1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
|
Return-Path: <luke@dashjr.org>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id 1486EF72
for <bitcoin-dev@lists.linuxfoundation.org>;
Tue, 2 Feb 2016 02:31:32 +0000 (UTC)
X-Greylist: from auto-whitelisted by SQLgrey-1.7.6
Received: from zinan.dashjr.org (zinan.dashjr.org [192.3.11.21])
by smtp1.linuxfoundation.org (Postfix) with ESMTP id 65C9E181
for <bitcoin-dev@lists.linuxfoundation.org>;
Tue, 2 Feb 2016 02:31:31 +0000 (UTC)
Received: from ishibashi.localnet (unknown
[IPv6:2001:470:5:265:61b6:56a6:b03d:28d6])
(Authenticated sender: luke-jr)
by zinan.dashjr.org (Postfix) with ESMTPSA id A36D538A99F7;
Tue, 2 Feb 2016 02:30:57 +0000 (UTC)
X-Hashcash: 1:25:160202:lists@coryfields.com::YWSbUYZlQtzKNiDA:Oqzc
X-Hashcash: 1:25:160202:bitcoin-dev@lists.linuxfoundation.org::LBY3qBcj/F1Qqkuz:dUI+p
From: Luke Dashjr <luke@dashjr.org>
To: Cory Fields <lists@coryfields.com>
Date: Tue, 2 Feb 2016 02:30:55 +0000
User-Agent: KMail/1.13.7 (Linux/4.1.13-gentoo; KDE/4.14.8; x86_64; ; )
References: <201601301850.03469.luke@dashjr.org>
<201602012308.35215.luke@dashjr.org>
<CAApLimiefAkDaDShfq4b6T-6heqYyB5dqZDh58+Stwf7VqDWkg@mail.gmail.com>
In-Reply-To: <CAApLimiefAkDaDShfq4b6T-6heqYyB5dqZDh58+Stwf7VqDWkg@mail.gmail.com>
X-PGP-Key-Fingerprint: E463 A93F 5F31 17EE DE6C 7316 BD02 9424 21F4 889F
X-PGP-Key-ID: BD02942421F4889F
X-PGP-Keyserver: hkp://pgp.mit.edu
MIME-Version: 1.0
Content-Type: Text/Plain;
charset="utf-8"
Content-Transfer-Encoding: 7bit
Message-Id: <201602020230.56760.luke@dashjr.org>
X-Spam-Status: No, score=-0.7 required=5.0 tests=BAYES_00,RCVD_IN_SBL,
RP_MATCHES_RCVD,URIBL_SBL autolearn=no version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
Cc: Bitcoin Dev <bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] SegWit GBT updates
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Development Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Feb 2016 02:31:32 -0000
On Tuesday, February 02, 2016 1:40:49 AM Cory Fields wrote:
> On Mon, Feb 1, 2016 at 6:08 PM, Luke Dashjr <luke@dashjr.org> wrote:
> > On Monday, February 01, 2016 9:43:33 PM Cory Fields wrote:
> >> On Mon, Feb 1, 2016 at 2:46 PM, Luke Dashjr <luke@dashjr.org> wrote:
> >> > Allowing for simpler cases both encourages the lazy case, and enables
> >> > pools to require miners use it. It also complicates the server-side
> >> > implementation somewhat, and could in some cases make it more
> >> > vulnerable to DoS attacks. Keep in mind that GBT is not merely a
> >> > bitcoind protocol, but is used between pool<->miner as well... For
> >> > now, it makes sense to leave
> >> > "default_witness_commitment" as a bitcoind-specific extension to
> >> > encourage adoption, but it seems better to leave it out of the
> >> > standard protocol. Let me know if this makes sense or if I'm
> >> > overlooking something.
> >>
> >> I think that's a bit of a loaded answer. What's to keep a pool from
> >> building its own commitment and requiring miners to use that? I don't
> >> see how providing the known-working commitment for the
> >> passed-in-hashes allows the pool/miner to do anything they couldn't
> >> already, with the exception of skipping some complexity. Please don't
> >> confuse encouraging with enabling.
> >
> > Making it simpler to do a centralised implementation than a decentralised
> > one, is both enabling and encouraging. GBT has always been designed to
> > make it difficult to do in a centralised manner.
>
> But your suggestion is "use libblkmaker" which will build the trees
> for me. By that logic, isn't libblkmaker making a centralized
> implementation easier? Shouldn't that usage be discouraged as well?
libblkmaker is miner-side; right now it implies the miner using the templates
as-is (perhaps after verifying the transactions meet some criteria), but it is
the miner who is making that decision, not the pool.
> And along those lines, shouldn't the fact that it's used as a pool <->
> miner protocol be discouraged rather than touted as a feature?
???
> >> What's the DoS vector here?
> >
> > It's more work for the pool to provide it, similar to the "midstate"
> > field was with getwork. Someone performing a DoS needs to do less work
> > to force the pool to do complex calculations (unless the same
> > transaction tree / commitment is used for all miners, which would be an
> > unfortunate limitation).
>
> It's being provided to them. And if they're using a modified set of
> tx's, they'll need to re-calculate it in order to verify the result
> anyway. I suspect I'm not understanding this argument.
The DoS is against the pool, not the miner. You'd attack by pretending to be
100000 new miners per second, and the pool then needs to calculate a witness
commitment for each one. It's a lot cheaper to just serialise and send the
transaction list.
> >> >> The issue in particular here is that a non-trivial burden is thrust
> >> >> upon mining software, increasing the odds of bugs in the process.
> >> >
> >> > It can always use libblkmaker to handle the "heavy lifting"... In any
> >> > case, the calculation for the commitment isn't significantly more than
> >> > what it must already do for the stripped merkle tree.
> >>
> >> Agreed. However for the sake of initial adoption, it's much easier to
> >> have a known-correct value to use. Even if it's just for the sake of
> >> checking against.
> >
> > Sure, I'm not suggesting we remove this from bitcoind (probably the only
> > place that makes initial adoption easier).
>
> How about exposing it as a feature/capability, then? That way pools
> can expect it from bitcoind, but won't be required to expose it
> downstream.
Implementation-specific things aren't standards. And besides, they really
*shouldn't* expect it from bitcoind; it's simply a reasonable compromise to
provide it encourage adoption of SegWit. Once SegWit is live, there is no more
value to doing so.
Luke
|