1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
|
Return-Path: <rusty@ozlabs.org>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id 0B738F22
for <bitcoin-dev@lists.linuxfoundation.org>;
Tue, 16 Jan 2018 02:27:49 +0000 (UTC)
X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6
Received: from ozlabs.org (ozlabs.org [103.22.144.67])
by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 6992514E
for <bitcoin-dev@lists.linuxfoundation.org>;
Tue, 16 Jan 2018 02:27:48 +0000 (UTC)
Received: by ozlabs.org (Postfix, from userid 1011)
id 3zLDdt48RLz9sR8; Tue, 16 Jan 2018 13:27:46 +1100 (AEDT)
From: Rusty Russell <rusty@rustcorp.com.au>
To: Russell O'Connor <roconnor@blockstream.io>,
Pieter Wuille <pieter.wuille@gmail.com>
In-Reply-To: <CAMZUoKn4noCEQR6eqf9hiZSMdk-3b8UHR1NrEFrKNoLSMzVjGQ@mail.gmail.com>
References: <87608btgyd.fsf@rustcorp.com.au>
<DB7E57AC-5588-4BBA-9ABC-B9B4F6BAECE2@friedenbach.org>
<CAPg+sBgRrqZryiETZYCWiqHNOmN2bCfsvr30znjN-gKiU5Vfjg@mail.gmail.com>
<CAMZUoKn4noCEQR6eqf9hiZSMdk-3b8UHR1NrEFrKNoLSMzVjGQ@mail.gmail.com>
Date: Tue, 16 Jan 2018 11:36:14 +1030
Message-ID: <87zi5ehat5.fsf@rustcorp.com.au>
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
T_RP_MATCHES_RCVD autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
Cc: Bitcoin Dev <bitcoin-dev@lists.linuxfoundation.org>,
Russell O'Connor <roconnor@blockstream.com>,
Kalle Alm <kalle.alm@gmail.com>
Subject: Re: [bitcoin-dev] BIP 117 Feedback
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Jan 2018 02:27:49 -0000
"Russell O'Connor" <roconnor@blockstream.io> writes:
> However, if I understand correctly, the situation for BIP 117 is entirely
> different. As far as I understand there is currently no restrictions about
> terminating a v0 witness program with a non-empty alt-stack, and there are
> no restrictions on leaving non-canonical boolean values on the main stack.
BIP-141: "The script must not fail, and result in exactly a single TRUE
on the stack." And it has long been non-standard for P2SH scripts to
not do the same (don't know exactly when).
> There could already be commitments to V0 witness programs that, when
> executed in some reasonable context, leave a non-empty alt-stack and/or
> leave a non-canonical true value on the main stack. Unlike the P2SH or
> Segwit soft-forks, these existing commitments could be real outputs that
> currently confer non-trivial ownership over their associated funds. If BIP
> 117 were activated, these commitments would be subject to a new set of
> rules that didn't exist when the commitments were made. In particular,
> these funds could be rendered unspendable. Because segwit commitments are
> hashes of segwit programs, there is no way to even analyze the blockchain
> to determine if these commitments currently exist (and even if we could it
> probably woudln't be adequate protection).
The rule AFAICT is "standard transactions must still work". This was
violated with low-S, but the transformation was arguably trivial.
OTOH, use of altstack is completely standard, though in practice it's
unused and so only a theoretical concern.
My concern remains unanswered: I want hard numbers on the worst-case
time taken by sigops with the limit removed. It's about 120 usec per
sigop (from [1]), so how bad could it be? I think Russell had an
estimate like 1 in 3 ops, so 160 seconds to validate a block?
Thanks,
Rusty.
[1] https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-December/015346.html
|