Return-Path: Received: from smtp4.osuosl.org (smtp4.osuosl.org [140.211.166.137]) by lists.linuxfoundation.org (Postfix) with ESMTP id BA03CC0001 for ; Sun, 28 Feb 2021 20:02:31 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id 7C7874EE11 for ; Sun, 28 Feb 2021 20:02:31 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org X-Spam-Flag: NO X-Spam-Score: -0.7 X-Spam-Level: X-Spam-Status: No, score=-0.7 tagged_above=-999 required=5 tests=[HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2G00CDli62Yl for ; Sun, 28 Feb 2021 20:02:29 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0 Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by smtp4.osuosl.org (Postfix) with ESMTPS id 7E9CD4ED4B for ; Sun, 28 Feb 2021 20:02:29 +0000 (UTC) Received: from mail-il1-f182.google.com (mail-il1-f182.google.com [209.85.166.182]) (authenticated bits=0) (User authenticated as jlrubin@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id 11SK2RxH010849 (version=TLSv1/SSLv3 cipher=AES128-GCM-SHA256 bits=128 verify=NOT) for ; Sun, 28 Feb 2021 15:02:27 -0500 Received: by mail-il1-f182.google.com with SMTP id c10so12840733ilo.8 for ; Sun, 28 Feb 2021 12:02:27 -0800 (PST) X-Gm-Message-State: AOAM5300q4kL5shuw8RvEGoC9qNB0eJMhx/ct2LmOlXF97S22HdwJiZP XI8rRkyjgv01kRrkHIlupxZuA5WhqKfQ40o/BY8= X-Google-Smtp-Source: ABdhPJznSkmjGyYZ8fAZMjyawXL/AgpaWcMRibsXOXrATPvACCKswjtsN8q558N98oQaH2WRGkTXjH/oQiGjOxwIClg= X-Received: by 2002:a05:6e02:b2e:: with SMTP id e14mr10163187ilu.164.1614542547180; Sun, 28 Feb 2021 12:02:27 -0800 (PST) MIME-Version: 1.0 References: <202102281720.07392.luke@dashjr.org> <20c5eb39-915d-6af9-5b0a-f488ff40ef3f@mattcorallo.com> In-Reply-To: <20c5eb39-915d-6af9-5b0a-f488ff40ef3f@mattcorallo.com> From: Jeremy Date: Sun, 28 Feb 2021 12:02:15 -0800 X-Gmail-Original-Message-ID: Message-ID: To: Matt Corallo Content-Type: multipart/alternative; boundary="000000000000ffe30705bc6afae4" Cc: Bitcoin Protocol Discussion Subject: Re: [bitcoin-dev] Straight Flag Day (Height) Taproot Activation X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 28 Feb 2021 20:02:31 -0000 --000000000000ffe30705bc6afae4 Content-Type: text/plain; charset="UTF-8" Miners still can generate invalid blocks as a result of SPV mining, and it could be profitable to do "bad block enhanced selfish mining" to take advantage of it. Hard to analyze exactly what that looks like, but... E.g., suppose 20% is un-upgraded and 80% is upgraded. Taking 25% hashrate to mine bad blocks would mean 1/4th of the time you could make 20% of the hashrate mine bad blocks, overall a > 5% (series expansion) benefit. One could analyze out that the lost hash rate for bad blocks only matters for the first difficulty adjustment period you're doing this for too, as the hashrate drop will be accounted for -- but then a miner can switch back to mining valid chain, giving themselves a larger % of hashrate. So it is still possible that an un-upgraded miner will fail part 3, and attempting to accommodate un-upgraded miners leads to some nasty oscillating hashrate being optimal. -- @JeremyRubin On Sun, Feb 28, 2021 at 11:52 AM Matt Corallo wrote: > Note further that mandatory signaling isn't "just" a flag day - unlike a > Taproot flag day (where miners running Bitcoin > Core unmodified today will not generate invalid blocks), a mandatory > signaling flag day blatantly ignores goal (3) from > my original post - it results in any miner who has not taken active action > (and ensured every part of their often-large > infrastructure has been correctly reconfigured) generating invalid blocks. > > As for "Taproot" took too long, hey, at least if its locked in people can > just build things assuming it exists. Some > already are, but once its clearly locked in, there's no reason to not > continue other work at the same time. > > Matt > > On 2/28/21 14:43, Jeremy via bitcoin-dev wrote: > > I agree with much of the logic presented by Matt here. > > > > BIP8 was intended to be simpler to agree on to maintain consensus, yet > we find ourselves in a situation where a "tiny" > > parameter has the potential to cause great network disruption and > confusion (rationality is not too useful a concept > > here given differing levels of sophistication and information). It is > therefore much simpler and more likely to be > > universally understood by all network participants to just have a flag > day. It is easier to communicate what users > > should do and when. > > > > This is ultimately not coercive to users because the upgrade for Taproot > itself is provable and analyzable on its own, > > but activation parameters based on what % of economically relevant nodes > are running an upgrade by a certain date are > > not. Selecting these sorts of complicated consensus parameters may > ultimately present more opportunity for a cooptable > > consensus process than something more straightforward. > > > > > > That said, a few points strike me as worth delving into. > > > > > > 1) Con: Mandatory signalling is no different than a flag day. Mandatory > signaling is effectively 2 flag days -- one for > > the signaling rule, 1 for the taproot type. The reason for the 2 week > gap between flag day for signaling and flag day > > for taproot rules is, more or less, so that nodes who aren't taproot > ready at the 1st flag day do not end up SPV mining > > (using standardness rules in mempool prevents them from mining an > invalid block on top of a valid tip, but does not > > ensure the tip is valid). > > 2) Con: Releasing a flag day without releasing the LOT=true code leading > up to that flag day means that clients would > > not be fully compatible with an early activation that could be proposed > before the flag day is reached. E.g., LOT=true > > is a flag day that retains the possibility of being compatible with > other BIP8 releases without changing software. > > 3) Pro: BIP-8 is partially in service of "early activation" and . I'm > personally skeptical that early activation is/was > > ever a good idea. A fixed activation date may be largely superior for > business purposes, software engineering schedules, > > etc. I think even with signaling BIP8, it would be possibly superior to > activate rules at a fixed date (or a quantized > > set of fixed dates, e.g. guaranteeing at least 3 months but maybe more). > > 4) Pro: part of the argument for BIP-8=false is that it is possible that > the rule could not activate, if signaling does > > not occur, providing additional stopgap against dev collusion and bugs. > But BIP-8 can activate immediately (with start > > times being proposed 1 month after release?) so we don't have certainty > around how much time there is for that secondary > > review process (read -- I think it isn't that valuable) and if there > *is* a deadly bug discovered, we might want to > > hard-fork to fix it even if it isn't yet signaled for (e.g., if the rule > activates it enables more mining reward). So I > > think that it's a healthier mindset to release a with definite deadline > and not rule out having to do a hard fork if > > there is a grave issue (we shouldn't ever release a SF if we think this > is at all likely, mind you). > > 5) Con: It's already taken so long for taproot, the schedule around > taproot was based on the idea it could early > > activate, 2022 is now too far away. I don't know how to defray this > other than, if your preferred idea is 1 year flag > > day, to do that via LOT=true so that taproot can still have early > activation if desired. > > > > Overall I agree with the point that all the contention around LOT, makes > a flag day look not so bad. And something > > closer to a flag day might not be so bad either for future forks as well. > > > > However, I think given the appetite for early activation, if a flag day > is desired I think LOT=true is the best option > > at this time as it allows our flag day to remain compatible with such an > early activation. > > > > I think we can also clearly communicate that LOT=true for Taproot is not > a precedent setting occurence for any future > > forks (hold me accountable to not using this as precedent this should I > ever advocate for a SF with similar release > > parameters). > > > > > > _______________________________________________ > > bitcoin-dev mailing list > > bitcoin-dev@lists.linuxfoundation.org > > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev > > > --000000000000ffe30705bc6afae4 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Miners still can generate= invalid blocks as a result of SPV mining, and it could be profitable to do= "bad block enhanced selfish mining" to take advantage of it.


