summaryrefslogtreecommitdiff
path: root/bc/590cac1035205e33bec553d631de6793803efc
blob: 2133e6cb8ebb171f9ed62ad44efd006a96355e4b (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
Return-Path: <jl2012@xbt.hk>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
	[172.17.192.35])
	by mail.linuxfoundation.org (Postfix) with ESMTPS id 8DCF45AA
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Thu, 23 Jul 2015 16:23:24 +0000 (UTC)
X-Greylist: from auto-whitelisted by SQLgrey-1.7.6
Received: from s47.web-hosting.com (s47.web-hosting.com [199.188.200.16])
	by smtp1.linuxfoundation.org (Postfix) with ESMTPS id F0AD724D
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Thu, 23 Jul 2015 16:23:22 +0000 (UTC)
Received: from localhost ([::1]:56682 helo=server47.web-hosting.com)
	by server47.web-hosting.com with esmtpsa (TLSv1:DHE-RSA-AES256-SHA:256)
	(Exim 4.82) (envelope-from <jl2012@xbt.hk>) id 1ZIJHG-003mtS-4t
	for bitcoin-dev@lists.linuxfoundation.org;
	Thu, 23 Jul 2015 12:23:22 -0400
Received: from 119.246.245.241 ([119.246.245.241]) by
	server47.web-hosting.com (Horde Framework) with HTTP; Thu, 23 Jul 2015
	16:23:21 +0000
Date: Thu, 23 Jul 2015 16:23:21 +0000
Message-ID: <20150723162321.Horde.bphh__8AhyXa_m-YAYpiyw1@server47.web-hosting.com>
From: jl2012@xbt.hk
To: "bitcoin-dev@lists.linuxfoundation.org"
	<bitcoin-dev@lists.linuxfoundation.org>
User-Agent: Internet Messaging Program (IMP) H5 (6.1.4)
Content-Type: text/plain; charset=UTF-8; format=flowed; DelSp=Yes
MIME-Version: 1.0
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
X-AntiAbuse: This header was added to track abuse,
	please include it with any abuse report
X-AntiAbuse: Primary Hostname - server47.web-hosting.com
X-AntiAbuse: Original Domain - lists.linuxfoundation.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - xbt.hk
X-Get-Message-Sender-Via: server47.web-hosting.com: authenticated_id:
	jl2012@xbt.hk
X-Source: 
X-Source-Args: 
X-Source-Dir: 
X-From-Rewrite: unmodified, already matched
X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_LOW
	autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	smtp1.linux-foundation.org
Subject: [bitcoin-dev] BIP draft: Hardfork bit
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Development Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Jul 2015 16:23:24 -0000

Please feel free to comment, for technical issues and language

BIP: ??
Title: Hardfork bit
Author: jl2012 <jl2012@xbt.hk>
Status: Draft
Type: Standard Track
Created: 2015-07-23

Abstract

This document specifies a proposed change to the semantics of the most  
significant bit of the “version” field in Bitcoin block headers, as a  
mechanism to indicate a hardfork is deployed. It alleviates certain  
risks related to a hardfork by introducing an explicit “point of no  
return” in the blockchain. This is a general mechanism which should be  
employed by any planned hardfork in the future.

Motivation

Hardforks in Bitcoin are usually considered as difficult and risky, because:

1) Hardforks require not only support of miners, but also, most  
importantly, supermajority support of the Bitcoin economy. As a  
result, softfork deployment mechanisms described in BIP 34 or BIP XX  
“Version bits” (https://gist.github.com/sipa/bf69659f43e763540550) are  
not enough for introducing hardforks safely.

2) Full nodes and SPV nodes following original consensus rules may not  
be aware of the deployment of a hardfork. They may stick to an  
economic-minority fork and unknowingly accept devalued legacy tokens.

3) In the case which the original consensus rules are also valid under  
the new consensus rules, users following the new chain may  
unexpectedly reorg back to the original chain if it grows faster than  
the new one. People may find their confirmed transactions becoming  
unconfirmed and lose money.

The first issue involves soliciting support for a hardfork proposal,  
which is more a political topic than a technical one. This proposal  
aims at alleviating the risks related to the second and third issues.  
It should be employed by any planned hardfork in the future.

Definitions

See BIP YY “Motivation and deployment of consensus rules changes”
https://github.com/jtimon/bips/blob/bip-forks/bip-forks.org

Specification

Hardfork bit: The most significant bit in nVersion is defined as the  
hardfork bit. Currently, blocks with this header bit setting to 1 are  
invalid, since BIP34 interprets nVersion as a signed number and  
requires it to be >=2 (with BIP66, >=3). Among the 640 bits in the  
block header, this is the only one which is fixed and serves no  
purpose, and therefore the best way to indicate the deployment of a  
hardfork.

Flag block: Any planned hardfork must have one and only one flag block  
which is the “point of no return”. To ensure monotonicity, flag block  
should be determined by block height, or as the first block with  
GetMedianTimePast() greater than a threshold. Other mechanisms could  
be difficult for SPV nodes to follow. The height/time threshold could  
be a predetermined value or relative to other events (e.g. 1000 blocks  
/ 10 days after 75% of miner support). The exact mechanism is out of  
the scope of this BIP. No matter what mechanism is used, the threshold  
is consensus critical. It must be publicly verifiable with only  
blockchain data and the programme source code, and preferably  
SPV-friendly.

Flag block is constructed in a way that nodes with the original  
consensus rules must reject. On the other hand, nodes with the new  
consensus rules must reject a block if it is not a flag block while it  
is supposed to be. To achieve these goals, the flag block must 1) have  
the hardfork bit setting to 1, 2) include a short predetermined unique  
description of the hardfork anywhere in its coinbase, and 3) follow  
any other rules required by the hardfork. If these conditions are not  
fully satisfied, upgraded nodes shall reject the block.

The hardfork bit must be turned off in the decedents of the flag  
block, until the deployment of the next hardfork. The requirement of  
coinbase message is also limited to the flag block. In the rare case  
that multiple hardforks share the same flag block, the coinbase shall  
include all relevant messages and the order/position of the messages  
shall not be consensus critical.

Although a hardfork is officially deployed after the flag block, the  
exact behavioural change is out of the scope of this BIP. For example,  
a hardfork may not be fully active until certain time after the flag  
block.

Automatic warning system: When a flag block is found on the network,  
full nodes and SPV nodes should look into its coinbase. They should  
alert their users and/or stop accepting incoming transactions if it is  
an unknown hardfork. It should be noted that the warning system could  
become a DoS vector if the attacker is willing to give up the block  
reward. Therefore, the warning may be issued only if a few blocks are  
built on top of the flag block in a reasonable time frame. This will  
in turn increase the risk in case of a real planned hardfork so it is  
up to the wallet programmers to decide the optimal strategy. Human  
warning system (e.g. the emergency alert system in Bitcoin Core) could  
fill the gap.

Compatibility

As a mechanism to indicate hardfork deployment, this BIP breaks  
backward compatibility intentionally. However, without further changes  
in the block header format, full nodes and SPV nodes could still  
verify the PoW of a flag block and its descendants.

This proposal is also compatible with the BIP XX “Version bits”. The  
version bits mechanism could be employed to measure miner support  
towards a hardfork proposal, and to determine the height or time  
threshold of the flag block. Also, miners of the flag block may still  
cast votes for other concurrent softfork or hardfork proposals as  
normal.

After the flag block is generated, a miner may support either fork but  
not both. It is not possible for miners in one fork to attack or  
overtake the other fork because the forks are mutually exclusive.