summaryrefslogtreecommitdiff
path: root/87/301660e8f1e5733e09dfafa4cad53c956d49be
blob: b249dd4cd87f4d90dffa1c5f6a95445084ae49b3 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
Return-Path: <jlrubin@mit.edu>
Received: from smtp4.osuosl.org (smtp4.osuosl.org [140.211.166.137])
 by lists.linuxfoundation.org (Postfix) with ESMTP id BA03CC0001
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Sun, 28 Feb 2021 20:02:31 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by smtp4.osuosl.org (Postfix) with ESMTP id 7C7874EE11
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Sun, 28 Feb 2021 20:02:31 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
X-Spam-Flag: NO
X-Spam-Score: -0.7
X-Spam-Level: 
X-Spam-Status: No, score=-0.7 tagged_above=-999 required=5
 tests=[HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001]
 autolearn=ham autolearn_force=no
Received: from smtp4.osuosl.org ([127.0.0.1])
 by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 2G00CDli62Yl
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Sun, 28 Feb 2021 20:02:29 +0000 (UTC)
X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11])
 by smtp4.osuosl.org (Postfix) with ESMTPS id 7E9CD4ED4B
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Sun, 28 Feb 2021 20:02:29 +0000 (UTC)
Received: from mail-il1-f182.google.com (mail-il1-f182.google.com
 [209.85.166.182]) (authenticated bits=0)
 (User authenticated as jlrubin@ATHENA.MIT.EDU)
 by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id 11SK2RxH010849
 (version=TLSv1/SSLv3 cipher=AES128-GCM-SHA256 bits=128 verify=NOT)
 for <bitcoin-dev@lists.linuxfoundation.org>; Sun, 28 Feb 2021 15:02:27 -0500
Received: by mail-il1-f182.google.com with SMTP id c10so12840733ilo.8
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Sun, 28 Feb 2021 12:02:27 -0800 (PST)
X-Gm-Message-State: AOAM5300q4kL5shuw8RvEGoC9qNB0eJMhx/ct2LmOlXF97S22HdwJiZP
 XI8rRkyjgv01kRrkHIlupxZuA5WhqKfQ40o/BY8=
X-Google-Smtp-Source: ABdhPJznSkmjGyYZ8fAZMjyawXL/AgpaWcMRibsXOXrATPvACCKswjtsN8q558N98oQaH2WRGkTXjH/oQiGjOxwIClg=
X-Received: by 2002:a05:6e02:b2e:: with SMTP id
 e14mr10163187ilu.164.1614542547180; 
 Sun, 28 Feb 2021 12:02:27 -0800 (PST)
MIME-Version: 1.0
References: <c35e1761-43ca-e157-6a5c-72d27f2c6c6e@mattcorallo.com>
 <202102281720.07392.luke@dashjr.org>
 <c6a7a7ab-ee68-6594-ebd0-60f38ba40c37@mattcorallo.com>
 <CAD5xwhhRCBa86B0ApZ=VioZngREOh1bth4H=zk69k4xsZc9d0Q@mail.gmail.com>
 <20c5eb39-915d-6af9-5b0a-f488ff40ef3f@mattcorallo.com>
In-Reply-To: <20c5eb39-915d-6af9-5b0a-f488ff40ef3f@mattcorallo.com>
From: Jeremy <jlrubin@mit.edu>
Date: Sun, 28 Feb 2021 12:02:15 -0800
X-Gmail-Original-Message-ID: <CAD5xwhh89-5WRdnhA0X0CueWe6s2HneeEFiW5nZs4KFQw4iG6Q@mail.gmail.com>
Message-ID: <CAD5xwhh89-5WRdnhA0X0CueWe6s2HneeEFiW5nZs4KFQw4iG6Q@mail.gmail.com>
To: Matt Corallo <lf-lists@mattcorallo.com>
Content-Type: multipart/alternative; boundary="000000000000ffe30705bc6afae4"
Cc: Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] Straight Flag Day (Height) Taproot Activation
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>, 
 <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>, 
 <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Sun, 28 Feb 2021 20:02:31 -0000

--000000000000ffe30705bc6afae4
Content-Type: text/plain; charset="UTF-8"

Miners still can generate invalid blocks as a result of SPV mining, and it
could be profitable to do "bad block enhanced selfish mining" to take
advantage of it.


Hard to analyze exactly what that looks like, but...

E.g., suppose 20% is un-upgraded and 80% is upgraded. Taking 25% hashrate
to mine bad blocks would mean 1/4th of the time you could make 20% of the
hashrate mine bad blocks, overall a > 5% (series expansion) benefit. One
could analyze out that the lost hash rate for bad blocks only matters for
the first difficulty adjustment period you're doing this for too, as the
hashrate drop will be accounted for -- but then a miner can switch back to
mining valid chain, giving themselves a larger % of hashrate.

