public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
From: Rusty Russell <rusty@rustcorp.com.au>
To: Russell O'Connor <roconnor@blockstream.io>,
	Pieter Wuille <pieter.wuille@gmail.com>
Cc: Bitcoin Dev <bitcoin-dev@lists.linuxfoundation.org>,
	Russell O'Connor <roconnor@blockstream.com>,
	Kalle Alm <kalle.alm@gmail.com>
Subject: Re: [bitcoin-dev] BIP 117 Feedback
Date: Tue, 16 Jan 2018 11:36:14 +1030	[thread overview]
Message-ID: <87zi5ehat5.fsf@rustcorp.com.au> (raw)
In-Reply-To: <CAMZUoKn4noCEQR6eqf9hiZSMdk-3b8UHR1NrEFrKNoLSMzVjGQ@mail.gmail.com>

"Russell O'Connor" <roconnor@blockstream.io> writes:
> However, if I understand correctly, the situation for BIP 117 is entirely
> different.  As far as I understand there is currently no restrictions about
> terminating a v0 witness program with a non-empty alt-stack, and there are
> no restrictions on leaving non-canonical boolean values on the main stack.

BIP-141: "The script must not fail, and result in exactly a single TRUE
on the stack."  And it has long been non-standard for P2SH scripts to
not do the same (don't know exactly when).

> There could already be commitments to V0 witness programs that, when
> executed in some reasonable context, leave a non-empty alt-stack and/or
> leave a non-canonical true value on the main stack.  Unlike the P2SH or
> Segwit soft-forks, these existing commitments could be real outputs that
> currently confer non-trivial ownership over their associated funds.  If BIP
> 117 were activated, these commitments would be subject to a new set of
> rules that didn't exist when the commitments were made.  In particular,
> these funds could be rendered unspendable.  Because segwit commitments are
> hashes of segwit programs, there is no way to even analyze the blockchain
> to determine if these commitments currently exist (and even if we could it
> probably woudln't be adequate protection).

The rule AFAICT is "standard transactions must still work".  This was
violated with low-S, but the transformation was arguably trivial.  

OTOH, use of altstack is completely standard, though in practice it's
unused and so only a theoretical concern.

My concern remains unanswered: I want hard numbers on the worst-case
time taken by sigops with the limit removed.  It's about 120 usec per
sigop (from [1]), so how bad could it be?  I think Russell had an
estimate like 1 in 3 ops, so 160 seconds to validate a block?

Thanks,
Rusty.
[1] https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-December/015346.html


  reply	other threads:[~2018-01-16  2:27 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-01-09 11:22 [bitcoin-dev] BIP 117 Feedback Rusty Russell
2018-01-09 12:40 ` Mark Friedenbach
2018-01-09 14:21   ` Pieter Wuille
2018-01-09 22:57     ` Mark Friedenbach
2018-01-12 10:48     ` Russell O'Connor
2018-01-16  1:06       ` Rusty Russell [this message]
2018-01-16  3:27         ` Gregory Maxwell
2018-01-16  4:15         ` Luke Dashjr
2018-01-16  8:39           ` Russell O'Connor
2018-03-05 15:28 ` Johnson Lau

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87zi5ehat5.fsf@rustcorp.com.au \
    --to=rusty@rustcorp.com.au \
    --cc=bitcoin-dev@lists.linuxfoundation.org \
    --cc=kalle.alm@gmail.com \
    --cc=pieter.wuille@gmail.com \
    --cc=roconnor@blockstream.com \
    --cc=roconnor@blockstream.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox