Received-SPF: pass (sog-mx-3.v43.ch3.sourceforge.com: domain of gmail.com
	designates 209.85.216.51 as permitted sender)
	client-ip=209.85.216.51;
	envelope-from=stephencalebmorse@gmail.com;
	helo=mail-vn0-f51.google.com; 
Content-Type: multipart/alternative;
	boundary=Apple-Mail-53F44E09-CEB9-4E68-B2E0-F81F95D556FF
Mime-Version: 1.0 (1.0)
From: Stephen <stephencalebmorse@gmail.com>
In-Reply-To: <CAOG=w-tDdJTkkqGaEEpDZ6pX0kXT7f2wvoN_cEpd6+MVnu1CdQ@mail.gmail.com>
Date: Tue, 2 Jun 2015 08:52:58 -0400
Content-Transfer-Encoding: 7bit
Message-Id: <E67A3D18-EFB0-4156-98B7-082793D2D871@gmail.com>
References: <CAOG=w-uufDPkQSEi1K_L82j4OXObGmESnfYyxi1z99fcBCotcg@mail.gmail.com>
	<CABHVRKQD4YPt0NA8VnXW4VYx0fmCgSHUYq-73F2esHZqX-FUxw@mail.gmail.com>
	<CAOG=w-tDdJTkkqGaEEpDZ6pX0kXT7f2wvoN_cEpd6+MVnu1CdQ@mail.gmail.com>
To: Mark Friedenbach <mark@friedenbach.org>
Cc: Bitcoin Development <bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] [BIP draft] Consensus-enforced
	transaction replacement signalled via sequence numbers
Precedence: list


--Apple-Mail-53F44E09-CEB9-4E68-B2E0-F81F95D556FF
Content-Type: text/plain;
	charset=us-ascii
Content-Transfer-Encoding: quoted-printable

Do you think it would be useful to have an inverted version of both CSV and C=
LTV? To verify if an output is spent before a specific time. CLTV and CSV co=
uld be implemented by taking two stack arguments, an integer for the compari=
son and TRUE/FALSE.=20

Now that I think about this more, the problem is that, for example, just hav=
ing a lock time of less than some value doesn't actually mean it has to be s=
pent before that script value, so this might not work. Likely any implementa=
tions of such a feature would have to provide the script execution environme=
nt with access to information that it doesn't have now, which is what we are=
 trying to avoid.=20

Best,
Stephen


> On Jun 2, 2015, at 12:16 AM, Mark Friedenbach <mark@friedenbach.org> wrote=
:
>=20
> You are correct! I am maintaining a 'checksequenceverify' branch in my git=
 repository as well, an OP_RCLTV using sequence numbers:
>=20
> https://github.com/maaku/bitcoin/tree/checksequenceverify
>=20
> Most of the interesting use cases for relative lock-time require an RCLTV o=
pcode. What is interesting about this architecture is that it possible to cl=
eanly separate the relative lock-time (sequence numbers) from the RCLTV opco=
de (OP_CHECKSEQUENCEVERIFY) both in concept and in implementation. Like CLTV=
, the CSV opcode only checks transaction data and requires no contextual kno=
wledge about block headers, a weakness of the other RCLTV proposals that vio=
late the clean separation between libscript and libconsensus. In a similar w=
ay, this BIP proposal only touches the transaction validation logic without a=
ny impact to script.
>=20
> I would like to propose an additional BIP covering the CHECKSEQUENCEVERIFY=
 opcode and its enabling applications. But, well, one thing at a time.
>=20
>> On Mon, Jun 1, 2015 at 8:45 PM, Stephen Morse <stephencalebmorse@gmail.co=
m> wrote:
>> Hi Mark,
>>=20
>> Overall, I like this idea in every way except for one: unless I am missin=
g something, we may still need an OP_RCLTV even with this being implemented.=
=20
>>=20
>> In use cases such as micropayment channels where the funds are locked up b=
y multiple parties, the enforcement of the relative locktime can be done by t=
he first-signing party. So, while your solution would probably work in cases=
 like this, where multiple signing parties are involved, there may be other,=
 seen or unforeseen, use cases that require putting the relative locktime ri=
ght into the spending contract (the scriptPubKey itself). When there is only=
 one signer, there's nothing that enforces using an nSequence and nVersion=3D=
2 that would prevent spending the output until a certain time.=20
>>=20
>> I hope this is received as constructive criticism, I do think this is an i=
nnovative idea. In my view, though, it seems to be less fully-featured than j=
ust repurposing an OP_NOP to create OP_RCLTV. The benefits are obviously tha=
t it saves transaction space by repurposing unused space, and would likely w=
ork for most cases where an OP_RCLTV would be needed.
>>=20
>> Best,
>> Stephen
>>=20
>>> On Mon, Jun 1, 2015 at 9:49 PM, Mark Friedenbach <mark@friedenbach.org> w=
rote:
>>> I have written a reference implementation and BIP draft for a soft-fork c=
hange to the consensus-enforced behaviour of sequence numbers for the purpos=
e of supporting transaction replacement via per-input relative lock-times. T=
his proposal was previously discussed on the mailing list in the following t=
hread:
>>>=20
>>> http://sourceforge.net/p/bitcoin/mailman/message/34146752/
>>>=20
>>> In short summary, this proposal seeks to enable safe transaction replace=
ment by re-purposing the nSequence field of a transaction input to be a cons=
ensus-enforced relative lock-time.
>>>=20
>>> The advantages of this approach is that it makes use of the full range o=
f the 32-bit sequence number which until now has rarely been used for anythi=
ng other than a boolean control over absolute nLockTime, and it does so in a=
 way that is semantically compatible with the originally envisioned use of s=
equence numbers for fast mempool transaction replacement.
>>>=20
>>> The disadvantages are that external constraints often prevent the full r=
ange of sequence numbers from being used when interpreted as a relative lock=
-time, and re-purposing nSequence as a relative lock-time precludes its use i=
n other contexts. The latter point has been partially addressed by having th=
e relative lock-time semantics be enforced only if the most-significant bit o=
f nSequence is set. This preserves 31 bits for alternative use when relative=
 lock-times are not required.
>>>=20
>>> The BIP draft can be found at the following gist:
>>>=20
>>> https://gist.github.com/maaku/be15629fe64618b14f5a
>>>=20
>>> The reference implementation is available at the following git repositor=
y:
>>>=20
>>> https://github.com/maaku/bitcoin/tree/sequencenumbers
>>>=20
>>> I request that the BIP editor please assign a BIP number for this work.
>>>=20
>>> Sincerely,
>>> Mark Friedenbach
>>>=20
>>> ------------------------------------------------------------------------=
------
>>>=20
>>> _______________________________________________
>>> Bitcoin-development mailing list
>>> Bitcoin-development@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>=20

--Apple-Mail-53F44E09-CEB9-4E68-B2E0-F81F95D556FF
Content-Type: text/html;
	charset=utf-8
Content-Transfer-Encoding: quoted-printable

<html><head><meta http-equiv=3D"content-type" content=3D"text/html; charset=3D=
utf-8"></head><body dir=3D"auto"><div>Do you think it would be useful to hav=
e an inverted version of both CSV and CLTV? To verify if an output is spent b=
efore a specific time. CLTV and CSV could be implemented by taking two stack=
 arguments, an integer for the comparison and TRUE/FALSE.&nbsp;</div><div><b=
r></div><div>Now that I think about this more, the problem is that, for exam=
ple, just having a lock time of less than some value doesn't actually mean i=
t has to be spent before that script value, so this might not work. Likely a=
ny implementations of such a feature would have to provide the script execut=
ion environment with access to information that it doesn't have now, which i=
s what we are trying to avoid.&nbsp;</div><div><br></div><div>Best,</div><di=
v>Stephen<br><br><br></div><div><br>On Jun 2, 2015, at 12:16 AM, Mark Friede=
nbach &lt;<a href=3D"mailto:mark@friedenbach.org">mark@friedenbach.org</a>&g=
t; wrote:<br><br></div><blockquote type=3D"cite"><div><div dir=3D"ltr"><div>=
<div>You are correct! I am maintaining a 'checksequenceverify' branch in my g=
it repository as well, an OP_RCLTV using sequence numbers:<br><br><a href=3D=
"https://github.com/maaku/bitcoin/tree/checksequenceverify">https://github.c=
om/maaku/bitcoin/tree/checksequenceverify</a><br><br></div>Most of the inter=
esting use cases for relative lock-time require an RCLTV opcode. What is int=
eresting about this architecture is that it possible to cleanly separate the=
 relative lock-time (sequence numbers) from the RCLTV opcode (OP_CHECKSEQUEN=
CEVERIFY) both in concept and in implementation. Like CLTV, the CSV opcode o=
nly checks transaction data and requires no contextual knowledge about block=
 headers, a weakness of the other RCLTV proposals that violate the clean sep=
aration between libscript and libconsensus. In a similar way, this BIP propo=
sal only touches the transaction validation logic without any impact to scri=
pt.<br><br></div>I would like to propose an additional BIP covering the CHEC=
KSEQUENCEVERIFY opcode and its enabling applications. But, well, one thing a=
t a time.<br></div><div class=3D"gmail_extra"><br><div class=3D"gmail_quote"=
>On Mon, Jun 1, 2015 at 8:45 PM, Stephen Morse <span dir=3D"ltr">&lt;<a href=
=3D"mailto:stephencalebmorse@gmail.com" target=3D"_blank">stephencalebmorse@=
gmail.com</a>&gt;</span> wrote:<br><blockquote class=3D"gmail_quote" style=3D=
"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir=3D"=
ltr">Hi Mark,<br><br>Overall, I like this idea in every way except for one: u=
nless I am missing something, we may still need an <font face=3D"monospace, m=
onospace">OP_RCLTV</font> even with this being implemented.&nbsp;<div><br></=
div><div>In use cases such as micropayment channels where the funds are lock=
ed up by multiple parties, the enforcement of the relative locktime can be d=
one by the first-signing party. So, while your solution would probably work i=
n cases like this, where multiple signing parties are involved, there may be=
 other, seen or unforeseen, use cases that require putting the relative lock=
time right into the spending contract (the <font face=3D"monospace, monospac=
e">scriptPubKey</font> itself). When there is only one signer, there's nothi=
ng that enforces using an nSequence and nVersion=3D2 that would prevent spen=
ding the output until a certain time.&nbsp;</div><div><br></div><div>I hope t=
his is received as constructive criticism, I do think this is an innovative i=
dea. In my view, though, it seems to be less fully-featured than just repurp=
osing an <font face=3D"monospace, monospace">OP_NOP</font> to create <font f=
ace=3D"monospace, monospace">OP_RCLTV</font>. The benefits are obviously tha=
t it saves transaction space by repurposing unused space, and would likely w=
ork for most cases where an <font face=3D"monospace, monospace">OP_RCLTV</fo=
nt> would be needed.</div><div><br></div><div>Best,<br>Stephen</div></div><d=
iv class=3D"gmail_extra"><br><div class=3D"gmail_quote"><div><div class=3D"h=
5">On Mon, Jun 1, 2015 at 9:49 PM, Mark Friedenbach <span dir=3D"ltr">&lt;<a=
 href=3D"mailto:mark@friedenbach.org" target=3D"_blank">mark@friedenbach.org=
</a>&gt;</span> wrote:<br></div></div><blockquote class=3D"gmail_quote" styl=
e=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><di=
v class=3D"h5"><div dir=3D"ltr"><div>I have written a reference implementati=
on and BIP draft for a soft-fork change to the consensus-enforced behaviour o=
f sequence numbers for the purpose of supporting transaction replacement via=
 per-input relative lock-times. This proposal was previously discussed on th=
e mailing list in the following thread:<br><br><a href=3D"http://sourceforge=
.net/p/bitcoin/mailman/message/34146752/" target=3D"_blank">http://sourcefor=
ge.net/p/bitcoin/mailman/message/34146752/</a><br><br></div><div>In short su=
mmary, this proposal seeks to enable safe transaction replacement by re-purp=
osing the nSequence field of a transaction input to be a consensus-enforced r=
elative lock-time.<br><br>The advantages of this approach is that it makes u=
se of the full range of the 32-bit sequence number which until now has rarel=
y been used for anything other than a boolean control over absolute nLockTim=
e, and it does so in a way that is semantically compatible with the original=
ly envisioned use of sequence numbers for fast mempool transaction replaceme=
nt.<br><br></div><div>The disadvantages are that external constraints often p=
revent the full range of sequence numbers from being used when interpreted a=
s a relative lock-time, and re-purposing nSequence as a relative lock-time p=
recludes its use in other contexts. The latter point has been partially addr=
essed by having the relative lock-time semantics be enforced only if the mos=
t-significant bit of nSequence is set. This preserves 31 bits for alternativ=
e use when relative lock-times are not required.<br></div><div><br></div><di=
v>The BIP draft can be found at the following gist:<br><br><a href=3D"https:=
//gist.github.com/maaku/be15629fe64618b14f5a" target=3D"_blank">https://gist=
.github.com/maaku/be15629fe64618b14f5a</a><br><br></div><div>The reference i=
mplementation is available at the following git repository:<br></div><div><b=
r><a href=3D"https://github.com/maaku/bitcoin/tree/sequencenumbers" target=3D=
"_blank">https://github.com/maaku/bitcoin/tree/sequencenumbers</a><br><br></=
div><div>I request that the BIP editor please assign a BIP number for this w=
ork.<br><br></div><div>Sincerely,<br></div><div>Mark Friedenbach<br></div></=
div>
<br></div></div>------------------------------------------------------------=
------------------<br>
<br>_______________________________________________<br>
Bitcoin-development mailing list<br>
<a href=3D"mailto:Bitcoin-development@lists.sourceforge.net" target=3D"_blan=
k">Bitcoin-development@lists.sourceforge.net</a><br>
<a href=3D"https://lists.sourceforge.net/lists/listinfo/bitcoin-development"=
 target=3D"_blank">https://lists.sourceforge.net/lists/listinfo/bitcoin-deve=
lopment</a><br>
<br></blockquote></div><br></div>
</blockquote></div><br></div>
</div></blockquote></body></html>=

--Apple-Mail-53F44E09-CEB9-4E68-B2E0-F81F95D556FF--