📅 Original date posted:2014-05-04
📝 Original message:On Sun, Apr 27, 2014 at 02:38:06AM -0700, Mark Friedenbach wrote:
> I'm not convinced of the necessity of this idea in general, but if it
> were to be implemented I would recommend serializing the nVersion field
> as a VarInt (Pieter Wuille's multi-byte serialization format) and using
> the remaining space of the 4 bytes as your extra nonce.
>
> That would allow serialization of numbers up to 0x1020407f (slightly
> over 28 bits) before the 4-byte field is exhausted. For version numbers
> less than 0x204080 there will be at least one byte of padding space left
> over for extra-nonce usage (two bytes if less than 0x4080, three bytes
> if less than 0x80). For version values up to 127, the format is exactly
> identical when the padding bytes are zero.
Neat idea. It might somewhat reduce the flexibility in which the version
field can be used in the future, though.
For the sake of simplicity I lean towards a fixed length version field,
but would be ok with either. Keep in mind that version numbers can be
recycled after a couple of years. So there is effectively zero benefit
in allowing varints to extend beyond 2 bytes. For that reason personally
I think 1 byte of version number would be enough.
> On 04/27/2014 12:07 AM, Timo Hanke wrote:
> > I'd like to put the following draft of a BIP up for discussion.
> >
> > Timo
> >
> > # Abstract
> > There are incentives for miners to find cheap, non-standard ways to generate new work, which are not necessarily in the best interest of the protocol.
> > In order to reduce these incentives this proposal re-assigns 2 bytes from the version field of the block header to a new extra nonce field.
> > # Copyright
> > # Specification
> > The block version number field in the block header is reduced in size from 4 to 2 bytes.
> > The third and fourth byte in the block header are assigned to the new extra nonce field inside the block header.
> > # Motivation
> > The motivation of this proposal is to provide miners with a cheap constant-complexity method to create new work that does not require altering the transaction tree.
> >
> > Furthermore, the motivation is to protect the version and timestamp fields in the block header from abuse.
> > # Rationale
> > Traditionally, the extra nonce is part of the coinbase field of the generation transaction, which is always the very first transaction of a block.
> > After incrementing the extra nonce the minimum amount of work a miner has to do to re-calculate the block header is a) to hash the coinbase transaction and b) to re-calculate the left-most branch of the merkle tree all the way to the merkle root.
> > This is necessary overhead a miner has to do besides hashing the block header itself.
> > We shall call the process that leads to a new block header from the same transaction set the _pre-hashing_.
> >
> > First it should be noted that the relative cost of pre-hashing in its traditional form depends
> > on the block size, which may create an unwanted incentive for miners
> > to keep the block size small. However, this is not the main motivation for
> > the current proposal.
> >
> > While the block header is hashed by ASICs, pre-hashing typically happens on a CPU because of the greater flexibility required.
> > Consequently, as ASIC cost per hash performance drops the relative cost of pre-hashing increases.
> >
> > This creates an incentive for miners to find cheaper ways to create new work than by means of pre-hashing.
> > An example of this currently happening is the on-device rolling of the timestamp into the future.
> > These ways of creating new work are unlikely to be in the best interest of the protocol.
> > For example, rolling the timestamp faster than the real time is unwanted (more so on faster blockchains).
> >
> > The version number in the block header is a possible target for alteration with the goal of cheaply creating new work.
> > Currently, blocks with arbitrarily large version numbers get relayed and accepted by the network.
> > As this is unwanted behaviour, there should not exist any incentive for a miner to abuse the version number in this way.
> >
> > The solution is to reduce the range of version numbers from 2^32 to 2^16 and to declare the third and forth bytes of the block header as legitimate space for an extra nonce.
> > This will reduce the incentive for a miner to abuse the shortened version number by a factor in the order of 2^16.
> >
> > As a side effect, this proposal greatly reduces the bandwidth requirements of a blind pool protocol by only submitting the block header to the miner.
> > # Backwards Compatibility
> > Old versions of the client will accept blocks of this kind but will throw an alert at the user to upgrade.
> > The only code change would be a cast of the version number to a short.
> > Besides the upgrade alert, old and new versions of the client can co-exist and there is no need to introduce a new block version number or to phase-out old block versions.
> > # Reference Implementation
> > # Final implementation
> >
>
>
--
Timo Hanke
PGP 1EFF 69BC 6FB7 8744 14DB 631D 1BB5 D6E3 AB96 7DA8
Timo Hanke [ARCHIVE] /
npub1dd…pgp9a
2023-06-07 15:20:59
in reply to nevent1q…3fvt
Author Public Key
npub1ddqaln8xsfmy6sxqplt9sz5ev99kh052sveqsh02q7hmc3a6n68shpgp9aPublished at
2023-06-07 15:20:59Event JSON
{
"id": "bc193760a9d69f05daaad09b14bde0f88f7cef407262d87dcd9b92a11be36294",
"pubkey": "6b41dfcce682764d40c00fd6580a99614b6bbe8a8332085dea07afbc47ba9e8f",
"created_at": 1686151259,
"kind": 1,
"tags": [
[
"e",
"c180c0b8a1cfbcd187473f99c2b0d2d26759761eb443c64007d4280e5d1d4031",
"",
"root"
],
[
"e",
"f2ee2a2b9fe013dc092c4d263252a64f915dd1bd02112bd55d291d5d574c3254",
"",
"reply"
],
[
"p",
"6b41dfcce682764d40c00fd6580a99614b6bbe8a8332085dea07afbc47ba9e8f"
]
],
"content": "📅 Original date posted:2014-05-04\n📝 Original message:On Sun, Apr 27, 2014 at 02:38:06AM -0700, Mark Friedenbach wrote:\n\u003e I'm not convinced of the necessity of this idea in general, but if it\n\u003e were to be implemented I would recommend serializing the nVersion field\n\u003e as a VarInt (Pieter Wuille's multi-byte serialization format) and using\n\u003e the remaining space of the 4 bytes as your extra nonce.\n\u003e \n\u003e That would allow serialization of numbers up to 0x1020407f (slightly\n\u003e over 28 bits) before the 4-byte field is exhausted. For version numbers\n\u003e less than 0x204080 there will be at least one byte of padding space left\n\u003e over for extra-nonce usage (two bytes if less than 0x4080, three bytes\n\u003e if less than 0x80). For version values up to 127, the format is exactly\n\u003e identical when the padding bytes are zero.\n\nNeat idea. It might somewhat reduce the flexibility in which the version\nfield can be used in the future, though. \n\nFor the sake of simplicity I lean towards a fixed length version field,\nbut would be ok with either. Keep in mind that version numbers can be\nrecycled after a couple of years. So there is effectively zero benefit\nin allowing varints to extend beyond 2 bytes. For that reason personally\nI think 1 byte of version number would be enough.\n\n\u003e On 04/27/2014 12:07 AM, Timo Hanke wrote:\n\u003e \u003e I'd like to put the following draft of a BIP up for discussion.\n\u003e \u003e \n\u003e \u003e Timo\n\u003e \u003e \n\u003e \u003e # Abstract\n\u003e \u003e There are incentives for miners to find cheap, non-standard ways to generate new work, which are not necessarily in the best interest of the protocol.\n\u003e \u003e In order to reduce these incentives this proposal re-assigns 2 bytes from the version field of the block header to a new extra nonce field. \n\u003e \u003e # Copyright\n\u003e \u003e # Specification\n\u003e \u003e The block version number field in the block header is reduced in size from 4 to 2 bytes. \n\u003e \u003e The third and fourth byte in the block header are assigned to the new extra nonce field inside the block header.\n\u003e \u003e # Motivation\n\u003e \u003e The motivation of this proposal is to provide miners with a cheap constant-complexity method to create new work that does not require altering the transaction tree.\n\u003e \u003e \n\u003e \u003e Furthermore, the motivation is to protect the version and timestamp fields in the block header from abuse.\n\u003e \u003e # Rationale\n\u003e \u003e Traditionally, the extra nonce is part of the coinbase field of the generation transaction, which is always the very first transaction of a block.\n\u003e \u003e After incrementing the extra nonce the minimum amount of work a miner has to do to re-calculate the block header is a) to hash the coinbase transaction and b) to re-calculate the left-most branch of the merkle tree all the way to the merkle root.\n\u003e \u003e This is necessary overhead a miner has to do besides hashing the block header itself.\n\u003e \u003e We shall call the process that leads to a new block header from the same transaction set the _pre-hashing_.\n\u003e \u003e \n\u003e \u003e First it should be noted that the relative cost of pre-hashing in its traditional form depends\n\u003e \u003e on the block size, which may create an unwanted incentive for miners\n\u003e \u003e to keep the block size small. However, this is not the main motivation for\n\u003e \u003e the current proposal.\n\u003e \u003e \n\u003e \u003e While the block header is hashed by ASICs, pre-hashing typically happens on a CPU because of the greater flexibility required.\n\u003e \u003e Consequently, as ASIC cost per hash performance drops the relative cost of pre-hashing increases.\n\u003e \u003e \n\u003e \u003e This creates an incentive for miners to find cheaper ways to create new work than by means of pre-hashing.\n\u003e \u003e An example of this currently happening is the on-device rolling of the timestamp into the future.\n\u003e \u003e These ways of creating new work are unlikely to be in the best interest of the protocol.\n\u003e \u003e For example, rolling the timestamp faster than the real time is unwanted (more so on faster blockchains).\n\u003e \u003e \n\u003e \u003e The version number in the block header is a possible target for alteration with the goal of cheaply creating new work.\n\u003e \u003e Currently, blocks with arbitrarily large version numbers get relayed and accepted by the network.\n\u003e \u003e As this is unwanted behaviour, there should not exist any incentive for a miner to abuse the version number in this way. \n\u003e \u003e \n\u003e \u003e The solution is to reduce the range of version numbers from 2^32 to 2^16 and to declare the third and forth bytes of the block header as legitimate space for an extra nonce.\n\u003e \u003e This will reduce the incentive for a miner to abuse the shortened version number by a factor in the order of 2^16. \n\u003e \u003e \n\u003e \u003e As a side effect, this proposal greatly reduces the bandwidth requirements of a blind pool protocol by only submitting the block header to the miner.\n\u003e \u003e # Backwards Compatibility\n\u003e \u003e Old versions of the client will accept blocks of this kind but will throw an alert at the user to upgrade.\n\u003e \u003e The only code change would be a cast of the version number to a short.\n\u003e \u003e Besides the upgrade alert, old and new versions of the client can co-exist and there is no need to introduce a new block version number or to phase-out old block versions.\n\u003e \u003e # Reference Implementation\n\u003e \u003e # Final implementation\n\u003e \u003e \n\u003e \n\u003e \n\n-- \nTimo Hanke\nPGP 1EFF 69BC 6FB7 8744 14DB 631D 1BB5 D6E3 AB96 7DA8",
"sig": "0d9d28699f09ca3dd64194004e906c9a8d66f66983375bf40880c73512206ed01ffa12dd65918670730709e14b3dc7d1cc541771d39c4ae2e420ff6d2ab0ae33"
}