public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
From: Eric Voskuil <eric@voskuil.org>
To: Devrandom <c1.bitcoin@niftybox.net>
Cc: Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] Introducing a POW through a soft-fork
Date: Sat, 11 Nov 2017 11:51:04 -0800	[thread overview]
Message-ID: <795D69CA-1591-4B69-96EE-BAF14CAAD71B@voskuil.org> (raw)
In-Reply-To: <CAB0O3SX-m1Uw8Ga-ddzyU6oYdM2QRXn2OetgPmPBT+-5wGmjKQ@mail.gmail.com>

[-- Attachment #1: Type: text/plain, Size: 6349 bytes --]


> On Nov 6, 2017, at 20:38, Devrandom <c1.bitcoin@niftybox.net> wrote:
> 
> A hard-fork is a situation where non-upgraded nodes reject a block mined and relayed by upgraded nodes.

As Peter pointed out, that is the case here.

> This creates a fork that cannot heal regardless of what follows.

That is not a condition of the hard fork concept.

https://github.com/bitcoin/bips/blob/master/bip-0099.mediawiki
Softfork
A consensus fork wherein everything that was previously invalid remains invalid while blocks that would have previously considered valid become invalid. A hashrate majority of miners can impose the new rules. They have some deployment advantages like backward compatibility.
Hardfork
A consensus fork that makes previously invalid blocks valid. Hardforks require all users to upgrade.

The essential element of a hard fork is that the new rule may cause rejection of blocks that are not rejected by old rules (thereby requiring that all users adopt the new rule in order to avoid a split). The reason a hard fork is interesting is that it can create a chain split even if it is enforced by majority hash power.

That is not the case with a soft fork and it is not the case here. A split can occur. The fact that it is possible for the split to also eventually orphan the old nodes does not make it a soft fork. A soft fork requires that a hash power majority can impose the rule. However, under the proposed new rule the hash power majority (according to the new rule) cannot impose the rule on existing nodes.

> This proposal is not a hard-fork, because the non-upgraded node *will heal* if the attack has less than 1/2 of the original-POW power in the long term.

Nothing about this proposal implies an attack. From the Motivation section:

Mitigate centralization pressures by introducing a POW that does not have economies of scale
Introduce an intermediary confirmation point, reducing the impact of mining power fluctuations

> The cost of such an attack is the cost of a normal "51%" attack, multiplied by the fractional weight of the original POW (e.g. 0.75 or 0.5).
> 
> So rather than saying this is a hard-fork, I would say that this is a soft-fork with reduced security for non-upgraded nodes.

Presumably this preference exists because it implies the new rule would not cause a chain split, making it more acceptable to a risk-averse economy. This is precisely why it should be described correctly.

> I would also say that the reduction in security is proportional to the reduction in weight of the original POW at the time of attack.
> 
> As mentioned before, the original-POW weight starts at 1.0 and is reduced over a long period of time.  I would set up the transition curve so that all nodes upgrade by the time the weight is, say, 0.75.  In reality, nodes protecting high economic value would upgrade early.

In reality you have no way to know if/when people would adopt this rule. What matters in the proposal is that people who do adopt it are well aware of its ability to split them from the existing economy.

e

>> On Mon, Nov 6, 2017 at 3:55 PM Eric Voskuil via bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org> wrote:
>> If a block that would be discarded under previous rules becomes accepted after a rule addition, there is no reason to not simply call the new rule a hard fork. IOW it's perfectly rational to consider a weaker block as "invalid" relative to the strong chain. As such I don't see any reason to qualify the term, it's a hard fork. But Peter's observation (the specific behavior) is ultimately what matters.
>> 
>> e
>> 
>>> On Nov 6, 2017, at 12:30, Paul Sztorc via bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org> wrote:
>>> 
>>> +1 to all of Peter Todd's comments
>>> 
>>>> On Nov 6, 2017 11:50 AM, "Peter Todd via bitcoin-dev" <bitcoin-dev@lists.linuxfoundation.org> wrote:
>>>> On Wed, Nov 01, 2017 at 05:48:27AM +0000, Devrandom via bitcoin-dev wrote:
>>>> 
>>>> Some quick thoughts...
>>>> 
>>>> > Hi all,
>>>> >
>>>> > Feedback is welcome on the draft below.  In particular, I want to see if
>>>> > there is interest in further development of the idea and also interested in
>>>> > any attack vectors or undesirable dynamics.
>>>> >
>>>> > (Formatted version available here:
>>>> > https://github.com/devrandom/btc-papers/blob/master/aux-pow.md )
>>>> >
>>>> > # Soft-fork Introduction of a New POW
>>>> 
>>>> First of all, I don't think you can really call this a soft-fork; I'd call it a
>>>> "pseudo-soft-fork"
>>>> 
>>>> My reasoning being that after implementation, a chain with less total work than
>>>> the main chain - but more total SHA256^2 work than the main chain - might be
>>>> followed by non-supporting clients. It's got some properties of a soft-fork,
>>>> but it's security model is definitely different.
>>>> 
>>>> > ### Aux POW intermediate block
>>>> >
>>>> > Auxiliary POW blocks are introduced between normal blocks - i.e. the chain
>>>> > alternates between the two POWs.
>>>> > Each aux-POW block points to the previous normal block and contains
>>>> > transactions just like a normal block.
>>>> > Each normal block points to the previous aux-POW block and must contain all
>>>> > transactions from the aux-POW block.
>>>> 
>>>> Note how you're basically proposing for the block interval to be decreased,
>>>> which has security implications due to increased orphan rates.
>>>> 
>>>> > ### Heaviest chain rule change
>>>> >
>>>> > This is a semi-hard change, because non-upgraded nodes can get on the wrong
>>>> > chain in case of attack.  However,
>>>> 
>>>> Exactly! Not really a soft-fork.
>>>> 
>>>> --
>>>> https://petertodd.org 'peter'[:-1]@petertodd.org
>>>> 
>>>> _______________________________________________
>>>> bitcoin-dev mailing list
>>>> bitcoin-dev@lists.linuxfoundation.org
>>>> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>>> _______________________________________________
>>> bitcoin-dev mailing list
>>> bitcoin-dev@lists.linuxfoundation.org
>>> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>> _______________________________________________
>> bitcoin-dev mailing list
>> bitcoin-dev@lists.linuxfoundation.org
>> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev

[-- Attachment #2: Type: text/html, Size: 10479 bytes --]

  reply	other threads:[~2017-11-11 19:51 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-11-01  5:48 [bitcoin-dev] Introducing a POW through a soft-fork Devrandom
2017-11-02 23:55 ` Tao Effect
2017-11-03  1:02   ` Devrandom
2017-11-06 19:50 ` Peter Todd
2017-11-06 20:30   ` Paul Sztorc
2017-11-06 20:55     ` Eric Voskuil
2017-11-07  4:38       ` Devrandom
2017-11-11 19:51         ` Eric Voskuil [this message]
2017-11-06 22:39   ` Devrandom
2017-11-06 23:38     ` Devrandom

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=795D69CA-1591-4B69-96EE-BAF14CAAD71B@voskuil.org \
    --to=eric@voskuil.org \
    --cc=bitcoin-dev@lists.linuxfoundation.org \
    --cc=c1.bitcoin@niftybox.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox