From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp4.osuosl.org (smtp4.osuosl.org [IPv6:2605:bc80:3010::137]) by lists.linuxfoundation.org (Postfix) with ESMTP id E1890C000B for ; Fri, 11 Mar 2022 14:03:28 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id CCB58402E0 for ; Fri, 11 Mar 2022 14:03:28 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org X-Spam-Flag: NO X-Spam-Score: -1.897 X-Spam-Level: X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no Authentication-Results: smtp4.osuosl.org (amavisd-new); dkim=pass (2048-bit key) header.d=jtimon-cc.20210112.gappssmtp.com Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GDRXRyXSSnOe for ; Fri, 11 Mar 2022 14:03:27 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.8.0 Received: from mail-yb1-xb2e.google.com (mail-yb1-xb2e.google.com [IPv6:2607:f8b0:4864:20::b2e]) by smtp4.osuosl.org (Postfix) with ESMTPS id 7452B402A7 for ; Fri, 11 Mar 2022 14:03:27 +0000 (UTC) Received: by mail-yb1-xb2e.google.com with SMTP id u3so17267800ybh.5 for ; Fri, 11 Mar 2022 06:03:27 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jtimon-cc.20210112.gappssmtp.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=3BgZ8IPIbszMtJxzq7b0KMbnE16S3/X13+zpUwKF7iQ=; b=79rm7PtB3fx05eZII3gckjr3qQKlM4sfZht1cx6gh2MqCAy5f0+fanakO37r+GIRev 6TkYCyWSMhhuGzzOzDZmPKZ9X8Rhg2NBNLpnKj34u4Pi6qMpw3sM9XYoiK/HXHrbleDQ yl/PaiTbyRlgbe8M7/UCx2yVjjtJUau23QXo2a76RhuQutfAOMxqDYx0Cv8N6RbVfDtF 7DL1zkU1tRoZjhpM9KQt5iDhLTD61AIvj2Wa/daTXYms+dpZ7fSUWSpxMIyDnYqynz2Q R9N245xYYcyCS5nXDnpw7f5vW4HduCBZeoUIE3RGFD6gDXxfBz0jCBuQljkG+Jnr1z/9 L8yw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=3BgZ8IPIbszMtJxzq7b0KMbnE16S3/X13+zpUwKF7iQ=; b=gkKsmkFT7d4YzcYYP80ceFAiT2eu7ZTgcd3xUAX1c8NdUDK6v+f3MBabwNvlEEoJWE Ym57Q8WUX/v4pWdbOMv1vbngqdeKqJESI1SyG7VjaxdxXnHbZQregGnKe4h5ghMEsUsZ vd2wUj4NUYlA1Q28rLxdJc8uERqu5QcGZEfloZ1vwdXDjgtWWLdCMJRh1AE8EKEh99Qz AGc8r3RDm95Qs+dKiPyPVLCeVWStuqrOxhKnW21DVPweKUtVpapnrwo+rhRbI7veYihX XFInr05SfWIUIXm0aRqJDapkdHO6g5iLtYAnxNXp+C0ODYjX7etMgB4PKF6ADH26Vkat NSNg== X-Gm-Message-State: AOAM533GH6OlSVLtO8lGwOxfOAQFNlEkCvkLJ31fMbCZwhQiKhNsmT9U 80WUekceRSV8mt1v+MQcR1APBiEYNvBkW1u42uGDl6htBAgLQQ== X-Google-Smtp-Source: ABdhPJytD5t1ac3BzvFLEoqmDU8eFjJdafa4KKkOPR4VxdHn77PqVqqMVZR4En2A9c/5Pd/2yjDcObIwifJEhXmbqfY= X-Received: by 2002:a25:dc8c:0:b0:628:df7f:424b with SMTP id y134-20020a25dc8c000000b00628df7f424bmr8119339ybe.620.1647007406111; Fri, 11 Mar 2022 06:03:26 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: =?UTF-8?B?Sm9yZ2UgVGltw7Nu?= Date: Fri, 11 Mar 2022 14:04:29 +0000 Message-ID: To: "Russell O'Connor" , Bitcoin Protocol Discussion , Mark Content-Type: multipart/alternative; boundary="0000000000006250ec05d9f1cbcd" X-Mailman-Approved-At: Fri, 11 Mar 2022 16:03:55 +0000 Subject: Re: [bitcoin-dev] Speedy Trial X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Mar 2022 14:03:29 -0000 --0000000000006250ec05d9f1cbcd Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Fri, Mar 11, 2022, 13:47 Russell O'Connor via bitcoin-dev < bitcoin-dev@lists.linuxfoundation.org> wrote: > On Fri, Mar 11, 2022 at 7:18 AM Jorge Tim=C3=B3n wrote= : > >> I talked about this. But the "no-divergent-rules" faction doesn't like >> it, so we can pretend we have listened to this "faction" and addressed a= ll >> its concerns, I guess. >> Or perhaps it's just "prosectution complex", but, hey, what do I know >> about psychology? >> > > Your accusations of bad faith on the part of myself and pretty much > everyone else makes me disinclined to continue this discussion with you. > I'll reply, but if you want me to continue beyond this, then you need to > knock it off with the accusations. > What accusations of bad faith? You're accusing me of having prosecution complex. I'm accusing you of ignoring the "yes-users-veto" faction. But that doesn't require bad faith, you may simply not understand the "faction". A major contender to the Speedy Trial design at the time was to mandate >>> eventual forced signalling, championed by luke-jr. It turns out that, = at >>> the time of that proposal, a large amount of hash power simply did not = have >>> the firmware required to support signalling. That activation proposal >>> never got broad consensus, and rightly so, because in retrospect we see >>> that the design might have risked knocking a significant fraction of mi= ning >>> power offline if it had been deployed. Imagine if the firmware couldn'= t be >>> quickly updated or imagine if the problem had been hardware related. >>> >> >> Yes, I like this solution too, with a little caveat: an easy mechanism >> for users to actively oppose a proposal. >> Luke alao talked about this. >> If users oppose, they should use activation as a trigger to fork out of >> the network by invalidating the block that produces activation. >> The bad scenario here is that miners want to deploy something but users >> don't want to. >> "But that may lead to a fork". Yeah, I know. >> I hope imagining a scenario in which developers propose something that >> most miners accept but some users reject is not taboo. >> > > This topic is not taboo. > > There are a couple of ways of opting out of taproot. Firstly, users can > just not use taproot. Secondly, users can choose to not enforce taproot > either by running an older version of Bitcoin Core or otherwise forking t= he > source code. Thirdly, if some users insist on a chain where taproot is > "not activated", they can always softk-fork in their own rule that > disallows the version bits that complete the Speedy Trial activation > sequence, or alternatively soft-fork in a rule to make spending from (or > to) taproot addresses illegal. > Since it's about activation in general and not about taproot specifically, your third point is the one that applies. Users could have coordinated to have "activation x" never activated in their chains if they simply make a rule that activating a given proposal (with bip8) is forbidden in their chain. But coordination requires time. Please, try to imagine an example for an activation that you wouldn't like yourself. Imagine it gets proposed and you, as a user, want to resist it. As for mark, he wasn't talking about activation, but quantum computing >> concerns. Perhaps those have been "addressed"? >> I just don't know where. >> > > Quantum concerns were discussed. Working from memory, the arguments were > (1) If you are worried about your funds not being secured by taproot, the= n > don't use taproot addresses, and (2) If you are worried about everyone > else's funds not being quantum secure by other people choosing to use > taproot, well it is already too late because over 5M BTC is currently > quantum insecure due to pubkey reuse < > https://nitter.net/pwuille/status/1108091924404027392>. I think it is > unlikely that a quantum breakthrough will sneak up on us without time to > address the issue and, at the very least, warn people to move their funds > off of taproot and other reused addresses, if not forking in some quantum > secure alternative. A recent paper < > https://www.sussex.ac.uk/physics/iqt/wp-content/uploads/2022/01/Webber-20= 22.pdf> > suggest that millions physical qubits will be needed to break EC in a day > with current error correction technology. But even if taproot were to be > very suddenly banned, there is still a small possibility for recovery > because one can prove ownership of HD pubkeys by providing a zero-knowled= ge > proof of the chaincode used to derive them. > Thank you, perhaps I'm wrong about this and all his concerns were addressed and all his suggestions heard. I guess I shouldn't have brought that up, since I cannot talk for Mark. _______________________________________________ > bitcoin-dev mailing list > bitcoin-dev@lists.linuxfoundation.org > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev > --0000000000006250ec05d9f1cbcd Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable


On Fri, Mar 11, 2022, 13:47 Russell O'Con= nor via bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org> wrote:
On Fri, Mar 11, 2022= at 7:18 AM Jorge Tim=C3=B3n <jtimon@jtimon.cc> wrote:
I talked about this. But the "no-divergent-rules" facti= on doesn't like it, so we can pretend we have listened to this "fa= ction" and addressed all its concerns, I guess.
Or perhaps it's just "prosectution complex", but, hey, what = do I know about psychology?

Your accusations of bad faith on the part of myself and pretty much every= one else makes me disinclined to continue this discussion with you.=C2=A0 I= 'll reply, but if you want me to continue beyond this, then you need to= knock it off with the accusations.=C2=A0

What accusations of bad fa= ith?
You're accusing me of having prosecution co= mplex.
I'm accusing you of ignoring the "ye= s-users-veto" faction. But that doesn't require bad faith, you may= simply not understand the "faction".

=
A major contender to the Speedy= Trial design at the time was to mandate eventual forced signalling, champi= oned by luke-jr.=C2=A0 It turns out that, at the time of that proposal, a l= arge amount of hash power simply did not have the firmware required to supp= ort signalling.=C2=A0 That activation proposal never got broad consensus, a= nd rightly so, because in retrospect we see that the design might have risk= ed knocking a significant fraction of mining power offline if it had been d= eployed.=C2=A0 Imagine if the firmware couldn't be quickly updated or i= magine if the problem had been hardware related.

Yes, I like this so= lution too, with a little caveat: an easy mechanism for users to actively o= ppose a proposal.
Luke alao talked about this.
=
If users oppose, they should use activation as a trigger = to fork out of the network by invalidating the block that produces activati= on.
The bad scenario here is that miners want to dep= loy something but users don't want to.
"But= that may lead to a fork". Yeah, I know.
I hope= imagining a scenario in which developers propose something that most miner= s accept but some users reject is not taboo.
<= br>
This topic is not taboo.

Th= ere are a couple of ways of opting out of taproot.=C2=A0 Firstly, users can= just=20 not use taproot.=C2=A0 Secondly, users can choose to not enforce taproot ei= ther by running an older version of Bitcoin Core or otherwise forking the s= ource code.=C2=A0 Thirdly, if some users insist on a chain where taproot is= "not activated", they can always softk-fork in their own rule th= at disallows the version bits that complete the Speedy Trial activation sequence, or al= ternatively soft-fork in a rule to make spending from (or to) taproot addre= sses illegal.
<= br>
Since it's about activation in general and n= ot about taproot specifically, your third point is the one that applies.
Users could have coordinated to have "activation = x" never activated in their chains if they simply make a rule that act= ivating a given proposal (with bip8) is forbidden in their chain.
But coordination requires time.
Please= , try to imagine an example for an activation that you wouldn't like yo= urself. Imagine it gets proposed and you, as a user, want to resist it.


As for mark, he wasn't talking about = activation, but quantum computing concerns. Perhaps those have been "a= ddressed"?
I just don't know where.

Quantum concerns were discussed.=C2=A0= Working from memory, the arguments were (1) If you are worried about your = funds not being secured by taproot, then don't use taproot addresses, a= nd (2) If you are worried about everyone else's funds not being quantum= secure by other people choosing to use taproot, well it is already too lat= e because over 5M BTC is currently quantum insecure due to pubkey reuse <= ;https://nitter.net/pwuille/status/1108091924= 404027392>.=C2=A0 I think it is unlikely that a quantum breakthrough= will sneak up on us without time to address the issue and, at the very lea= st, warn people to move their funds off of taproot and other reused address= es, if not forking in some quantum secure alternative.=C2=A0 A recent paper= <https://www.suss= ex.ac.uk/physics/iqt/wp-content/uploads/2022/01/Webber-2022.pdf> sug= gest that millions physical qubits will be needed to break EC in a day with= current error correction technology.=C2=A0 But even if taproot were to be = very suddenly banned, there is still a small possibility for recovery becau= se one can prove ownership of HD pubkeys by providing a zero-knowledge proo= f of the chaincode used to derive them.
<= /div>

Thank you, perhaps I'= ;m wrong about this and all his concerns were addressed and all his suggest= ions heard. I guess I shouldn't have brought that up, since I cannot ta= lk for Mark.

_______________________________________________
bitcoin-dev mailing list
bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundati= on.org/mailman/listinfo/bitcoin-dev
--0000000000006250ec05d9f1cbcd--