From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id C3B02727 for ; Wed, 7 Jun 2017 19:59:26 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-qt0-f175.google.com (mail-qt0-f175.google.com [209.85.216.175]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 80C058E for ; Wed, 7 Jun 2017 19:59:24 +0000 (UTC) Received: by mail-qt0-f175.google.com with SMTP id w1so18855978qtg.2 for ; Wed, 07 Jun 2017 12:59:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=5ttWruxu3GQ8oI3OxKMrS1xGRWQjnl+Mg0aZqOpLlfI=; b=p5o9j7YZY3Ec1otZQCrX7d3rTSkdvJRNqJyNU3hatnXl0IpAuAXutiDLOHN+xaMqCI A2MiOHCQWoeZhTzOJnlgID905dRbyfxa8+TeeGrvit23EHuW89mDX7H67+vn02dNe3CW d8jhxtCNAGtQkqiPFm5R/udPOw1McVLLDQtIhIopyjSvmL3omiQvB3MsXW4aKlQdwerF EWdVPPcbB/XYyfmBsSZjCws85cUau5VsHY+h10bgg0jHJ/5ZvRGWpqGOmrP1ErqxjY0b PdxQq8NCuIFSMvmM+RtZUN8epbOSbQgsE/Ys6E/uhsENOAN8oB02GahcP7qkMYbePrsd i5nQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=5ttWruxu3GQ8oI3OxKMrS1xGRWQjnl+Mg0aZqOpLlfI=; b=FlwmNz2V5anZ7+kuk4Syg3ihzfEeek3c5NaEqLs7C2Rf/3PAc9UqOGvogPNPZkZlMQ 7hLcRoi+yv62KpP3o532Blo7RlvmwfhHS6tp4Lem1nTT9hVcKb1hPxmzJmr5McT6Z3sL kp4nK4+b6plzrJ6R2tEQDVhlMQHNWWnPsHlEjLVSaZouPzlsw5IO4uvVRPT61v8DF+1Z YF0hSn2mh/GdeAKIHY/l0qiMM2q/p1djygdKG/acLur1LuZmJ9zW9/bGuIq43hUZfkIw gIsqAQgqjnTDTuE7JoY3DAIBFAgq17qUWTpI6WQAs8iw6epVm60G2Je+fbrhPPBC6iQd lgGg== X-Gm-Message-State: AKS2vOzeYRF0LC8nXFmfLeJO2/MEGzE1cdR7GVNPhRxO0y+WQ2FOBw+I 9OV1Hy0w8WYA+lswa+qcGx6Dq1zCbw== X-Received: by 10.200.43.217 with SMTP id n25mr42996754qtn.190.1496865563666; Wed, 07 Jun 2017 12:59:23 -0700 (PDT) MIME-Version: 1.0 Sender: earonesty@gmail.com Received: by 10.237.48.102 with HTTP; Wed, 7 Jun 2017 12:59:23 -0700 (PDT) In-Reply-To: References: <0CDEF5A2-0BAF-46E4-8906-39D4724AF3F2@taoeffect.com> From: Erik Aronesty Date: Wed, 7 Jun 2017 15:59:23 -0400 X-Google-Sender-Auth: EIqGrdFdN6ROmyjOwTCwtnfWalc Message-ID: To: Jacob Eliosoff Content-Type: multipart/alternative; boundary="001a1140e91432f0a30551642c44" X-Spam-Status: No, score=-1.6 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, FREEMAIL_FROM, HTML_MESSAGE, HTML_OBFUSCATE_05_10, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org X-Mailman-Approved-At: Wed, 07 Jun 2017 20:07:33 +0000 Cc: Bitcoin Dev Subject: Re: [bitcoin-dev] User Activated Soft Fork Split Protection X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Jun 2017 19:59:26 -0000 --001a1140e91432f0a30551642c44 Content-Type: text/plain; charset="UTF-8" I get it, a threshold could be put in place, but something like 33% would more accurately reflect the risks miners run. I'm not aware of a good signal to indicates someone is planning to run BIP148 and orphan a miner's blocks. On Wed, Jun 7, 2017 at 3:39 PM, Jacob Eliosoff wrote: > You're missing my point. "As soon as a simple majority supports it" - > what is "it"? BIP148? Or "deferring to the miner consensus on BIP148"? > It's the difference between supporting one side of a vote, vs supporting > deferral to the outcome of the vote. > > Or if you mean, the safe thing for miners is to orphan non-segwit blocks > Aug 1 *regardless* of the miner consensus (since the economic consensus > might differ), then there's zero need for this BIP: they should just run > BIP148. > > As I said: this BIP should be corrected to only orphan if >50% signal for > BIP148. Or, define two bits, one meaning "I support BIP148," the other "I > will go w/ the miner majority on BIP148." Fudging them this way is > deceptive. > > > On Jun 7, 2017 2:05 PM, "Erik Aronesty" wrote: > > > But passing it off as the safest defense is bad faith. > > Without this option, a miner has to guess whether a split will be > economically impacting. With this option, his miner will automatically > switch to the chain least likely to get wiped out... as soon as a simple > majority of miners supports it. > > > On Wed, Jun 7, 2017 at 12:44 PM, Jacob Eliosoff > wrote: > >> This is not the safest defense against a split. If 70% of miners run >> "splitprotection", and 0.1% run BIP148, there's no "safety"/"defense" >> reason for splitprotection to activate segwit. It should only do so if >> *BIP148* support (NB: not just segwit support!) >50%. >> >> The truly defensive logic is "If the majority supports orphaning >> non-segwit blocks starting Aug 1, I'll join them." >> >> If the real goal of this BIP is to induce miners to run segwit, then fair >> enough. But passing it off as the safest defense is bad faith. >> >> >> On Wed, Jun 7, 2017 at 10:10 AM, Erik Aronesty via bitcoin-dev < >> bitcoin-dev@lists.linuxfoundation.org> wrote: >> >>> This is, by far, the safest way for miners to quickly defend against a >>> chain split, much better than a -bip148 option. This allows miners to >>> defend themselves, with very little risk, since the defense is only >>> activated if the majority of miners do so. I would move for a very rapid >>> deployment. Only miners would need to upgrade. Regular users would not >>> have to concern themselves with this release. >>> >>> On Wed, Jun 7, 2017 at 6:13 AM, James Hilliard via bitcoin-dev < >>> bitcoin-dev@lists.linuxfoundation.org> wrote: >>> >>>> I think even 55% would probably work out fine simply due to incentive >>>> structures, once signalling is over 51% it's then clear to miners that >>>> non-signalling blocks will be orphaned and the rest will rapidly >>>> update to splitprotection/BIP148. The purpose of this BIP is to reduce >>>> chain split risk for BIP148 since it's looking like BIP148 is going to >>>> be run by a non-insignificant percentage of the economy at a minimum. >>>> >>>> On Wed, Jun 7, 2017 at 12:20 AM, Tao Effect >>>> wrote: >>>> > See thread on replay attacks for why activating regardless of >>>> threshold is a >>>> > bad idea [1]. >>>> > >>>> > BIP91 OTOH seems perfectly reasonable. 80% instead of 95% makes it >>>> more >>>> > difficult for miners to hold together in opposition to Core. It gives >>>> Core >>>> > more leverage in negotiations. >>>> > >>>> > If they don't activate with 80%, Core can release another BIP to >>>> reduce it >>>> > to 75%. >>>> > >>>> > Each threshold reduction makes it both more likely to succeed, but >>>> also >>>> > increases the likelihood of harm to the ecosystem. >>>> > >>>> > Cheers, >>>> > Greg >>>> > >>>> > [1] >>>> > https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017 >>>> -June/014497.html >>>> > >>>> > -- >>>> > Please do not email me anything that you are not comfortable also >>>> sharing >>>> > with the NSA. >>>> > >>>> > On Jun 6, 2017, at 6:54 PM, James Hilliard >>> > >>>> > wrote: >>>> > >>>> > This is a BIP8 style soft fork so mandatory signalling will be active >>>> > after Aug 1st regardless. >>>> > >>>> > On Tue, Jun 6, 2017 at 8:51 PM, Tao Effect >>>> wrote: >>>> > >>>> > What is the probability that a 65% threshold is too low and can allow >>>> a >>>> > "surprise miner attack", whereby miners are kept offline before the >>>> > deadline, and brought online immediately after, creating potential >>>> havoc? >>>> > >>>> > (Nit: "simple majority" usually refers to >50%, I think, might cause >>>> > confusion.) >>>> > >>>> > -Greg Slepak >>>> > >>>> > -- >>>> > Please do not email me anything that you are not comfortable also >>>> sharing >>>> > with the NSA. >>>> > >>>> > On Jun 6, 2017, at 5:56 PM, James Hilliard via bitcoin-dev >>>> > wrote: >>>> > >>>> > Due to the proposed calendar(https://segwit2x.github.io/) for the >>>> > SegWit2x agreement being too slow to activate SegWit mandatory >>>> > signalling ahead of BIP148 using BIP91 I would like to propose another >>>> > option that miners can use to prevent a chain split ahead of the Aug >>>> > 1st BIP148 activation date. >>>> > >>>> > The splitprotection soft fork is essentially BIP91 but using BIP8 >>>> > instead of BIP9 with a lower activation threshold and immediate >>>> > mandatory signalling lock-in. This allows for a majority of miners to >>>> > activate mandatory SegWit signalling and prevent a potential chain >>>> > split ahead of BIP148 activation. >>>> > >>>> > This BIP allows for miners to respond to market forces quickly ahead >>>> > of BIP148 activation by signalling for splitprotection. Any miners >>>> > already running BIP148 should be encouraged to use splitprotection. >>>> > >>>> >
>>>> > BIP: splitprotection
>>>> > Layer: Consensus (soft fork)
>>>> > Title: User Activated Soft Fork Split Protection
>>>> > Author: James Hilliard 
>>>> > Comments-Summary: No comments yet.
>>>> > Comments-URI:
>>>> > Status: Draft
>>>> > Type: Standards Track
>>>> > Created: 2017-05-22
>>>> > License: BSD-3-Clause
>>>> >          CC0-1.0
>>>> > 
>>>> > >>>> > ==Abstract== >>>> > >>>> > This document specifies a coordination mechanism for a simple majority >>>> > of miners to prevent a chain split ahead of BIP148 activation. >>>> > >>>> > ==Definitions== >>>> > >>>> > "existing segwit deployment" refer to the BIP9 "segwit" deployment >>>> > using bit 1, between November 15th 2016 and November 15th 2017 to >>>> > activate BIP141, BIP143 and BIP147. >>>> > >>>> > ==Motivation== >>>> > >>>> > The biggest risk of BIP148 is an extended chain split, this BIP >>>> > provides a way for a simple majority of miners to eliminate that risk. >>>> > >>>> > This BIP provides a way for a simple majority of miners to coordinate >>>> > activation of the existing segwit deployment with less than 95% >>>> > hashpower before BIP148 activation. Due to time constraints unless >>>> > immediately deployed BIP91 will likely not be able to enforce >>>> > mandatory signalling of segwit before the Aug 1st activation of >>>> > BIP148. This BIP provides a method for rapid miner activation of >>>> > SegWit mandatory signalling ahead of the BIP148 activation date. Since >>>> > the primary goal of this BIP is to reduce the chance of an extended >>>> > chain split as much as possible we activate using a simple miner >>>> > majority of 65% over a 504 block interval rather than a higher >>>> > percentage. This BIP also allows miners to signal their intention to >>>> > run BIP148 in order to prevent a chain split. >>>> > >>>> > ==Specification== >>>> > >>>> > While this BIP is active, all blocks must set the nVersion header top >>>> > 3 bits to 001 together with bit field (1<<1) (according to the >>>> > existing segwit deployment). Blocks that do not signal as required >>>> > will be rejected. >>>> > >>>> > ==Deployment== >>>> > >>>> > This BIP will be deployed by "version bits" with a 65%(this can be >>>> > adjusted if desired) activation threshold BIP9 with the name >>>> > "splitprotecion" and using bit 2. >>>> > >>>> > This BIP starts immediately and is a BIP8 style soft fork since >>>> > mandatory signalling will start on midnight August 1st 2017 (epoch >>>> > time 1501545600) regardless of whether or not this BIP has reached its >>>> > own signalling threshold. This BIP will cease to be active when segwit >>>> > is locked-in. >>>> > >>>> > === Reference implementation === >>>> > >>>> >
>>>> > // Check if Segregated Witness is Locked In
>>>> > bool IsWitnessLockedIn(const CBlockIndex* pindexPrev, const
>>>> > Consensus::Params& params)
>>>> > {
>>>> >   LOCK(cs_main);
>>>> >   return (VersionBitsState(pindexPrev, params,
>>>> > Consensus::DEPLOYMENT_SEGWIT, versionbitscache) ==
>>>> > THRESHOLD_LOCKED_IN);
>>>> > }
>>>> >
>>>> > // SPLITPROTECTION mandatory segwit signalling.
>>>> > if ( VersionBitsState(pindex->pprev, chainparams.GetConsensus(),
>>>> > Consensus::DEPLOYMENT_SPLITPROTECTION, versionbitscache) ==
>>>> > THRESHOLD_LOCKED_IN &&
>>>> >    !IsWitnessLockedIn(pindex->pprev, chainparams.GetConsensus()) &&
>>>> > // Segwit is not locked in
>>>> >    !IsWitnessEnabled(pindex->pprev, chainparams.GetConsensus()) ) //
>>>> > and is not active.
>>>> > {
>>>> >   bool fVersionBits = (pindex->nVersion & VERSIONBITS_TOP_MASK) ==
>>>> > VERSIONBITS_TOP_BITS;
>>>> >   bool fSegbit = (pindex->nVersion &
>>>> > VersionBitsMask(chainparams.GetConsensus(),
>>>> > Consensus::DEPLOYMENT_SEGWIT)) != 0;
>>>> >   if (!(fVersionBits && fSegbit)) {
>>>> >       return state.DoS(0, error("ConnectBlock(): relayed block must
>>>> > signal for segwit, please upgrade"), REJECT_INVALID, "bad-no-segwit");
>>>> >   }
>>>> > }
>>>> >
>>>> > // BIP148 mandatory segwit signalling.
>>>> > int64_t nMedianTimePast = pindex->GetMedianTimePast();
>>>> > if ( (nMedianTimePast >= 1501545600) &&  // Tue 01 Aug 2017 00:00:00
>>>> UTC
>>>> >    (nMedianTimePast <= 1510704000) &&  // Wed 15 Nov 2017 00:00:00 UTC
>>>> >    (!IsWitnessLockedIn(pindex->pprev, chainparams.GetConsensus()) &&
>>>> > // Segwit is not locked in
>>>> >     !IsWitnessEnabled(pindex->pprev, chainparams.GetConsensus())) )
>>>> > // and is not active.
>>>> > {
>>>> >   bool fVersionBits = (pindex->nVersion & VERSIONBITS_TOP_MASK) ==
>>>> > VERSIONBITS_TOP_BITS;
>>>> >   bool fSegbit = (pindex->nVersion &
>>>> > VersionBitsMask(chainparams.GetConsensus(),
>>>> > Consensus::DEPLOYMENT_SEGWIT)) != 0;
>>>> >   if (!(fVersionBits && fSegbit)) {
>>>> >       return state.DoS(0, error("ConnectBlock(): relayed block must
>>>> > signal for segwit, please upgrade"), REJECT_INVALID, "bad-no-segwit");
>>>> >   }
>>>> > }
>>>> > 
>>>> > >>>> > https://github.com/bitcoin/bitcoin/compare/0.14...jameshilli >>>> ard:splitprotection-v0.14.1 >>>> > >>>> > ==Backwards Compatibility== >>>> > >>>> > This deployment is compatible with the existing "segwit" bit 1 >>>> > deployment scheduled between midnight November 15th, 2016 and midnight >>>> > November 15th, 2017. This deployment is also compatible with the >>>> > existing BIP148 deployment. This BIP is compatible with BIP91 only if >>>> > BIP91 activates before it and before BIP148. Miners will need to >>>> > upgrade their nodes to support splitprotection otherwise they may >>>> > build on top of an invalid block. While this bip is active users >>>> > should either upgrade to splitprotection or wait for additional >>>> > confirmations when accepting payments. >>>> > >>>> > ==Rationale== >>>> > >>>> > Historically we have used IsSuperMajority() to activate soft forks >>>> > such as BIP66 which has a mandatory signalling requirement for miners >>>> > once activated, this ensures that miners are aware of new rules being >>>> > enforced. This technique can be leveraged to lower the signalling >>>> > threshold of a soft fork while it is in the process of being deployed >>>> > in a backwards compatible way. We also use a BIP8 style timeout to >>>> > ensure that this BIP is compatible with BIP148 and that BIP148 >>>> > compatible mandatory signalling activates regardless of miner >>>> > signalling levels. >>>> > >>>> > By orphaning non-signalling blocks during the BIP9 bit 1 "segwit" >>>> > deployment, this BIP can cause the existing "segwit" deployment to >>>> > activate without needing to release a new deployment. As we approach >>>> > BIP148 activation it may be desirable for a majority of miners to have >>>> > a method that will ensure that there is no chain split. >>>> > >>>> > ==References== >>>> > >>>> > *[https://lists.linuxfoundation.org/pipermail/bitcoin-dev/20 >>>> 17-March/013714.html >>>> > Mailing list discussion] >>>> > *[https://github.com/bitcoin/bitcoin/blob/v0.6.0/src/main.cp >>>> p#L1281-L1283 >>>> > P2SH flag day activation] >>>> > *[[bip-0009.mediawiki|BIP9 Version bits with timeout and delay]] >>>> > *[[bip-0016.mediawiki|BIP16 Pay to Script Hash]] >>>> > *[[bip-0091.mediawiki|BIP91 Reduced threshold Segwit MASF]] >>>> > *[[bip-0141.mediawiki|BIP141 Segregated Witness (Consensus layer)]] >>>> > *[[bip-0143.mediawiki|BIP143 Transaction Signature Verification for >>>> > Version 0 Witness Program]] >>>> > *[[bip-0147.mediawiki|BIP147 Dealing with dummy stack element >>>> malleability]] >>>> > *[[bip-0148.mediawiki|BIP148 Mandatory activation of segwit >>>> deployment]] >>>> > *[[bip-0149.mediawiki|BIP149 Segregated Witness (second deployment)]] >>>> > *[https://bitcoincore.org/en/2016/01/26/segwit-benefits/ Segwit >>>> benefits] >>>> > >>>> > ==Copyright== >>>> > >>>> > This document is dual licensed as BSD 3-clause, and Creative Commons >>>> > CC0 1.0 Universal. >>>> > _______________________________________________ >>>> > bitcoin-dev mailing list >>>> > bitcoin-dev@lists.linuxfoundation.org >>>> > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev >>>> > >>>> > >>>> > >>>> _______________________________________________ >>>> bitcoin-dev mailing list >>>> bitcoin-dev@lists.linuxfoundation.org >>>> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev >>>> >>> >>> >>> _______________________________________________ >>> bitcoin-dev mailing list >>> bitcoin-dev@lists.linuxfoundation.org >>> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev >>> >>> >> > > --001a1140e91432f0a30551642c44 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
I get it, a threshold could be put in place, but something= like 33% would more accurately reflect the risks miners run.=C2=A0=C2=A0 <= br>
I'm not aware of a good signal to indicates someone is planning = to run BIP148 and orphan a miner's blocks.



On Wed, Jun 7, 2017 at 3:39= PM, Jacob Eliosoff <jacob.eliosoff@gmail.com> wrote:=
You're missin= g my point. =C2=A0"As soon as a simple majority supports it" - wh= at is "it"?=C2=A0 BIP148?=C2=A0 Or "deferring to the miner c= onsensus on BIP148"?=C2=A0 It's the difference between supporting = one side of a vote, vs supporting deferral to the outcome of the vote.

Or if you mean, the safe thi= ng for miners is to orphan non-segwit blocks Aug 1 regardless of the= miner consensus (since the economic consensus might differ), then there= 9;s zero need for this BIP: they should just run BIP148.

As I said: this BIP should be corrected to= only orphan if >50% signal for BIP148.=C2=A0 Or, define two bits, one m= eaning "I support BIP148," the other "I will go w/ the miner= majority on BIP148." =C2=A0Fudging them this way is deceptive.
<= div>


On Jun 7, 2017 2:05 PM, "Erik= Aronesty" <erik@= q32.com> wrote:
> But passing it off as the safest defense is bad faith.
Without this option, a miner has to guess whether a split will b= e economically impacting.=C2=A0=C2=A0 With this option, his miner will auto= matically switch to the chain least likely to get wiped out... as soon as a= simple majority of miners supports it.=C2=A0=C2=A0


On Wed, Jun 7, 2017 at 12:44 PM, Jac= ob Eliosoff <jacob.eliosoff@gmail.com> wrote:
This is not the safest def= ense against a split.=C2=A0 If 70% of miners run "splitprotection"= ;, and 0.1% run BIP148, there's no "safety"/"defense&quo= t; reason for splitprotection to activate segwit.=C2=A0 It should only do s= o if *BIP148* support (NB: not just segwit support!) >50%.

The truly defensive logic is "If the majority supports= orphaning non-segwit blocks starting Aug 1, I'll join them."

If the real goal of this BIP is to induce miners to ru= n segwit, then fair enough.=C2=A0 But passing it off as the safest defense = is bad faith.


On = Wed, Jun 7, 2017 at 10:10 AM, Erik Aronesty via bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org> wrote:
=
This is, by far, the s= afest way for miners to quickly defend against a chain split, much better t= han a -bip148 option.=C2=A0=C2=A0 This allows miners to defend themselves, = with very little risk, since the defense is only activated if the majority = of miners do so. I would move for a very rapid deployment.=C2=A0=C2=A0 Only= miners would need to upgrade.=C2=A0=C2=A0 Regular users would not have to = concern themselves with this release.

On Wed, Jun 7, 2017 a= t 6:13 AM, James Hilliard via bitcoin-dev <bitcoin-dev= @lists.linuxfoundation.org> wrote:
I think even 55% would probably work out fine simply due to i= ncentive
structures, once signalling is over 51% it's then clear to miners that<= br> non-signalling blocks will be orphaned and the rest will rapidly
update to splitprotection/BIP148. The purpose of this BIP is to reduce
chain split risk for BIP148 since it's looking like BIP148 is going to<= br> be run by a non-insignificant percentage of the economy at a minimum.

On Wed, Jun 7, 2017 at 12:20 AM, Tao Effect <contact@taoeffect.com> wrote:
> See thread on replay attacks for why activating regardless of threshol= d is a
> bad idea [1].
>
> BIP91 OTOH seems perfectly reasonable. 80% instead of 95% makes it mor= e
> difficult for miners to hold together in opposition to Core. It gives = Core
> more leverage in negotiations.
>
> If they don't activate with 80%, Core can release another BIP to r= educe it
> to 75%.
>
> Each threshold reduction makes it both more likely to succeed, but als= o
> increases the likelihood of harm to the ecosystem.
>
> Cheers,
> Greg
>
> [1]
> https://lists.linu= xfoundation.org/pipermail/bitcoin-dev/2017-June/014497.html >
> --
> Please do not email me anything that you are not comfortable also shar= ing
> with the NSA.
>
> On Jun 6, 2017, at 6:54 PM, James Hilliard <james.hilliard1@gmail.com> > wrote:
>
> This is a BIP8 style soft fork so mandatory signalling will be active<= br> > after Aug 1st regardless.
>
> On Tue, Jun 6, 2017 at 8:51 PM, Tao Effect <contact@taoeffect.com> wrote: >
> What is the probability that a 65% threshold is too low and can allow = a
> "surprise miner attack", whereby miners are kept offline bef= ore the
> deadline, and brought online immediately after, creating potential hav= oc?
>
> (Nit: "simple majority" usually refers to >50%, I think, = might cause
> confusion.)
>
> -Greg Slepak
>
> --
> Please do not email me anything that you are not comfortable also shar= ing
> with the NSA.
>
> On Jun 6, 2017, at 5:56 PM, James Hilliard via bitcoin-dev
> <bitcoin-dev@lists.linuxfoundation.org> wrote:
>
> Due to the proposed calendar(https://segwit2x.github.io/) f= or the
> SegWit2x agreement being too slow to activate SegWit mandatory
> signalling ahead of BIP148 using BIP91 I would like to propose another=
> option that miners can use to prevent a chain split ahead of the Aug > 1st BIP148 activation date.
>
> The splitprotection soft fork is essentially BIP91 but using BIP8
> instead of BIP9 with a lower activation threshold and immediate
> mandatory signalling lock-in. This allows for a majority of miners to<= br> > activate mandatory SegWit signalling and prevent a potential chain
> split ahead of BIP148 activation.
>
> This BIP allows for miners to respond to market forces quickly ahead > of BIP148 activation by signalling for splitprotection. Any miners
> already running BIP148 should be encouraged to use splitprotection. >
> <pre>
> BIP: splitprotection
> Layer: Consensus (soft fork)
> Title: User Activated Soft Fork Split Protection
> Author: James Hilliard <james.hilliard1@gmail.com>
> Comments-Summary: No comments yet.
> Comments-URI:
> Status: Draft
> Type: Standards Track
> Created: 2017-05-22
> License: BSD-3-Clause
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 CC0-1.0
> </pre>
>
> =3D=3DAbstract=3D=3D
>
> This document specifies a coordination mechanism for a simple majority=
> of miners to prevent a chain split ahead of BIP148 activation.
>
> =3D=3DDefinitions=3D=3D
>
> "existing segwit deployment" refer to the BIP9 "segwit&= quot; deployment
> using bit 1, between November 15th 2016 and November 15th 2017 to
> activate BIP141, BIP143 and BIP147.
>
> =3D=3DMotivation=3D=3D
>
> The biggest risk of BIP148 is an extended chain split, this BIP
> provides a way for a simple majority of miners to eliminate that risk.=
>
> This BIP provides a way for a simple majority of miners to coordinate<= br> > activation of the existing segwit deployment with less than 95%
> hashpower before BIP148 activation. Due to time constraints unless
> immediately deployed BIP91 will likely not be able to enforce
> mandatory signalling of segwit before the Aug 1st activation of
> BIP148. This BIP provides a method for rapid miner activation of
> SegWit mandatory signalling ahead of the BIP148 activation date. Since=
> the primary goal of this BIP is to reduce the chance of an extended > chain split as much as possible we activate using a simple miner
> majority of 65% over a 504 block interval rather than a higher
> percentage. This BIP also allows miners to signal their intention to > run BIP148 in order to prevent a chain split.
>
> =3D=3DSpecification=3D=3D
>
> While this BIP is active, all blocks must set the nVersion header top<= br> > 3 bits to 001 together with bit field (1<<1) (according to the > existing segwit deployment). Blocks that do not signal as required
> will be rejected.
>
> =3D=3DDeployment=3D=3D
>
> This BIP will be deployed by "version bits" with a 65%(this = can be
> adjusted if desired) activation threshold BIP9 with the name
> "splitprotecion" and using bit 2.
>
> This BIP starts immediately and is a BIP8 style soft fork since
> mandatory signalling will start on midnight August 1st 2017 (epoch
> time 1501545600) regardless of whether or not this BIP has reached its=
> own signalling threshold. This BIP will cease to be active when segwit=
> is locked-in.
>
> =3D=3D=3D Reference implementation =3D=3D=3D
>
> <pre>
> // Check if Segregated Witness is Locked In
> bool IsWitnessLockedIn(const CBlockIndex* pindexPrev, const
> Consensus::Params& params)
> {
>=C2=A0 =C2=A0LOCK(cs_main);
>=C2=A0 =C2=A0return (VersionBitsState(pindexPrev, params,
> Consensus::DEPLOYMENT_SEGWIT, versionbitscache) =3D=3D
> THRESHOLD_LOCKED_IN);
> }
>
> // SPLITPROTECTION mandatory segwit signalling.
> if ( VersionBitsState(pindex->pprev, chainparams.GetConsensus(= ),
> Consensus::DEPLOYMENT_SPLITPROTECTION, versionbitscache) =3D=3D > THRESHOLD_LOCKED_IN &&
>=C2=A0 =C2=A0 !IsWitnessLockedIn(pindex->pprev, chainparams.Get= Consensus()) &&
> // Segwit is not locked in
>=C2=A0 =C2=A0 !IsWitnessEnabled(pindex->pprev, chainparams.GetC= onsensus()) ) //
> and is not active.
> {
>=C2=A0 =C2=A0bool fVersionBits =3D (pindex->nVersion & VERSIONBI= TS_TOP_MASK) =3D=3D
> VERSIONBITS_TOP_BITS;
>=C2=A0 =C2=A0bool fSegbit =3D (pindex->nVersion &
> VersionBitsMask(chainparams.GetConsensus(),
> Consensus::DEPLOYMENT_SEGWIT)) !=3D 0;
>=C2=A0 =C2=A0if (!(fVersionBits && fSegbit)) {
>=C2=A0 =C2=A0 =C2=A0 =C2=A0return state.DoS(0, error("ConnectBlock= (): relayed block must
> signal for segwit, please upgrade"), REJECT_INVALID, "bad-no= -segwit");
>=C2=A0 =C2=A0}
> }
>
> // BIP148 mandatory segwit signalling.
> int64_t nMedianTimePast =3D pindex->GetMedianTimePast();
> if ( (nMedianTimePast >=3D 1501545600) &&=C2=A0 // Tue 01 A= ug 2017 00:00:00 UTC
>=C2=A0 =C2=A0 (nMedianTimePast <=3D 1510704000) &&=C2=A0 // = Wed 15 Nov 2017 00:00:00 UTC
>=C2=A0 =C2=A0 (!IsWitnessLockedIn(pindex->pprev, chainparams.Ge= tConsensus()) &&
> // Segwit is not locked in
>=C2=A0 =C2=A0 =C2=A0!IsWitnessEnabled(pindex->pprev, chainparam= s.GetConsensus())) )
> // and is not active.
> {
>=C2=A0 =C2=A0bool fVersionBits =3D (pindex->nVersion & VERSIONBI= TS_TOP_MASK) =3D=3D
> VERSIONBITS_TOP_BITS;
>=C2=A0 =C2=A0bool fSegbit =3D (pindex->nVersion &
> VersionBitsMask(chainparams.GetConsensus(),
> Consensus::DEPLOYMENT_SEGWIT)) !=3D 0;
>=C2=A0 =C2=A0if (!(fVersionBits && fSegbit)) {
>=C2=A0 =C2=A0 =C2=A0 =C2=A0return state.DoS(0, error("ConnectBlock= (): relayed block must
> signal for segwit, please upgrade"), REJECT_INVALID, "bad-no= -segwit");
>=C2=A0 =C2=A0}
> }
> </pre>
>
> https://= github.com/bitcoin/bitcoin/compare/0.14...jameshilliard:splitprot= ection-v0.14.1
>
> =3D=3DBackwards Compatibility=3D=3D
>
> This deployment is compatible with the existing "segwit" bit= 1
> deployment scheduled between midnight November 15th, 2016 and midnight=
> November 15th, 2017. This deployment is also compatible with the
> existing BIP148 deployment. This BIP is compatible with BIP91 only if<= br> > BIP91 activates before it and before BIP148. Miners will need to
> upgrade their nodes to support splitprotection otherwise they may
> build on top of an invalid block. While this bip is active users
> should either upgrade to splitprotection or wait for additional
> confirmations when accepting payments.
>
> =3D=3DRationale=3D=3D
>
> Historically we have used IsSuperMajority() to activate soft forks
> such as BIP66 which has a mandatory signalling requirement for miners<= br> > once activated, this ensures that miners are aware of new rules being<= br> > enforced. This technique can be leveraged to lower the signalling
> threshold of a soft fork while it is in the process of being deployed<= br> > in a backwards compatible way. We also use a BIP8 style timeout to
> ensure that this BIP is compatible with BIP148 and that BIP148
> compatible mandatory signalling activates regardless of miner
> signalling levels.
>
> By orphaning non-signalling blocks during the BIP9 bit 1 "segwit&= quot;
> deployment, this BIP can cause the existing "segwit" deploym= ent to
> activate without needing to release a new deployment. As we approach > BIP148 activation it may be desirable for a majority of miners to have=
> a method that will ensure that there is no chain split.
>
> =3D=3DReferences=3D=3D
>
> *[https://lists.l= inuxfoundation.org/pipermail/bitcoin-dev/2017-March/013714.html
> Mailing list discussion]
> *[
https://github.com/bit= coin/bitcoin/blob/v0.6.0/src/main.cpp#L1281-L1283
> P2SH flag day activation]
> *[[bip-0009.mediawiki|BIP9 Version bits with timeout and delay]]
> *[[bip-0016.mediawiki|BIP16 Pay to Script Hash]]
> *[[bip-0091.mediawiki|BIP91 Reduced threshold Segwit MASF]]
> *[[bip-0141.mediawiki|BIP141 Segregated Witness (Consensus layer)]] > *[[bip-0143.mediawiki|BIP143 Transaction Signature Verification for > Version 0 Witness Program]]
> *[[bip-0147.mediawiki|BIP147 Dealing with dummy stack element malleabi= lity]]
> *[[bip-0148.mediawiki|BIP148 Mandatory activation of segwit deployment= ]]
> *[[bip-0149.mediawiki|BIP149 Segregated Witness (second deployment)]]<= br> > *[https://bitcoincore.org/en/2016/01= /26/segwit-benefits/ Segwit benefits]
>
> =3D=3DCopyright=3D=3D
>
> This document is dual licensed as BSD 3-clause, and Creative Commons > CC0 1.0 Universal.
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>
>
>
_______________________________________________
bitcoin-dev mailing list
= bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org= /mailman/listinfo/bitcoin-dev


_______________________________________________
bitcoin-dev mailing list
= bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org= /mailman/listinfo/bitcoin-dev





--001a1140e91432f0a30551642c44--