Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 0B738F22 for ; Tue, 16 Jan 2018 02:27:49 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from ozlabs.org (ozlabs.org [103.22.144.67]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 6992514E for ; Tue, 16 Jan 2018 02:27:48 +0000 (UTC) Received: by ozlabs.org (Postfix, from userid 1011) id 3zLDdt48RLz9sR8; Tue, 16 Jan 2018 13:27:46 +1100 (AEDT) From: Rusty Russell To: Russell O'Connor , Pieter Wuille In-Reply-To: References: <87608btgyd.fsf@rustcorp.com.au> Date: Tue, 16 Jan 2018 11:36:14 +1030 Message-ID: <87zi5ehat5.fsf@rustcorp.com.au> MIME-Version: 1.0 Content-Type: text/plain X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED, T_RP_MATCHES_RCVD autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Cc: Bitcoin Dev , Russell O'Connor , Kalle Alm Subject: Re: [bitcoin-dev] BIP 117 Feedback X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Jan 2018 02:27:49 -0000 "Russell O'Connor" writes: > However, if I understand correctly, the situation for BIP 117 is entirely > different. As far as I understand there is currently no restrictions about > terminating a v0 witness program with a non-empty alt-stack, and there are > no restrictions on leaving non-canonical boolean values on the main stack. BIP-141: "The script must not fail, and result in exactly a single TRUE on the stack." And it has long been non-standard for P2SH scripts to not do the same (don't know exactly when). > There could already be commitments to V0 witness programs that, when > executed in some reasonable context, leave a non-empty alt-stack and/or > leave a non-canonical true value on the main stack. Unlike the P2SH or > Segwit soft-forks, these existing commitments could be real outputs that > currently confer non-trivial ownership over their associated funds. If BIP > 117 were activated, these commitments would be subject to a new set of > rules that didn't exist when the commitments were made. In particular, > these funds could be rendered unspendable. Because segwit commitments are > hashes of segwit programs, there is no way to even analyze the blockchain > to determine if these commitments currently exist (and even if we could it > probably woudln't be adequate protection). The rule AFAICT is "standard transactions must still work". This was violated with low-S, but the transformation was arguably trivial. OTOH, use of altstack is completely standard, though in practice it's unused and so only a theoretical concern. My concern remains unanswered: I want hard numbers on the worst-case time taken by sigops with the limit removed. It's about 120 usec per sigop (from [1]), so how bad could it be? I think Russell had an estimate like 1 in 3 ops, so 160 seconds to validate a block? Thanks, Rusty. [1] https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-December/015346.html