Adam Back [ARCHIVE] on Nostr: đź“… Original date posted:2015-05-29 đź“ť Original message:I discussed the extension ...
đź“… Original date posted:2015-05-29
đź“ť Original message:I discussed the extension block idea on wizards a while back and it is
a way to soft-fork an opt-in block-size increase. Like everything
here there are pros and cons.
The security is better than Raylstonn inferred from Tier's explanation
I think.. It works as Tier described - there is an extension block
(say 10MB) and the existing 1MB block. The extension block is
committed to in the 1MB chain. Users can transfer bitcoin into the
extension block, and they can transfer them out.
The interesting thing is this makes block sizes changes opt-in and
gives users choice. Choice is good. Bitcoin has a one-size-fits-all
blocksize at present hence the block size debate. If a bigger
block-size were an opt-in choice, and some people wanted 10MB or even
100MB blocks for low value transactions I expect it would be far
easier a discussion - people who think 100MB blocks are dangerously
centralising, would not opt to use them (or would put only small
values they can afford to lose in them). There are some security
implications though, so this also is nuanced, and more on that in a
bit.
Fee pressure still exists for blocks of difference size as the
security assurances are not the same. It is plausible that some
people would pay more for transactions in the 1MB block.
Now there are three choices of validation level, rather than the
normal 2-levels of SPV or full-node, with extension blocks we get a
choice: A) a user could run a full node for both 1MB and 10MB blocks,
and get full security for both 1MB and 10MB block transactions (but at
higher bandwidth cost), or B) a user could run a full node on the 1MB
block, but operate as an SPV node for the 10MB block, or C) run in SPV
mode for both 1MB and 10MB blocks.
Similarly for mining - miners could validate 1MB and 10MB transactions
(solo mine or GBT-style), or they could self-validate 1MB transactions
and pool mine 10MB transactions (have a pool validate those).
1MB full node users who do not upgrade to software that understands
extension blocks, could run in SPV mode with respect to 10MB blocks.
Here lies the risk - this imposes a security downgrade on the 1MB
non-upgraded users, and also on users who upgrade but dont have the
bandwidth to validate 10MB blocks.
We could defend non-upgrade users by making receiving funds that came
via the extension block opt-in also, eg an optional to use new address
version and construct the extension block so that payments out of it
can only go to new version addresses.
We could harden 1MB block SPV security (when receiving weaker
extension block transactions) in a number of ways: UTXO commitments,
fraud proofs (and fraud bounties) for moving from the extension block
to the 1MB block. We could optionally require coins moving via the
extension block to the 1MB block to be matured (eg 100 blocks delay)
Anyway something else to evaluate. Not as simple to code as a
hard-fork, but way safer transition than a hard-fork, and opt-in - if
you prefer the higher decentralisation of 1MB blocks, keep using them;
if you prefer 10MB blocks you can opt-in to them.
Adam
On 29 May 2015 at 17:39, Raystonn . <raystonn at hotmail.com> wrote:
> Regarding Tier’s proposal: The lower security you mention for extended
> blocks would delay, possibly forever, the larger blocks maximum block size
> that we want for the entire network. That doesn’t sound like an optimal
> solution.
>
> Regarding consensus for larger maximum block size, what we are seeing on
> this list is typical of what we see in the U.S. Congress. Support for
> changes by the stakeholders (support for bills by the citizens as a whole)
> has become irrelevant to the probability of these changes being adopted.
> Lobbyists have all the sway in getting their policies enacted. In our case,
> I would bet on some lobbying of core developers by wealthy miners.
>
> Someone recently proposed that secret ballots could help eliminate the power
> of lobbyists in Congress. Nobody invests in that which cannot be confirmed.
> Secret ballots mean the vote you are buying cannot be confirmed. Perhaps
> this will work for Bitcoin Core as well.
>
>
> From: Tier Nolan
> Sent: Friday, May 29, 2015 7:22 AM
> Cc: Bitcoin Dev
> Subject: Re: [Bitcoin-development] Proposed alternatives to the 20MB
> stepfunction
>
> On Fri, May 29, 2015 at 3:09 PM, Tier Nolan <tier.nolan at gmail.com> wrote:
>>
>>
>>
>> On Fri, May 29, 2015 at 1:39 PM, Gavin Andresen <gavinandresen at gmail.com>
>> wrote:
>>>
>>> But if there is still no consensus among developers but the "bigger
>>> blocks now" movement is successful, I'll ask for help getting big miners to
>>> do the same, and use the soft-fork block version voting mechanism to
>>> (hopefully) get a majority and then a super-majority willing to produce
>>> bigger blocks. The purpose of that process is to prove to any doubters that
>>> they'd better start supporting bigger blocks or they'll be left behind, and
>>> to give them a chance to upgrade before that happens.
>>
>>
>> How do you define that the movement is successful?
>
>
> Sorry again, I keep auto-sending from gmail when trying to delete.
>
> In theory, using the "nuclear option", the block size can be increased via
> soft fork.
>
> Version 4 blocks would contain the hash of the a valid extended block in the
> coinbase.
>
> <block height> <32 byte extended hash>
>
> To send coins to the auxiliary block, you send them to some template.
>
> OP_P2SH_EXTENDED <scriptPubKey hash> OP_TRUE
>
> This transaction can be spent by anyone (under the current rules). The soft
> fork would lock the transaction output unless it transferred money from the
> extended block.
>
> To unlock the transaction output, you need to include the txid of
> transaction(s) in the extended block and signature(s) in the scriptSig.
>
> The transaction output can be spent in the extended block using P2SH against
> the scriptPubKey hash.
>
> This means that people can choose to move their money to the extended block.
> It might have lower security than leaving it in the root chain.
>
> The extended chain could use the updated script language too.
>
> This is obviously more complex than just increasing the size though, but it
> could be a fallback option if no consensus is reached. It has the advantage
> of giving people a choice. They can move their money to the extended chain
> or not, as they wish.
Published at
2023-06-07 15:35:54Event JSON
{
"id": "5405a92cf066bf8e2653a55c1b3f1ca7c38b69ba14e5cd4adeff2b8924163c30",
"pubkey": "ee0fa66772f633411e4432e251cfb15b1c0fe8cd8befd8b0d86eb302402a8b4a",
"created_at": 1686152154,
"kind": 1,
"tags": [
[
"e",
"9ad377f70d31e4f3561417f467d867c2bbabee030344e8c70185d80cc851c4dd",
"",
"reply"
],
[
"p",
"a23dbf6c6cc83e14cc3df4e56cc71845f611908084cfe620e83e40c06ccdd3d0"
]
],
"content": "📅 Original date posted:2015-05-29\n📝 Original message:I discussed the extension block idea on wizards a while back and it is\na way to soft-fork an opt-in block-size increase. Like everything\nhere there are pros and cons.\n\nThe security is better than Raylstonn inferred from Tier's explanation\nI think.. It works as Tier described - there is an extension block\n(say 10MB) and the existing 1MB block. The extension block is\ncommitted to in the 1MB chain. Users can transfer bitcoin into the\nextension block, and they can transfer them out.\n\nThe interesting thing is this makes block sizes changes opt-in and\ngives users choice. Choice is good. Bitcoin has a one-size-fits-all\nblocksize at present hence the block size debate. If a bigger\nblock-size were an opt-in choice, and some people wanted 10MB or even\n100MB blocks for low value transactions I expect it would be far\neasier a discussion - people who think 100MB blocks are dangerously\ncentralising, would not opt to use them (or would put only small\nvalues they can afford to lose in them). There are some security\nimplications though, so this also is nuanced, and more on that in a\nbit.\n\nFee pressure still exists for blocks of difference size as the\nsecurity assurances are not the same. It is plausible that some\npeople would pay more for transactions in the 1MB block.\n\nNow there are three choices of validation level, rather than the\nnormal 2-levels of SPV or full-node, with extension blocks we get a\nchoice: A) a user could run a full node for both 1MB and 10MB blocks,\nand get full security for both 1MB and 10MB block transactions (but at\nhigher bandwidth cost), or B) a user could run a full node on the 1MB\nblock, but operate as an SPV node for the 10MB block, or C) run in SPV\nmode for both 1MB and 10MB blocks.\n\nSimilarly for mining - miners could validate 1MB and 10MB transactions\n(solo mine or GBT-style), or they could self-validate 1MB transactions\nand pool mine 10MB transactions (have a pool validate those).\n\n1MB full node users who do not upgrade to software that understands\nextension blocks, could run in SPV mode with respect to 10MB blocks.\nHere lies the risk - this imposes a security downgrade on the 1MB\nnon-upgraded users, and also on users who upgrade but dont have the\nbandwidth to validate 10MB blocks.\n\n\nWe could defend non-upgrade users by making receiving funds that came\nvia the extension block opt-in also, eg an optional to use new address\nversion and construct the extension block so that payments out of it\ncan only go to new version addresses.\n\nWe could harden 1MB block SPV security (when receiving weaker\nextension block transactions) in a number of ways: UTXO commitments,\nfraud proofs (and fraud bounties) for moving from the extension block\nto the 1MB block. We could optionally require coins moving via the\nextension block to the 1MB block to be matured (eg 100 blocks delay)\n\n\nAnyway something else to evaluate. Not as simple to code as a\nhard-fork, but way safer transition than a hard-fork, and opt-in - if\nyou prefer the higher decentralisation of 1MB blocks, keep using them;\nif you prefer 10MB blocks you can opt-in to them.\n\nAdam\n\nOn 29 May 2015 at 17:39, Raystonn . \u003craystonn at hotmail.com\u003e wrote:\n\u003e Regarding Tier’s proposal: The lower security you mention for extended\n\u003e blocks would delay, possibly forever, the larger blocks maximum block size\n\u003e that we want for the entire network. That doesn’t sound like an optimal\n\u003e solution.\n\u003e\n\u003e Regarding consensus for larger maximum block size, what we are seeing on\n\u003e this list is typical of what we see in the U.S. Congress. Support for\n\u003e changes by the stakeholders (support for bills by the citizens as a whole)\n\u003e has become irrelevant to the probability of these changes being adopted.\n\u003e Lobbyists have all the sway in getting their policies enacted. In our case,\n\u003e I would bet on some lobbying of core developers by wealthy miners.\n\u003e\n\u003e Someone recently proposed that secret ballots could help eliminate the power\n\u003e of lobbyists in Congress. Nobody invests in that which cannot be confirmed.\n\u003e Secret ballots mean the vote you are buying cannot be confirmed. Perhaps\n\u003e this will work for Bitcoin Core as well.\n\u003e\n\u003e\n\u003e From: Tier Nolan\n\u003e Sent: Friday, May 29, 2015 7:22 AM\n\u003e Cc: Bitcoin Dev\n\u003e Subject: Re: [Bitcoin-development] Proposed alternatives to the 20MB\n\u003e stepfunction\n\u003e\n\u003e On Fri, May 29, 2015 at 3:09 PM, Tier Nolan \u003ctier.nolan at gmail.com\u003e wrote:\n\u003e\u003e\n\u003e\u003e\n\u003e\u003e\n\u003e\u003e On Fri, May 29, 2015 at 1:39 PM, Gavin Andresen \u003cgavinandresen at gmail.com\u003e\n\u003e\u003e wrote:\n\u003e\u003e\u003e\n\u003e\u003e\u003e But if there is still no consensus among developers but the \"bigger\n\u003e\u003e\u003e blocks now\" movement is successful, I'll ask for help getting big miners to\n\u003e\u003e\u003e do the same, and use the soft-fork block version voting mechanism to\n\u003e\u003e\u003e (hopefully) get a majority and then a super-majority willing to produce\n\u003e\u003e\u003e bigger blocks. The purpose of that process is to prove to any doubters that\n\u003e\u003e\u003e they'd better start supporting bigger blocks or they'll be left behind, and\n\u003e\u003e\u003e to give them a chance to upgrade before that happens.\n\u003e\u003e\n\u003e\u003e\n\u003e\u003e How do you define that the movement is successful?\n\u003e\n\u003e\n\u003e Sorry again, I keep auto-sending from gmail when trying to delete.\n\u003e\n\u003e In theory, using the \"nuclear option\", the block size can be increased via\n\u003e soft fork.\n\u003e\n\u003e Version 4 blocks would contain the hash of the a valid extended block in the\n\u003e coinbase.\n\u003e\n\u003e \u003cblock height\u003e \u003c32 byte extended hash\u003e\n\u003e\n\u003e To send coins to the auxiliary block, you send them to some template.\n\u003e\n\u003e OP_P2SH_EXTENDED \u003cscriptPubKey hash\u003e OP_TRUE\n\u003e\n\u003e This transaction can be spent by anyone (under the current rules). The soft\n\u003e fork would lock the transaction output unless it transferred money from the\n\u003e extended block.\n\u003e\n\u003e To unlock the transaction output, you need to include the txid of\n\u003e transaction(s) in the extended block and signature(s) in the scriptSig.\n\u003e\n\u003e The transaction output can be spent in the extended block using P2SH against\n\u003e the scriptPubKey hash.\n\u003e\n\u003e This means that people can choose to move their money to the extended block.\n\u003e It might have lower security than leaving it in the root chain.\n\u003e\n\u003e The extended chain could use the updated script language too.\n\u003e\n\u003e This is obviously more complex than just increasing the size though, but it\n\u003e could be a fallback option if no consensus is reached. It has the advantage\n\u003e of giving people a choice. They can move their money to the extended chain\n\u003e or not, as they wish.",
"sig": "efb52b64e07a8bb8f5ecc90b69b8be67a35f5249be3633e46f8fe29119449d23b9920252c9a39453d24f594146e77538063454b87111294ba59832d804dab8e1"
}