1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
|
Received: from sog-mx-2.v43.ch3.sourceforge.com ([172.29.43.192]
helo=mx.sourceforge.net)
by sfs-ml-1.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
(envelope-from <tier.nolan@gmail.com>) id 1YqVHB-0007Bi-FJ
for bitcoin-development@lists.sourceforge.net;
Thu, 07 May 2015 23:32:21 +0000
Received-SPF: pass (sog-mx-2.v43.ch3.sourceforge.com: domain of gmail.com
designates 209.85.216.180 as permitted sender)
client-ip=209.85.216.180; envelope-from=tier.nolan@gmail.com;
helo=mail-qc0-f180.google.com;
Received: from mail-qc0-f180.google.com ([209.85.216.180])
by sog-mx-2.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128)
(Exim 4.76) id 1YqVH7-0001aF-PS
for bitcoin-development@lists.sourceforge.net;
Thu, 07 May 2015 23:32:21 +0000
Received: by qcbgy10 with SMTP id gy10so29510198qcb.3
for <bitcoin-development@lists.sourceforge.net>;
Thu, 07 May 2015 16:32:12 -0700 (PDT)
MIME-Version: 1.0
X-Received: by 10.140.150.209 with SMTP id 200mr1584447qhw.9.1431041532413;
Thu, 07 May 2015 16:32:12 -0700 (PDT)
Received: by 10.140.85.241 with HTTP; Thu, 7 May 2015 16:32:12 -0700 (PDT)
Date: Fri, 8 May 2015 00:32:12 +0100
Message-ID: <CAE-z3OUiK_s-gJtnPquUZbG5aJkJjfo+VYKHgX+Bfcgem+6i9A@mail.gmail.com>
From: Tier Nolan <tier.nolan@gmail.com>
To: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
Content-Type: multipart/alternative; boundary=001a11356f7632ce23051586524d
X-Spam-Score: 0.4 (/)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
See http://spamassassin.org/tag/ for more details.
-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
sender-domain
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
(tier.nolan[at]gmail.com)
-0.0 SPF_PASS SPF: sender matches SPF record
1.0 HTML_MESSAGE BODY: HTML included in message
0.0 AC_DIV_BONANZA RAW: Too many divs in a row... spammy template
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
author's domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature,
not necessarily valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
1.0 AWL AWL: Adjusted score from AWL reputation of From: address
X-Headers-End: 1YqVH7-0001aF-PS
Subject: [Bitcoin-development] Assurance contracts to fund the network with
OP_CHECKLOCKTIMEVERIFY
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Thu, 07 May 2015 23:32:21 -0000
--001a11356f7632ce23051586524d
Content-Type: text/plain; charset=UTF-8
One of the suggestions to avoid the problem of fees going to zero is
assurance contracts. This lets users (perhaps large merchants or
exchanges) pay to support the network. If insufficient people pay for the
contract, then it fails.
Mike Hearn suggests one way of achieving it, but it doesn't actually create
an assurance contract. Miners can exploit the system to convert the
pledges into donations.
https://bitcointalk.org/index.php?topic=157141.msg1821770#msg1821770
Consider a situation in the future where the minting fee has dropped to
almost zero. A merchant wants to cause block number 1 million to
effectively have a minting fee of 50BTC.
He creates a transaction with one input (0.1BTC) and one output (50BTC) and
signs it using SIGHASH_ANYONE_CAN_PAY. The output pays to OP_TRUE. This
means that anyone can spend it. The miner who includes the transaction
will send it to an address he controls (or pay to fee). The transaction
has a locktime of 1 million, so that it cannot be included before that
point.
This transaction cannot be included in a block, since the inputs are lower
than the outputs. The SIGHASH_ANYONE_CAN_PAY field mean that others can
pledge additional funds. They add more input to add more money and the
same sighash.
There would need to be some kind of notice boeard system for these pledges,
but if enough pledge, then a valid transaction can be created. It is in
miner's interests to maintain such a notice board.
The problem is that it counts as a pure donation. Even if only 10BTC has
been pledged, a miner can just add 40BTC of his own money and finish the
transaction. He nets the 10BTC of the pledges if he wins the block. If he
loses, nobody sees his 40BTC transaction. The only risk is if his block is
orphaned and somehow the miner who mines the winning block gets his 40BTC
transaction into his block.
The assurance contract was supposed to mean "If the effective minting fee
for block 1 million is 50 BTC, then I will pay 0.1BTC". By adding his
40BTC to the transaction the miner converts it to a pure donation.
The key point is that *other* miners don't get 50BTC reward if they find
the block, so it doesn't push up the total hashing power being committed to
the blockchain, that a 50BTC minting fee would achieve. This is the whole
point of the assurance contract.
OP_CHECKLOCKTIMEVERIFY could be used to solve the problem.
Instead of paying to OP_TRUE, the transaction should pay 50 BTC to "<1
million> OP_CHECKLOCKTIMEVERIFY OP_TRUE" and 0.01BTC to "OP_TRUE".
This means that the transaction could be included into a block well in
advance of the 1 million block point. Once block 1 million arrives, any
miner would be able to spend the 50 BTC. The 0.01BTC is the fee for the
block the transaction is included in.
If the contract hasn't been included in a block well in advance, pledgers
would be recommended to spend their pledged input,
It can be used to pledge to many blocks at once. The transaction could pay
out to lots of 50BTC outputs but with the locktime increasing by for each
output.
For high value transactions, it isn't just the POW of the next block that
matters but all the blocks that are built on top of it.
A pledger might want to say "I will pay 1BTC if the next 100 blocks all
have at least an effective minting fee of 50BTC"
--001a11356f7632ce23051586524d
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><div><div><div><div><div><div><div><div><div><div></div>On=
e of the suggestions to avoid the problem of fees going to zero is assuranc=
e contracts.=C2=A0 This lets users (perhaps large merchants or exchanges) p=
ay to support the network.=C2=A0 If insufficient people pay for the contrac=
t, then it fails.<br><br></div><div>Mike Hearn suggests one way of achievin=
g it, but it doesn't actually create an assurance contract.=C2=A0 Miner=
s can exploit the system to convert the pledges into donations.<br><br><a h=
ref=3D"https://bitcointalk.org/index.php?topic=3D157141.msg1821770#msg18217=
70">https://bitcointalk.org/index.php?topic=3D157141.msg1821770#msg1821770<=
/a><br></div><div><br></div>Consider a situation in the future where the mi=
nting fee has dropped to almost zero.=C2=A0 A merchant wants to cause block=
number 1 million to effectively have a minting fee of 50BTC.<br><br></div>=
He creates a transaction with one input (0.1BTC) and one output (50BTC) and=
signs it using SIGHASH_ANYONE_CAN_PAY.=C2=A0 The output pays to OP_TRUE.=
=C2=A0 This means that anyone can spend it.=C2=A0 The miner who includes th=
e transaction will send it to an address he controls (or pay to fee).=C2=A0=
The transaction has a locktime of 1 million, so that it cannot be included=
before that point.<br><br></div><div>This transaction cannot be included i=
n a block, since the inputs are lower than the outputs.=C2=A0 The SIGHASH_A=
NYONE_CAN_PAY field mean that others can pledge additional funds.=C2=A0 The=
y add more input to add more money and the same sighash.=C2=A0 <br><br></di=
v><div>There would need to be some kind of notice boeard system for these p=
ledges, but if enough pledge, then a valid transaction can be created.=C2=
=A0 It is in miner's interests to maintain such a notice board.<br></di=
v><div><br></div>The problem is that it counts as a pure donation.=C2=A0 Ev=
en if only 10BTC has been pledged, a miner can just add 40BTC of his own mo=
ney and finish the transaction.=C2=A0 He nets the 10BTC of the pledges if h=
e wins the block.=C2=A0 If he loses, nobody sees his 40BTC transaction.=C2=
=A0 The only risk is if his block is orphaned and somehow the miner who min=
es the winning block gets his 40BTC transaction into his block.<br><br></di=
v>The assurance contract was supposed to mean "If the effective mintin=
g fee for block 1 million is 50 BTC, then I will pay 0.1BTC".=C2=A0 By=
adding his 40BTC to the transaction the miner converts it to a pure donati=
on.<br><br></div>The key point is that <u>other</u> miners don't get 50=
BTC reward if they find the block, so it doesn't push up the total hash=
ing power being committed to the blockchain, that a 50BTC minting fee would=
achieve.=C2=A0 This is the whole point of the assurance contract.<br><br><=
/div><div>OP_CHECKLOCKTIMEVERIFY could be used to solve the problem.<br><br=
></div><div>Instead of paying to OP_TRUE, the transaction should pay 50 BTC=
to "<1 million> OP_CHECKLOCKTIMEVERIFY OP_TRUE" and 0.01BT=
C to "OP_TRUE".<br><br></div><div>This means that the transaction=
could be included into a block well in advance of the 1 million block poin=
t.=C2=A0 Once block 1 million arrives, any miner would be able to spend the=
50 BTC.=C2=A0 The 0.01BTC is the fee for the block the transaction is incl=
uded in.<br></div><div><br></div><div></div><div>If the contract hasn't=
been included in a block well in advance, pledgers would be recommended t=
o spend their pledged input, <br><br></div><div>It can be used to pledge to=
many blocks at once.=C2=A0 The transaction could pay out to lots of 50BTC =
outputs but with the locktime increasing by for each output.=C2=A0 <br><br>=
For high value transactions, it isn't just the POW of the next block th=
at matters but all the blocks that are built on top of it.=C2=A0 <br><br>A =
pledger might want to say "I will pay 1BTC if the next 100 blocks all =
have at least an effective minting fee of 50BTC"<br></div></div></div>=
</div></div>
--001a11356f7632ce23051586524d--
|