Hard to analyze exactly what = that looks like, but...

E.g., suppose 20% is un-upgraded and 80% is u= pgraded. Taking 25% hashrate to mine bad blocks would mean 1/4th of the tim= e you could make 20% of the hashrate mine bad blocks, overall a > 5% (se= ries expansion) benefit. One could analyze out that the lost hash rate for = bad blocks only matters for the first difficulty adjustment period you'= re doing this for too, as the hashrate drop will be accounted for -- but th= en a miner can switch back to mining valid chain, giving themselves a large= r % of hashrate.

So it is still possible that an un-upgraded miner wi= ll fail part 3, and attempting to accommodate un-upgraded miners leads to s= ome nasty oscillating hashrate being optimal.


<= /div>

On Sun, Feb 28, 2021 at= 11:52 AM Matt Corallo <lf-l= ists@mattcorallo.com> wrote:
Note further that mandatory signaling isn't "j= ust" a flag day - unlike a Taproot flag day (where miners running Bitc= oin
Core unmodified today will not generate invalid blocks), a mandatory signal= ing flag day blatantly ignores goal (3) from
my original post - it results in any miner who has not taken active action = (and ensured every part of their often-large
infrastructure has been correctly reconfigured) generating invalid blocks.<= br>
As for "Taproot" took too long, hey, at least if its locked in pe= ople can just build things assuming it exists. Some
already are, but once its clearly locked in, there's no reason to not c= ontinue other work at the same time.

Matt

On 2/28/21 14:43, Jeremy via bitcoin-dev wrote:
> I agree with much of the logic presented by Matt here.
>
> BIP8 was intended to be simpler to agree on to maintain consensus, yet= we find ourselves in a situation where a "tiny"
> parameter has the potential to cause great network disruption and conf= usion (rationality is not too useful a concept
> here given differing levels of sophistication and information). It is = therefore much simpler and more likely to be
> universally understood by all network participants to just have a flag= day. It is easier to communicate what users
> should do and when.
>
> This is ultimately not coercive to users because the upgrade for Tapro= ot itself is provable and analyzable on its own,
> but activation parameters based on what % of economically relevant nod= es are running an upgrade by a certain date are
> not. Selecting these sorts of complicated consensus parameters may ult= imately present more opportunity for a cooptable
> consensus process than something more straightforward.
>
>
> That said, a few points strike me as worth delving into.
>
>
> 1) Con: Mandatory signalling is no different than a flag day. Mandator= y signaling is effectively 2 flag days -- one for
> the signaling rule, 1 for the taproot type. The reason for the 2 week = gap between flag day for signaling and flag day
> for taproot rules is, more or less, so that nodes who aren't tapro= ot ready at the 1st flag day do not end up SPV mining
> (using standardness rules in mempool prevents them from mining an inva= lid block on top of a valid tip, but does not
> ensure the tip is valid).
> 2) Con: Releasing a flag day without releasing the LOT=3Dtrue code lea= ding up to that flag day means that clients would
> not be fully compatible with an early activation that could be propose= d before the flag day is reached. E.g., LOT=3Dtrue
> is a flag day that retains the possibility of being compatible with ot= her BIP8 releases without changing software.
> 3) Pro: BIP-8 is partially in service of "early activation" = and . I'm personally skeptical that early activation is/was
> ever a good idea. A fixed activation date may be largely superior for = business purposes, software engineering schedules,
> etc. I think even with signaling BIP8, it would be possibly superior t= o activate rules at a fixed date (or a quantized
> set of fixed dates, e.g. guaranteeing at least 3 months but maybe more= ).
> 4) Pro: part of the argument for BIP-8=3Dfalse is that it is possible = that the rule could not activate, if signaling does
> not occur, providing additional stopgap against dev collusion and bugs= . But BIP-8 can activate immediately (with start
> times being proposed 1 month after release?) so we don't have cert= ainty around how much time there is for that secondary
> review process (read -- I think it isn't that valuable) and if the= re *is* a deadly bug discovered, we might want to
> hard-fork to fix it even if it isn't yet signaled for (e.g., if th= e rule activates it enables more mining reward). So I
> think that it's a healthier mindset to release a with definite dea= dline and not rule out having to do a hard fork if
> there is a grave issue (we shouldn't ever release a SF if we think= this is at all likely, mind you).
> 5) Con: It's already taken so long for taproot, the schedule aroun= d taproot was based on the idea it could early
> activate, 2022 is now too far away. I don't know how to defray thi= s other than, if your preferred idea is 1 year flag
> day, to do that via LOT=3Dtrue so that taproot can still have early ac= tivation if desired.
>
> Overall I agree with the point that all the contention around LOT, mak= es a flag day look not so bad. And something
> closer to a flag day might not be so bad either for future forks as we= ll.
>
> However, I think given the appetite for early activation, if a flag da= y is desired I think LOT=3Dtrue is the best option
> at this time as it allows our flag day to remain compatible with such = an early activation.
>
> I think we can also clearly communicate that LOT=3Dtrue for Taproot is= not a precedent setting occurence for any future
> forks (hold me accountable to not using this as precedent this should = I ever advocate for a SF with similar release
> parameters).
>
>
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org= /mailman/listinfo/bitcoin-dev
>
--000000000000ffe30705bc6afae4--