1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
|
Received: from sog-mx-3.v43.ch3.sourceforge.com ([172.29.43.193]
helo=mx.sourceforge.net)
by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
(envelope-from <stephencalebmorse@gmail.com>) id 1Yzlgq-00029F-CH
for bitcoin-development@lists.sourceforge.net;
Tue, 02 Jun 2015 12:53:08 +0000
Received-SPF: pass (sog-mx-3.v43.ch3.sourceforge.com: domain of gmail.com
designates 209.85.216.51 as permitted sender)
client-ip=209.85.216.51;
envelope-from=stephencalebmorse@gmail.com;
helo=mail-vn0-f51.google.com;
Received: from mail-vn0-f51.google.com ([209.85.216.51])
by sog-mx-3.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128)
(Exim 4.76) id 1Yzlgn-00072v-Q4
for bitcoin-development@lists.sourceforge.net;
Tue, 02 Jun 2015 12:53:08 +0000
Received: by vnbg129 with SMTP id g129so20270159vnb.11
for <bitcoin-development@lists.sourceforge.net>;
Tue, 02 Jun 2015 05:53:00 -0700 (PDT)
X-Received: by 10.52.249.4 with SMTP id yq4mr9066940vdc.61.1433249580344;
Tue, 02 Jun 2015 05:53:00 -0700 (PDT)
Received: from [10.0.0.7] (c-24-218-184-40.hsd1.nh.comcast.net.
[24.218.184.40]) by mx.google.com with ESMTPSA id
ql13sm26879547vdb.2.2015.06.02.05.52.59
(version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
Tue, 02 Jun 2015 05:52:59 -0700 (PDT)
Content-Type: multipart/alternative;
boundary=Apple-Mail-53F44E09-CEB9-4E68-B2E0-F81F95D556FF
Mime-Version: 1.0 (1.0)
From: Stephen <stephencalebmorse@gmail.com>
X-Mailer: iPhone Mail (12F70)
In-Reply-To: <CAOG=w-tDdJTkkqGaEEpDZ6pX0kXT7f2wvoN_cEpd6+MVnu1CdQ@mail.gmail.com>
Date: Tue, 2 Jun 2015 08:52:58 -0400
Content-Transfer-Encoding: 7bit
Message-Id: <E67A3D18-EFB0-4156-98B7-082793D2D871@gmail.com>
References: <CAOG=w-uufDPkQSEi1K_L82j4OXObGmESnfYyxi1z99fcBCotcg@mail.gmail.com>
<CABHVRKQD4YPt0NA8VnXW4VYx0fmCgSHUYq-73F2esHZqX-FUxw@mail.gmail.com>
<CAOG=w-tDdJTkkqGaEEpDZ6pX0kXT7f2wvoN_cEpd6+MVnu1CdQ@mail.gmail.com>
To: Mark Friedenbach <mark@friedenbach.org>
X-Spam-Score: -0.6 (/)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
See http://spamassassin.org/tag/ for more details.
-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
sender-domain
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
(stephencalebmorse[at]gmail.com)
-0.0 SPF_PASS SPF: sender matches SPF record
1.0 HTML_MESSAGE BODY: HTML included in message
0.0 MIME_QP_LONG_LINE RAW: Quoted-printable line longer than 76 chars
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
author's domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature,
not necessarily valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
X-Headers-End: 1Yzlgn-00072v-Q4
Cc: Bitcoin Development <bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] [BIP draft] Consensus-enforced
transaction replacement signalled via sequence numbers
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Tue, 02 Jun 2015 12:53:08 -0000
--Apple-Mail-53F44E09-CEB9-4E68-B2E0-F81F95D556FF
Content-Type: text/plain;
charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Do you think it would be useful to have an inverted version of both CSV and C=
LTV? To verify if an output is spent before a specific time. CLTV and CSV co=
uld be implemented by taking two stack arguments, an integer for the compari=
son and TRUE/FALSE.=20
Now that I think about this more, the problem is that, for example, just hav=
ing a lock time of less than some value doesn't actually mean it has to be s=
pent before that script value, so this might not work. Likely any implementa=
tions of such a feature would have to provide the script execution environme=
nt with access to information that it doesn't have now, which is what we are=
trying to avoid.=20
Best,
Stephen
> On Jun 2, 2015, at 12:16 AM, Mark Friedenbach <mark@friedenbach.org> wrote=
:
>=20
> You are correct! I am maintaining a 'checksequenceverify' branch in my git=
repository as well, an OP_RCLTV using sequence numbers:
>=20
> https://github.com/maaku/bitcoin/tree/checksequenceverify
>=20
> Most of the interesting use cases for relative lock-time require an RCLTV o=
pcode. What is interesting about this architecture is that it possible to cl=
eanly separate the relative lock-time (sequence numbers) from the RCLTV opco=
de (OP_CHECKSEQUENCEVERIFY) both in concept and in implementation. Like CLTV=
, the CSV opcode only checks transaction data and requires no contextual kno=
wledge about block headers, a weakness of the other RCLTV proposals that vio=
late the clean separation between libscript and libconsensus. In a similar w=
ay, this BIP proposal only touches the transaction validation logic without a=
ny impact to script.
>=20
> I would like to propose an additional BIP covering the CHECKSEQUENCEVERIFY=
opcode and its enabling applications. But, well, one thing at a time.
>=20
>> On Mon, Jun 1, 2015 at 8:45 PM, Stephen Morse <stephencalebmorse@gmail.co=
m> wrote:
>> Hi Mark,
>>=20
>> Overall, I like this idea in every way except for one: unless I am missin=
g something, we may still need an OP_RCLTV even with this being implemented.=
=20
>>=20
>> In use cases such as micropayment channels where the funds are locked up b=
y multiple parties, the enforcement of the relative locktime can be done by t=
he first-signing party. So, while your solution would probably work in cases=
like this, where multiple signing parties are involved, there may be other,=
seen or unforeseen, use cases that require putting the relative locktime ri=
ght into the spending contract (the scriptPubKey itself). When there is only=
one signer, there's nothing that enforces using an nSequence and nVersion=3D=
2 that would prevent spending the output until a certain time.=20
>>=20
>> I hope this is received as constructive criticism, I do think this is an i=
nnovative idea. In my view, though, it seems to be less fully-featured than j=
ust repurposing an OP_NOP to create OP_RCLTV. The benefits are obviously tha=
t it saves transaction space by repurposing unused space, and would likely w=
ork for most cases where an OP_RCLTV would be needed.
>>=20
>> Best,
>> Stephen
>>=20
>>> On Mon, Jun 1, 2015 at 9:49 PM, Mark Friedenbach <mark@friedenbach.org> w=
rote:
>>> I have written a reference implementation and BIP draft for a soft-fork c=
hange to the consensus-enforced behaviour of sequence numbers for the purpos=
e of supporting transaction replacement via per-input relative lock-times. T=
his proposal was previously discussed on the mailing list in the following t=
hread:
>>>=20
>>> http://sourceforge.net/p/bitcoin/mailman/message/34146752/
>>>=20
>>> In short summary, this proposal seeks to enable safe transaction replace=
ment by re-purposing the nSequence field of a transaction input to be a cons=
ensus-enforced relative lock-time.
>>>=20
>>> The advantages of this approach is that it makes use of the full range o=
f the 32-bit sequence number which until now has rarely been used for anythi=
ng other than a boolean control over absolute nLockTime, and it does so in a=
way that is semantically compatible with the originally envisioned use of s=
equence numbers for fast mempool transaction replacement.
>>>=20
>>> The disadvantages are that external constraints often prevent the full r=
ange of sequence numbers from being used when interpreted as a relative lock=
-time, and re-purposing nSequence as a relative lock-time precludes its use i=
n other contexts. The latter point has been partially addressed by having th=
e relative lock-time semantics be enforced only if the most-significant bit o=
f nSequence is set. This preserves 31 bits for alternative use when relative=
lock-times are not required.
>>>=20
>>> The BIP draft can be found at the following gist:
>>>=20
>>> https://gist.github.com/maaku/be15629fe64618b14f5a
>>>=20
>>> The reference implementation is available at the following git repositor=
y:
>>>=20
>>> https://github.com/maaku/bitcoin/tree/sequencenumbers
>>>=20
>>> I request that the BIP editor please assign a BIP number for this work.
>>>=20
>>> Sincerely,
>>> Mark Friedenbach
>>>=20
>>> ------------------------------------------------------------------------=
------
>>>=20
>>> _______________________________________________
>>> Bitcoin-development mailing list
>>> Bitcoin-development@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>=20
--Apple-Mail-53F44E09-CEB9-4E68-B2E0-F81F95D556FF
Content-Type: text/html;
charset=utf-8
Content-Transfer-Encoding: quoted-printable
<html><head><meta http-equiv=3D"content-type" content=3D"text/html; charset=3D=
utf-8"></head><body dir=3D"auto"><div>Do you think it would be useful to hav=
e an inverted version of both CSV and CLTV? To verify if an output is spent b=
efore a specific time. CLTV and CSV could be implemented by taking two stack=
arguments, an integer for the comparison and TRUE/FALSE. </div><div><b=
r></div><div>Now that I think about this more, the problem is that, for exam=
ple, just having a lock time of less than some value doesn't actually mean i=
t has to be spent before that script value, so this might not work. Likely a=
ny implementations of such a feature would have to provide the script execut=
ion environment with access to information that it doesn't have now, which i=
s what we are trying to avoid. </div><div><br></div><div>Best,</div><di=
v>Stephen<br><br><br></div><div><br>On Jun 2, 2015, at 12:16 AM, Mark Friede=
nbach <<a href=3D"mailto:mark@friedenbach.org">mark@friedenbach.org</a>&g=
t; wrote:<br><br></div><blockquote type=3D"cite"><div><div dir=3D"ltr"><div>=
<div>You are correct! I am maintaining a 'checksequenceverify' branch in my g=
it repository as well, an OP_RCLTV using sequence numbers:<br><br><a href=3D=
"https://github.com/maaku/bitcoin/tree/checksequenceverify">https://github.c=
om/maaku/bitcoin/tree/checksequenceverify</a><br><br></div>Most of the inter=
esting use cases for relative lock-time require an RCLTV opcode. What is int=
eresting about this architecture is that it possible to cleanly separate the=
relative lock-time (sequence numbers) from the RCLTV opcode (OP_CHECKSEQUEN=
CEVERIFY) both in concept and in implementation. Like CLTV, the CSV opcode o=
nly checks transaction data and requires no contextual knowledge about block=
headers, a weakness of the other RCLTV proposals that violate the clean sep=
aration between libscript and libconsensus. In a similar way, this BIP propo=
sal only touches the transaction validation logic without any impact to scri=
pt.<br><br></div>I would like to propose an additional BIP covering the CHEC=
KSEQUENCEVERIFY opcode and its enabling applications. But, well, one thing a=
t a time.<br></div><div class=3D"gmail_extra"><br><div class=3D"gmail_quote"=
>On Mon, Jun 1, 2015 at 8:45 PM, Stephen Morse <span dir=3D"ltr"><<a href=
=3D"mailto:stephencalebmorse@gmail.com" target=3D"_blank">stephencalebmorse@=
gmail.com</a>></span> wrote:<br><blockquote class=3D"gmail_quote" style=3D=
"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir=3D"=
ltr">Hi Mark,<br><br>Overall, I like this idea in every way except for one: u=
nless I am missing something, we may still need an <font face=3D"monospace, m=
onospace">OP_RCLTV</font> even with this being implemented. <div><br></=
div><div>In use cases such as micropayment channels where the funds are lock=
ed up by multiple parties, the enforcement of the relative locktime can be d=
one by the first-signing party. So, while your solution would probably work i=
n cases like this, where multiple signing parties are involved, there may be=
other, seen or unforeseen, use cases that require putting the relative lock=
time right into the spending contract (the <font face=3D"monospace, monospac=
e">scriptPubKey</font> itself). When there is only one signer, there's nothi=
ng that enforces using an nSequence and nVersion=3D2 that would prevent spen=
ding the output until a certain time. </div><div><br></div><div>I hope t=
his is received as constructive criticism, I do think this is an innovative i=
dea. In my view, though, it seems to be less fully-featured than just repurp=
osing an <font face=3D"monospace, monospace">OP_NOP</font> to create <font f=
ace=3D"monospace, monospace">OP_RCLTV</font>. The benefits are obviously tha=
t it saves transaction space by repurposing unused space, and would likely w=
ork for most cases where an <font face=3D"monospace, monospace">OP_RCLTV</fo=
nt> would be needed.</div><div><br></div><div>Best,<br>Stephen</div></div><d=
iv class=3D"gmail_extra"><br><div class=3D"gmail_quote"><div><div class=3D"h=
5">On Mon, Jun 1, 2015 at 9:49 PM, Mark Friedenbach <span dir=3D"ltr"><<a=
href=3D"mailto:mark@friedenbach.org" target=3D"_blank">mark@friedenbach.org=
</a>></span> wrote:<br></div></div><blockquote class=3D"gmail_quote" styl=
e=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><di=
v class=3D"h5"><div dir=3D"ltr"><div>I have written a reference implementati=
on and BIP draft for a soft-fork change to the consensus-enforced behaviour o=
f sequence numbers for the purpose of supporting transaction replacement via=
per-input relative lock-times. This proposal was previously discussed on th=
e mailing list in the following thread:<br><br><a href=3D"http://sourceforge=
.net/p/bitcoin/mailman/message/34146752/" target=3D"_blank">http://sourcefor=
ge.net/p/bitcoin/mailman/message/34146752/</a><br><br></div><div>In short su=
mmary, this proposal seeks to enable safe transaction replacement by re-purp=
osing the nSequence field of a transaction input to be a consensus-enforced r=
elative lock-time.<br><br>The advantages of this approach is that it makes u=
se of the full range of the 32-bit sequence number which until now has rarel=
y been used for anything other than a boolean control over absolute nLockTim=
e, and it does so in a way that is semantically compatible with the original=
ly envisioned use of sequence numbers for fast mempool transaction replaceme=
nt.<br><br></div><div>The disadvantages are that external constraints often p=
revent the full range of sequence numbers from being used when interpreted a=
s a relative lock-time, and re-purposing nSequence as a relative lock-time p=
recludes its use in other contexts. The latter point has been partially addr=
essed by having the relative lock-time semantics be enforced only if the mos=
t-significant bit of nSequence is set. This preserves 31 bits for alternativ=
e use when relative lock-times are not required.<br></div><div><br></div><di=
v>The BIP draft can be found at the following gist:<br><br><a href=3D"https:=
//gist.github.com/maaku/be15629fe64618b14f5a" target=3D"_blank">https://gist=
.github.com/maaku/be15629fe64618b14f5a</a><br><br></div><div>The reference i=
mplementation is available at the following git repository:<br></div><div><b=
r><a href=3D"https://github.com/maaku/bitcoin/tree/sequencenumbers" target=3D=
"_blank">https://github.com/maaku/bitcoin/tree/sequencenumbers</a><br><br></=
div><div>I request that the BIP editor please assign a BIP number for this w=
ork.<br><br></div><div>Sincerely,<br></div><div>Mark Friedenbach<br></div></=
div>
<br></div></div>------------------------------------------------------------=
------------------<br>
<br>_______________________________________________<br>
Bitcoin-development mailing list<br>
<a href=3D"mailto:Bitcoin-development@lists.sourceforge.net" target=3D"_blan=
k">Bitcoin-development@lists.sourceforge.net</a><br>
<a href=3D"https://lists.sourceforge.net/lists/listinfo/bitcoin-development"=
target=3D"_blank">https://lists.sourceforge.net/lists/listinfo/bitcoin-deve=
lopment</a><br>
<br></blockquote></div><br></div>
</blockquote></div><br></div>
</div></blockquote></body></html>=
--Apple-Mail-53F44E09-CEB9-4E68-B2E0-F81F95D556FF--
|