📅 Original date posted:2015-07-23
📝 Original message:Quoting Tier Nolan via bitcoin-dev <bitcoin-dev at lists.linuxfoundation.org>:
> On Thu, Jul 23, 2015 at 5:23 PM, jl2012 via bitcoin-dev <
> bitcoin-dev at lists.linuxfoundation.org> wrote:
>
>> 2) Full nodes and SPV nodes following original consensus rules may not be
>> aware of the deployment of a hardfork. They may stick to an
>> economic-minority fork and unknowingly accept devalued legacy tokens.
>>
>
> This change means that they are kicked off the main chain immediately when
> the fork activates.
>
> The change is itself a hard fork. Clients have be updated to get the
> benefits.
I refrain from calling it the "main chain". I use "original chain" and
"new chain" instead as I make no assumption about the distribution of
mining power. This BIP still works when we have a 50/50 hardfork. The
main point is to protect all users on both chains, and allow them to
make an informed choice.
> 3) In the case which the original consensus rules are also valid under the
>> new consensus rules, users following the new chain may unexpectedly reorg
>> back to the original chain if it grows faster than the new one. People may
>> find their confirmed transactions becoming unconfirmed and lose money.
>>
>
> I don't understand the situation here. Is the assumption of a group of
> miners suddenly switching (for example, they realise that they didn't
> intend to support the new rules)?
>
Again, as I make no assumption about the mining power distribution,
the new chain may actually have less miner support. Without any
protection (AFAIK, for example, BIP100, 101, 102), the weaker new
chain will get 51%-attacked by the original chain constantly.
>>
>> Flag block is constructed in a way that nodes with the original consensus
>> rules must reject. On the other hand, nodes with the new consensus rules
>> must reject a block if it is not a flag block while it is supposed to be.
>> To achieve these goals, the flag block must 1) have the hardfork bit
>> setting to 1, 2) include a short predetermined unique description of the
>> hardfork anywhere in its coinbase, and 3) follow any other rules required
>> by the hardfork. If these conditions are not fully satisfied, upgraded
>> nodes shall reject the block.
>>
>
> Ok, so set the bit and then include BIP-GIT-HASH of the canonical BIP on
> github in the coinbase?
I guess the git hash is not known until the code is written? (correct
me if I'm wrong) As the coinbase message is consensus-critical, it
must be part of the source code and therefore you can't use any kind
of hash of the code itself (a chicken-and-egg problem)
> Since it is a hard fork, the version field could be completely
> re-purposed. Set the bit and add the BIP number as the lower bits in the
> version field. This lets SPV clients check if they know about the hard
> fork.
This may not be compatible with the other version bits voting mechanisms.
> There network protocol could be updated to add getdata support for asking
> for a coinbase only merkleblock. This would allow SPV clients to obtain
> the coinbase.
Yes
> Automatic warning system: When a flag block is found on the network, full
>> nodes and SPV nodes should look into its coinbase. They should alert their
>> users and/or stop accepting incoming transactions if it is an unknown
>> hardfork. It should be noted that the warning system could become a DoS
>> vector if the attacker is willing to give up the block reward. Therefore,
>> the warning may be issued only if a few blocks are built on top of the flag
>> block in a reasonable time frame. This will in turn increase the risk in
>> case of a real planned hardfork so it is up to the wallet programmers to
>> decide the optimal strategy. Human warning system (e.g. the emergency alert
>> system in Bitcoin Core) could fill the gap.
>>
>
> If the rule was that hard forks only take effect 100 blocks after the flag
> block, then this problem is eliminated.
>
> Emergency hard forks may still have to take effect immediately though, so
> it would have to be a custom not a rule.
The flag block itself is a hardfork already and old miners will not
mine on top of the flag block. So your suggestion won't be helpful in
this situation.
To make it really meaningful, we need to consume one more bit of the
'version' field ("notice bit"). Supporting miners will turn on the
notice bit, and include a message in coinbase ("notice block"). When a
full node/SPV node find many notice blocks with the same coinbase
message, they could bet that the subsequent flag block is a legit one.
However, an attacker may still troll you by injecting an invalid flag
block after many legit notice blocks. So I'm not sure if it is worth
the added complexity.
jl2012 at xbt.hk [ARCHIVE] /
npub1kc…wjfw4
2023-06-07 15:43:30
in reply to nevent1q…t2af
Author Public Key
npub1kc0zulxt7j4a0ayhzhrz7jk84y7tm4026qcky7w97hlfkxxap24qnwjfw4Published at
2023-06-07 15:43:30Event JSON
{
"id": "b812bdda3e600d3b64126b772de6f6e3a1716370dd4e90fe7b5bd9a0ecbe1237",
"pubkey": "b61e2e7ccbf4abd7f49715c62f4ac7a93cbdd5ead0316279c5f5fe9b18dd0aaa",
"created_at": 1686152610,
"kind": 1,
"tags": [
[
"e",
"becc4a6062400ee01fcf5ffaa86645c2075273e7d545dfd7e54ccbc1644155d4",
"",
"root"
],
[
"e",
"f38a21ca4e414cf83d79d434746fa78dadde9259e272a5f47c40a39925830508",
"",
"reply"
],
[
"p",
"46986f86b97cc97829a031b03209644d134b939d0163375467f0b1363e0d875e"
]
],
"content": "📅 Original date posted:2015-07-23\n📝 Original message:Quoting Tier Nolan via bitcoin-dev \u003cbitcoin-dev at lists.linuxfoundation.org\u003e:\n\n\u003e On Thu, Jul 23, 2015 at 5:23 PM, jl2012 via bitcoin-dev \u003c\n\u003e bitcoin-dev at lists.linuxfoundation.org\u003e wrote:\n\u003e\n\u003e\u003e 2) Full nodes and SPV nodes following original consensus rules may not be\n\u003e\u003e aware of the deployment of a hardfork. They may stick to an\n\u003e\u003e economic-minority fork and unknowingly accept devalued legacy tokens.\n\u003e\u003e\n\u003e\n\u003e This change means that they are kicked off the main chain immediately when\n\u003e the fork activates.\n\u003e\n\u003e The change is itself a hard fork. Clients have be updated to get the\n\u003e benefits.\n\nI refrain from calling it the \"main chain\". I use \"original chain\" and \n\"new chain\" instead as I make no assumption about the distribution of \nmining power. This BIP still works when we have a 50/50 hardfork. The \nmain point is to protect all users on both chains, and allow them to \nmake an informed choice.\n\n\n\u003e 3) In the case which the original consensus rules are also valid under the\n\u003e\u003e new consensus rules, users following the new chain may unexpectedly reorg\n\u003e\u003e back to the original chain if it grows faster than the new one. People may\n\u003e\u003e find their confirmed transactions becoming unconfirmed and lose money.\n\u003e\u003e\n\u003e\n\u003e I don't understand the situation here. Is the assumption of a group of\n\u003e miners suddenly switching (for example, they realise that they didn't\n\u003e intend to support the new rules)?\n\u003e\n\nAgain, as I make no assumption about the mining power distribution, \nthe new chain may actually have less miner support. Without any \nprotection (AFAIK, for example, BIP100, 101, 102), the weaker new \nchain will get 51%-attacked by the original chain constantly.\n\n\n\u003e\u003e\n\u003e\u003e Flag block is constructed in a way that nodes with the original consensus\n\u003e\u003e rules must reject. On the other hand, nodes with the new consensus rules\n\u003e\u003e must reject a block if it is not a flag block while it is supposed to be.\n\u003e\u003e To achieve these goals, the flag block must 1) have the hardfork bit\n\u003e\u003e setting to 1, 2) include a short predetermined unique description of the\n\u003e\u003e hardfork anywhere in its coinbase, and 3) follow any other rules required\n\u003e\u003e by the hardfork. If these conditions are not fully satisfied, upgraded\n\u003e\u003e nodes shall reject the block.\n\u003e\u003e\n\u003e\n\u003e Ok, so set the bit and then include BIP-GIT-HASH of the canonical BIP on\n\u003e github in the coinbase?\n\nI guess the git hash is not known until the code is written? (correct \nme if I'm wrong) As the coinbase message is consensus-critical, it \nmust be part of the source code and therefore you can't use any kind \nof hash of the code itself (a chicken-and-egg problem)\n\n\u003e Since it is a hard fork, the version field could be completely\n\u003e re-purposed. Set the bit and add the BIP number as the lower bits in the\n\u003e version field. This lets SPV clients check if they know about the hard\n\u003e fork.\n\nThis may not be compatible with the other version bits voting mechanisms.\n\n\u003e There network protocol could be updated to add getdata support for asking\n\u003e for a coinbase only merkleblock. This would allow SPV clients to obtain\n\u003e the coinbase.\n\nYes\n\n\n\u003e Automatic warning system: When a flag block is found on the network, full\n\u003e\u003e nodes and SPV nodes should look into its coinbase. They should alert their\n\u003e\u003e users and/or stop accepting incoming transactions if it is an unknown\n\u003e\u003e hardfork. It should be noted that the warning system could become a DoS\n\u003e\u003e vector if the attacker is willing to give up the block reward. Therefore,\n\u003e\u003e the warning may be issued only if a few blocks are built on top of the flag\n\u003e\u003e block in a reasonable time frame. This will in turn increase the risk in\n\u003e\u003e case of a real planned hardfork so it is up to the wallet programmers to\n\u003e\u003e decide the optimal strategy. Human warning system (e.g. the emergency alert\n\u003e\u003e system in Bitcoin Core) could fill the gap.\n\u003e\u003e\n\u003e\n\u003e If the rule was that hard forks only take effect 100 blocks after the flag\n\u003e block, then this problem is eliminated.\n\u003e\n\u003e Emergency hard forks may still have to take effect immediately though, so\n\u003e it would have to be a custom not a rule.\n\nThe flag block itself is a hardfork already and old miners will not \nmine on top of the flag block. So your suggestion won't be helpful in \nthis situation.\n\nTo make it really meaningful, we need to consume one more bit of the \n'version' field (\"notice bit\"). Supporting miners will turn on the \nnotice bit, and include a message in coinbase (\"notice block\"). When a \nfull node/SPV node find many notice blocks with the same coinbase \nmessage, they could bet that the subsequent flag block is a legit one. \nHowever, an attacker may still troll you by injecting an invalid flag \nblock after many legit notice blocks. So I'm not sure if it is worth \nthe added complexity.",
"sig": "11eee749171244c379ef5cfad9eed8263f303666cc49cb816c27407dfc48ccf838b70725b0eadb84a085fa37d3ff42fed8404fcf22d91c627d19da8788bf806a"
}