put only small
values they can afford to lose in them).  There are some security
implications though, so this also is nuanced, and more on that in a
bit.

Fee pressure still exists for blocks of difference size as the
security assurances are not the same.  It is plausible that some
people would pay more for transactions in the 1MB block.

Now there are three choices of validation level, rather than the
normal 2-levels of SPV or full-node, with extension blocks we get a
choice: A) a user could run a full node for both 1MB and 10MB blocks,
and get full security for both 1MB and 10MB block transactions (but at
higher bandwidth cost), or B) a user could run a full node on the 1MB
block, but operate as an SPV node for the 10MB block, or C) run in SPV
mode for both 1MB and 10MB blocks.

Similarly for mining - miners could validate 1MB and 10MB transactions
(solo mine or GBT-style), or they could self-validate 1MB transactions
and pool mine 10MB transactions (have a pool validate those).

1MB full node users who do not upgrade to software that understands
extension blocks, could run in SPV mode with respect to 10MB blocks.
Here lies the risk - this imposes a security downgrade on the 1MB
non-upgraded users, and also on users who upgrade but dont have the
bandwidth to validate 10MB blocks.


We could defend non-upgrade users by making receiving funds that came
via the extension block opt-in also, eg an optional to use new address
version and construct the extension block so that payments out of it
can only go to new version addresses.

We could harden 1MB block SPV security (when receiving weaker
extension block transactions) in a number of ways: UTXO commitments,
fraud proofs (and fraud bounties) for moving from the extension block
to the 1MB block.  We could optionally require coins moving via the
extension block to the 1MB block to be matured (eg 100 blocks delay)


Anyway something else to evaluate.  Not as simple to code as a
hard-fork, but way safer transition than a hard-fork, and opt-in - if
you prefer the higher decentralisation of 1MB blocks, keep using them;
if you prefer 10MB blocks you can opt-in to them.

Adam

On 29 May 2015 at 17:39, Raystonn . <raystonn@hotmail.com> wrote:
> Regarding Tier=E2=80=99s proposal: The lower security you mention for ext=
ended
> blocks would delay, possibly forever, the larger blocks maximum block siz=
e
> that we want for the entire network.  That doesn=E2=80=99t sound like an =
optimal
> solution.
>
> Regarding consensus for larger maximum block size, what we are seeing on
> this list is typical of what we see in the U.S. Congress.  Support for
> changes by the stakeholders (support for bills by the citizens as a whole=
)
> has become irrelevant to the probability of these changes being adopted.
> Lobbyists have all the sway in getting their policies enacted.  In our ca=
se,
> I would bet on some lobbying of core developers by wealthy miners.
>
> Someone recently proposed that secret ballots could help eliminate the po=
wer
> of lobbyists in Congress.  Nobody invests in that which cannot be confirm=
ed.
> Secret ballots mean the vote you are buying cannot be confirmed.  Perhaps
> this will work for Bitcoin Core as well.
>
>
> From: Tier Nolan
> Sent: Friday, May 29, 2015 7:22 AM
> Cc: Bitcoin Dev
> Subject: Re: [Bitcoin-development] Proposed alternatives to the 20MB
> stepfunction
>
> On Fri, May 29, 2015 at 3:09 PM, Tier Nolan <tier.nolan@gmail.com> wrote:
>>
>>
>>
>> On Fri, May 29, 2015 at 1:39 PM, Gavin Andresen <gavinandresen@gmail.com=
>
>> wrote:
>>>
>>> But if there is still no consensus among developers but the "bigger
>>> blocks now" movement is successful, I'll ask for help getting big miner=
s to
>>> do the same, and use the soft-fork block version voting mechanism to
>>> (hopefully) get a majority and then a super-majority willing to produce
>>> bigger blocks. The purpose of that process is to prove to any doubters =
that
>>> they'd better start supporting bigger blocks or they'll be left behind,=
 and
>>> to give them a chance to upgrade before that happens.
>>
>>
>> How do you define that the movement is successful?
>
>
> Sorry again, I keep auto-sending from gmail when trying to delete.
>
> In theory, using the "nuclear option", the block size can be increased vi=
a
> soft fork.
>
> Version 4 blocks would contain the hash of the a valid extended block in =
the
> coinbase.
>
> <block height> <32 byte extended hash>
>
> To send coins to the auxiliary block, you send them to some template.
>
> OP_P2SH_EXTENDED <scriptPubKey hash> OP_TRUE
>
> This transaction can be spent by anyone (under the current rules).  The s=
oft
> fork would lock the transaction output unless it transferred money from t=
he
> extended block.
>
> To unlock the transaction output, you need to include the txid of
> transaction(s) in the extended block and signature(s) in the scriptSig.
>
> The transaction output can be spent in the extended block using P2SH agai=
nst
> the scriptPubKey hash.
>
> This means that people can choose to move their money to the extended blo=
ck.
> It might have lower security than leaving it in the root chain.
>
> The extended chain could use the updated script language too.
>
> This is obviously more complex than just increasing the size though, but =
it
> could be a fallback option if no consensus is reached.  It has the advant=
age
> of giving people a choice.  They can move their money to the extended cha=
in
> or not, as they wish.