From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp3.osuosl.org (smtp3.osuosl.org [IPv6:2605:bc80:3010::136]) by lists.linuxfoundation.org (Postfix) with ESMTP id BCDE0C000B for ; Fri, 11 Mar 2022 13:47:28 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp3.osuosl.org (Postfix) with ESMTP id 9DC98611FA for ; Fri, 11 Mar 2022 13:47:28 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: smtp3.osuosl.org (amavisd-new); dkim=pass (2048-bit key) header.d=blockstream-com.20210112.gappssmtp.com Received: from smtp3.osuosl.org ([127.0.0.1]) by localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6LsZ03yVVuhK for ; Fri, 11 Mar 2022 13:47:27 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.8.0 Received: from mail-qk1-x72b.google.com (mail-qk1-x72b.google.com [IPv6:2607:f8b0:4864:20::72b]) by smtp3.osuosl.org (Postfix) with ESMTPS id 614F9611D9 for ; Fri, 11 Mar 2022 13:47:27 +0000 (UTC) Received: by mail-qk1-x72b.google.com with SMTP id h196so6945021qke.12 for ; Fri, 11 Mar 2022 05:47:27 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=blockstream-com.20210112.gappssmtp.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=xx6OeOX+D0sD7Udkd30VwRiYe51NihQjE8+Mdbi+Z4I=; b=WNAD8ak9C/qscP7sCA9DF5AipIBvZxBpL1Xu/GhHEr21j+JzoGhkpZ7ocQ3bqHnWpO qqjquvaKKG3gdRoD7zdQmh69csUP9Sk0YiPKJxrxhXay5uRmGrPXOh1LgCp4DyyND1LU dHaTvw0wKx74m0WqRCYqrHXjV8O83kqUkeyCPbX98dWeKa6CrGF5hb1ObgRFCnlHvwQZ /nAGkj/YLMV5OMN2XTyBm1AbwmcYoTXmR5/j+Lkkgr9ryCKcEOq98Udh/6ZrhPWH6y7e kX5Hdssi7ON2qDiqk1ooFSqsWPr2insb5zL1ZHdOgRUrt9CQJeIFtq9VOY1y6zCa4M8C sLIw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=xx6OeOX+D0sD7Udkd30VwRiYe51NihQjE8+Mdbi+Z4I=; b=wlGKVJaLrfPhsCv6qhWniUG+f2YvAJLqtWTxKkUSyY5xxBFgFGFA+ib7eHmj8P2uhA mGm+Wkv2gMVhVkRlyhoepCtSmg1aI2MuCkLp+IPFTPHYD4iC3L0qKJXWYRIKG9N0zmD5 PxtBrqMh89ruXpGL/rtrKCsmOL9DPiPC+CQCuL5pc0/Vi+KG/BDhsScS1nl6oO7jGYge hgp9OpaPmkph5EW0UEG4qJ8Ep61N/DUUNLW0PovYkAX9Jj4WwNb2CBUQJhWieK0HlNGw sth9bXYrxZrDCMpJ9lHhXGZXWYH6+ZNaYfJnb8Ih+wcfSQL3qGODiGM2oPV56KtfA8dQ W9rg== X-Gm-Message-State: AOAM531Abk6s90xXEQ/B6JgpABGeGRAMoxYkDNdGgRXIqOJ5Hrb4Wbsf X5waRcEPY7KLfJFA6ioh87l4gycMlq3n1RldHcoeAh7assDdMIyN X-Google-Smtp-Source: ABdhPJykLypUVcr3a5NO/ZxsmtZf1rGqFTkaBH2rSPZPTGTawYX1s7B4ZjYjbt6UCAf/XZjkev9v7SleJNZidmW1Hyk= X-Received: by 2002:a37:bcf:0:b0:60d:ed93:67a1 with SMTP id 198-20020a370bcf000000b0060ded9367a1mr6425134qkl.548.1647006445930; Fri, 11 Mar 2022 05:47:25 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: "Russell O'Connor" Date: Fri, 11 Mar 2022 08:47:14 -0500 Message-ID: To: Bitcoin Protocol Discussion Content-Type: multipart/alternative; boundary="00000000000027231b05d9f19218" Subject: Re: [bitcoin-dev] Speedy Trial X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Mar 2022 13:47:28 -0000 --00000000000027231b05d9f19218 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Fri, Mar 11, 2022 at 7:18 AM Jorge Tim=C3=B3n wrote: > I talked about this. But the "no-divergent-rules" faction doesn't like it= , > so we can pretend we have listened to this "faction" and addressed all it= s > concerns, I guess. > Or perhaps it's just "prosectution complex", but, hey, what do I know > about psychology? > Your accusations of bad faith on the part of myself and pretty much everyone else makes me disinclined to continue this discussion with you. I'll reply, but if you want me to continue beyond this, then you need to knock it off with the accusations. > A major contender to the Speedy Trial design at the time was to mandate >> eventual forced signalling, championed by luke-jr. It turns out that, a= t >> the time of that proposal, a large amount of hash power simply did not h= ave >> the firmware required to support signalling. That activation proposal >> never got broad consensus, and rightly so, because in retrospect we see >> that the design might have risked knocking a significant fraction of min= ing >> power offline if it had been deployed. Imagine if the firmware couldn't= be >> quickly updated or imagine if the problem had been hardware related. >> > > Yes, I like this solution too, with a little caveat: an easy mechanism fo= r > users to actively oppose a proposal. > Luke alao talked about this. > If users oppose, they should use activation as a trigger to fork out of > the network by invalidating the block that produces activation. > The bad scenario here is that miners want to deploy something but users > don't want to. > "But that may lead to a fork". Yeah, I know. > I hope imagining a scenario in which developers propose something that > most miners accept but some users reject is not taboo. > This topic is not taboo. There are a couple of ways of opting out of taproot. Firstly, users can just not use taproot. Secondly, users can choose to not enforce taproot either by running an older version of Bitcoin Core or otherwise forking the source code. Thirdly, if some users insist on a chain where taproot is "not activated", they can always softk-fork in their own rule that disallows the version bits that complete the Speedy Trial activation sequence, or alternatively soft-fork in a rule to make spending from (or to) taproot addresses illegal. As for mark, he wasn't talking about activation, but quantum computing > concerns. Perhaps those have been "addressed"? > I just don't know where. > Quantum concerns were discussed. Working from memory, the arguments were (1) If you are worried about your funds not being secured by taproot, then don't use taproot addresses, and (2) If you are worried about everyone else's funds not being quantum secure by other people choosing to use taproot, well it is already too late because over 5M BTC is currently quantum insecure due to pubkey reuse < https://nitter.net/pwuille/status/1108091924404027392>. I think it is unlikely that a quantum breakthrough will sneak up on us without time to address the issue and, at the very least, warn people to move their funds off of taproot and other reused addresses, if not forking in some quantum secure alternative. A recent paper < https://www.sussex.ac.uk/physics/iqt/wp-content/uploads/2022/01/Webber-2022= .pdf> suggest that millions physical qubits will be needed to break EC in a day with current error correction technology. But even if taproot were to be very suddenly banned, there is still a small possibility for recovery because one can prove ownership of HD pubkeys by providing a zero-knowledge proof of the chaincode used to derive them. --00000000000027231b05d9f19218 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
On Fri, Mar 11, 2022 at 7:18 AM Jorge Tim=C3= =B3n <jtimon@jtimon.cc> wrote= :
I talked about this. But the "no-divergent-rules= " faction doesn't like it, so we can pretend we have listened to t= his "faction" and addressed all its concerns, I guess.
Or perhaps it's just "prosectution complex", but= , hey, what do I know about psychology?
<= br>
Your accusations of bad faith on the part of myself and prett= y much everyone else makes me disinclined to continue this discussion with = you.=C2=A0 I'll reply, but if you want me to continue beyond this, then= you need to knock it off with the accusations.=C2=A0
=C2=A0=
<= div dir=3D"auto">
A major contender to the Speedy Trial design at the time was to mandate= eventual forced signalling, championed by luke-jr.=C2=A0 It turns out that= , at the time of that proposal, a large amount of hash power simply did not= have the firmware required to support signalling.=C2=A0 That activation pr= oposal never got broad consensus, and rightly so, because in retrospect we = see that the design might have risked knocking a significant fraction of mi= ning power offline if it had been deployed.=C2=A0 Imagine if the firmware c= ouldn't be quickly updated or imagine if the problem had been hardware = related.

Yes, I like this solution too, with a little caveat: an eas= y mechanism for users to actively oppose a proposal.
Luke alao talked about this.
If users oppose, they = should use activation as a trigger to fork out of the network by invalidati= ng the block that produces activation.
The bad scena= rio here is that miners want to deploy something but users don't want t= o.
"But that may lead to a fork". Yeah, I = know.
I hope imagining a scenario in which developer= s propose something that most miners accept but some users reject is not ta= boo.

This topic is not taboo.

There are a couple of ways of opting out o= f taproot.=C2=A0 Firstly, users can just=20 not use taproot.=C2=A0 Secondly, users can choose to not enforce taproot ei= ther by running an older version of Bitcoin Core or otherwise forking the s= ource code.=C2=A0 Thirdly, if some users insist on a chain where taproot is= "not activated", they can always softk-fork in their own rule th= at disallows the version bits that complete the Speedy Trial activation sequence, or al= ternatively soft-fork in a rule to make spending from (or to) taproot addre= sses illegal.

As for mark, he wasn= 't talking about activation, but quantum computing concerns. Perhaps th= ose have been "addressed"?
I just don'= t know where.

Quantum concerns = were discussed.=C2=A0 Working from memory, the arguments were (1) If you ar= e worried about your funds not being secured by taproot, then don't use= taproot addresses, and (2) If you are worried about everyone else's fu= nds not being quantum secure by other people choosing to use taproot, well = it is already too late because over 5M BTC is currently quantum insecure du= e to pubkey reuse <https://nitter.net/pwuille/status/1108091924404027392>.= =C2=A0 I think it is unlikely that a quantum breakthrough will sneak up on = us without time to address the issue and, at the very least, warn people to= move their funds off of taproot and other reused addresses, if not forking= in some quantum secure alternative.=C2=A0 A recent paper <https://www.sussex.ac.uk/physics/iqt/wp-content/uploads/2022/01/Webber-= 2022.pdf> suggest that millions physical qubits will be needed to br= eak EC in a day with current error correction technology.=C2=A0 But even if= taproot were to be very suddenly banned, there is still a small possibilit= y for recovery because one can prove ownership of HD pubkeys by providing a= zero-knowledge proof of the chaincode used to derive them.
= --00000000000027231b05d9f19218--