So it is still possible that an un-upgraded miner will fail part 3, and
attempting to accommodate un-upgraded miners leads to some nasty
oscillating hashrate being optimal.


--
@JeremyRubin <https://twitter.com/JeremyRubin>
<https://twitter.com/JeremyRubin>


On Sun, Feb 28, 2021 at 11:52 AM Matt Corallo <lf-lists@mattcorallo.com>
wrote:

> Note further that mandatory signaling isn't "just" a flag day - unlike a
> Taproot flag day (where miners running Bitcoin
> Core unmodified today will not generate invalid blocks), a mandatory
> signaling flag day blatantly ignores goal (3) from
> my original post - it results in any miner who has not taken active action
> (and ensured every part of their often-large
> infrastructure has been correctly reconfigured) generating invalid blocks.
>
> As for "Taproot" took too long, hey, at least if its locked in people can
> just build things assuming it exists. Some
> already are, but once its clearly locked in, there's no reason to not
> continue other work at the same time.
>
> Matt
>
> On 2/28/21 14:43, Jeremy via bitcoin-dev wrote:
> > I agree with much of the logic presented by Matt here.
> >
> > BIP8 was intended to be simpler to agree on to maintain consensus, yet
> we find ourselves in a situation where a "tiny"
> > parameter has the potential to cause great network disruption and
> confusion (rationality is not too useful a concept
> > here given differing levels of sophistication and information). It is
> therefore much simpler and more likely to be
> > universally understood by all network participants to just have a flag
> day. It is easier to communicate what users
> > should do and when.
> >
> > This is ultimately not coercive to users because the upgrade for Taproot
> itself is provable and analyzable on its own,
> > but activation parameters based on what % of economically relevant nodes
> are running an upgrade by a certain date are
> > not. Selecting these sorts of complicated consensus parameters may
> ultimately present more opportunity for a cooptable
> > consensus process than something more straightforward.
> >
> >
> > That said, a few points strike me as worth delving into.
> >
> >
> > 1) Con: Mandatory signalling is no different than a flag day. Mandatory
> signaling is effectively 2 flag days -- one for
> > the signaling rule, 1 for the taproot type. The reason for the 2 week
> gap between flag day for signaling and flag day
> > for taproot rules is, more or less, so that nodes who aren't taproot
> ready at the 1st flag day do not end up SPV mining
> > (using standardness rules in mempool prevents them from mining an
> invalid block on top of a valid tip, but does not
> > ensure the tip is valid).
> > 2) Con: Releasing a flag day without releasing the LOT=true code leading
> up to that flag day means that clients would
> > not be fully compatible with an early activation that could be proposed
> before the flag day is reached. E.g., LOT=true
> > is a flag day that retains the possibility of being compatible with
> other BIP8 releases without changing software.
> > 3) Pro: BIP-8 is partially in service of "early activation" and . I'm
> personally skeptical that early activation is/was
> > ever a good idea. A fixed activation date may be largely superior for
> business purposes, software engineering schedules,
> > etc. I think even with signaling BIP8, it would be possibly superior to
> activate rules at a fixed date (or a quantized
> > set of fixed dates, e.g. guaranteeing at least 3 months but maybe more).
> > 4) Pro: part of the argument for BIP-8=false is that it is possible that
> the rule could not activate, if signaling does
> > not occur, providing additional stopgap against dev collusion and bugs.
> But BIP-8 can activate immediately (with start
> > times being proposed 1 month after release?) so we don't have certainty
> around how much time there is for that secondary
> > review process (read -- I think it isn't that valuable) and if there
> *is* a deadly bug discovered, we might want to
> > hard-fork to fix it even if it isn't yet signaled for (e.g., if the rule
> activates it enables more mining reward). So I
> > think that it's a healthier mindset to release a with definite deadline
> and not rule out having to do a hard fork if
> > there is a grave issue (we shouldn't ever release a SF if we think this
> is at all likely, mind you).
> > 5) Con: It's already taken so long for taproot, the schedule around
> taproot was based on the idea it could early
> > activate, 2022 is now too far away. I don't know how to defray this
> other than, if your preferred idea is 1 year flag
> > day, to do that via LOT=true so that taproot can still have early
> activation if desired.
> >
> > Overall I agree with the point that all the contention around LOT, makes
> a flag day look not so bad. And something
> > closer to a flag day might not be so bad either for future forks as well.
> >
> > However, I think given the appetite for early activation, if a flag day
> is desired I think LOT=true is the best option
> > at this time as it allows our flag day to remain compatible with such an
> early activation.
> >
> > I think we can also clearly communicate that LOT=true for Taproot is not
> a precedent setting occurence for any future
> > forks (hold me accountable to not using this as precedent this should I
> ever advocate for a SF with similar release
> > parameters).
> >
> >
> > _______________________________________________
> > bitcoin-dev mailing list
> > bitcoin-dev@lists.linuxfoundation.org
> > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
> >
>

