1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
|
Received: from sog-mx-4.v43.ch3.sourceforge.com ([172.29.43.194]
helo=mx.sourceforge.net)
by sfs-ml-4.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
(envelope-from <mark@friedenbach.org>) id 1Yzdcw-0000yG-9w
for bitcoin-development@lists.sourceforge.net;
Tue, 02 Jun 2015 04:16:34 +0000
X-ACL-Warn:
Received: from mail-ig0-f178.google.com ([209.85.213.178])
by sog-mx-4.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128)
(Exim 4.76) id 1Yzdcr-0000KN-Ie
for bitcoin-development@lists.sourceforge.net;
Tue, 02 Jun 2015 04:16:34 +0000
Received: by igblz2 with SMTP id lz2so1192276igb.1
for <bitcoin-development@lists.sourceforge.net>;
Mon, 01 Jun 2015 21:16:24 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20130820;
h=x-gm-message-state:mime-version:in-reply-to:references:from:date
:message-id:subject:to:cc:content-type;
bh=Ti+ojCxfZtPumSqaerOV86ApScUaXBjTp+am9KHpILg=;
b=I4qJkaHbqfEAvCCz9ieXxqwjJ3oehsLD2lQLMRrHVTvo94gYGXqDUSjCWTpbXFH/P/
uyohjHhF24E6PO13h8dr1iokbWtM33JuF3dsxjaG6trTKQILp2i7ii3A7XAiGhD3+ieH
x+2DHVS/TGRg501cVH2bGJ2bqha+ab1QJ4rFMAELKnErS+rjkOhmJ6WSjAF48EMk2nTZ
qqV55Cw5Dg3q5l5Aj7KJRQSYt4vlpvl8S0x1+waYYk88GP/exmkUYPXPKiyM0wlvyGqN
NIhV6sn9LRwa2OANiko0OCI0PSu+lwmZ2nPw4nCmP5ASMr2nHmcisBdVkNd5zuG4MWTM
77UA==
X-Gm-Message-State: ALoCoQmSASFdGEzUqdY0h1COVm9RHRxYMoBEsAIPTzZc2dCGpCgfC2vt6H5FYYFn0Y0mD1gcZHJY
X-Received: by 10.43.40.130 with SMTP id tq2mr32884118icb.46.1433218583924;
Mon, 01 Jun 2015 21:16:23 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.107.10.197 with HTTP; Mon, 1 Jun 2015 21:16:03 -0700 (PDT)
X-Originating-IP: [50.0.37.37]
In-Reply-To: <CABHVRKQD4YPt0NA8VnXW4VYx0fmCgSHUYq-73F2esHZqX-FUxw@mail.gmail.com>
References: <CAOG=w-uufDPkQSEi1K_L82j4OXObGmESnfYyxi1z99fcBCotcg@mail.gmail.com>
<CABHVRKQD4YPt0NA8VnXW4VYx0fmCgSHUYq-73F2esHZqX-FUxw@mail.gmail.com>
From: Mark Friedenbach <mark@friedenbach.org>
Date: Mon, 1 Jun 2015 21:16:03 -0700
Message-ID: <CAOG=w-tDdJTkkqGaEEpDZ6pX0kXT7f2wvoN_cEpd6+MVnu1CdQ@mail.gmail.com>
To: Stephen Morse <stephencalebmorse@gmail.com>
Content-Type: multipart/alternative; boundary=bcaec51dd84994c8610517813468
X-Spam-Score: 2.0 (++)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
See http://spamassassin.org/tag/ for more details.
1.0 HTML_MESSAGE BODY: HTML included in message
1.0 UC_GIBBERISH_OBFU Multiple instances of "word VERYLONGGIBBERISH
word"
X-Headers-End: 1Yzdcr-0000KN-Ie
Cc: Bitcoin Development <bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] [BIP draft] Consensus-enforced
transaction replacement signalled via sequence numbers
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Tue, 02 Jun 2015 04:16:34 -0000
--bcaec51dd84994c8610517813468
Content-Type: text/plain; charset=UTF-8
You are correct! I am maintaining a 'checksequenceverify' branch in my git
repository as well, an OP_RCLTV using sequence numbers:
https://github.com/maaku/bitcoin/tree/checksequenceverify
Most of the interesting use cases for relative lock-time require an RCLTV
opcode. What is interesting about this architecture is that it possible to
cleanly separate the relative lock-time (sequence numbers) from the RCLTV
opcode (OP_CHECKSEQUENCEVERIFY) both in concept and in implementation. Like
CLTV, the CSV opcode only checks transaction data and requires no
contextual knowledge about block headers, a weakness of the other RCLTV
proposals that violate the clean separation between libscript and
libconsensus. In a similar way, this BIP proposal only touches the
transaction validation logic without any impact to script.
I would like to propose an additional BIP covering the CHECKSEQUENCEVERIFY
opcode and its enabling applications. But, well, one thing at a time.
On Mon, Jun 1, 2015 at 8:45 PM, Stephen Morse <stephencalebmorse@gmail.com>
wrote:
> Hi Mark,
>
> Overall, I like this idea in every way except for one: unless I am missing
> something, we may still need an OP_RCLTV even with this being
> implemented.
>
> In use cases such as micropayment channels where the funds are locked up
> by multiple parties, the enforcement of the relative locktime can be done
> by the first-signing party. So, while your solution would probably work in
> cases like this, where multiple signing parties are involved, there may be
> other, seen or unforeseen, use cases that require putting the relative
> locktime right into the spending contract (the scriptPubKey itself). When
> there is only one signer, there's nothing that enforces using an nSequence
> and nVersion=2 that would prevent spending the output until a certain time.
>
> I hope this is received as constructive criticism, I do think this is an
> innovative idea. In my view, though, it seems to be less fully-featured
> than just repurposing an OP_NOP to create OP_RCLTV. The benefits are
> obviously that it saves transaction space by repurposing unused space, and
> would likely work for most cases where an OP_RCLTV would be needed.
>
> Best,
> Stephen
>
> On Mon, Jun 1, 2015 at 9:49 PM, Mark Friedenbach <mark@friedenbach.org>
> wrote:
>
>> I have written a reference implementation and BIP draft for a soft-fork
>> change to the consensus-enforced behaviour of sequence numbers for the
>> purpose of supporting transaction replacement via per-input relative
>> lock-times. This proposal was previously discussed on the mailing list in
>> the following thread:
>>
>> http://sourceforge.net/p/bitcoin/mailman/message/34146752/
>>
>> In short summary, this proposal seeks to enable safe transaction
>> replacement by re-purposing the nSequence field of a transaction input to
>> be a consensus-enforced relative lock-time.
>>
>> The advantages of this approach is that it makes use of the full range of
>> the 32-bit sequence number which until now has rarely been used for
>> anything other than a boolean control over absolute nLockTime, and it does
>> so in a way that is semantically compatible with the originally envisioned
>> use of sequence numbers for fast mempool transaction replacement.
>>
>> The disadvantages are that external constraints often prevent the full
>> range of sequence numbers from being used when interpreted as a relative
>> lock-time, and re-purposing nSequence as a relative lock-time precludes its
>> use in other contexts. The latter point has been partially addressed by
>> having the relative lock-time semantics be enforced only if the
>> most-significant bit of nSequence is set. This preserves 31 bits for
>> alternative use when relative lock-times are not required.
>>
>> The BIP draft can be found at the following gist:
>>
>> https://gist.github.com/maaku/be15629fe64618b14f5a
>>
>> The reference implementation is available at the following git repository:
>>
>> https://github.com/maaku/bitcoin/tree/sequencenumbers
>>
>> I request that the BIP editor please assign a BIP number for this work.
>>
>> Sincerely,
>> Mark Friedenbach
>>
>>
>> ------------------------------------------------------------------------------
>>
>> _______________________________________________
>> Bitcoin-development mailing list
>> Bitcoin-development@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>>
>>
>
--bcaec51dd84994c8610517813468
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><div><div>You are correct! I am maintaining a 'checkse=
quenceverify' branch in my git repository as well, an OP_RCLTV using se=
quence numbers:<br><br><a href=3D"https://github.com/maaku/bitcoin/tree/che=
cksequenceverify">https://github.com/maaku/bitcoin/tree/checksequenceverify=
</a><br><br></div>Most of the interesting use cases for relative lock-time =
require an RCLTV opcode. What is interesting about this architecture is tha=
t it possible to cleanly separate the relative lock-time (sequence numbers)=
from the RCLTV opcode (OP_CHECKSEQUENCEVERIFY) both in concept and in impl=
ementation. Like CLTV, the CSV opcode only checks transaction data and requ=
ires no contextual knowledge about block headers, a weakness of the other R=
CLTV proposals that violate the clean separation between libscript and libc=
onsensus. In a similar way, this BIP proposal only touches the transaction =
validation logic without any impact to script.<br><br></div>I would like to=
propose an additional BIP covering the CHECKSEQUENCEVERIFY opcode and its =
enabling applications. But, well, one thing at a time.<br></div><div class=
=3D"gmail_extra"><br><div class=3D"gmail_quote">On Mon, Jun 1, 2015 at 8:45=
PM, Stephen Morse <span dir=3D"ltr"><<a href=3D"mailto:stephencalebmors=
