š
Original date posted:2015-12-30
š Original message:On Wed, Dec 30, 2015 at 05:29:05AM -0800, Jonathan Toomim via bitcoin-dev wrote:
> As a first impression, I think this proposal is intellectually interesting, but crufty and hackish and should never actually be deployed. Writing code for Bitcoin in a future in which we have deployed a few generalized softforks this way sounds terrifying.
<snip>
> It might be possible to make that a bit simpler with recursion, or by doing subsequent generalized softforks in a way that doesn't have multi-levels-deep block-within-a-block-within-a-block stuff. Still: ugh.
Your fear is misplaced: it's trivial to avoid recursion with a bit of
planning.
For instance, if Bitcoin was redesigned to incorporate the forced fork
concept, instead of block headers committing to just a merkle root,
they could instead commit to H(version + digest)
For version == 0, digest would be a merkle root of all transactions. If
the version was > 0, any digest would be allowed and the block would be
interpreted as a NOP with no effect on the UTXO set.
In the event of a major change - e.g. what would otherwise be a
hard-forking change to the way the merkle root was calculated - a
soft-fork would change the block validity rules to make version == 0
invalid, and verison == 1 blocks would interpret the digest according to
the new merkle root rules. Again, version > 1 blocks would be treated as
NOPs.
A good exercise is to apply the above to the existing Bitcoin ecosystem
as a soft-fork - it certainely can be done, and done right is
technically very simple.
Regardless of how it's done - existing Bitcoin compatible or clean sheet
redesign - you get the significant safety advantages soft-forks have
over hard-forks in nearly all situations where you'd have to do a
hard-fork. OTOH, it's kinda scary how this institutionalizes what could
be seen as 51% attacks, possibly giving miners significantly more
control over the system politically. I'm not sure I agree with that
viewpoint - miners can do this anyway - but that has made people shy
away from promoting this idea in the past. (previously it's been often
referred to as an "evil" soft-fork)
--
'peter'[:-1]@petertodd.org
00000000000000000831fc2554d9370aeba2701fff09980123d24a615eee7416
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 650 bytes
Desc: Digital signature
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20151230/38a95928/attachment.sig>;
Peter Todd [ARCHIVE] /
npub1m2ā¦a2np2
2023-06-07 17:47:24
in reply to nevent1qā¦27tn
Author Public Key
npub1m230cem2yh3mtdzkg32qhj73uytgkyg5ylxsu083n3tpjnajxx4qqa2np2Seen on
wss://relay.nostr.bandPublished at
2023-06-07 17:47:24Event JSON
{
"id": "abb035272047a87fc41298c26475e655b20c556396fcff7b0bad03b59238ee33",
"pubkey": "daa2fc676a25e3b5b45644540bcbd1e1168b111427cd0e3cf19c56194fb231aa",
"created_at": 1686160044,
"kind": 1,
"tags": [
[
"e",
"410a15ecaf9eb209e9831774c35dbf549a77975bb49e6a60c2dbf869774cfd1f",
"",
"root"
],
[
"e",
"04de7219ef86270341504c5e0060c4b6d204e7bca9d227b39f59f9cdfb81cf13",
"",
"reply"
],
[
"p",
"acb285844a596699e52000de0aaf258d239adaa6a115451c0954683e7f828773"
]
],
"content": "š
Original date posted:2015-12-30\nš Original message:On Wed, Dec 30, 2015 at 05:29:05AM -0800, Jonathan Toomim via bitcoin-dev wrote:\n\u003e As a first impression, I think this proposal is intellectually interesting, but crufty and hackish and should never actually be deployed. Writing code for Bitcoin in a future in which we have deployed a few generalized softforks this way sounds terrifying.\n\n\u003csnip\u003e\n\n\u003e It might be possible to make that a bit simpler with recursion, or by doing subsequent generalized softforks in a way that doesn't have multi-levels-deep block-within-a-block-within-a-block stuff. Still: ugh.\n\nYour fear is misplaced: it's trivial to avoid recursion with a bit of\nplanning.\n\nFor instance, if Bitcoin was redesigned to incorporate the forced fork\nconcept, instead of block headers committing to just a merkle root,\nthey could instead commit to H(version + digest)\n\nFor version == 0, digest would be a merkle root of all transactions. If\nthe version was \u003e 0, any digest would be allowed and the block would be\ninterpreted as a NOP with no effect on the UTXO set.\n\nIn the event of a major change - e.g. what would otherwise be a\nhard-forking change to the way the merkle root was calculated - a\nsoft-fork would change the block validity rules to make version == 0\ninvalid, and verison == 1 blocks would interpret the digest according to\nthe new merkle root rules. Again, version \u003e 1 blocks would be treated as\nNOPs.\n\nA good exercise is to apply the above to the existing Bitcoin ecosystem\nas a soft-fork - it certainely can be done, and done right is\ntechnically very simple.\n\n\nRegardless of how it's done - existing Bitcoin compatible or clean sheet\nredesign - you get the significant safety advantages soft-forks have\nover hard-forks in nearly all situations where you'd have to do a\nhard-fork. OTOH, it's kinda scary how this institutionalizes what could\nbe seen as 51% attacks, possibly giving miners significantly more\ncontrol over the system politically. I'm not sure I agree with that\nviewpoint - miners can do this anyway - but that has made people shy\naway from promoting this idea in the past. (previously it's been often\nreferred to as an \"evil\" soft-fork)\n\n-- \n'peter'[:-1]@petertodd.org\n00000000000000000831fc2554d9370aeba2701fff09980123d24a615eee7416\n-------------- next part --------------\nA non-text attachment was scrubbed...\nName: signature.asc\nType: application/pgp-signature\nSize: 650 bytes\nDesc: Digital signature\nURL: \u003chttp://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20151230/38a95928/attachment.sig\u003e",
"sig": "6cde37c0dd2a4e105e84ebd97f96d716399e209ffa752406fdc1d98a6b8d288897a05e758c59fa5aa6dfaada5a92c6541d0c0256b14ebbb4b1c7d7b5daf9e5c6"
}