--000000000000ffe30705bc6afae4
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div class=3D"gmail_default" style=3D"font-family:arial,he=
lvetica,sans-serif;font-size:small;color:#000000">Miners still can generate=
 invalid blocks as a result of SPV mining, and it could be profitable to do=
 &quot;bad block enhanced selfish mining&quot; to take advantage of it.</di=
v><div class=3D"gmail_default" style=3D"font-family:arial,helvetica,sans-se=
rif;font-size:small;color:#000000"><br></div><div class=3D"gmail_default" s=
tyle=3D"font-family:arial,helvetica,sans-serif;font-size:small;color:#00000=
0"><br></div><div class=3D"gmail_default" style=3D"font-family:arial,helvet=
ica,sans-serif;font-size:small;color:#000000">Hard to analyze exactly what =
that looks like, but...</div><div class=3D"gmail_default" style=3D"font-fam=
ily:arial,helvetica,sans-serif;font-size:small;color:#000000"><br></div><di=
v class=3D"gmail_default" style=3D"font-family:arial,helvetica,sans-serif;f=
ont-size:small;color:#000000">E.g., suppose 20% is un-upgraded and 80% is u=
pgraded. Taking 25% hashrate to mine bad blocks would mean 1/4th of the tim=
e you could make 20% of the hashrate mine bad blocks, overall a &gt; 5% (se=
ries expansion) benefit. One could analyze out that the lost hash rate for =
bad blocks only matters for the first difficulty adjustment period you&#39;=
re doing this for too, as the hashrate drop will be accounted for -- but th=
en a miner can switch back to mining valid chain, giving themselves a large=
r % of hashrate.</div><div class=3D"gmail_default" style=3D"font-family:ari=
al,helvetica,sans-serif;font-size:small;color:#000000"><br></div><div class=
=3D"gmail_default" style=3D"font-family:arial,helvetica,sans-serif;font-siz=
e:small;color:#000000">So it is still possible that an un-upgraded miner wi=
ll fail part 3, and attempting to accommodate un-upgraded miners leads to s=
ome nasty oscillating hashrate being optimal.<br></div><div class=3D"gmail_=
default" style=3D"font-family:arial,helvetica,sans-serif;font-size:small;co=
lor:#000000"><br></div><div class=3D"gmail_default" style=3D"font-family:ar=
ial,helvetica,sans-serif;font-size:small;color:#000000"><br clear=3D"all"><=
/div><div><div dir=3D"ltr" class=3D"gmail_signature" data-smartmail=3D"gmai=
l_signature"><div dir=3D"ltr">--<br><a href=3D"https://twitter.com/JeremyRu=
bin" target=3D"_blank">@JeremyRubin</a><a href=3D"https://twitter.com/Jerem=
yRubin" target=3D"_blank"></a></div></div></div><br></div><br><div class=3D=
"gmail_quote"><div dir=3D"ltr" class=3D"gmail_attr">On Sun, Feb 28, 2021 at=
 11:52 AM Matt Corallo &lt;<a href=3D"mailto:lf-lists@mattcorallo.com">lf-l=
ists@mattcorallo.com</a>&gt; wrote:<br></div><blockquote class=3D"gmail_quo=
te" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204=
);padding-left:1ex">Note further that mandatory signaling isn&#39;t &quot;j=
ust&quot; a flag day - unlike a Taproot flag day (where miners running Bitc=
oin <br>
Core unmodified today will not generate invalid blocks), a mandatory signal=
ing flag day blatantly ignores goal (3) from <br>
my original post - it results in any miner who has not taken active action =
(and ensured every part of their often-large <br>
infrastructure has been correctly reconfigured) generating invalid blocks.<=
br>
<br>
As for &quot;Taproot&quot; took too long, hey, at least if its locked in pe=
ople can just build things assuming it exists. Some <br>
already are, but once its clearly locked in, there&#39;s no reason to not c=
ontinue other work at the same time.<br>
<br>
Matt<br>
<br>
On 2/28/21 14:43, Jeremy via bitcoin-dev wrote:<br>
&gt; I agree with much of the logic presented by Matt here.<br>
&gt; <br>
&gt; BIP8 was intended to be simpler to agree on to maintain consensus, yet=
 we find ourselves in a situation where a &quot;tiny&quot; <br>
&gt; parameter has the potential to cause great network disruption and conf=
usion (rationality is not too useful a concept <br>
&gt; here given differing levels of sophistication and information). It is =
therefore much simpler and more likely to be <br>
&gt; universally understood by all network participants to just have a flag=
 day. It is easier to communicate what users <br>
&gt; should do and when.<br>
&gt; <br>
&gt; This is ultimately not coercive to users because the upgrade for Tapro=
ot itself is provable and analyzable on its own, <br>
&gt; but activation parameters based on what % of economically relevant nod=
es are running an upgrade by a certain date are <br>
&gt; not. Selecting these sorts of complicated consensus parameters may ult=
imately present more opportunity for a cooptable <br>
&gt; consensus process than something more straightforward.<br>
&gt; <br>
&gt; <br>
&gt; That said, a few points strike me as worth delving into.<br>
&gt; <br>
&gt; <br>
&gt; 1) Con: Mandatory signalling is no different than a flag day. Mandator=
y signaling is effectively 2 flag days -- one for <br>
&gt; the signaling rule, 1 for the taproot type. The reason for the 2 week =
gap between flag day for signaling and flag day <br>
&gt; for taproot rules is, more or less, so that nodes who aren&#39;t tapro=
ot ready at the 1st flag day do not end up SPV mining <br>
&gt; (using standardness rules in mempool prevents them from mining an inva=
lid block on top of a valid tip, but does not <br>
&gt; ensure the tip is valid).<br>
&gt; 2) Con: Releasing a flag day without releasing the LOT=3Dtrue code lea=
ding up to that flag day means that clients would <br>
&gt; not be fully compatible with an early activation that could be propose=
d before the flag day is reached. E.g., LOT=3Dtrue <br>
&gt; is a flag day that retains the possibility of being compatible with ot=
her BIP8 releases without changing software.<br>
&gt; 3) Pro: BIP-8 is partially in service of &quot;early activation&quot; =
and . I&#39;m personally skeptical that early activation is/was <br>
&gt; ever a good idea. A fixed activation date may be largely superior for =
business purposes, software engineering schedules, <br>
&gt; etc. I think even with signaling BIP8, it would be possibly superior t=
o activate rules at a fixed date (or a quantized <br>
&gt; set of fixed dates, e.g. guaranteeing at least 3 months but maybe more=
).<br>
&gt; 4) Pro: part of the argument for BIP-8=3Dfalse is that it is possible =
that the rule could not activate, if signaling does <br>
&gt; not occur, providing additional stopgap against dev collusion and bugs=
. But BIP-8 can activate immediately (with start <br>
&gt; times being proposed 1 month after release?) so we don&#39;t have cert=
ainty around how much time there is for that secondary <br>
&gt; review process (read -- I think it isn&#39;t that valuable) and if the=
re *is* a deadly bug discovered, we might want to <br>
&gt; hard-fork to fix it even if it isn&#39;t yet signaled for (e.g., if th=
e rule activates it enables more mining reward). So I <br>
&gt; think that it&#39;s a healthier mindset to release a with definite dea=
dline and not rule out having to do a hard fork if <br>
&gt; there is a grave issue (we shouldn&#39;t ever release a SF if we think=
 this is at all likely, mind you).<br>
&gt; 5) Con: It&#39;s already taken so long for taproot, the schedule aroun=
d taproot was based on the idea it could early <br>
&gt; activate, 2022 is now too far away. I don&#39;t know how to defray thi=
s other than, if your preferred idea is 1 year flag <br>
&gt; day, to do that via LOT=3Dtrue so that taproot can still have early ac=
tivation if desired.<br>
&gt; <br>
&gt; Overall I agree with the point that all the contention around LOT, mak=
es a flag day look not so bad. And something <br>
&gt; closer to a flag day might not be so bad either for future forks as we=
ll.<br>
&gt; <br>
&gt; However, I think given the appetite for early activation, if a flag da=
y is desired I think LOT=3Dtrue is the best option <br>
&gt; at this time as it allows our flag day to remain compatible with such =
an early activation.<br>
&gt; <br>
&gt; I think we can also clearly communicate that LOT=3Dtrue for Taproot is=
 not a precedent setting occurence for any future <br>
&gt; forks (hold me accountable to not using this as precedent this should =
I ever advocate for a SF with similar release <br>
&gt; parameters).<br>
&gt; <br>
&gt; <br>
&gt; _______________________________________________<br>
&gt; bitcoin-dev mailing list<br>
&gt; <a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org" target=3D"_bl=
ank">bitcoin-dev@lists.linuxfoundation.org</a><br>
&gt; <a href=3D"https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-=
dev" rel=3D"noreferrer" target=3D"_blank">https://lists.linuxfoundation.org=
/mailman/listinfo/bitcoin-dev</a><br>
&gt; <br>
</blockquote></div>

--000000000000ffe30705bc6afae4--