Return-Path: <earonesty@gmail.com>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id 59528C61
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 7 Jun 2017 18:05:56 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.7.6
Received: from mail-qt0-f172.google.com (mail-qt0-f172.google.com
[209.85.216.172])
by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 0E43E1E2
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 7 Jun 2017 18:05:53 +0000 (UTC)
Received: by mail-qt0-f172.google.com with SMTP id u19so15246753qta.3
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 07 Jun 2017 11:05:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
h=mime-version:sender:in-reply-to:references:from:date:message-id
:subject:to:cc;
bh=vW7E8qR+dGfwbMIjZeLbMNS2trjtClHofnCMPJjOgfk=;
b=uTRT1kKg7fVxP1J7lFWcuzH19rz1UcCJZfnTsFvCzXxoCferqIsQ73nIEBiejqMafo
0RmYzkyMs50dRAqiHCoGx3FCOHOWtxGfcfp9cJqle3RqAEDpgLEXt3QKIn2tEqfB+R0g
BX7Uf5XWYcIhEXL1PGnqhi7w5XK6wKCwWMclVajH52z6fRNMkIYiSP+JpYWuXV4/45mV
ROzpopfEM2a32mGAE3x8ks09MxD3ROhqOQIjeC6YRzEz9N7gbD5QojNVqNp62AflQMV3
EiUpAuZsP9Tg0b+IiNYyX7sCRf641PGEd11nrPV2qrws7jtU1HDti9+xUUCHJhp2X8PX
IAKA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:mime-version:sender:in-reply-to:references:from
:date:message-id:subject:to:cc;
bh=vW7E8qR+dGfwbMIjZeLbMNS2trjtClHofnCMPJjOgfk=;
b=i+JVvhLH9FBGEQ/+qvoMVO8rFUSOUmiNIPxLNVrT7XEmcNT/BP4X4tmW267y/QooRa
YiLELN+Ty+ML7AkylJdmyFr/WLG9mnZOgeUfTZjGnon2xSUWymTFhc7KxKyM9Ga0rRri
FzIEKM6TBlsArknK06iNoSgBrGnKmLwb4f8wupAZpaXJT2CXYlyDI5nK65BPhTF8blpx
uFxxRMuB44xhBJ/XAyS8N9NppbjZaWsypn3v6UQ6oOEkSeBWiN4xl+a7WsdbUvIZeB+U
e951mjNVxwu0jheMzU71vIEKD2bWlOMzuB2AQGW+UWsg0Lk3Y1wzYSpzNIw+fgrs/6wU
G1Qw==
X-Gm-Message-State: AODbwcDqLKQaS0aWAKzG1BbHS3R7itI7n1z9tMmk97zFVwJXQ9Oki2/s
kwHYEB+sDlmA7W9ImFhyrCd7qCexcRXe8m0=
X-Received: by 10.200.34.98 with SMTP id p31mr45348295qtp.2.1496858753039;
Wed, 07 Jun 2017 11:05:53 -0700 (PDT)
MIME-Version: 1.0
Sender: earonesty@gmail.com
Received: by 10.237.48.102 with HTTP; Wed, 7 Jun 2017 11:05:52 -0700 (PDT)
In-Reply-To: <CAAUaCyiKs9cDa6vC=8VpyT8vY5L8U0=H=+N48dJzLn1GMj3dmA@mail.gmail.com>
References: <CADvTj4qpH-t5Gx6qyn3yToyUE_GFaBE989=AWNHLKMpMNW3R+w@mail.gmail.com>
<AE5BA251-9DA6-4E34-A748-11C8CF91977C@taoeffect.com>
<CADvTj4q+oOS=DKfpiNQ6PAbksQfa1gKNfokr2Zc6PNGWqLyL4A@mail.gmail.com>
<0CDEF5A2-0BAF-46E4-8906-39D4724AF3F2@taoeffect.com>
<CADvTj4oJr38V+b=96pt7GiaMMSPujsz9wQ-5wmgM=rvWUC8Dkw@mail.gmail.com>
<CAJowKgJi-68G5Xy1_8n_BOX5e8myj08_SPiFu+cdWsRD4DNy4w@mail.gmail.com>
<CAAUaCyiKs9cDa6vC=8VpyT8vY5L8U0=H=+N48dJzLn1GMj3dmA@mail.gmail.com>
From: Erik Aronesty <erik@q32.com>
Date: Wed, 7 Jun 2017 14:05:52 -0400
X-Google-Sender-Auth: 3vHPNsTv6ReKcbQxMWUx_0w0eEo
Message-ID: <CAJowKgK52vo8c2v2AoSMoTzdL_YsHPNGZqJOy1HWPRdBPTb1uw@mail.gmail.com>
To: Jacob Eliosoff <jacob.eliosoff@gmail.com>
Content-Type: multipart/alternative; boundary="001a11403b7a41021e0551629628"
X-Spam-Status: No, score=-1.6 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID, FREEMAIL_FROM, HTML_MESSAGE, HTML_OBFUSCATE_05_10,
RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
X-Mailman-Approved-At: Wed, 07 Jun 2017 18:11:18 +0000
Cc: Bitcoin Dev <bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] User Activated Soft Fork Split Protection
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Jun 2017 18:05:56 -0000
--001a11403b7a41021e0551629628
Content-Type: text/plain; charset="UTF-8"
> But passing it off as the safest defense is bad faith.
Without this option, a miner has to guess whether a split will be
economically impacting. With this option, his miner will automatically
switch to the chain least likely to get wiped out... as soon as a simple
majority of miners supports it.
On Wed, Jun 7, 2017 at 12:44 PM, Jacob Eliosoff <jacob.eliosoff@gmail.com>
wrote:
> This is not the safest defense against a split. If 70% of miners run
> "splitprotection", and 0.1% run BIP148, there's no "safety"/"defense"
> reason for splitprotection to activate segwit. It should only do so if
> *BIP148* support (NB: not just segwit support!) >50%.
>
> The truly defensive logic is "If the majority supports orphaning
> non-segwit blocks starting Aug 1, I'll join them."
>
> If the real goal of this BIP is to induce miners to run segwit, then fair
> enough. But passing it off as the safest defense is bad faith.
>
>
> On Wed, Jun 7, 2017 at 10:10 AM, Erik Aronesty via bitcoin-dev <
> bitcoin-dev@lists.linuxfoundation.org> wrote:
>
>> This is, by far, the safest way for miners to quickly defend against a
>> chain split, much better than a -bip148 option. This allows miners to
>> defend themselves, with very little risk, since the defense is only
>> activated if the majority of miners do so. I would move for a very rapid
>> deployment. Only miners would need to upgrade. Regular users would not
>> have to concern themselves with this release.
>>
>> On Wed, Jun 7, 2017 at 6:13 AM, James Hilliard via bitcoin-dev <
>> bitcoin-dev@lists.linuxfoundation.org> wrote:
>>
>>> I think even 55% would probably work out fine simply due to incentive
>>> structures, once signalling is over 51% it's then clear to miners that
>>> non-signalling blocks will be orphaned and the rest will rapidly
>>> update to splitprotection/BIP148. The purpose of this BIP is to reduce
>>> chain split risk for BIP148 since it's looking like BIP148 is going to
>>> be run by a non-insignificant percentage of the economy at a minimum.
>>>
>>> On Wed, Jun 7, 2017 at 12:20 AM, Tao Effect <contact@taoeffect.com>
>>> wrote:
>>> > See thread on replay attacks for why activating regardless of
>>> threshold is a
>>> > bad idea [1].
>>> >
>>> > BIP91 OTOH seems perfectly reasonable. 80% instead of 95% makes it more
>>> > difficult for miners to hold together in opposition to Core. It gives
>>> Core
>>> > more leverage in negotiations.
>>> >
>>> > If they don't activate with 80%, Core can release another BIP to
>>> reduce it
>>> > to 75%.
>>> >
>>> > Each threshold reduction makes it both more likely to succeed, but also
>>> > increases the likelihood of harm to the ecosystem.
>>> >
>>> > Cheers,
>>> > Greg
>>> >
>>> > [1]
>>> > https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017
>>> -June/014497.html
>>> >
>>> > --
>>> > Please do not email me anything that you are not comfortable also
>>> sharing
>>> > with the NSA.
>>> >
>>> > On Jun 6, 2017, at 6:54 PM, James Hilliard <james.hilliard1@gmail.com>
>>> > wrote:
>>> >
>>> > This is a BIP8 style soft fork so mandatory signalling will be active
>>> > after Aug 1st regardless.
>>> >
>>> > On Tue, Jun 6, 2017 at 8:51 PM, Tao Effect <contact@taoeffect.com>
>>> wrote:
>>> >
>>> > What is the probability that a 65% threshold is too low and can allow a
>>> > "surprise miner attack", whereby miners are kept offline before the
>>> > deadline, and brought online immediately after, creating potential
>>> havoc?
>>> >
>>> > (Nit: "simple majority" usually refers to >50%, I think, might cause
>>> > confusion.)
>>> >
>>> > -Greg Slepak
>>> >
>>> > --
>>> > Please do not email me anything that you are not comfortable also
>>> sharing
>>> > with the NSA.
>>> >
>>> > On Jun 6, 2017, at 5:56 PM, James Hilliard via bitcoin-dev
>>> > <bitcoin-dev@lists.linuxfoundation.org> wrote:
>>> >
>>> > Due to the proposed calendar(https://segwit2x.github.io/) for the
>>> > SegWit2x agreement being too slow to activate SegWit mandatory
>>> > signalling ahead of BIP148 using BIP91 I would like to propose another
>>> > option that miners can use to prevent a chain split ahead of the Aug
>>> > 1st BIP148 activation date.
>>> >
>>> > The splitprotection soft fork is essentially BIP91 but using BIP8
>>> > instead of BIP9 with a lower activation threshold and immediate
>>> > mandatory signalling lock-in. This allows for a majority of miners to
>>> > activate mandatory SegWit signalling and prevent a potential chain
>>> > split ahead of BIP148 activation.
>>> >
>>> > This BIP allows for miners to respond to market forces quickly ahead
>>> > of BIP148 activation by signalling for splitprotection. Any miners
>>> > already running BIP148 should be encouraged to use splitprotection.
>>> >
>>> > <pre>
>>> > BIP: splitprotection
>>> > Layer: Consensus (soft fork)
>>> > Title: User Activated Soft Fork Split Protection
>>> > Author: James Hilliard <james.hilliard1@gmail.com>
>>> > Comments-Summary: No comments yet.
>>> > Comments-URI:
>>> > Status: Draft
>>> > Type: Standards Track
>>> > Created: 2017-05-22
>>> > License: BSD-3-Clause
>>> > CC0-1.0
>>> > </pre>
>>> >
>>> > ==Abstract==
>>> >
>>> > This document specifies a coordination mechanism for a simple majority
>>> > of miners to prevent a chain split ahead of BIP148 activation.
>>> >
>>> > ==Definitions==
>>> >
>>> > "existing segwit deployment" refer to the BIP9 "segwit" deployment
>>> > using bit 1, between November 15th 2016 and November 15th 2017 to
>>> > activate BIP141, BIP143 and BIP147.
>>> >
>>> > ==Motivation==
>>> >
>>> > The biggest risk of BIP148 is an extended chain split, this BIP
>>> > provides a way for a simple majority of miners to eliminate that risk.
>>> >
>>> > This BIP provides a way for a simple majority of miners to coordinate
>>> > activation of the existing segwit deployment with less than 95%
>>> > hashpower before BIP148 activation. Due to time constraints unless
>>> > immediately deployed BIP91 will likely not be able to enforce
>>> > mandatory signalling of segwit before the Aug 1st activation of
>>> > BIP148. This BIP provides a method for rapid miner activation of
>>> > SegWit mandatory signalling ahead of the BIP148 activation date. Since
>>> > the primary goal of this BIP is to reduce the chance of an extended
>>> > chain split as much as possible we activate using a simple miner
>>> > majority of 65% over a 504 block interval rather than a higher
>>> > percentage. This BIP also allows miners to signal their intention to
>>> > run BIP148 in order to prevent a chain split.
>>> >
>>> > ==Specification==
>>> >
>>> > While this BIP is active, all blocks must set the nVersion header top
>>> > 3 bits to 001 together with bit field (1<<1) (according to the
>>> > existing segwit deployment). Blocks that do not signal as required
>>> > will be rejected.
>>> >
>>> > ==Deployment==
>>> >
>>> > This BIP will be deployed by "version bits" with a 65%(this can be
>>> > adjusted if desired) activation threshold BIP9 with the name
>>> > "splitprotecion" and using bit 2.
>>> >
>>> > This BIP starts immediately and is a BIP8 style soft fork since
>>> > mandatory signalling will start on midnight August 1st 2017 (epoch
>>> > time 1501545600) regardless of whether or not this BIP has reached its
>>> > own signalling threshold. This BIP will cease to be active when segwit
>>> > is locked-in.
>>> >
>>> > === Reference implementation ===
>>> >
>>> > <pre>
>>> > // Check if Segregated Witness is Locked In
>>> > bool IsWitnessLockedIn(const CBlockIndex* pindexPrev, const
>>> > Consensus::Params& params)
>>> > {
>>> > LOCK(cs_main);
>>> > return (VersionBitsState(pindexPrev, params,
>>> > Consensus::DEPLOYMENT_SEGWIT, versionbitscache) ==
>>> > THRESHOLD_LOCKED_IN);
>>> > }
>>> >
>>> > // SPLITPROTECTION mandatory segwit signalling.
>>> > if ( VersionBitsState(pindex->pprev, chainparams.GetConsensus(),
>>> > Consensus::DEPLOYMENT_SPLITPROTECTION, versionbitscache) ==
>>> > THRESHOLD_LOCKED_IN &&
>>> > !IsWitnessLockedIn(pindex->pprev, chainparams.GetConsensus()) &&
>>> > // Segwit is not locked in
>>> > !IsWitnessEnabled(pindex->pprev, chainparams.GetConsensus()) ) //
>>> > and is not active.
>>> > {
>>> > bool fVersionBits = (pindex->nVersion & VERSIONBITS_TOP_MASK) ==
>>> > VERSIONBITS_TOP_BITS;
>>> > bool fSegbit = (pindex->nVersion &
>>> > VersionBitsMask(chainparams.GetConsensus(),
>>> > Consensus::DEPLOYMENT_SEGWIT)) != 0;
>>> > if (!(fVersionBits && fSegbit)) {
>>> > return state.DoS(0, error("ConnectBlock(): relayed block must
>>> > signal for segwit, please upgrade"), REJECT_INVALID, "bad-no-segwit");
>>> > }
>>> > }
>>> >
>>> > // BIP148 mandatory segwit signalling.
>>> > int64_t nMedianTimePast = pindex->GetMedianTimePast();
>>> > if ( (nMedianTimePast >= 1501545600) && // Tue 01 Aug 2017 00:00:00
>>> UTC
>>> > (nMedianTimePast <= 1510704000) && // Wed 15 Nov 2017 00:00:00 UTC
>>> > (!IsWitnessLockedIn(pindex->pprev, chainparams.GetConsensus()) &&
>>> > // Segwit is not locked in
>>> > !IsWitnessEnabled(pindex->pprev, chainparams.GetConsensus())) )
>>> > // and is not active.
>>> > {
>>> > bool fVersionBits = (pindex->nVersion & VERSIONBITS_TOP_MASK) ==
>>> > VERSIONBITS_TOP_BITS;
>>> > bool fSegbit = (pindex->nVersion &
>>> > VersionBitsMask(chainparams.GetConsensus(),
>>> > Consensus::DEPLOYMENT_SEGWIT)) != 0;
>>> > if (!(fVersionBits && fSegbit)) {
>>> > return state.DoS(0, error("ConnectBlock(): relayed block must
>>> > signal for segwit, please upgrade"), REJECT_INVALID, "bad-no-segwit");
>>> > }
>>> > }
>>> > </pre>
>>> >
>>> > https://github.com/bitcoin/bitcoin/compare/0.14...jameshilli
>>> ard:splitprotection-v0.14.1
>>> >
>>> > ==Backwards Compatibility==
>>> >
>>> > This deployment is compatible with the existing "segwit" bit 1
>>> > deployment scheduled between midnight November 15th, 2016 and midnight
>>> > November 15th, 2017. This deployment is also compatible with the
>>> > existing BIP148 deployment. This BIP is compatible with BIP91 only if
>>> > BIP91 activates before it and before BIP148. Miners will need to
>>> > upgrade their nodes to support splitprotection otherwise they may
>>> > build on top of an invalid block. While this bip is active users
>>> > should either upgrade to splitprotection or wait for additional
>>> > confirmations when accepting payments.
>>> >
>>> > ==Rationale==
>>> >
>>> > Historically we have used IsSuperMajority() to activate soft forks
>>> > such as BIP66 which has a mandatory signalling requirement for miners
>>> > once activated, this ensures that miners are aware of new rules being
>>> > enforced. This technique can be leveraged to lower the signalling
>>> > threshold of a soft fork while it is in the process of being deployed
>>> > in a backwards compatible way. We also use a BIP8 style timeout to
>>> > ensure that this BIP is compatible with BIP148 and that BIP148
>>> > compatible mandatory signalling activates regardless of miner
>>> > signalling levels.
>>> >
>>> > By orphaning non-signalling blocks during the BIP9 bit 1 "segwit"
>>> > deployment, this BIP can cause the existing "segwit" deployment to
>>> > activate without needing to release a new deployment. As we approach
>>> > BIP148 activation it may be desirable for a majority of miners to have
>>> > a method that will ensure that there is no chain split.
>>> >
>>> > ==References==
>>> >
>>> > *[https://lists.linuxfoundation.org/pipermail/bitcoin-dev/20
>>> 17-March/013714.html
>>> > Mailing list discussion]
>>> > *[https://github.com/bitcoin/bitcoin/blob/v0.6.0/src/main.cp
>>> p#L1281-L1283
>>> > P2SH flag day activation]
>>> > *[[bip-0009.mediawiki|BIP9 Version bits with timeout and delay]]
>>> > *[[bip-0016.mediawiki|BIP16 Pay to Script Hash]]
>>> > *[[bip-0091.mediawiki|BIP91 Reduced threshold Segwit MASF]]
>>> > *[[bip-0141.mediawiki|BIP141 Segregated Witness (Consensus layer)]]
>>> > *[[bip-0143.mediawiki|BIP143 Transaction Signature Verification for
>>> > Version 0 Witness Program]]
>>> > *[[bip-0147.mediawiki|BIP147 Dealing with dummy stack element
>>> malleability]]
>>> > *[[bip-0148.mediawiki|BIP148 Mandatory activation of segwit
>>> deployment]]
>>> > *[[bip-0149.mediawiki|BIP149 Segregated Witness (second deployment)]]
>>> > *[https://bitcoincore.org/en/2016/01/26/segwit-benefits/ Segwit
>>> benefits]
>>> >
>>> > ==Copyright==
>>> >
>>> > This document is dual licensed as BSD 3-clause, and Creative Commons
>>> > CC0 1.0 Universal.
>>> > _______________________________________________
>>> > bitcoin-dev mailing list
>>> > bitcoin-dev@lists.linuxfoundation.org
>>> > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>>> >
>>> >
>>> >
>>> _______________________________________________
>>> bitcoin-dev mailing list
>>> bitcoin-dev@lists.linuxfoundation.org
>>> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>>>
>>
>>
>> _______________________________________________
>> bitcoin-dev mailing list
>> bitcoin-dev@lists.linuxfoundation.org
>> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>>
>>
>
--001a11403b7a41021e0551629628
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><div>> But passing it off as the safest defense is bad =
faith.<br><br>Without this option, a miner has to guess whether a split wil=
l be economically impacting.=C2=A0=C2=A0 With this option, his miner will a=
utomatically switch to the chain least likely to get wiped out... as soon a=
s a simple majority of miners supports it.=C2=A0=C2=A0 <br></div><div><br><=
/div></div><div class=3D"gmail_extra"><br><div class=3D"gmail_quote">On Wed=
, Jun 7, 2017 at 12:44 PM, Jacob Eliosoff <span dir=3D"ltr"><<a href=3D"=
mailto:jacob.eliosoff@gmail.com" target=3D"_blank">jacob.eliosoff@gmail.com=
</a>></span> wrote:<br><blockquote class=3D"gmail_quote" style=3D"margin=
:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir=3D"ltr"><=
div>This is not the safest defense against a split.=C2=A0 If 70% of miners =
run "splitprotection", and 0.1% run BIP148, there's no "=
safety"/"defense" reason for splitprotection to activate seg=
wit.=C2=A0 It should only do so if *BIP148* support (NB: not just segwit su=
pport!) >50%.<br></div><div><br></div><div>The truly defensive logic is =
"If the majority supports orphaning non-segwit blocks starting Aug 1, =
I'll join them."</div><div><br></div><div>If the real goal of this=
BIP is to induce miners to run segwit, then fair enough.=C2=A0 But passing=
it off as the safest defense is bad faith.</div><div><br></div></div><div =
class=3D"HOEnZb"><div class=3D"h5"><div class=3D"gmail_extra"><br><div clas=
s=3D"gmail_quote">On Wed, Jun 7, 2017 at 10:10 AM, Erik Aronesty via bitcoi=
n-dev <span dir=3D"ltr"><<a href=3D"mailto:bitcoin-dev@lists.linuxfounda=
tion.org" target=3D"_blank">bitcoin-dev@lists.<wbr>linuxfoundation.org</a>&=
gt;</span> wrote:<br><blockquote class=3D"gmail_quote" style=3D"margin:0 0 =
0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir=3D"ltr"><div>T=
his is, by far, the safest way for miners to quickly defend against a chain=
split, much better than a -bip148 option.=C2=A0=C2=A0 This allows miners t=
o defend themselves, with very little risk, since the defense is only activ=
ated if the majority of miners do so. I would move for a very rapid deploym=
ent.=C2=A0=C2=A0 Only miners would need to upgrade.=C2=A0=C2=A0 Regular use=
rs would not have to concern themselves with this release.<br></div></div><=
div class=3D"m_4542892957492321950HOEnZb"><div class=3D"m_45428929574923219=
50h5"><div class=3D"gmail_extra"><br><div class=3D"gmail_quote">On Wed, Jun=
7, 2017 at 6:13 AM, James Hilliard via bitcoin-dev <span dir=3D"ltr"><<=
a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org" target=3D"_blank">b=
itcoin-dev@lists.linuxfounda<wbr>tion.org</a>></span> wrote:<br><blockqu=
ote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc s=
olid;padding-left:1ex">I think even 55% would probably work out fine simply=
due to incentive<br>
structures, once signalling is over 51% it's then clear to miners that<=
br>
non-signalling blocks will be orphaned and the rest will rapidly<br>
update to splitprotection/BIP148. The purpose of this BIP is to reduce<br>
chain split risk for BIP148 since it's looking like BIP148 is going to<=
br>
be run by a non-insignificant percentage of the economy at a minimum.<br>
<div class=3D"m_4542892957492321950m_1119537463429105949HOEnZb"><div class=
=3D"m_4542892957492321950m_1119537463429105949h5"><br>
On Wed, Jun 7, 2017 at 12:20 AM, Tao Effect <<a href=3D"mailto:contact@t=
aoeffect.com" target=3D"_blank">contact@taoeffect.com</a>> wrote:<br>
> See thread on replay attacks for why activating regardless of threshol=
d is a<br>
> bad idea [1].<br>
><br>
> BIP91 OTOH seems perfectly reasonable. 80% instead of 95% makes it mor=
e<br>
> difficult for miners to hold together in opposition to Core. It gives =
Core<br>
> more leverage in negotiations.<br>
><br>
> If they don't activate with 80%, Core can release another BIP to r=
educe it<br>
> to 75%.<br>
><br>
> Each threshold reduction makes it both more likely to succeed, but als=
o<br>
> increases the likelihood of harm to the ecosystem.<br>
><br>
> Cheers,<br>
> Greg<br>
><br>
> [1]<br>
> <a href=3D"https://lists.linuxfoundation.org/pipermail/bitcoin-dev/201=
7-June/014497.html" rel=3D"noreferrer" target=3D"_blank">https://lists.linu=
xfoundation.<wbr>org/pipermail/bitcoin-dev/2017<wbr>-June/014497.html</a><b=
r>
><br>
> --<br>
> Please do not email me anything that you are not comfortable also shar=
ing<br>
> with the NSA.<br>
><br>
> On Jun 6, 2017, at 6:54 PM, James Hilliard <<a href=3D"mailto:james=
.hilliard1@gmail.com" target=3D"_blank">james.hilliard1@gmail.com</a>><b=
r>
> wrote:<br>
><br>
> This is a BIP8 style soft fork so mandatory signalling will be active<=
br>
> after Aug 1st regardless.<br>
><br>
> On Tue, Jun 6, 2017 at 8:51 PM, Tao Effect <<a href=3D"mailto:conta=
ct@taoeffect.com" target=3D"_blank">contact@taoeffect.com</a>> wrote:<br=
>
><br>
> What is the probability that a 65% threshold is too low and can allow =
a<br>
> "surprise miner attack", whereby miners are kept offline bef=
ore the<br>
> deadline, and brought online immediately after, creating potential hav=
oc?<br>
><br>
> (Nit: "simple majority" usually refers to >50%, I think, =
might cause<br>
> confusion.)<br>
><br>
> -Greg Slepak<br>
><br>
> --<br>
> Please do not email me anything that you are not comfortable also shar=
ing<br>
> with the NSA.<br>
><br>
> On Jun 6, 2017, at 5:56 PM, James Hilliard via bitcoin-dev<br>
> <<a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org" target=3D=
"_blank">bitcoin-dev@lists.linuxfounda<wbr>tion.org</a>> wrote:<br>
><br>
> Due to the proposed calendar(<a href=3D"https://segwit2x.github.io/" r=
el=3D"noreferrer" target=3D"_blank">https://segwit2x.gith<wbr>ub.io/</a>) f=
or the<br>
> SegWit2x agreement being too slow to activate SegWit mandatory<br>
> signalling ahead of BIP148 using BIP91 I would like to propose another=
<br>
> option that miners can use to prevent a chain split ahead of the Aug<b=
r>
> 1st BIP148 activation date.<br>
><br>
> The splitprotection soft fork is essentially BIP91 but using BIP8<br>
> instead of BIP9 with a lower activation threshold and immediate<br>
> mandatory signalling lock-in. This allows for a majority of miners to<=
br>
> activate mandatory SegWit signalling and prevent a potential chain<br>
> split ahead of BIP148 activation.<br>
><br>
> This BIP allows for miners to respond to market forces quickly ahead<b=
r>
> of BIP148 activation by signalling for splitprotection. Any miners<br>
> already running BIP148 should be encouraged to use splitprotection.<br=
>
><br>
> <pre><br>
> BIP: splitprotection<br>
> Layer: Consensus (soft fork)<br>
> Title: User Activated Soft Fork Split Protection<br>
> Author: James Hilliard <<a href=3D"mailto:james.hilliard1@gmail.com=
" target=3D"_blank">james.hilliard1@gmail.com</a>><br>
> Comments-Summary: No comments yet.<br>
> Comments-URI:<br>
> Status: Draft<br>
> Type: Standards Track<br>
> Created: 2017-05-22<br>
> License: BSD-3-Clause<br>
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 CC0-1.0<br>
> </pre><br>
><br>
> =3D=3DAbstract=3D=3D<br>
><br>
> This document specifies a coordination mechanism for a simple majority=
<br>
> of miners to prevent a chain split ahead of BIP148 activation.<br>
><br>
> =3D=3DDefinitions=3D=3D<br>
><br>
> "existing segwit deployment" refer to the BIP9 "segwit&=
quot; deployment<br>
> using bit 1, between November 15th 2016 and November 15th 2017 to<br>
> activate BIP141, BIP143 and BIP147.<br>
><br>
> =3D=3DMotivation=3D=3D<br>
><br>
> The biggest risk of BIP148 is an extended chain split, this BIP<br>
> provides a way for a simple majority of miners to eliminate that risk.=
<br>
><br>
> This BIP provides a way for a simple majority of miners to coordinate<=
br>
> activation of the existing segwit deployment with less than 95%<br>
> hashpower before BIP148 activation. Due to time constraints unless<br>
> immediately deployed BIP91 will likely not be able to enforce<br>
> mandatory signalling of segwit before the Aug 1st activation of<br>
> BIP148. This BIP provides a method for rapid miner activation of<br>
> SegWit mandatory signalling ahead of the BIP148 activation date. Since=
<br>
> the primary goal of this BIP is to reduce the chance of an extended<br=
>
> chain split as much as possible we activate using a simple miner<br>
> majority of 65% over a 504 block interval rather than a higher<br>
> percentage. This BIP also allows miners to signal their intention to<b=
r>
> run BIP148 in order to prevent a chain split.<br>
><br>
> =3D=3DSpecification=3D=3D<br>
><br>
> While this BIP is active, all blocks must set the nVersion header top<=
br>
> 3 bits to 001 together with bit field (1<<1) (according to the<b=
r>
> existing segwit deployment). Blocks that do not signal as required<br>
> will be rejected.<br>
><br>
> =3D=3DDeployment=3D=3D<br>
><br>
> This BIP will be deployed by "version bits" with a 65%(this =
can be<br>
> adjusted if desired) activation threshold BIP9 with the name<br>
> "splitprotecion" and using bit 2.<br>
><br>
> This BIP starts immediately and is a BIP8 style soft fork since<br>
> mandatory signalling will start on midnight August 1st 2017 (epoch<br>
> time 1501545600) regardless of whether or not this BIP has reached its=
<br>
> own signalling threshold. This BIP will cease to be active when segwit=
<br>
> is locked-in.<br>
><br>
> =3D=3D=3D Reference implementation =3D=3D=3D<br>
><br>
> <pre><br>
> // Check if Segregated Witness is Locked In<br>
> bool IsWitnessLockedIn(const CBlockIndex* pindexPrev, const<br>
> Consensus::Params& params)<br>
> {<br>
>=C2=A0 =C2=A0LOCK(cs_main);<br>
>=C2=A0 =C2=A0return (VersionBitsState(pindexPrev, params,<br>
> Consensus::DEPLOYMENT_SEGWIT, versionbitscache) =3D=3D<br>
> THRESHOLD_LOCKED_IN);<br>
> }<br>
><br>
> // SPLITPROTECTION mandatory segwit signalling.<br>
> if ( VersionBitsState(pindex->pprev<wbr>, chainparams.GetConsensus(=
),<br>
> Consensus::DEPLOYMENT_SPLITPRO<wbr>TECTION, versionbitscache) =3D=3D<b=
r>
> THRESHOLD_LOCKED_IN &&<br>
>=C2=A0 =C2=A0 !IsWitnessLockedIn(pindex->ppr<wbr>ev, chainparams.Get=
Consensus()) &&<br>
> // Segwit is not locked in<br>
>=C2=A0 =C2=A0 !IsWitnessEnabled(pindex->ppre<wbr>v, chainparams.GetC=
onsensus()) ) //<br>
> and is not active.<br>
> {<br>
>=C2=A0 =C2=A0bool fVersionBits =3D (pindex->nVersion & VERSIONBI=
TS_TOP_MASK) =3D=3D<br>
> VERSIONBITS_TOP_BITS;<br>
>=C2=A0 =C2=A0bool fSegbit =3D (pindex->nVersion &<br>
> VersionBitsMask(chainparams.Ge<wbr>tConsensus(),<br>
> Consensus::DEPLOYMENT_SEGWIT)) !=3D 0;<br>
>=C2=A0 =C2=A0if (!(fVersionBits && fSegbit)) {<br>
>=C2=A0 =C2=A0 =C2=A0 =C2=A0return state.DoS(0, error("ConnectBlock=
(): relayed block must<br>
> signal for segwit, please upgrade"), REJECT_INVALID, "bad-no=
-segwit");<br>
>=C2=A0 =C2=A0}<br>
> }<br>
><br>
> // BIP148 mandatory segwit signalling.<br>
> int64_t nMedianTimePast =3D pindex->GetMedianTimePast();<br>
> if ( (nMedianTimePast >=3D 1501545600) &&=C2=A0 // Tue 01 A=
ug 2017 00:00:00 UTC<br>
>=C2=A0 =C2=A0 (nMedianTimePast <=3D 1510704000) &&=C2=A0 // =
Wed 15 Nov 2017 00:00:00 UTC<br>
>=C2=A0 =C2=A0 (!IsWitnessLockedIn(pindex->pp<wbr>rev, chainparams.Ge=
tConsensus()) &&<br>
> // Segwit is not locked in<br>
>=C2=A0 =C2=A0 =C2=A0!IsWitnessEnabled(pindex->ppr<wbr>ev, chainparam=
s.GetConsensus())) )<br>
> // and is not active.<br>
> {<br>
>=C2=A0 =C2=A0bool fVersionBits =3D (pindex->nVersion & VERSIONBI=
TS_TOP_MASK) =3D=3D<br>
> VERSIONBITS_TOP_BITS;<br>
>=C2=A0 =C2=A0bool fSegbit =3D (pindex->nVersion &<br>
> VersionBitsMask(chainparams.Ge<wbr>tConsensus(),<br>
> Consensus::DEPLOYMENT_SEGWIT)) !=3D 0;<br>
>=C2=A0 =C2=A0if (!(fVersionBits && fSegbit)) {<br>
>=C2=A0 =C2=A0 =C2=A0 =C2=A0return state.DoS(0, error("ConnectBlock=
(): relayed block must<br>
> signal for segwit, please upgrade"), REJECT_INVALID, "bad-no=
-segwit");<br>
>=C2=A0 =C2=A0}<br>
> }<br>
> </pre><br>
><br>
> <a href=3D"https://github.com/bitcoin/bitcoin/compare/0.14...jameshill=
iard:splitprotection-v0.14.1" rel=3D"noreferrer" target=3D"_blank">https://=
github.com/bitcoin/bit<wbr>coin/compare/0.14...jameshilli<wbr>ard:splitprot=
ection-v0.14.1</a><br>
><br>
> =3D=3DBackwards Compatibility=3D=3D<br>
><br>
> This deployment is compatible with the existing "segwit" bit=
1<br>
> deployment scheduled between midnight November 15th, 2016 and midnight=
<br>
> November 15th, 2017. This deployment is also compatible with the<br>
> existing BIP148 deployment. This BIP is compatible with BIP91 only if<=
br>
> BIP91 activates before it and before BIP148. Miners will need to<br>
> upgrade their nodes to support splitprotection otherwise they may<br>
> build on top of an invalid block. While this bip is active users<br>
> should either upgrade to splitprotection or wait for additional<br>
> confirmations when accepting payments.<br>
><br>
> =3D=3DRationale=3D=3D<br>
><br>
> Historically we have used IsSuperMajority() to activate soft forks<br>
> such as BIP66 which has a mandatory signalling requirement for miners<=
br>
> once activated, this ensures that miners are aware of new rules being<=
br>
> enforced. This technique can be leveraged to lower the signalling<br>
> threshold of a soft fork while it is in the process of being deployed<=
br>
> in a backwards compatible way. We also use a BIP8 style timeout to<br>
> ensure that this BIP is compatible with BIP148 and that BIP148<br>
> compatible mandatory signalling activates regardless of miner<br>
> signalling levels.<br>
><br>
> By orphaning non-signalling blocks during the BIP9 bit 1 "segwit&=
quot;<br>
> deployment, this BIP can cause the existing "segwit" deploym=
ent to<br>
> activate without needing to release a new deployment. As we approach<b=
r>
> BIP148 activation it may be desirable for a majority of miners to have=
<br>
> a method that will ensure that there is no chain split.<br>
><br>
> =3D=3DReferences=3D=3D<br>
><br>
> *[<a href=3D"https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2=
017-March/013714.html" rel=3D"noreferrer" target=3D"_blank">https://lists.l=
inuxfoundatio<wbr>n.org/pipermail/bitcoin-dev/20<wbr>17-March/013714.html</=
a><br>
> Mailing list discussion]<br>
> *[<a href=3D"https://github.com/bitcoin/bitcoin/blob/v0.6.0/src/main.c=
pp#L1281-L1283" rel=3D"noreferrer" target=3D"_blank">https://github.com/bit=
coin/b<wbr>itcoin/blob/v0.6.0/src/main.cp<wbr>p#L1281-L1283</a><br>
> P2SH flag day activation]<br>
> *[[bip-0009.mediawiki|BIP9 Version bits with timeout and delay]]<br>
> *[[bip-0016.mediawiki|BIP16 Pay to Script Hash]]<br>
> *[[bip-0091.mediawiki|BIP91 Reduced threshold Segwit MASF]]<br>
> *[[bip-0141.mediawiki|BIP141 Segregated Witness (Consensus layer)]]<br=
>
> *[[bip-0143.mediawiki|BIP143 Transaction Signature Verification for<br=
>
> Version 0 Witness Program]]<br>
> *[[bip-0147.mediawiki|BIP147 Dealing with dummy stack element malleabi=
lity]]<br>
> *[[bip-0148.mediawiki|BIP148 Mandatory activation of segwit deployment=
]]<br>
> *[[bip-0149.mediawiki|BIP149 Segregated Witness (second deployment)]]<=
br>
> *[<a href=3D"https://bitcoincore.org/en/2016/01/26/segwit-benefits/" r=
el=3D"noreferrer" target=3D"_blank">https://bitcoincore.org/en/2<wbr>016/01=
/26/segwit-benefits/</a> Segwit benefits]<br>
><br>
> =3D=3DCopyright=3D=3D<br>
><br>
> This document is dual licensed as BSD 3-clause, and Creative Commons<b=
r>
> CC0 1.0 Universal.<br>
> ______________________________<wbr>_________________<br>
> bitcoin-dev mailing list<br>
> <a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org" target=3D"_bl=
ank">bitcoin-dev@lists.linuxfoundat<wbr>ion.org</a><br>
> <a href=3D"https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-=
dev" rel=3D"noreferrer" target=3D"_blank">https://lists.linuxfoundation.<wb=
r>org/mailman/listinfo/bitcoin-d<wbr>ev</a><br>
><br>
><br>
><br>
______________________________<wbr>_________________<br>
bitcoin-dev mailing list<br>
<a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org" target=3D"_blank">=
bitcoin-dev@lists.linuxfoundat<wbr>ion.org</a><br>
<a href=3D"https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev" =
rel=3D"noreferrer" target=3D"_blank">https://lists.linuxfoundation.<wbr>org=
/mailman/listinfo/bitcoin-d<wbr>ev</a><br>
</div></div></blockquote></div><br></div>
</div></div><br>______________________________<wbr>_________________<br>
bitcoin-dev mailing list<br>
<a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org" target=3D"_blank">=
bitcoin-dev@lists.linuxfoundat<wbr>ion.org</a><br>
<a href=3D"https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev" =
rel=3D"noreferrer" target=3D"_blank">https://lists.linuxfoundation.<wbr>org=
/mailman/listinfo/bitcoin-d<wbr>ev</a><br>
<br></blockquote></div><br></div>
</div></div></blockquote></div><br></div>
--001a11403b7a41021e0551629628--