ð
Original date posted:2016-10-25
ð Original message:Responding between lines...
On Mon, Oct 24, 2016 at 2:37 PM, Johnson Lau <jl2012 at xbt.hk> wrote:
> Some comments and questions
>
> 1. In the BIP you mentioned scriptSig 3 times, but I don't think you are
> really talking about scriptSig. Especially, segwit has aborted the use of
> scriptSig to fix malleability. From the context I guess you mean
> redeemScript (see BIP141)
>
You're right.I will change the naming asap.
>
> 2. It seems that 51% of miners may steal all money from the peg, right?
> But I think this is unavoidable for all 2-way-peg proposals. To make it
> safer you still need notaries.
>
Correct, that's inherently a technical limitation. However, there can be
many deterrents from miners stealing money (legal contracts,
mutual-assured-destruction states). Aslo as you mention, you can combine
OP_COUNT_ACK with notary sigantures as AND/OR or a more complex acknowledge
weight distribution.
>
> 3. Instead of using a OP_NOPx, I suggest you using an unused code such as
> 0xba. OP_NOPx should be reserved for some simple "VERIFY"-type codes that
> does not write to the stack.
>
Ok. I'm not sure, but if everyone agrees to it, I will. Also Segwit
versioning allows to create new opcode multiplexing opcodes, so I was
thinking about adding an "opcode index" to a more generic OP_OPERATE. But
that prevents using all NOP space, but prevents easily counting
OP_ACK_COUNT for checksig block limit.
> 4. I don't think you should simply replace "(witversion == 0)" with
> "((witversion == 0) || (witversion == 1))". There are only 16 available
> versions. It'd be exhausted very soon if we use a version for every new
> opcode. As a testing prototype this is fine, but the actual softfork should
> not waste a witversion this way. We need a better way to coordinate the use
> of new witness version. BIP114 suggests an additional field in the witness
> to indicate the script version (https://github.com/bitcoin/
> bips/blob/master/bip-0114.mediawiki)
>
> Good. But currently that version is not enforced, so this BIP cannot make
use of it. I can use (witversion == 1) but add the BIP114 version field so
that the next BIP can make use of it.
> 5. It seems this is the first BIP in markdown format, not mediawiki (but
> this is allowed by BIP1)
>
> 6. The coinbase space is limited to 100 bytes and is already overloaded by
> many different purposes. I think any additional consensus critical message
> should go to a dummy scriptPubKey like the witness commitment. You may
> consider to have a new OP_RETURN output like BIP141, with different magic
> bytes. However, please don't make this output mandatory (cf. witness
> commitment output is optional if the block does not have witness tx)
>
> 6a. "..........due to lack of space to include the proper ack tag in a
> block": this shouldn't happen if you use a OP_RETURN output
>
> I'm not sure about this. The fact that the space for acknowledge and
proposal is short has been seen by other developers a benefit and not a
drawback. It prevent hundreds of sidechains to be offered, which might hurt
solo miners. 70 bytes allows for approximately 10 active polls.
> 7. "It can be the case that two different secondary blockchains specify
> the same transaction candidate, but **at least** one of them will clearly
> be unauthentic."
>
> thnks.
8. Question: is an ack-poll valid only for 1 transaction? When the
> transaction is confirmed, could full nodes prune the corresponding ack-poll
> data? (I think it has to be prunable after spending because ack-poll data
> is effectively UTXO data)
>
> Yes, there is no ack-poll data stored except for the coinbase field cache,
which periodically cleans itself by using a FIFO approach.
> 9. No matter how you design a softfork, "Zero risk of invalidating a
> block" couldn't be true for any softfork. For example, even if a miner does
> not include any txs with OP_COUNT_ACKS, he may still build on top of blocks
> with invalid OP_COUNT_ACKS operations.
>
> I'm not sure. I assumed that transactions redeeming a script using
OP_COUNT_ACKS would be non-standard, so the the problem you point out
would only happen if the block including the transaction would be mined
specifically for the purpose to defeat subsequent miners. A honest pre-fork
miner would never include a redeemScript that that verifies an
OP_COUNT_ACKS, since that transaction would never be received by the p2p
protocol (it could if the miner accepts non-standard txs by a different
channnel).
But I must check this in the BIP source code if OP_COUNT_ACKS is really
non-standard as I designed it to be.
(Thanks Jonhson Lau for taking the time to analyze the BIP.)
Sergio.
> ---- On Sun, 02 Oct 2016 23:49:08 +0800 Sergio Demian Lerner via
> bitcoin-dev <bitcoin-dev at lists.linuxfoundation.org> wrote ----
> > Since ScalingBitcoin is close, I think this is a good moment to publish
> our proposal on drivechains. This BIP proposed the drivechain we'd like to
> use in RSK (a.k.a. Rootstock) two-way pegged blockchain and see it
> implemented in Bitcoin. Until that happens, we're using a federated
> approach.
> > I'm sure that adding risk-less Bitcoin extensibility through
> sidechains/drivechains is what we all want, but it's of maximum importance
> to decide which technology will leads us there.
> > We hope this work can also be the base of all other new 2-way-pegged
> blockchains that can take Bitcoin the currency to new niches and test new
> use cases, but cannot yet be realized because of current
> limitations/protections.
> >
> > The full BIP plus a reference implementation can be found here:
> >
> > BIP (draft):
> > https://github.com/rootstock/bips/blob/master/BIP-R10.md
> >
> > Code & Test cases:
> > https://github.com/rootstock/bitcoin/tree/op-count-acks_devel
> > (Note: Code is still unaudited)
> >
> > As a summary, OP_COUNT_ACKS is a new segwit-based and soft-forked
> opcode that counts acks and nacks tags in coinbase fields, and push the
> resulting totals in the script stack.
> >
> > The system was designed with the following properties in mind:
> >
> > 1. Interoperability with scripting system
> > 2. Zero risk of invalidating a block
> > 3. No additional computation during blockchain management and
> re-organization
> > 4. No change in Bitcoin security model
> > 5. Bounded computation of poll results
> > 6. Strong protection from DoS attacks
> > 7. Minimum block space consumption
> > 8. Zero risk of cross-secondary chain invalidation
> >
> > Please see the BIP draft for a more-detailed explanation on how we
> achieve these goals.
> >
> > I'll be in ScalingBitcoin in less than a week and I'll be available to
> discuss the design rationale, improvements, changes and ideas any of you
> may have.
> >
> > Truly yours,
> > Sergio Demian Lerner
> > Bitcoiner and RSK co-founder
> >
> > _______________________________________________
> > bitcoin-dev mailing list
> > bitcoin-dev at lists.linuxfoundation.org
> > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
> >
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20161025/c738134c/attachment.html>;
Sergio Demian Lerner [ARCHIVE] /
npub1fvâŠ3vq7f
2023-06-07 17:53:44
in reply to nevent1qâŠ3htq
Author Public Key
npub1fvuxqdqg7klqqgy3yy8gdxjv4phu92sll5y8zqm2qe5qdrhxymhqf3vq7fPublished at
2023-06-07 17:53:44Event JSON
{
"id": "7cb1505ab55011dfeec4a6bf2dd71261380e85e2e2a8a28be8f8f04c086a5749",
"pubkey": "4b38603408f5be002091210e869a4ca86fc2aa1ffd0871036a0668068ee626ee",
"created_at": 1686160424,
"kind": 1,
"tags": [
[
"e",
"a0719e105373a31b19331be2ab9915ba509ea0ec8469edd3808978e2d85d8297",
"",
"root"
],
[
"e",
"a4d5be28a3762bac642e863bd7c409bb442ef705543d1a19a196207835140f99",
"",
"reply"
],
[
"p",
"492fa402e838904bdc8eb2c8fafa1aa895df26438bfd998c71b01cb9db550ff7"
]
],
"content": "ð
Original date posted:2016-10-25\nð Original message:Responding between lines...\n\nOn Mon, Oct 24, 2016 at 2:37 PM, Johnson Lau \u003cjl2012 at xbt.hk\u003e wrote:\n\n\u003e Some comments and questions\n\u003e\n\u003e 1. In the BIP you mentioned scriptSig 3 times, but I don't think you are\n\u003e really talking about scriptSig. Especially, segwit has aborted the use of\n\u003e scriptSig to fix malleability. From the context I guess you mean\n\u003e redeemScript (see BIP141)\n\u003e\n\nYou're right.I will change the naming asap.\n\n\n\u003e\n\u003e 2. It seems that 51% of miners may steal all money from the peg, right?\n\u003e But I think this is unavoidable for all 2-way-peg proposals. To make it\n\u003e safer you still need notaries.\n\u003e\n\nCorrect, that's inherently a technical limitation. However, there can be\nmany deterrents from miners stealing money (legal contracts,\nmutual-assured-destruction states). Aslo as you mention, you can combine\nOP_COUNT_ACK with notary sigantures as AND/OR or a more complex acknowledge\nweight distribution.\n\n\n\u003e\n\u003e 3. Instead of using a OP_NOPx, I suggest you using an unused code such as\n\u003e 0xba. OP_NOPx should be reserved for some simple \"VERIFY\"-type codes that\n\u003e does not write to the stack.\n\u003e\n\nOk. I'm not sure, but if everyone agrees to it, I will. Also Segwit\nversioning allows to create new opcode multiplexing opcodes, so I was\nthinking about adding an \"opcode index\" to a more generic OP_OPERATE. But\nthat prevents using all NOP space, but prevents easily counting\nOP_ACK_COUNT for checksig block limit.\n\n\n\u003e 4. I don't think you should simply replace \"(witversion == 0)\" with\n\u003e \"((witversion == 0) || (witversion == 1))\". There are only 16 available\n\u003e versions. It'd be exhausted very soon if we use a version for every new\n\u003e opcode. As a testing prototype this is fine, but the actual softfork should\n\u003e not waste a witversion this way. We need a better way to coordinate the use\n\u003e of new witness version. BIP114 suggests an additional field in the witness\n\u003e to indicate the script version (https://github.com/bitcoin/\n\u003e bips/blob/master/bip-0114.mediawiki)\n\u003e\n\u003e Good. But currently that version is not enforced, so this BIP cannot make\nuse of it. I can use (witversion == 1) but add the BIP114 version field so\nthat the next BIP can make use of it.\n\n\n\n\u003e 5. It seems this is the first BIP in markdown format, not mediawiki (but\n\u003e this is allowed by BIP1)\n\u003e\n\n\u003e 6. The coinbase space is limited to 100 bytes and is already overloaded by\n\u003e many different purposes. I think any additional consensus critical message\n\u003e should go to a dummy scriptPubKey like the witness commitment. You may\n\u003e consider to have a new OP_RETURN output like BIP141, with different magic\n\u003e bytes. However, please don't make this output mandatory (cf. witness\n\u003e commitment output is optional if the block does not have witness tx)\n\u003e\n\u003e 6a. \"..........due to lack of space to include the proper ack tag in a\n\u003e block\": this shouldn't happen if you use a OP_RETURN output\n\u003e\n\u003e I'm not sure about this. The fact that the space for acknowledge and\nproposal is short has been seen by other developers a benefit and not a\ndrawback. It prevent hundreds of sidechains to be offered, which might hurt\nsolo miners. 70 bytes allows for approximately 10 active polls.\n\n\n\n\u003e 7. \"It can be the case that two different secondary blockchains specify\n\u003e the same transaction candidate, but **at least** one of them will clearly\n\u003e be unauthentic.\"\n\u003e\n\u003e thnks.\n\n8. Question: is an ack-poll valid only for 1 transaction? When the\n\u003e transaction is confirmed, could full nodes prune the corresponding ack-poll\n\u003e data? (I think it has to be prunable after spending because ack-poll data\n\u003e is effectively UTXO data)\n\u003e\n\u003e Yes, there is no ack-poll data stored except for the coinbase field cache,\nwhich periodically cleans itself by using a FIFO approach.\n\n\n\n\u003e 9. No matter how you design a softfork, \"Zero risk of invalidating a\n\u003e block\" couldn't be true for any softfork. For example, even if a miner does\n\u003e not include any txs with OP_COUNT_ACKS, he may still build on top of blocks\n\u003e with invalid OP_COUNT_ACKS operations.\n\u003e\n\u003e I'm not sure. I assumed that transactions redeeming a script using\nOP_COUNT_ACKS would be non-standard, so the the problem you point out\nwould only happen if the block including the transaction would be mined\nspecifically for the purpose to defeat subsequent miners. A honest pre-fork\nminer would never include a redeemScript that that verifies an\nOP_COUNT_ACKS, since that transaction would never be received by the p2p\nprotocol (it could if the miner accepts non-standard txs by a different\nchannnel).\n\nBut I must check this in the BIP source code if OP_COUNT_ACKS is really\nnon-standard as I designed it to be.\n\n(Thanks Jonhson Lau for taking the time to analyze the BIP.)\n\nSergio.\n\n\n\n\u003e ---- On Sun, 02 Oct 2016 23:49:08 +0800 Sergio Demian Lerner via\n\u003e bitcoin-dev \u003cbitcoin-dev at lists.linuxfoundation.org\u003e wrote ----\n\u003e \u003e Since ScalingBitcoin is close, I think this is a good moment to publish\n\u003e our proposal on drivechains. This BIP proposed the drivechain we'd like to\n\u003e use in RSK (a.k.a. Rootstock) two-way pegged blockchain and see it\n\u003e implemented in Bitcoin. Until that happens, we're using a federated\n\u003e approach.\n\u003e \u003e I'm sure that adding risk-less Bitcoin extensibility through\n\u003e sidechains/drivechains is what we all want, but it's of maximum importance\n\u003e to decide which technology will leads us there.\n\u003e \u003e We hope this work can also be the base of all other new 2-way-pegged\n\u003e blockchains that can take Bitcoin the currency to new niches and test new\n\u003e use cases, but cannot yet be realized because of current\n\u003e limitations/protections.\n\u003e \u003e\n\u003e \u003e The full BIP plus a reference implementation can be found here:\n\u003e \u003e\n\u003e \u003e BIP (draft):\n\u003e \u003e https://github.com/rootstock/bips/blob/master/BIP-R10.md\n\u003e \u003e\n\u003e \u003e Code \u0026 Test cases:\n\u003e \u003e https://github.com/rootstock/bitcoin/tree/op-count-acks_devel\n\u003e \u003e (Note: Code is still unaudited)\n\u003e \u003e\n\u003e \u003e As a summary, OP_COUNT_ACKS is a new segwit-based and soft-forked\n\u003e opcode that counts acks and nacks tags in coinbase fields, and push the\n\u003e resulting totals in the script stack.\n\u003e \u003e\n\u003e \u003e The system was designed with the following properties in mind:\n\u003e \u003e\n\u003e \u003e 1. Interoperability with scripting system\n\u003e \u003e 2. Zero risk of invalidating a block\n\u003e \u003e 3. No additional computation during blockchain management and\n\u003e re-organization\n\u003e \u003e 4. No change in Bitcoin security model\n\u003e \u003e 5. Bounded computation of poll results\n\u003e \u003e 6. Strong protection from DoS attacks\n\u003e \u003e 7. Minimum block space consumption\n\u003e \u003e 8. Zero risk of cross-secondary chain invalidation\n\u003e \u003e\n\u003e \u003e Please see the BIP draft for a more-detailed explanation on how we\n\u003e achieve these goals.\n\u003e \u003e\n\u003e \u003e I'll be in ScalingBitcoin in less than a week and I'll be available to\n\u003e discuss the design rationale, improvements, changes and ideas any of you\n\u003e may have.\n\u003e \u003e\n\u003e \u003e Truly yours,\n\u003e \u003e Sergio Demian Lerner\n\u003e \u003e Bitcoiner and RSK co-founder\n\u003e \u003e\n\u003e \u003e _______________________________________________\n\u003e \u003e bitcoin-dev mailing list\n\u003e \u003e bitcoin-dev at lists.linuxfoundation.org\n\u003e \u003e https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev\n\u003e \u003e\n\u003e\n\u003e\n\u003e\n-------------- next part --------------\nAn HTML attachment was scrubbed...\nURL: \u003chttp://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20161025/c738134c/attachment.html\u003e",
"sig": "5d1802d084e8394efa30e25c61ba42275bf3b3cecce9dd73abe2abacd6c439502ae97a403b1bb5ed4b3d2db293eb07be0d5074436938b7566095dcf20e575c96"
}