Date: Wed, 16 Mar 2022 01:45:49 +1000
From: Anthony Towns <aj@erisian.com.au>
To: Jorge =?iso-8859-1?Q?Tim=F3n?= <jtimon@jtimon.cc>,
 Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Message-ID: <20220315154549.GA7580@erisian.com.au>
References: <CAMZUoKkTDjDSgnqhYio8Lnh-yTdsNAdXbDC9RQwnN00RdbbL6w@mail.gmail.com>
 <CABm2gDrdoD3QZ=gZ_nd7Q+AZpetX32dLON7pfdC4aAwpLRd4xA@mail.gmail.com>
 <CAMZUoK=kpZZw++WmdRM0KTkj6dQhmtsanm9eH1TksNwypKS8Zw@mail.gmail.com>
 <CABm2gDpFFg47Ld3HHhTq2SVTaCusm1ybDpEmvKV=S3cFTAQwoA@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <CABm2gDpFFg47Ld3HHhTq2SVTaCusm1ybDpEmvKV=S3cFTAQwoA@mail.gmail.com>
User-Agent: Mutt/1.10.1 (2018-07-13)
Subject: Re: [bitcoin-dev] Speedy Trial
Precedence: list

On Fri, Mar 11, 2022 at 02:04:29PM +0000, Jorge Timón via bitcoin-dev wrote:
> >  Thirdly, if some users insist on a chain where taproot is
> > "not activated", they can always softk-fork in their own rule that
> > disallows the version bits that complete the Speedy Trial activation
> > sequence, or alternatively soft-fork in a rule to make spending from (or
> > to) taproot addresses illegal.
> Since it's about activation in general and not about taproot specifically,
> your third point is the one that applies.
> Users could have coordinated to have "activation x" never activated in
> their chains if they simply make a rule that activating a given proposal
> (with bip8) is forbidden in their chain.
> But coordination requires time.

People opposed to having taproot transactions in their chain had over
three years to do that coordination before an activation method was merged
[0], and then an additional seven months after the activation method was merged before taproot enforcement began [1].

[0] 2018-01-23 was the original proposal, 2021-04-15 was when speedy
    trial activation parameters for mainnet and testnet were merged.
[1] 2021-11-14

For comparison, the UASF activation attempt for segwit took between 4
to 6 months to coordinate, assuming you start counting from either the
"user activated soft fork" concept being raised on bitcoin-dev or the
final params for BIP 148 being merged into the bips repo, and stop
counting when segwit locked in.

> Please, try to imagine an example for an activation that you wouldn't like
> yourself. Imagine it gets proposed and you, as a user, want to resist it.

Sure. There's more steps than just "fork off onto a minority chain"
though.

 1) The first and most important step is to explain why you want to
    resist it, either to convince the proposers that there really is
    a problem and they should stand down, or so someone can come up
    with a way of fixing the proposal so you don't need to resist it.
    Ideally, that's all that's needed to resolve the objections. (That's
    what didn't happen with opposition to segwit)

 2) If that somehow doesn't work, and people are pushing ahead with a
    consensus change despite significant reasonable opposition; the next
    thing to do would be to establish if either side is a paper tiger
    and setup a futures market. That has the extra benefit of giving
    miners some information about which (combination of) rules will be
    most profitable to mine for.

    Once that's setup and price discovery happens, one side or the other
    will probably throw in the towel -- there's not much point have a
    money that other people aren't interested in using. (And that more
    or less is what happened with 2X)

    If a futures market like that is going to be setup, I think it's
    best if it happens before signalling for the soft fork starts --
    the information miners will get from it is useful for figuring out
    how much resources to invest in signalling, eg. I think it might even
    be feasible to set something up even before activation parameters are
    finalised; you need something more than just one-on-one twitter bets
    to get meaningful price discovery, but I think you could probably
    build something based on a reasonably unbiassed oracle declaring an
    outcome, without precisely defined parameters fixed in a BIP.

    So if acting like reasonable people and talking it through doesn't
    work, this seems like the next step to me.

 3) But maybe you try both those and they fail and people start trying
    to activate the soft fork (or perhaps you just weren't paying
    attention until it was too late, and missed the opportunity).

    I think the speedy trial approach here is ideal for a last ditch
    "everyone stays on the same chain while avoiding this horrible change"
    attempt. The reason being that it allows everyone to agree to not
    adopt the new rules with only very little cost: all you need is for
    10% of hashpower to not signal over a three month period.

    That's cheaper than bip9 (5% over 12 months requires 2x the
    cumulative hashpower), and much cheaper than bip8 which requires
    users to update their software

 4) At this point, if you were able to prevent activation, hopefully
    that's enough of a power move that people will take your concerns
    seriously, and you get a second chance at step (1). If that still
    results in an impasse, I'd expect there to be a second, non-speedy
    activation of the soft fork, that either cannot be blocked at all, or
    cannot be blocked without having control of at least 60% of hashpower.

 5) If you weren't able to prevent activation (whether or not you
    prevented speedy trial from working), then you should have a lot
    of information:

      - you weren't able to convince people there was a problem

      - you either weren't in the economic majority and people don't
        think your concept of bitcoin is more valuable (perhaps they
	don't even think it's valuable enough to setup a futures market
	for you)

      - you can't get control of even 10% of hashpower for a few months

    and your only option is to accept defeat or create a new chain.

    Since your new chain won't have a hashpower majority, you'll likely
    have significant problems if you don't hard fork in a change to
    how proof-of-work works; my guess is you'd either want to switch
    to a different proof-of-work algorithm, or make your chain able
    to be merge-mined against bitcoin, though just following BCH/BSV's
    example and tweaking the difficulty adjustment to be more dynamic
    could work too.

    (For comparison, apparently BCH has 0.8% of bitcoin's hashrate,
    BSV has 0.2%. Meanwhile, Namecoin, RSK and Syscoin, which support
    merge-mining, are apparently at 68%, 42% and 17% respectively)

    At the point that you're doing a hard fork, making a clean split is
    straightforward: schedule the hard fork for around the same time as
    the start of enforcement of the soft fork you oppose, work out how
    to make sure you're on your own p2p network, and figure out how
    exchanges and lightning channels and everything else are going to
    cope with the coin split.

 6) There's potentially also the case where a soft fork locks-in
    and later everyone realises the people who were opposing it were
    right all along and the fork is a really bad idea.

    If everyone agreed that some idea was irredeemably bad -- eg,
    OP_VERIF -- then we could soft fork them out and just forbid
    blocks/transactions that attempt to use them. Or conceivably we could
    do a hardfork and have more options about how to fix the problem.

    That's already true for various features that satoshi included and
    that are still available today -- eg the CHECKMULTISIG bug where
    it pops one too many things from the stack, or the timewarp bug,
    or CODESEP/FindAndDelete validation complexity.

    Those can be complicated to fix though; if people have lost their
    private keys and are sitting on (timelocked?) pre-signed transactions,
    even fixing the problem via a hard fork could cause loss of funds.

But those are really progressively worse options -- just talking to each
other and solving the problem before it's a problem is a better approach
than risking money on futures markets; and that's better than having to
buy hashpower to try to block something that other people want; and that's
better than forking the chain; and even that's better than doing things
that might cause irretrievable loss of funds from random other bitcoiners.

Cheers,
aj