MIME-Version: 1.0
From: Karl-Johan Alm <karljohan-alm@garage.co.jp>
Date: Fri, 8 Mar 2019 14:54:46 +0900
Message-ID: <CALJw2w5OiKHk1oj1p=rmQ-jvYOdieOD=xHcPt9D0A_-nLKvv7Q@mail.gmail.com>
To: Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Content-Type: multipart/alternative; boundary="000000000000da23e205838edc6f"
Subject: [bitcoin-dev] Signet
Precedence: list

--000000000000da23e205838edc6f
Content-Type: text/plain; charset="UTF-8"

Hello,

As some of you already know, I've been working on a network called
"signet", which is bascially a complement to the already existing testnet,
except it is completely centralized, and blocks are signed by a specific
key rather than using proof of work.

Benefits of this:

1. It is more predictable than testnet. Miners appear and disappear
regularly, causing irregular block generation.

2. Since it is centrally controlled, it is easy to perform global testing,
such as reorgs (e.g. the network performs a 4 block reorg by request, or as
scheduled).

3. It is more stable than testnet, which occasionally sees several thousand
block reorgs.

4. It is trivial to spin up (and shut down) new signets to make public
tests where anyone can participate.

Anyone can create a signet at any time, simply by creating a key pair and
creating a challenge (scriptPubKey). The network can then be used globally
by anyone, assuming the creator sends some coins to the other participants.

Having a persistent signet would be beneficial in particular to services
which need a stable place to test features over an extended period of time.
My own company implements protocols on top of Bitcoin with sidechains. We
need multi-node test frameworks to behave in a predictable manner (unlike
testnet) and with the same standardness relay policy as mainnet.

Signets consist of 2 parameters: the challenge script (scriptPubKey) and
the solution length. (The latter is needed to retain fixed length block
headers, despite having an additional payload.)

I propose that a default persistent "signet1" is created, which can be
replaced in future versions e.g. if the coins are unwisely used as real
money, similarly to what happened to previous testnets. This signet is
picked by default if a user includes -signet without providing any of the
parameters mentioned above. The key holder would be someone sufficiently
trusted in the community, who would be willing to run the system (block
generation code, faucet, etc). It could be made a little more sturdy by
using 1-of-N multisig as the challenge, in case 1 <= x < N of the signers
disappear. If people oppose this, it can be skipped, but will mean people
can't just jump onto signet without first tracking down parameters from
somewhere.

Implementation-wise, the code adds an std::map with block hash to block
signature. This is serialized/deserialized as appropriate (Segwit witness
style), which means block headers in p2p messages are (80 +
solution_length) bytes. Block header non-contextual check goes from
checking if block header hash < target to checking if the payload is a
valid signature for the block header hash instead.

Single commit with code (will split into commits and make PR later, but
just to give an idea what it looks like):
https://github.com/kallewoof/bitcoin/pull/4

I don't think this PR is overly intrusive, and I'm hoping to be able to get
signet code into Bitcoin Core eventually, and am equally hopeful that devs
of other (wallet etc) implementations will consider supporting it.

Feedback requested on this.

Attribution: parts of the signet code (in particular signblock and
getnewblockhex) were adapted from the ElementsProject/elements repository.
When PR is split into atomic commits, I will put appropriate attribution
there.

--000000000000da23e205838edc6f
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div dir=3D"ltr"><div dir=3D"ltr">Hello,<div><br></div><di=
v>As some of you already know, I&#39;ve been working on a network called &q=
uot;signet&quot;, which is bascially a complement to the already existing t=
estnet, except it is completely centralized, and blocks are signed by a spe=
cific key rather than using proof of work.</div><div><br></div><div>Benefit=
s of this:</div><div><br></div><div>1. It is more predictable than testnet.=
 Miners appear and disappear regularly, causing irregular block generation.=
</div><div><br></div><div>2. Since it is centrally controlled, it is easy t=
o perform global testing, such as reorgs (e.g. the network performs a 4 blo=
ck reorg by request, or as scheduled).</div><div><br></div><div>3. It is mo=
re stable than testnet, which occasionally sees several thousand block reor=
gs.</div><div><br></div><div>4. It is trivial to spin up (and shut down) ne=
w signets to make public tests where anyone can participate.</div><div><br>=
</div><div>Anyone can create a signet at any time, simply by creating a key=
 pair and creating a challenge (scriptPubKey). The network can then be used=
 globally by anyone, assuming the creator sends some coins to the other par=
ticipants.</div><div><br></div><div>Having a persistent signet would be ben=
eficial in particular to services which need a stable place to test feature=
s over an extended=C2=A0period of time. My own company implements protocols=
 on top of Bitcoin with sidechains. We need multi-node test frameworks to b=
ehave in a predictable manner (unlike testnet) and with the same standardne=
ss relay policy as mainnet.<br></div><div><br></div><div>Signets consist of=
 2 parameters: the challenge script (scriptPubKey) and the solution length.=
 (The latter is needed to retain fixed length block headers, despite having=
 an additional payload.)</div><div><br></div><div>I propose that a default =
persistent &quot;signet1&quot; is created, which can be replaced in future =
versions e.g. if the coins are unwisely used as real money, similarly to wh=
at happened to previous testnets. This signet is picked by default if a use=
r includes -signet without providing any of the parameters mentioned above.=
 The key holder would be someone sufficiently trusted in the community, who=
 would be willing to run the system (block generation code, faucet, etc). I=
t could be made a little more sturdy by using 1-of-N multisig as the challe=
nge, in case 1 &lt;=3D x &lt; N of the signers disappear. If people oppose =
this, it can be skipped, but will mean people can&#39;t just jump onto sign=
et without first tracking down parameters from somewhere.</div><div><br></d=
iv><div>Implementation-wise, the code adds an std::map with block hash to b=
lock signature. This is serialized/deserialized as appropriate (Segwit witn=
ess style), which means block headers in p2p messages are (80=C2=A0+ soluti=
on_length) bytes. Block header non-contextual check goes from checking if b=
lock header hash &lt; target to checking if the payload is a valid signatur=
e for the block header hash instead.</div><div><br></div><div>Single commit=
 with code (will split into commits and make PR later, but just to give an =
idea what it looks like):=C2=A0<a href=3D"https://github.com/kallewoof/bitc=
oin/pull/4" target=3D"_blank">https://github.com/kallewoof/bitcoin/pull/4</=
a></div><div><br></div><div>I don&#39;t think this PR is overly intrusive, =
and I&#39;m hoping to be able to get signet code into Bitcoin Core eventual=
ly, and am equally hopeful that devs of other (wallet etc) implementations =
will consider supporting it.</div><div><br></div><div>Feedback requested on=
 this.</div><div><br></div><div>Attribution: parts of the signet code (in p=
articular signblock and getnewblockhex) were adapted from the ElementsProje=
ct/elements repository. When PR is split into atomic commits, I will put ap=
propriate attribution there.</div><div><br></div></div></div></div>

--000000000000da23e205838edc6f--