Return-Path: Received: from smtp4.osuosl.org (smtp4.osuosl.org [IPv6:2605:bc80:3010::137]) by lists.linuxfoundation.org (Postfix) with ESMTP id 764B2C000B for ; Tue, 22 Mar 2022 23:11:18 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id 6E545418BB for ; Tue, 22 Mar 2022 23:11:18 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org X-Spam-Flag: NO X-Spam-Score: -1.901 X-Spam-Level: X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3xkJskObK6ND for ; Tue, 22 Mar 2022 23:11:17 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.8.0 Received: from azure.erisian.com.au (azure.erisian.com.au [172.104.61.193]) by smtp4.osuosl.org (Postfix) with ESMTPS id 12323418BA for ; Tue, 22 Mar 2022 23:11:16 +0000 (UTC) Received: from aj@azure.erisian.com.au (helo=sapphire.erisian.com.au) by azure.erisian.com.au with esmtpsa (Exim 4.92 #3 (Debian)) id 1nWnee-0006bm-Q2; Wed, 23 Mar 2022 09:11:12 +1000 Received: by sapphire.erisian.com.au (sSMTP sendmail emulation); Wed, 23 Mar 2022 09:11:05 +1000 Date: Wed, 23 Mar 2022 09:11:05 +1000 From: Anthony Towns To: ZmnSCPxj , Bitcoin Protocol Discussion Message-ID: <20220322231104.GA11179@erisian.com.au> References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.10.1 (2018-07-13) X-Spam-Score-int: -18 X-Spam-Bar: - Subject: Re: [bitcoin-dev] Beyond Jets: Microcode: Consensus-Critical Jets Without Softforks X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 Mar 2022 23:11:18 -0000 On Tue, Mar 22, 2022 at 05:37:03AM +0000, ZmnSCPxj via bitcoin-dev wrote: > Subject: Beyond Jets: Microcode: Consensus-Critical Jets Without Softforks (Have you considered applying a jit or some other compression algorithm to your emails?) > Microcode For Bitcoin SCRIPT > ============================ > I propose: > * Define a generic, low-level language (the "RISC language"). This is pretty much what Simplicity does, if you optimise the low-level language to minimise the number of primitives and maximise the ability to apply tooling to reason about it, which seem like good things for a RISC language to optimise. > * Define a mapping from a specific, high-level language to > the above language (the microcode). > * Allow users to sacrifice Bitcoins to define a new microcode. I think you're defining "the microcode" as the "mapping" here. This is pretty similar to the suggestion Bram Cohen was making a couple of months ago: https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2021-December/019722.html https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2022-January/019773.html https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2022-January/019803.html I believe this is done in chia via the block being able to include-by-reference prior blocks' transaction generators: ] transactions_generator_ref_list: List[uint32]: A list of block heights of previous generators referenced by this block's generator. - https://docs.chia.net/docs/05block-validation/block_format (That approach comes at the cost of not being able to do full validation if you're running a pruning node. The alternative is to effectively introduce a parallel "utxo" set -- where you're mapping the "sacrificed" BTC as the nValue and instead of just mapping it to a scriptPubKey for a later spend, you're permanently storing the definition of the new CISC opcode) > We can then support a "RISC" language that is composed of > general instructions, such as arithmetic, SECP256K1 scalar > and point math, bytevector concatenation, sha256 midstates, > bytevector bit manipulation, transaction introspection, and > so on. A language that includes instructions for each operation we can think of isn't very "RISC"... More importantly it gets straight back to the "we've got a new zk system / ECC curve / ... that we want to include, let's do a softfork" problem you were trying to avoid in the first place. > Then, the user creates a new transaction where one of > the outputs contains, say, 1.0 Bitcoins (exact required > value TBD), Likely, the "fair" price would be the cost of introducing however many additional bytes to the utxo set that it would take to represent your microcode, and the cost it would take to run jit(your microcode script) if that were a validation function. Both seem pretty hard to manage. "Ideally", I think you'd want to be able to say "this old microcode no longer has any value, let's forget it, and instead replace it with this new microcode that is much better" -- that way nodes don't have to keep around old useless data, and you've reduced the cost of introducing new functionality. Additionally, I think it has something of a tragedy-of-the-commons problem: whoever creates the microcode pays the cost, but then anyone can use it and gain the benefit. That might even end up creating centralisation pressure: if you design a highly decentralised L2 system, it ends up expensive because people can't coordinate to pay for the new microcode that would make it cheaper; but if you design a highly centralised L2 system, you can just pay for the microcode yourself and make it even cheaper. This approach isn't very composable -- if there's a clever opcode defined in one microcode spec, and another one in some other microcode, the only way to use both of them in the same transaction is to burn 1 BTC to define a new microcode that includes both of them. > We want to be able to execute the defined microcode > faster than expanding an `OP_`-code SCRIPT to a > `UOP_`-code SCRIPT and having an interpreter loop > over the `UOP_`-code SCRIPT. > > We can use LLVM. We've not long ago gone to the effort of removing openssl as a consensus critical dependency; and likewise previously removed bdb. Introducing a huge new dependency to the definition of consensus seems like an enormous step backwards. This would also mean we'd be stuck at the performance of whatever version of llvm we initially adopted, as any performance improvements introduced in later llvm versions would be a hard fork. > On the other hand, LLVM bugs are compiler bugs and > the same bugs can hit the static compiler `cc`, too, "Well, you could hit Achilles in the heel, so really, what's the point of trying to be invulnerable anywhere else?" > Then we put a pointer to this compiled function to a > 256-long array of functions, where the array index is > the `OP_` code. That's a 256-long array of functions for each microcode, which increases the "microcode-utxo" database storage size substantially. Presuming there are different jit targets (x86 vs arm?) it seems difficulty to come up with a consistent interpretation of the cost for these opcodes. I'm skeptical that a jit would be sufficient for increasing the performance of an implementation just based on basic arithmetic opcodes if we're talking about something like sha512 or bls12-381 or similar. > Bugs in existing microcodes can be fixed by basing a > new microcode from the existing microcode, and > redefining the buggy implementation. > Existing Tapscripts need to be re-spent to point to > the new bugfixed microcode, but if you used the > point-spend branch as an N-of-N of all participants > you have an upgrade mechanism for free. It's not free if you have to do an on-chain spend... The "1 BTC" cost to fix the bug, and the extra storage in every node's "utxo" set because they now have to keep both the buggy and fixed versions around permanently sure isn't free either. If you're re-jitting every microcode on startup, that could get pretty painful too. If you're proposing introducing byte vector manipulation and OP_CAT and similar, which enables recursive covenants, then it might be good to explain how this proposal addresses the concerns raised at the end of https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2022-March/020092.html Cheers, aj