e@gmail.com" target=3D"_blank">stephencalebmorse@gmail.com</a>></span> w=
rote:<br><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;borde=
r-left:1px #ccc solid;padding-left:1ex"><div dir=3D"ltr">Hi Mark,<br><br>Ov=
erall, I like this idea in every way except for one: unless I am missing so=
mething, we may still need an <font face=3D"monospace, monospace">OP_RCLTV<=
/font> even with this being implemented.=C2=A0<div><br></div><div>In use ca=
ses such as micropayment channels where the funds are locked up by multiple=
parties, the enforcement of the relative locktime can be done by the first=
-signing party. So, while your solution would probably work in cases like t=
his, where multiple signing parties are involved, there may be other, seen =
or unforeseen, use cases that require putting the relative locktime right i=
nto the spending contract (the <font face=3D"monospace, monospace">scriptPu=
bKey</font> itself). When there is only one signer, there's nothing tha=
t enforces using an nSequence and nVersion=3D2 that would prevent spending =
the output until a certain time.=C2=A0</div><div><br></div><div>I hope this=
is received as constructive criticism, I do think this is an innovative id=
ea. In my view, though, it seems to be less fully-featured than just repurp=
osing an <font face=3D"monospace, monospace">OP_NOP</font> to create <font =
face=3D"monospace, monospace">OP_RCLTV</font>. The benefits are obviously t=
hat it saves transaction space by repurposing unused space, and would likel=
y work for most cases where an <font face=3D"monospace, monospace">OP_RCLTV=
</font> would be needed.</div><div><br></div><div>Best,<br>Stephen</div></d=
iv><div class=3D"gmail_extra"><br><div class=3D"gmail_quote"><div><div clas=
s=3D"h5">On Mon, Jun 1, 2015 at 9:49 PM, Mark Friedenbach <span dir=3D"ltr"=
><<a href=3D"mailto:mark@friedenbach.org" target=3D"_blank">mark@frieden=
bach.org</a>></span> wrote:<br></div></div><blockquote class=3D"gmail_qu=
ote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex=
"><div><div class=3D"h5"><div dir=3D"ltr"><div>I have written a reference i=
mplementation and BIP draft for a soft-fork change to the consensus-enforce=
d behaviour of sequence numbers for the purpose of supporting transaction r=
eplacement via per-input relative lock-times. This proposal was previously =
discussed on the mailing list in the following thread:<br><br><a href=3D"ht=
tp://sourceforge.net/p/bitcoin/mailman/message/34146752/" target=3D"_blank"=
>http://sourceforge.net/p/bitcoin/mailman/message/34146752/</a><br><br></di=
v><div>In short summary, this proposal seeks to enable safe transaction rep=
lacement by re-purposing the nSequence field of a transaction input to be a=
consensus-enforced relative lock-time.<br><br>The advantages of this appro=
ach is that it makes use of the full range of the 32-bit sequence number wh=
ich until now has rarely been used for anything other than a boolean contro=
l over absolute nLockTime, and it does so in a way that is semantically com=
patible with the originally envisioned use of sequence numbers for fast mem=
pool transaction replacement.<br><br></div><div>The disadvantages are that =
external constraints often prevent the full range of sequence numbers from =
being used when interpreted as a relative lock-time, and re-purposing nSequ=
ence as a relative lock-time precludes its use in other contexts. The latte=
r point has been partially addressed by having the relative lock-time seman=
tics be enforced only if the most-significant bit of nSequence is set. This=
preserves 31 bits for alternative use when relative lock-times are not req=
uired.<br></div><div><br></div><div>The BIP draft can be found at the follo=
wing gist:<br><br><a href=3D"https://gist.github.com/maaku/be15629fe64618b1=
4f5a" target=3D"_blank">https://gist.github.com/maaku/be15629fe64618b14f5a<=
/a><br><br></div><div>The reference implementation is available at the foll=
owing git repository:<br></div><div><br><a href=3D"https://github.com/maaku=
/bitcoin/tree/sequencenumbers" target=3D"_blank">https://github.com/maaku/b=
itcoin/tree/sequencenumbers</a><br><br></div><div>I request that the BIP ed=
itor please assign a BIP number for this work.<br><br></div><div>Sincerely,=
<br></div><div>Mark Friedenbach<br></div></div>
<br></div></div>-----------------------------------------------------------=
-------------------<br>
<br>_______________________________________________<br>
Bitcoin-development mailing list<br>
<a href=3D"mailto:Bitcoin-development@lists.sourceforge.net" target=3D"_bla=
nk">Bitcoin-development@lists.sourceforge.net</a><br>
<a href=3D"https://lists.sourceforge.net/lists/listinfo/bitcoin-development=
" target=3D"_blank">https://lists.sourceforge.net/lists/listinfo/bitcoin-de=
velopment</a><br>
<br></blockquote></div><br></div>
</blockquote></div><br></div>
--bcaec51dd84994c8610517813468--
|
