From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id CD122D56 for ; Fri, 5 Feb 2016 18:41:00 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from s47.web-hosting.com (s47.web-hosting.com [199.188.200.16]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 6741F17D for ; Fri, 5 Feb 2016 18:40:58 +0000 (UTC) Received: from [::1] (port=33569 helo=server47.web-hosting.com) by server47.web-hosting.com with esmtpa (Exim 4.86) (envelope-from ) id 1aRlJR-0025Lk-9L for bitcoin-dev@lists.linuxfoundation.org; Fri, 05 Feb 2016 13:40:57 -0500 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="=_ce64c5bf1024ca3af083e9d210b0fbc9" Date: Fri, 05 Feb 2016 13:40:57 -0500 From: jl2012 To: bitcoin-dev@lists.linuxfoundation.org Message-ID: <5e8eb817e242e59260703a4d1505252f@xbt.hk> X-Sender: jl2012@xbt.hk User-Agent: Roundcube Webmail/1.0.6 X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - server47.web-hosting.com X-AntiAbuse: Original Domain - lists.linuxfoundation.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - xbt.hk X-Get-Message-Sender-Via: server47.web-hosting.com: authenticated_id: jl2012@xbt.hk X-Authenticated-Sender: server47.web-hosting.com: jl2012@xbt.hk X-Source: X-Source-Args: X-Source-Dir: X-From-Rewrite: unmodified, already matched X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,HTML_MESSAGE, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Subject: [bitcoin-dev] BIP draft: Hard fork opt-in mechanism for SPV nodes X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Development Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Feb 2016 18:41:00 -0000 --=_ce64c5bf1024ca3af083e9d210b0fbc9 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII BIP draft: Hard fork opt-in mechanism for SPV nodes: https://github.com/bitcoin/bips/pull/320 This is a supplement, instead of a replacement, of the hardfork bit BIP: https://github.com/bitcoin/bips/pull/317 They solves different problems: The hardfork bit tells full and SPV that a planned hardfork (instead of a softfork) has happened. This BIP makes sure SPV nodes won't lose any money in a hardfork, even if they do not check the hardfork bit. --------------------- BIP: ? Title: Hard fork opt-in mechanism for SPV nodes Author: Johnson Lau Status: Draft Type: Standard Track Created: 2016-02-05 ABSTRACT This document specifies a new algorithm for the transaction commitment in block header, to ensure that SPV nodes will not automatically follow a planned hard fork without explicit opt-in consent. [1]MOTIVATION A hard fork in Bitcoin is a consensus rule change where previously invalid blocks become valid. For the operators of fully validating nodes, migration to the new fork requires conscious actions. However, this may not be true for SPV node, as many consensus rules are transparent to them. SPV nodes may follow the chain with most proof-of-work, even if the operators do not agree with the economical or ideological properties of the chain. By specifying a new algorithm for the transaction commitment in block header, migration to the new fork requires explicit opt-in consent for SPV nodes. It is expected that this proposal will be implemented with other backward-incompatible consensus rule changes at the same time. [2]SPECIFICATION The calculation of Merkle root remains unchanged. Instead of directly committing the Merkle root to the header, we commit Double-SHA256(zero|merkle_root|zero) where zero is 0x0000....0000 with 32 bytes. [3]RATIONALE Since the header structure is not changed, non-upgraded SPV nodes will still be able to verify the proof-of-work of the new chain, and they will follow the new chain if it has most proof-of-work. However, they will not be able to the accept any incoming transactions on the new chain since they cannot verify them with the new commitment format. At the same time, SPV nodes will not accept any new transactions on the old chain, as they find it has less proof-of-work. Effectively, SPV nodes stop accepting any transactions, until their operators take further actions. Zero-padding is applied before and after the merkle_root, so it is not possible to circumvent the rule change with any current implementations, even for faulty ones. A future hard fork should change the padding value to stop non-upgraded SPV nodes from processing new transactions. Hard forks may sometimes be totally uncontroversial and make barely noticeable change (BIP50 [4], for example). In such cases, changing the padding value may not be needed as it may cause unnecessary disruption. The risk and benefit should be evaluated case-by-case. [5]COMPATIBILITY As a mechanism to indicate hard fork deployment, this BIP breaks backward compatibility intentionally. However, without further changes in the block header format, non-upgraded full nodes and SPV nodes could still verify the proof-of-work of upgraded blocks. INTERACTION WITH FRAUD PROOF SYSTEM A fraud proof system is full nodes that will generate compact proofs to testify invalid blocks on the blockchain, verifiable by SPV nodes. Hard forks without any malicious intention may also be considered as a "fraud" among non-upgraded nodes. This may not be desirable, as the SPV node may accept devalued tokens on the old chain with less proof-of-work. With this BIP, non-upgraded SPV nodes will always believe the new chain is valid (since they cannot verify any fraud proof), while cannot be defrauded as they will not see any incoming transactions. [6]COPYRIGHT This document is placed in the public domain. Links: ------ [1] https://github.com/jl2012/bips/blob/merkleroot/spvoptinhf.mediawiki#motivation [2] https://github.com/jl2012/bips/blob/merkleroot/spvoptinhf.mediawiki#specification [3] https://github.com/jl2012/bips/blob/merkleroot/spvoptinhf.mediawiki#rationale [4] https://github.com/jl2012/bips/blob/merkleroot/bip-0050.mediawiki [5] https://github.com/jl2012/bips/blob/merkleroot/spvoptinhf.mediawiki#compatibility [6] https://github.com/jl2012/bips/blob/merkleroot/spvoptinhf.mediawiki#copyright --=_ce64c5bf1024ca3af083e9d210b0fbc9 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=UTF-8 
BIP draft: Hard fork opt-in mechanism for SPV nodes: https://github.co=
m/bitcoin/bips/pull/320

This is a supplement, instead of a replacement, of the hardfork bit BIP: ht=
tps://github.com/bitcoin/bips/pull/317

They solves different problems:

The hardfork bit tells full and =
SPV that a planned hardfork (instead of a softfork) has happened.

This BIP makes sure SPV nodes won't lose any money in a hardfork, even if=
 they do not check the hardfork bit.

---------------------
BIP: ?
Title: Hard fork opt-in mechanism for SPV nodes
Author: Johnson Lau <jl2012@xbt.hk>
Status: Draft
Type: Standard Track
Created: 2016-02-05

  

Abstract

This document specifies a new algorithm for the transaction commitment i= n block header, to ensure that SPV nodes will not automatically follow a pl= anned hard fork without explicit opt-in consent.

Motivation

A hard fork in Bitcoin is a consensus rule change where previously inval= id blocks become valid. For the operators of fully validating nodes, migrat= ion to the new fork requires conscious actions. However, this may not be tr= ue for SPV node, as many consensus rules are transparent to them. SPV nodes= may follow the chain with most proof-of-work, even if the operators do not= agree with the economical or ideological properties of the chain.

By specifying a new algorithm for the transaction commitment in block he= ader, migration to the new fork requires explicit opt-in consent for SPV no= des. It is expected that this proposal will be implemented with other backw= ard-incompatible consensus rule changes at the same time.

<= /a>Specification

The calculation of Merkle root remains unchanged. Instead of directly co= mmitting the Merkle root to the header, we commit

 

  Double-SHA256(zero|merkle_root|zero)

 

where zero is 0x0000....0000&nb= sp;with 32 bytes.

Rationale

Since the header structure is not changed, non-upgraded SPV nodes will s= till be able to verify the proof-of-work of the new chain, and they will fo= llow the new chain if it has most proof-of-work. However, they will not be = able to the accept any incoming transactions on the new chain since they ca= nnot verify them with the new commitment format. At the same time, SPV node= s will not accept any new transactions on the old chain, as they find it ha= s less proof-of-work. Effectively, SPV nodes stop accepting any transaction= s, until their operators take further actions.

Zero-padding is applied before and after the merkle_root, so it is not possible to circumvent the rule change with any current im= plementations, even for faulty ones.

A future hard fork should change the padding value to stop non-upgraded = SPV nodes from processing new transactions.

Hard forks may sometimes be totally uncontroversial and make barely noti= ceable change (BIP50, for example). In such cases, changing the padd= ing value may not be needed as it may cause unnecessary disruption. The ris= k and benefit should be evaluated case-by-case.

<= /a>Compatibility

As a mechanism to indicate hard fork deployment, this BIP breaks backwar= d compatibility intentionally. However, without further changes in the bloc= k header format, non-upgraded full nodes and SPV nodes could still verify t= he proof-of-work of upgraded blocks.

Interaction with fraud proof system A fraud proof = system is full nodes that will generate compact proofs to testify invalid b= locks on the blockchain, verifiable by SPV nodes. Hard forks without any ma= licious intention may also be considered as a “fraud” among non= -upgraded nodes. This may not be desirable, as the SPV node may accept deva= lued tokens on the old chain with less proof-of-work. With this BIP, non-up= graded SPV nodes will always believe the new chain is valid (since they can= not verify any fraud proof), while cannot be defrauded as they will not see= any incoming transactions.

Copyright

This document is placed in the public domain.

--=_ce64c5bf1024ca3af083e9d210b0fbc9--