From: Sergio Demian Lerner <sergio.d.lerner@gmail.com>
To: Johnson Lau <jl2012@xbt.hk>
Cc: bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] Drivechain proposal using OP_COUNT_ACKS
Date: Tue, 25 Oct 2016 13:38:59 -0300 [thread overview]
Message-ID: <CAKzdR-pDduY_iLkGJVvux2MkP15T5CSZa6HTTqHPBULYKGNxqA@mail.gmail.com> (raw)
In-Reply-To: <157f7c47e65.afdd12df33806.8370403107286597157@xbt.hk>
[-- Attachment #1: Type: text/plain, Size: 7067 bytes --]
Responding between lines...
On Mon, Oct 24, 2016 at 2:37 PM, Johnson Lau <jl2012@xbt.hk> wrote:
> Some comments and questions
>
> 1. In the BIP you mentioned scriptSig 3 times, but I don't think you are
> really talking about scriptSig. Especially, segwit has aborted the use of
> scriptSig to fix malleability. From the context I guess you mean
> redeemScript (see BIP141)
>
You're right.I will change the naming asap.
>
> 2. It seems that 51% of miners may steal all money from the peg, right?
> But I think this is unavoidable for all 2-way-peg proposals. To make it
> safer you still need notaries.
>
Correct, that's inherently a technical limitation. However, there can be
many deterrents from miners stealing money (legal contracts,
mutual-assured-destruction states). Aslo as you mention, you can combine
OP_COUNT_ACK with notary sigantures as AND/OR or a more complex acknowledge
weight distribution.
>
> 3. Instead of using a OP_NOPx, I suggest you using an unused code such as
> 0xba. OP_NOPx should be reserved for some simple "VERIFY"-type codes that
> does not write to the stack.
>
Ok. I'm not sure, but if everyone agrees to it, I will. Also Segwit
versioning allows to create new opcode multiplexing opcodes, so I was
thinking about adding an "opcode index" to a more generic OP_OPERATE. But
that prevents using all NOP space, but prevents easily counting
OP_ACK_COUNT for checksig block limit.
> 4. I don't think you should simply replace "(witversion == 0)" with
> "((witversion == 0) || (witversion == 1))". There are only 16 available
> versions. It'd be exhausted very soon if we use a version for every new
> opcode. As a testing prototype this is fine, but the actual softfork should
> not waste a witversion this way. We need a better way to coordinate the use
> of new witness version. BIP114 suggests an additional field in the witness
> to indicate the script version (https://github.com/bitcoin/
> bips/blob/master/bip-0114.mediawiki)
>
> Good. But currently that version is not enforced, so this BIP cannot make
use of it. I can use (witversion == 1) but add the BIP114 version field so
that the next BIP can make use of it.
> 5. It seems this is the first BIP in markdown format, not mediawiki (but
> this is allowed by BIP1)
>
> 6. The coinbase space is limited to 100 bytes and is already overloaded by
> many different purposes. I think any additional consensus critical message
> should go to a dummy scriptPubKey like the witness commitment. You may
> consider to have a new OP_RETURN output like BIP141, with different magic
> bytes. However, please don't make this output mandatory (cf. witness
> commitment output is optional if the block does not have witness tx)
>
> 6a. "..........due to lack of space to include the proper ack tag in a
> block": this shouldn't happen if you use a OP_RETURN output
>
> I'm not sure about this. The fact that the space for acknowledge and
proposal is short has been seen by other developers a benefit and not a
drawback. It prevent hundreds of sidechains to be offered, which might hurt
solo miners. 70 bytes allows for approximately 10 active polls.
> 7. "It can be the case that two different secondary blockchains specify
> the same transaction candidate, but **at least** one of them will clearly
> be unauthentic."
>
> thnks.
8. Question: is an ack-poll valid only for 1 transaction? When the
> transaction is confirmed, could full nodes prune the corresponding ack-poll
> data? (I think it has to be prunable after spending because ack-poll data
> is effectively UTXO data)
>
> Yes, there is no ack-poll data stored except for the coinbase field cache,
which periodically cleans itself by using a FIFO approach.
> 9. No matter how you design a softfork, "Zero risk of invalidating a
> block" couldn't be true for any softfork. For example, even if a miner does
> not include any txs with OP_COUNT_ACKS, he may still build on top of blocks
> with invalid OP_COUNT_ACKS operations.
>
> I'm not sure. I assumed that transactions redeeming a script using
OP_COUNT_ACKS would be non-standard, so the the problem you point out
would only happen if the block including the transaction would be mined
specifically for the purpose to defeat subsequent miners. A honest pre-fork
miner would never include a redeemScript that that verifies an
OP_COUNT_ACKS, since that transaction would never be received by the p2p
protocol (it could if the miner accepts non-standard txs by a different
channnel).
But I must check this in the BIP source code if OP_COUNT_ACKS is really
non-standard as I designed it to be.
(Thanks Jonhson Lau for taking the time to analyze the BIP.)
Sergio.
> ---- On Sun, 02 Oct 2016 23:49:08 +0800 Sergio Demian Lerner via
> bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org> wrote ----
> > Since ScalingBitcoin is close, I think this is a good moment to publish
> our proposal on drivechains. This BIP proposed the drivechain we'd like to
> use in RSK (a.k.a. Rootstock) two-way pegged blockchain and see it
> implemented in Bitcoin. Until that happens, we're using a federated
> approach.
> > I'm sure that adding risk-less Bitcoin extensibility through
> sidechains/drivechains is what we all want, but it's of maximum importance
> to decide which technology will leads us there.
> > We hope this work can also be the base of all other new 2-way-pegged
> blockchains that can take Bitcoin the currency to new niches and test new
> use cases, but cannot yet be realized because of current
> limitations/protections.
> >
> > The full BIP plus a reference implementation can be found here:
> >
> > BIP (draft):
> > https://github.com/rootstock/bips/blob/master/BIP-R10.md
> >
> > Code & Test cases:
> > https://github.com/rootstock/bitcoin/tree/op-count-acks_devel
> > (Note: Code is still unaudited)
> >
> > As a summary, OP_COUNT_ACKS is a new segwit-based and soft-forked
> opcode that counts acks and nacks tags in coinbase fields, and push the
> resulting totals in the script stack.
> >
> > The system was designed with the following properties in mind:
> >
> > 1. Interoperability with scripting system
> > 2. Zero risk of invalidating a block
> > 3. No additional computation during blockchain management and
> re-organization
> > 4. No change in Bitcoin security model
> > 5. Bounded computation of poll results
> > 6. Strong protection from DoS attacks
> > 7. Minimum block space consumption
> > 8. Zero risk of cross-secondary chain invalidation
> >
> > Please see the BIP draft for a more-detailed explanation on how we
> achieve these goals.
> >
> > I'll be in ScalingBitcoin in less than a week and I'll be available to
> discuss the design rationale, improvements, changes and ideas any of you
> may have.
> >
> > Truly yours,
> > Sergio Demian Lerner
> > Bitcoiner and RSK co-founder
> >
> > _______________________________________________
> > bitcoin-dev mailing list
> > bitcoin-dev@lists.linuxfoundation.org
> > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
> >
>
>
>
[-- Attachment #2: Type: text/html, Size: 9991 bytes --]
next prev parent reply other threads:[~2016-10-25 16:39 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-10-02 15:49 [bitcoin-dev] Drivechain proposal using OP_COUNT_ACKS Sergio Demian Lerner
2016-10-02 16:17 ` Peter Todd
2016-10-02 17:00 ` Sergio Demian Lerner
2016-10-02 17:11 ` Peter Todd
2016-10-02 17:18 ` Andrew Johnson
2016-10-02 17:24 ` Peter Todd
2016-10-02 21:28 ` Luke Dashjr
2016-10-02 21:46 ` Russell O'Connor
2016-10-02 22:36 ` Sergio Demian Lerner
[not found] ` <CAMZUoKnE9VNnUHrDTtZOroBp=SC_eY1fEAsEOz=4b1=5v_wHaA@mail.gmail.com>
2016-10-02 23:00 ` [bitcoin-dev] Fwd: " Russell O'Connor
[not found] ` <CAKzdR-oxpDdXEcPTYtj6os58cVMgwoqyXvu5UMMQzD3QbvMtxA@mail.gmail.com>
2016-10-02 23:26 ` [bitcoin-dev] " Russell O'Connor
2016-10-02 21:54 ` Russell O'Connor
2016-10-02 17:26 ` Sergio Demian Lerner
2016-10-02 17:34 ` Peter Todd
2016-10-02 18:17 ` Russell O'Connor
2016-10-24 17:37 ` Johnson Lau
2016-10-25 16:38 ` Sergio Demian Lerner [this message]
2016-10-25 17:45 ` Johnson Lau
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAKzdR-pDduY_iLkGJVvux2MkP15T5CSZa6HTTqHPBULYKGNxqA@mail.gmail.com \
--to=sergio.d.lerner@gmail.com \
--cc=bitcoin-dev@lists.linuxfoundation.org \
--cc=jl2012@xbt.hk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox