1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
|
Received: from sog-mx-3.v43.ch3.sourceforge.com ([172.29.43.193]
helo=mx.sourceforge.net)
by sfs-ml-4.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
(envelope-from <pete@petertodd.org>) id 1Uluge-0000Jr-Nt
for bitcoin-development@lists.sourceforge.net;
Mon, 10 Jun 2013 05:30:36 +0000
Received-SPF: pass (sog-mx-3.v43.ch3.sourceforge.com: domain of petertodd.org
designates 62.13.148.95 as permitted sender)
client-ip=62.13.148.95; envelope-from=pete@petertodd.org;
helo=outmail148095.authsmtp.com;
Received: from outmail148095.authsmtp.com ([62.13.148.95])
by sog-mx-3.v43.ch3.sourceforge.com with esmtp (Exim 4.76)
id 1UlugQ-0007BP-Hf for bitcoin-development@lists.sourceforge.net;
Mon, 10 Jun 2013 05:30:36 +0000
Received: from mail-c232.authsmtp.com (mail-c232.authsmtp.com [62.13.128.232])
by punt8.authsmtp.com (8.14.2/8.14.2/Kp) with ESMTP id
r5A5U6wW087864; Mon, 10 Jun 2013 06:30:06 +0100 (BST)
Received: from savin (76-10-178-109.dsl.teksavvy.com [76.10.178.109])
(authenticated bits=128)
by mail.authsmtp.com (8.14.2/8.14.2/) with ESMTP id r5A5U2w0053090
(version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO);
Mon, 10 Jun 2013 06:30:05 +0100 (BST)
Date: Mon, 10 Jun 2013 01:30:02 -0400
From: Peter Todd <pete@petertodd.org>
To: John Dillon <john.dillon892@googlemail.com>
Message-ID: <20130610053002.GA8961@savin>
References: <CAPaL=UWcKmnChw0zYGVduzHHdQ-AgG7uqbCLvjjuW6Q67zmS0g@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
protocol="application/pgp-signature"; boundary="qMm9M+Fa2AknHoGS"
Content-Disposition: inline
In-Reply-To: <CAPaL=UWcKmnChw0zYGVduzHHdQ-AgG7uqbCLvjjuW6Q67zmS0g@mail.gmail.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
X-Server-Quench: ce9780de-d18e-11e2-b10b-0025903375e2
X-AuthReport-Spam: If SPAM / abuse - report it at:
http://www.authsmtp.com/abuse
X-AuthRoute: OCd2Yg0TA1ZNQRgX IjsJECJaVQIpKltL GxAVKBZePFsRUQkR
aAdMdwIUEkAaAgsB AmUbW1JeU117WWY7 bAxPbAVDY01GQQRq
WVdMSlVNFUsqBG0E YxxZUhl3dAVPeDBy bUNkWD4ICU19fUYp
F1MAFGVTeGZhPWIC AkFYJR5UcAFPdx9G aVd6AXFDAzANdhES
HhM4ODE3eDlSNilR RRkIIFQOdA4zBDkk QAsLGWdnI0oZSm00
KVQ6KlNUFkIWOUYp MEksEVYZNh4OQhJf A0EvSDdDIF4PAi0l
SBhGVE0TWCNaXSZa DXUA
X-Authentic-SMTP: 61633532353630.1019:706
X-AuthFastPath: 0 (Was 255)
X-AuthSMTP-Origin: 76.10.178.109/587
X-AuthVirus-Status: No virus detected - but ensure you scan with your own
anti-virus system.
X-Spam-Score: -1.5 (-)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
See http://spamassassin.org/tag/ for more details.
-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
sender-domain
-0.0 SPF_PASS SPF: sender matches SPF record
X-Headers-End: 1UlugQ-0007BP-Hf
Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] Proposal: Vote on the blocksize limit
with proof-of-stake voting
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Mon, 10 Jun 2013 05:30:36 -0000
--qMm9M+Fa2AknHoGS
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Mon, Jun 10, 2013 at 04:09:26AM +0000, John Dillon wrote:
My general comments on the idea are that while it's hard to say if a
vote by proof-of-stake is really representative, it's likely the closest
thing we'll ever get to a fair vote. Proof-of-stake is certainely better
than just letting miners choose; as you point out miners can always
choose to decrease the blocksize anyway so we only need a vote on
allowable increases. Proof-of-stake also clearly favors those who
actually have invested in Bitcoin over those who only talk about
Bitcoin.
I'll also say that while I know people will complain about putting
politics into a technical problem, as I keep saying, is *is* a political
issue. The limitations may be technical, but the ultimate issue is a
very political decision about what we want Bitcoin to be. Yes, there
will be people campaigning left and right to get users to vote for
various limits with their coins, deal with it. Democracy is messy.
Voting would take a lot of the nastier politics out of the situation,
perhaps somewhat ironically. It would quite clearly take control away
=66rom the core development team, and the Bitcoin Foundation, and put it
back in the hands of the community; you can't argue conspiracy theories
that the Foundation is trying to control Bitcoin when there is a
completely transparent voting system in place. People will complain that
big Bitcoin players are throwing their weight around, but the blockchain
itself is a voting mechanism that is anything but 1 person =3D 1 vote.
Of course I wouldn't be the slightest bit surprised if users happily
vote themselves into something looking like a centralized PayPal
replacement in the long run, but at least if that happens the process by
which they get there will be transparent and relatively democratic.
> A vote will consist of a txout with a scriptPubKey of the following form:
>=20
> OP_RETURN magic vote_id txid vout vote scriptSig
>=20
> Where scriptSig is a valid signature for a transaction with nLockTime
> 500,000,000-1 spending txid:vout to scriptPubKey:
>=20
> OP_HASH160 H(OP_RETURN magic vote_id txid vout vote) OP_EQUAL
I just wanted to point out how general this mechanism is. Regardless of
what the scriptPubKey form is, standard, P2SH, multisig, whatever to
vote is to simply prove you could have spent the txout.
> vote_id is the ID of the specific vote being made, and magic is included =
to
> allow UTXO proof implementations a as yet unspecified way of identifying =
votes
> and including the weighted median as part of the UTXO tree sums. (it also
> allows SPV clients to verify the vote if the UTXO set is a Patricia tree =
of
> scriptPubKeys) vote is just the numerical vote itself.
Ah, you're assuming a direct Patricia tree. Keep in mind that
scriptPubKey's can be up to 10,000 bytes long, and an attacker can use
that (with 10,000 other txouts) to create some extremely deep trees. I
said on IRC a few days ago about how skeptical I am of implementing
consensus critical systems with such huge differences in average and
worst case, but I'll admit this is a decent use-case.
Having said that, proof to SPV clients leaves open the interesting
possibility that a third-party holding Bitcoins on your behalf can prove
that they voted according to your wishes, or even prove they voted
according to all their users wishes. Basically we'd add a rule for the
UTXO tree where a specific OP_RETURN form is included in the UTXO tree,
even though it is unspendable, and is removed from the tree if the
master txout is spent. Note that in this case by "prove they voted" we
mean the service actually taking the step of ensuring their vote was
recorded in the blockchain.
> The vote must compute
> the median, rather than the mean, so as to not allow someone to skew the =
vote
> by simply setting their value extremely high. Someone who still remembers=
their
> statistics classes should chime in on the right way to compute a median i=
n a
> merkle-sum-tree.
I think the definition of the median requires knowledge of all the points so
it'll have to be a separate sorted tree - kinda complex unfortunately if
you really do want to be able to do full proof to SPV clients. Maybe
just putting the hash of the overall results in the coinbase is enough
for now.
The term to google is "moving median" - looks complex.
> Of course in the future the voting mechanism can be used for additional v=
otes
> with an additional vote_id. For instance the Bitcoin community could vote=
to
> increase the inflation subsidy, another example of a situation where the =
wishes
> of miners may conflict with the wishes of the broader community.
Good idea on keeping the code general.
> For any given block actual limit in effect is then the rolling median of =
the
> blocks in the last year. At the beginning of every year the value conside=
red to
> be the status quo resets to the mean of the limit at the beginning and en=
d of
> the interval. (again, by "year" we really mean 52,560 blocks) The rolling
> median and periodic reset process ensures that the limit changes graduall=
y and
> is not influenced by temporary events such as hacks to large exchanges or
> malicious wallet software. The rolling median also ensures that for a mi=
ner
> the act of including a vote is never wasted due to the txout later being =
spent.
Good points, although keep in mind you've created a lot of consensus
critical code that is easiest to implement with floating point... not a
good thing.
One way to mitigate that risk might be to take advantage of the fact
that unless the rolling median code itself is buggy, a consensus failure
in the calculation is likely to result in different implementations
still having a close agreement on the limit. So maybe we write some code
where we won't build on top of a block that is larger than, say, 95% of
the hard-limit unless another miner does so too?
> Implementing the voting system can happen prior to an actual hard-fork al=
lowing
> for an increase and can be an important part of determining if the hard-f=
ork is
> required at all.
Step #0 would be to think about OP_RETURN actually. FWIW Jeff Garzik has
a pull-req (https://github.com/bitcoin/bitcoin/pull/2738) to enable it,
although only one txout per tx, and only with a 80-byte payload.
Even just some ad-hoc voting by the "raise-the-limit" crowd would be a
good first step to gaging interest.
> Coercion and vote buying is of course possible in this system. A miner co=
uld
> say that they will only accept transactions accompanied by a vote for a g=
iven
> limit. However in a decentralized system completely preventing vote buyin=
g is
> of course impossble, and the design of Bitcoin itself has a fundemental
Is it really? There might be someone clever with a cryptographic voting
protocol, although in the case of Bitcoin we have to let people vote
with arbitrary scriptPubKeys, so almost anything less general than full
on SCIP just means miners force people to use the protocol where
vote-buying is possible.
> A voting process ensures that any increase to the blocksize genuinely
> represents the desires of the Bitcoin community, and the process described
> above ensures that any changes happen at a rate that gives all participan=
ts
> time to react. The process also gives a mechanism for the community to vo=
te to
> decrease the limit if it turns out that the new one was in fact too high.=
(note
> how the way the status quo is set ensures the default action is for the l=
imit
> to gradually decrease even if everyone stops voting)
Good idea. So it'd decrease to the mean of the old and new limits
basically, and if Bitcoin becomes "too centralized" users can simply do
nothing and the process gradually reverses.
> As many of you know I have been quite vocal that the 1MB limit should sta=
y. But
> I would be happy to support the outcome of a vote done properly, whatever=
that
> outcome may be.
Same here.
--=20
'peter'[:-1]@petertodd.org
0000000000000068a8ad033afa763246fe451e840eae5215eb3a64e8101a46c3
--qMm9M+Fa2AknHoGS
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQEcBAEBCAAGBQJRtWRZAAoJECSBQD2l8JH7nA8IALeGXLk4PEcL+WjExTDIuxrS
S1NQiV7R3v1C0N5JWWi2oZztbRRw+ZpO/dlrnsnG2r1EknKrZ370sSB4hs5GGrzN
hXW0P+o3smDyVOFLQh+TvL0YzMKs93QMgJEhkzpSt8yAVDjfkNcBgMnaUGmQ10vP
vbl+ykr8Czc8LlWVSHTkSChg+00DnmmT2YAy3daAHwJDkrn8+kMmsQ3F4xLn9ylt
ZkhQBU4Sf2/VdCZR4dqdRxGSlqCcnS61bdmriwnw1EYwLjxr2ljbH6YIfK3miaXr
TRNTdoG5RA/Ft4IMmn17oDdRIzwelJP0rg/qwhKgOPfFdHZ6P212M01EiYMKVbw=
=8j7n
-----END PGP SIGNATURE-----
--qMm9M+Fa2AknHoGS--
|