public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
From: Luke Dashjr <luke@dashjr.org>
To: Cory Fields <lists@coryfields.com>
Cc: Bitcoin Dev <bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] SegWit GBT updates
Date: Tue, 2 Feb 2016 02:30:55 +0000	[thread overview]
Message-ID: <201602020230.56760.luke@dashjr.org> (raw)
In-Reply-To: <CAApLimiefAkDaDShfq4b6T-6heqYyB5dqZDh58+Stwf7VqDWkg@mail.gmail.com>

On Tuesday, February 02, 2016 1:40:49 AM Cory Fields wrote:
> On Mon, Feb 1, 2016 at 6:08 PM, Luke Dashjr <luke@dashjr.org> wrote:
> > On Monday, February 01, 2016 9:43:33 PM Cory Fields wrote:
> >> On Mon, Feb 1, 2016 at 2:46 PM, Luke Dashjr <luke@dashjr.org> wrote:
> >> > Allowing for simpler cases both encourages the lazy case, and enables
> >> > pools to require miners use it. It also complicates the server-side
> >> > implementation somewhat, and could in some cases make it more
> >> > vulnerable to DoS attacks. Keep in mind that GBT is not merely a
> >> > bitcoind protocol, but is used between pool<->miner as well... For
> >> > now, it makes sense to leave
> >> > "default_witness_commitment" as a bitcoind-specific extension to
> >> > encourage adoption, but it seems better to leave it out of the
> >> > standard protocol. Let me know if this makes sense or if I'm
> >> > overlooking something.
> >> 
> >> I think that's a bit of a loaded answer. What's to keep a pool from
> >> building its own commitment and requiring miners to use that? I don't
> >> see how providing the known-working commitment for the
> >> passed-in-hashes allows the pool/miner to do anything they couldn't
> >> already, with the exception of skipping some complexity. Please don't
> >> confuse encouraging with enabling.
> > 
> > Making it simpler to do a centralised implementation than a decentralised
> > one, is both enabling and encouraging. GBT has always been designed to
> > make it difficult to do in a centralised manner.
> 
> But your suggestion is "use libblkmaker" which will build the trees
> for me. By that logic, isn't libblkmaker making a centralized
> implementation easier? Shouldn't that usage be discouraged as well?

libblkmaker is miner-side; right now it implies the miner using the templates 
as-is (perhaps after verifying the transactions meet some criteria), but it is 
the miner who is making that decision, not the pool.

> And along those lines, shouldn't the fact that it's used as a pool <->
> miner protocol be discouraged rather than touted as a feature?

???

> >> What's the DoS vector here?
> > 
> > It's more work for the pool to provide it, similar to the "midstate"
> > field was with getwork. Someone performing a DoS needs to do less work
> > to force the pool to do complex calculations (unless the same
> > transaction tree / commitment is used for all miners, which would be an
> > unfortunate limitation).
> 
> It's being provided to them. And if they're using a modified set of
> tx's, they'll need to re-calculate it in order to verify the result
> anyway. I suspect I'm not understanding this argument.

The DoS is against the pool, not the miner. You'd attack by pretending to be 
100000 new miners per second, and the pool then needs to calculate a witness 
commitment for each one. It's a lot cheaper to just serialise and send the 
transaction list.

> >> >> The issue in particular here is that a non-trivial burden is thrust
> >> >> upon mining software, increasing the odds of bugs in the process.
> >> > 
> >> > It can always use libblkmaker to handle the "heavy lifting"... In any
> >> > case, the calculation for the commitment isn't significantly more than
> >> > what it must already do for the stripped merkle tree.
> >> 
> >> Agreed. However for the sake of initial adoption, it's much easier to
> >> have a known-correct value to use. Even if it's just for the sake of
> >> checking against.
> > 
> > Sure, I'm not suggesting we remove this from bitcoind (probably the only
> > place that makes initial adoption easier).
> 
> How about exposing it as a feature/capability, then? That way pools
> can expect it from bitcoind, but won't be required to expose it
> downstream.

Implementation-specific things aren't standards. And besides, they really 
*shouldn't* expect it from bitcoind; it's simply a reasonable compromise to 
provide it encourage adoption of SegWit. Once SegWit is live, there is no more 
value to doing so.

Luke


      reply	other threads:[~2016-02-02  2:31 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-01-30 18:50 [bitcoin-dev] SegWit GBT updates Luke Dashjr
2016-02-01 18:41 ` Cory Fields
2016-02-01 19:46   ` Luke Dashjr
2016-02-01 21:43     ` Cory Fields
2016-02-01 23:08       ` Luke Dashjr
2016-02-02  1:40         ` Cory Fields
2016-02-02  2:30           ` Luke Dashjr [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=201602020230.56760.luke@dashjr.org \
    --to=luke@dashjr.org \
    --cc=bitcoin-dev@lists.linuxfoundation.org \
    --cc=lists@coryfields.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox