Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 1D2B6B5D for ; Fri, 31 Mar 2017 21:23:02 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from mail.bluematt.me (mail.bluematt.me [192.241.179.72]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 021AA130 for ; Fri, 31 Mar 2017 21:23:00 +0000 (UTC) Received: from [30.207.250.226] (66-87-116-226.pools.spcsdns.net [66.87.116.226]) by mail.bluematt.me (Postfix) with ESMTPSA id 3A963139EDC; Fri, 31 Mar 2017 21:22:59 +0000 (UTC) Date: Fri, 31 Mar 2017 21:18:25 +0000 In-Reply-To: References: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable To: Sergio Demian Lerner , Bitcoin Protocol Discussion , Sergio Demian Lerner via bitcoin-dev , bitcoin-dev From: Matt Corallo Message-ID: <4D0BA749-96DF-4DB2-8E27-61DEFED51507@mattcorallo.com> X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Subject: Re: [bitcoin-dev] Segwit2Mb - combined soft/hard fork - Request For Comments X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 31 Mar 2017 21:23:02 -0000 Hey Sergio, You appear to have ignored the last two years of Bitcoin hardfork research and understanding, recycling instead BIP 102 from 2015=2E There are many proposals which have pushed the state of hard fork research much further since then, and you may wish to read some of the posts on this mailing list listed at https://bitcoinhardforkresearch=2Egithub=2Eio/ and make further edits based on what you learn=2E It seems your goal of "avoid any technical changes" doesn't have any foundation aside from a perceived compromise for compromise sake, only making for fork riskier in the process=2E At a minimum, in terms of pure technical changes, you should probably consider (probably among others): a) Utilizing the "hard fork signaling bit" in the nVersion of the block=2E b) Either limiting non-SegWit transactions in some way to fix the n**2 sighash and FindAndDelete runtime and memory usage issues or fix them by utilizing the new sighash type which many wallets and projects have already implemented for SegWit in the spending of non-SegWit outputs=2E c) Your replay protection isn't really ideal - XXX=2E The clever fix from Spoonnet for poor scaling of optionally allowing non-SegWit outputs to be spent with SegWit's sighash provides this all in one go=2E d) You may wish to consider the possibility of tweaking the witness discount and possibly discounting other parts of the input - SegWit went a long ways towards making removal of elements from the UTXO set cheaper than adding them, but didn't quite get there, you should probably finish that job=2E This also provides additional tuneable parameters to allow you to increase the block size while not having a blowup in the worst-case block size=2E e) Additional commitments at the top of the merkle root - both for SegWit transactions and as additional space for merged mining and other commitments which we may wish to add in the future, this should likely be implemented an "additional header" ala Johnson Lau's Spoonnet proposal= =2E Additionally, I think your parameters here pose very significant risk to the Bitcoin ecosystem broadly=2E a) Activating a hard fork with less than 18/24 months (and even then=2E=2E= =2E) from a fully-audited and supported release of full node software to activation date poses significant risks to many large software projects and users=2E I've repeatedly received feedback from various folks that a year or more is likely required in any hard fork to limit this risk, and limited pushback on that given the large increase which SegWit provides itself buying a ton of time=2E b) Having a significant discontinuity in block size increase only serves to confuse and mislead users and businesses, forcing them to rapidly adapt to a Bitcoin which changed overnight both by hardforking, and by fees changing suddenly=2E Instead, having the hard fork activate technical changes, and then slowly increasing the block size over the following several years keeps things nice and continuous and also keeps us from having to revisit ye old blocksize debate again six months after activatio= n=2E c) You should likely consider the effect of the many technological innovations coming down the pipe in the coming months=2E Technologies like Lightning, TumbleBit, and even your own RootStock could significantly reduce fee pressure as transactions move to much faster and more featureful systems=2E Commitments to aggressive hard fork parameters now may leave miners without much revenue as far out as the next halving (which current transaction growth trends are indicating we'd just only barely reach 2MB of transaction volume, let alone if you consider the effects of users moving to systems which provide more features for Bitcoin transactions)=2E This could lead to a precipitous drop in hashrate as miners are no longer sufficiently compensated=2E Remember that the "hashpower required to secure bitcoin" is determined as a percentage of total Bitcoins transacted on-chain in each block, so as subsidy goes down, miners need to be paid with fees, not just price increases=2E Even if we were OK with hashpower going down compared to the value it is securing, betting the security of Bitcoin on its price rising exponentially to match decreasing subsidy does not strike me as a particularly inspiring tradeoff=2E There aren't many great technical solutions to some of these issues, as far as I'm aware, but it's something that needs to be incredibly carefully considered before betting the continued security of Bitcoin on exponential on-chain growth, something which we have historically never seen=2E Matt On March 31, 2017 5:09:18 PM EDT, Sergio Demian Lerner via bitcoin-dev wrote: >Hi everyone, > >Segwit2Mb is the project to merge into Bitcoin a minimal patch that >aims to >untangle the current conflict between different political positions >regarding segwit activation vs=2E an increase of the on-chain blockchain >space through a standard block size increase=2E It is not a new solution, >but >it should be seen more as a least common denominator=2E > >Segwit2Mb combines segwit as it is today in Bitcoin 0=2E14+ with a 2MB >block >size hard-fork activated ONLY if segwit activates (95% of miners >signaling), but at a fixed future date=2E > >The sole objective of this proposal is to re-unite the Bitcoin >community >and avoid a cryptocurrency split=2E Segwit2Mb does not aim to be best >possible technical solution to solve Bitcoin technical limitations=2E >However, this proposal does not imply a compromise to the future >scalability or decentralization of Bitcoin, as a small increase in >block >size has been proven by several core and non-core developers not to >affect >Bitcoin value propositions=2E > >In the worst case, a 2X block size increase has much lower economic >impact >than the last bitcoin halving (<10%), which succeeded without problem=2E > >On the other side, Segwit2Mb primary goal is to be minimalistic: in >this >patch some choices have been made to reduce the number of lines >modified in >the current Bitcoin Core state (master branch), instead of implementing >the >most elegant solution=2E This is because I want to reduce the time it >takes >for core programmers and reviewers to check the correctness of the >code, >and to report and correct bugs=2E > >The patch was built by forking the master branch of Bitcoin Core, >mixing a >few lines of code from Jeff Garzik's BIP102, and defining a second >versionbits activation bit (bit 2) for the combined activation=2E > >The combined activation of segwit and 2Mb hard-fork nVersion bit is 2 >(DEPLOYMENT_SEGWIT_AND_2MB_BLOCKS)=2E > >This means that segwit can still be activated without the 2MB hard-fork >by >signaling bit 1 in nVersion (DEPLOYMENT_SEGWIT)=2E > >The tentative lock-in and hard-fork dates are the following: > >Bit 2 signaling StartTime =3D 1493424000; // April 29th, 2017 > >Bit 2 signaling Timeout =3D 1503964800; // August 29th, 2017 > >HardForkTime =3D 1513209600; // Thu, 14 Dec 2017 00:00:00 GMT > > >The hard-fork is conditional to 95% of the hashing power has approved >the >segwit2mb soft-fork and the segwit soft-fork has been activated (which >should occur 2016 blocks after its lock-in time) > >For more information on how soft-forks are signaled and activated, see >https://github=2Ecom/bitcoin/bips/blob/master/bip-0009=2Emediawiki > >This means that segwit would be activated before 2Mb: this is >inevitable, >as versionbits have been designed to have fixed activation periods and >thresholds for all bits=2E Making segwit and 2Mb fork activate together >at a >delayed date would have required a major re-write of this code, which >would >contradict the premise of creating a minimalistic patch=2E However, once >segwit is activated, the hard-fork is unavoidable=2E > >Although I have coded a first version of the segwit2mb patch (which >modifies 120 lines of code, and adds 220 lines of testing code), I >would >prefer to wait to publish the source code until more comments have been >received from the community=2E > >To prevent worsening block verification time because of the O(N^2) >hashing >problem, the simple restriction that transactions cannot be larger than >1Mb >has been kept=2E Therefore the worse-case of block verification time has >only >doubled=2E > >Regarding the hard-fork activation date, I want to give enough time to >all >active economic nodes to upgrade=2E As of Fri Mar 31 2017, >https://bitnodes=2E21=2Eco/nodes/ reports that 6332 out of 6955 nodes (91= %) >have upgraded to post 0=2E12 versions=2E Upgrade to post 0=2E12 versions = can >be >used to identify economic active nodes, because in the 0=2E12 release >dynamic >fees were introduced, and currently no Bitcoin automatic payment system >can >operate without automatic discovery of the current fee rate=2E A pre-0=2E= 12 >would require constant manual intervention=2E >Therefore I conclude that no more than 91% of the network nodes >reported by >bitnodes are active economic nodes=2E > >As Bitcoin Core 0=2E12 was released on February 2016, the time for this >91% >to upgrade has been around one year (under a moderate pressure of >operational problems with unconfirmed transactions)=2E >Therefore we can expect a similar or lower time to upgrade for a >hard-fork, >after developers have discussed and approved the patch, and it has been >reviewed and merged and 95% of the hashing power has signaled for it >(the >pressure not to upgrade being a complete halt of the operations)=2E >However I >suggest that we discuss the hard-fork date and delay it if there is a >real >need to=2E > >Currently time works against the Bitcoin community, and so is delaying >a >compromise solution=2E Most of the community agree that halting the >innovation for several years is a very bad option=2E > >After the comments collected by the community, a BIP will be written >describing the resulting proposal details=2E > >If segwit2mb locks-in, before hard-fork occurs all bitcoin nodes should >be >updated to a Segwit2Mb enabled node to prevent them to be forked-away >in a >chain with almost no hashing-power=2E > >The proof of concept patch was made for Bitcoin Core but should be >easily >ported to other Bitcoin protocol implementations that already support >versionbits=2E Lightweight (SPV) wallets should not be affected as they >generally do not check the block size=2E > >I personally want to see the Lightning Network in action this year, use >the >non-malleability features in segwit, see the community discussing other >exciting soft-forks in the scaling roadmap, Schnorr sigs, drivechains >and >MAST=2E > >I want to see miners, developers and industry side-by-side pushing >Bitcoin >forward, to increase the value of Bitcoin and prevent high transaction >fees >to put out of business use-cases that could have high positive social >impact=2E > >I believe in the strength of a unified Bitcoin community=2E If you're a >developer, please give your opinion, suggest changes, audit it, and >take a >stand with me to unlock the current Bitcoin deadlock=2E > >Contributions to the segwit2mb project are welcomed and awaited=2E The >only >limitation is to stick to the principle that the patch should be as >simple >to audit as possible=2E As an example, I wouldn't feel confident if the >patch >modified more than ~150 lines of code=2E > >Improvements unrelated to a 2 Mb increase or segwit, as beneficial as >it >may be to Bitcoin, should not be part of segwit2Mb=2E > >This proposal should not prevent other consensus proposals to be >simultaneously merged: segwit2mb is a last resort solution in case we >can >not reach consensus on anything better=2E > >Again, the proposal is only a starting point: community feedback is >expected and welcomed=2E > >Regards, >Sergio Demian Lerner