Re: [bitcoin-dev] Making the case for flag day activation of taproot

2021-03-04 Thread Vincent Truong via bitcoin-dev 
I must remind everyone of Mike Hearn's proposal not many years ago, which
ought to be on everyone's mind right now. "Every soft fork should be a hard
fork, and that soft forks are inherently dangerous because old nodes are
tricked to not know what the new nodes are doing" (paraphrased). Whether
taproot is dangerous is not the issue; whether old nodes should or should
not ignore new rules, is.

Flag day activation of a soft fork is basically proposing a hard fork, but
without saying or doing it at full commitment. May as well just do a flag
day hard fork.

Bitcoin Cash/Bcash has already tested for you how a market driven hard fork
should work. Bitcoin didn't die. We should be learning from the mistakes
made in those early hard forks to not repeat them when Bitcoin hard forks -
like having replay protection written before deployment.

If it's not evident within the first 6-12 blocks which fork is winning,
then the market will trade it out. Just like what happened with Bitcoin
Cash/Bcash.

Not only that, it stops the drama of Bitcoin Core devs from "being in
control" of consensus. The market will choose, you just create the safest
way for users to participate. The market is consensus. Rough consensus is
just the conversation starter.


On Thu, 4 Mar 2021, 1:39 am Chris Belcher via bitcoin-dev, <
bitcoin-dev@lists.linuxfoundation.org> wrote:

> The bitcoin world is close to total gridlock on the question of how to
> activate taproot. There's no agreement on activation[1][2], and if an
> agreement isn't reached then nothing happens. That would be really
> terrible because we'd miss out on the benefits of taproot and
> potentially other future soft forks.
>
> A major problem with BIP8 is that it would result to a situation where
> different parts of the bitcoin ecosystem run different consensus rules.
> Some people will run LOT=true and others LOT=false. Worst of all, it
> becomes vulnerable to a twitter/reddit/social media blitz which could
> attempt to move the date of miner activation around.
>
> Twitter and reddit drama provide a perfect cover for social attacks on
> bitcoin.
>
> Forced signalling leads to brinksmanship. Where two or more sides
> (backed up by social media drama) enter into a game of chicken with
> deployed nodes. If one of them doesn't concede then we get a damaging
> chain split. And the $1 trillion in value that the bitcoin network
> protects is put at risk. From the point of view of a miner or big
> exchange stuck in the middle, if they look at the ecosystem of twitter
> and reddit (especially if you think about all the problems with bots and
> sockpuppets) they have no idea which consensus rules they should
> actually follow and exactly what date they take effect. Miners,
> exchanges, merchants and the rest of the ecosystem exist to serve their
> customers and users, and trouble happens when they don't know what their
> customers really want. Social media attacks are not just a theoretical
> concern; back during the block size drama, the bitcoin reddits were
> targetted by bots, sockpuppets and brigading[3].
>
> Enter flag day activation. With a flag day there can be no
> brinksmanship. A social media blitz cant do anything except have its own
> followers fork away. Crucially, miner signalling cant be used to change
> the activation date for nodes that didn't choose to and just passively
> follow signalling. Changing the activation date requires all those users
> to actually run different node software.
>
> Flag day activation works simply: we choose a block height and after
> that block height the new taproot rules become enforced.
>
>
> Supporters of the permissionless, "users rule" approach of LOT=true
> should be happy because it completely takes miners out of activation.
>
> Supporters of the safe, conservative approach of LOT=false can be made
> happy with a few ways of derisking:
>
> * Getting mining pools, businesses and users to look at the code and ask
> if they (a) think its either neutral or good for their business or use
> case and (b) they believe others view it similarly and that the
> consensus changes proposed have a good social consensus around them.
>
> * Setting the flag day far in the future (18 months or 2 years in the
> original proposal[3]).
>
>
> == What if flag day activation is used maliciously? ==
>
> What if one day the Core developer team is co-opted and uses the flag
> day method to do something bad? For example, a soft fork where sending
> to certain blacklisted addresses is not allowed. The bitcoin user
> community who wants to resist this can create their own
> counter-soft-fork full node, where the first block after the flag day
> MUST pay to one of those addresses on the blacklist. This forces a chain
> split between the censorship rules and the no-censorship rules, and its
> pretty obvious that the real bitcoin which most people follow will be
> the chain without censorship.
>
> For example, if a group of users didn't agree with taproot then they
>

Re: [bitcoin-dev] Forget dormant UTXOs without confiscating bitcoin

2015-12-12 Thread Vincent Truong via bitcoin-dev 
Dormant threshold is way too low. There's many news articles about people
forgetting that they used to mine bitcoins and then suddenly remembered.
This will continue to happen for much longer than 8 years as people
rediscover bitcoin when it goes further mainstream. You can't expect them
to have run a node/kept their utxo before they were aware of this change
and then realise miners have discarded their utxo. Oops?

Since we can't predict when mainstream will happen, you instead need a
threshold where the key holder is likely dead. That should be like 80 years
or 120 years, so 4.2m to 6.3m confirmations.

Next paragraph is off topic:

IMO it would be even better for these dormant & dead key holder's utxos to
also re-enter the economy as miner fees; let 1 dormant utxo to be mined per
block. It would need a hard fork. But then maybe people would stop being so
stupid with burning bitcoins/sending it to 1BitcoinEater, or mining a
million bitcoins from day 1 and leaving it, if they know it'll eventually
go into another miner's pockets. This could be used to fund cheap
transactions forever, and miners would be incentivised to hold copies of
these dormant utxos since it could become theirs one day. But this would be
even more controversial than just expiring them as we are in no short
supply of people who believe in Bitcoin's deflationary, fossil fuel
(burnable) economy, rather than a cyclical economy that better resembles
how we treat lost gold today...
On Dec 13, 2015 10:29 AM, "gb via bitcoin-dev" <
bitcoin-dev@lists.linuxfoundation.org> wrote:

> The general concept has merit and the basic outline here seems sound
> enough. I have harboured a notion for having "archived UTXO" for some
> time, this is essentially it. The retrieval from archive cost is on the
> UTXO holder not the entire storage network, which is then only bearing
> full 'instant' retrieval costs for N blocks.
>
> On Sat, 2015-12-12 at 15:09 -0500, jl2012--- via bitcoin-dev wrote:
> > It is a common practice in commercial banks that a dormant account might
> > be confiscated. Confiscating or deleting dormant UTXOs might be too
> > controversial, but allowing the UTXOs set growing without any limit
> > might not be a sustainable option. People lose their private keys.
> > People do stupid things like sending bitcoin to 1BitcoinEater. We
> > shouldn’t be obliged to store everything permanently. This is my
> > proposal:
> >
> > Dormant UTXOs are those UTXOs with 42 confirmations. In every block
> > X after 42, it will commit to a hash for all UTXOs generated in
> > block X-42. The UTXOs are first serialized into the form:
> > txid|index|value|scriptPubKey, then a sorted Merkle hash is calculated.
> > After some confirmations, nodes may safely delete the UTXO records of
> > block X permanently.
> >
> > If a user is trying to redeem a dormant UTXO, in addition the signature,
> > they have to provide the scriptPubKey, height (X), and UTXO value as
> > part of the witness. They also need to provide the Merkle path to the
> > dormant UTXO commitment.
> >
> > To confirm this tx, the miner will calculate a new Merkle hash for the
> > block X, with the hash of the spent UTXO replaced by 1, and commit the
> > hash to the current block. All full nodes will keep an index of latest
> > dormant UTXO commitments so double spending is not possible. (a
> > "meta-UTXO set")
> >
> > If all dormant UTXOs under a Merkle branch are spent, hash of the branch
> > will become 1. If all dormant UTXOs in a block are spent, the record for
> > this block could be forgotten. Full nodes do not need to remember which
> > particular UTXO is spent or not, since any person trying to redeem a
> > dormant UTXO has to provide such information.
> >
> > It becomes the responsibility of dormant coin holders to scan the
> > blockchain for the current status of the UTXO commitment for their coin.
> > They may also need to pay extra fee for the increased tx size.
> >
> > This is a softfork if there is no hash collision but this is a
> > fundamental assumption in Bitcoin anyway. The proposal also works
> > without segregated witness, just by replacing "witness" with "scriptSig"
> >
> > ___
> > bitcoin-dev mailing list
> > bitcoin-dev@lists.linuxfoundation.org
> > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>
>
> ___
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>
___
bitcoin-dev mailing list
bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev

Re: [bitcoin-dev] BIP 9 style version bits for txns

2015-12-08 Thread Vincent Truong via bitcoin-dev 
I suppose whether the wallet devs want to implement the soft fork or not is
irrelevant. They only need to indicate if they are ready i.e. they've
tested the new soft fork, hard fork or feature and validated that it
doesn't break their nodes or wallet software.
On Dec 9, 2015 6:40 AM, "Chris Priest" <cp368...@ohiou.edu> wrote:

> I proposed in my Wildcard Inputs BIP that the version field be split
> in two. The first 4 bytes are version number (which in practice is
> being used for script version), and the second 4 bits are used for
> transaction type.
>
> I don't think the BIP9 mechanism really applies to transactions. A
> block is essentially a collection of transactions, therefore voting on
> the block applies to the many parties who have transactions in the
> block. A transaction on the other hand only effects at most two
> parties (the sender and the receiver). In other words, block are
> "communal" data structures, transactions are individual data
> structures. Also, the nature of soft forks are that wallets can choose
> to implement a new feature or not. For instance, if no wallets
> implement RBF or SW, then those features effectively don't exist,
> regardless of how many nodes have upgraded to handle the feature.
>
> Any new transaction feature should get a new "type" number. A new
> transaction feature can't happen until the nodes support it.
>
> On 12/8/15, Vincent Truong via bitcoin-dev
> <bitcoin-dev@lists.linuxfoundation.org> wrote:
> > So I have been told more than once that the version announcement in
> blocks
> > is not a vote, but a signal for readiness, used in isSupermajority().
> > Basically, if soft forks (and hard forks) won't activate unless a
> certain %
> > of blocks have been flagged with the version up (or bit flipped when
> > versionbits go live) to signal their readiness, that is a vote against
> > implementation if they never follow up. I don't like this politically
> > correct speech because in reality it is a vote... But I'm not here to
> argue
> > about that... I would like to see if there are any thoughts on
> > extending/copying isSupermajority() for a new secondary/non-critical
> > function to also look for a similar BIP 9 style version bit in txns.
> > Apologies if already proposed, haven't heard of it anywhere.
> >
> > If we are looking for a signal of readiness, it is unfair to wallet
> > developers and exchanges that they are unable to signal if they too are
> > ready for a change. As more users are going into use SPV or SPV-like
> > wallets, when a change occurs that makes them incompatible/in need of
> > upgrade we need to make sure they aren't going to break or introduce
> > security flaws for users.
> >
> > If a majority of transactions have been sent are flagged ready, we know
> > that they're also good to go.
> >
> > Would you implement the same versionbits for txn's version field, using 3
> > bits for versioning and 29 bits for flags? This indexing of every txn
> might
> > sound insane and computationally expensive for bitcoin Core to run, but
> if
> > it isn't critical to upgrade with soft forks, then it can be watched
> > outside the network by enthusiasts. I believe this is the most
> politically
> > correct way to get wallet devs and exchanges involved. (If it were me I
> > would absolutely try figure out a way to stick it in isSupermajority...)
> >
> > Miners can watch for readiness flagged by wallets before they themselves
> > flag ready. We will have to trust miners to not jump the gun, but that's
> > the trade off.
> >
> > Thoughts?
> >
>
___
bitcoin-dev mailing list
bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev

[bitcoin-dev] Use CPFP as consensus critical for Full-RBF

2015-11-28 Thread Vincent Truong via bitcoin-dev 
(I haven't been following this development recently so apologies in advance
if I've made assumptions about RBF)

If you made CPFP consensus critical for all Full-RBF transactions, RBF
should be safer to use. I see RBF as a necessity for users to fix mistakes
(and not for transaction prioritisation), but we can't know for sure if
miners are playing with this policy fairly or not. It is hard to spot a
legitimate RBF and a malicious one, but if the recipient signs off on the
one they know about using CPFP, there should be no problems. This might
depend on the CPFP implementation, because you'll need a way for the
transaction to mark which output is a change address and which is a payment
to prevent the sender from signing off his own txns. (This might be bad for
privacy, but IMO a lot safer than allowing RBF double spending sprees... If
you value privacy then don't use RBF?) Or maybe let them sign it off but
make all outputs sign off somehow.

Copy/Paste from my reddit post:

https://www.reddit.com/r/Bitcoin/comments/3ul1kb/slug/cxgegkj

Going to chime in my opinion: opt-in RBF eliminates the trust required with
miners. You don't know if they're secretly running RBF right now anyway.
Whether Peter Todd invented this is irrelevant, it was going to happen
either way either with good intentions or with malice, so better to develop
this with good intentions.

Perhaps the solution to this problem is simple. Allow Full-RBF up to the
point where a recipient creates a CPFP transaction. Any transaction with
full RBF that hasn't been signed off with a CPFP cannot go into a block,
and this can become a consensus rule rather than local policy thanks to the
opt-in flags that's inside transactions.

> P.S. (When I wrote this, I'm actually not sure how the flag looks like
and am just guessing it can be used this way. I'm not familiar with the
implementation.)

CPFP is needed so that merchants can bear the burden of fees (double
bandwidth costs aside, and frankly if RBF is allowed bandwidth is going to
increase regardless anyway). That's always the way I've being seeing its
purpose. And this makes RBF much safer to use by combining the two.
___
bitcoin-dev mailing list
bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev

Re: [bitcoin-dev] Weekly development meetings on IRC: schedule

2015-09-23 Thread Vincent Truong via bitcoin-dev 
All,

Current meeting time visualised globally.

http://everytimezone.com/#2015-9-24,420,4ia

jl,

I think I found a good compromise: if the US want to accommodate Asia and
willing to sacrifice preference, 23:00 to 00:00 UTC might work.

http://everytimezone.com/#2015-9-24,660,4ia

It isn't easy to grab everyone's preference and accommodate everyone, so
this might work in theory but people may not be free to show up. US should
be ok. UK can participate or catch some nice z. Asia will need a bit of
early bird time but it's not as crazy as 3am. AU also fits in there nicely.

A meeting like this once a month should be enough probably (say, do this on
the first week of the month, and run every other week on the main
schedule). But I don't know whether there are enough people in Asia/AU to
make it worth it. Asia/AU people, thoughts?
On Sep 23, 2015 9:01 PM, "jl2012 via bitcoin-dev" <
bitcoin-dev@lists.linuxfoundation.org> wrote:

> There could not be a worse timing than this for those in China (3-4am),
> Japan/Korea (4-5am), and Australia (3-6am depends on which part of the
> country). Maybe we have no dev in this part of the planet? Is there any
> chance to review the timing in a weekly or monthly basis (also with a
> doodle vote?)
>
> Will there be any agenda published before the meetings? If I'm really
> interested in the topics, I'll have some reasons to get up in the middle of
> the night.
>
> Wladimir J. van der Laan via bitcoin-dev 於 2015-09-22 10:36 寫到:
>
>> Hello,
>>
>> There was overwhelming response that weekly IRC meetings are a good thing.
>>
>> Thanks to the doodle site we were able to select a time slot that
>> everyone (that voted) is available:
>>
>> Thursday 19:00-20:00 UTC, every week, starting September 24 (next
>> Thursday)
>>
>> I created a shared Google Calendar here:
>>
>> https://www.google.com/calendar/embed?src=MTFwcXZkZ3BkOTlubGliZjliYTg2MXZ1OHNAZ3JvdXAuY2FsZW5kYXIuZ29vZ2xlLmNvbQ
>>
>> The timezone of this calendar is Reykyavik (Iceland) which is UTC+0.
>> However, you can use the button on the lower right to add the calendar
>> to your own calendar, which will then show the meeting in your own
>> timezone.
>>
>> See you then,
>>
>> Wladimir
>>
>> ___
>> bitcoin-dev mailing list
>> bitcoin-dev@lists.linuxfoundation.org
>> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>>
>
> ___
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>
___
bitcoin-dev mailing list
bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev

Re: [bitcoin-dev] Bitcoin Days Destroyed as block selection heuristic

2015-09-11 Thread Vincent Truong via bitcoin-dev 
Would this alter the way txns will be prioritised in order to try to win?
You would always pick txns with the best BTCDD to maximize your chances of
being the block to build on.

I see this as potentially being a bad outcome for bitcoin's fungibility.
On Sep 12, 2015 5:26 AM, "Dave Scotese via bitcoin-dev" <
bitcoin-dev@lists.linuxfoundation.org> wrote:

> Yes, this proposal is a policy that everyone would be free to ignore.  I
> should have introduced the situation in which this *unenforceable* policy
> makes sense to me.  Here it is:
>
> Every miner is listening for valid block solutions but might receive two
> valid blocks and then they have to decide which one to use.  Choosing the
> one you saw first is the default behavior.  In that situation, we'd all
> like everyone to choose the same block.  I propose that a better heuristic
> than "first seen" is to compare the BTCDD, *but only of transactions you
> already have in your mempool*, and
>
> *weight the BTCDD so that txns you got earlier are more important.*
> The heuristic is most useful when the two blocks are received within a
> small window of time, opting for the first-seen rule otherwise.  I assume
> many miners have an idea of how long it takes for anyone's new block to get
> across the network, and more specifically, the range of times it takes for
> new solutions to get to themselves.  During this little time window, the
> chances are 50/50 that they'll choose the right block.  If the default
> behavior were to use BTCDD during that time window (one second? I have no
> idea!), then the chances would be significantly better.
>
> I think Jorge is right that it doesn't benefit miners.  It doesn't hurt
> them either, unless they are trying to do selfish mining.  Well, it
> benefits them in terms of increased bitcoin stability by A) making it
> easier for clients to decide which block is valid when they see two
> competing with each other, B) motivating miners to add transactions instead
> of mining empty blocks, C) severely decreasing the utility of any global
> private network of nodes intended to spread selfishly-mined blocks, and D)
> motivating miners to stay well-connected so that they get transactions
> quickly.
>
> I sent this to the list because it is only useful if it is set as default
> behavior since most miners leave the defaults alone, and the benefits don't
> materialize unless a majority follows the policy.
>
> On Fri, Sep 11, 2015 at 11:37 AM, Jorge Timón  wrote:
>
>>
>> On Sep 11, 2015 1:18 PM, "Christophe Biocca" 
>> wrote:
>> >
>> > It's pretty obvious that Dave is suggesting an alternate tie-breaker:
>>
>> I thought he was proposing a new consesnsus rule. I see, this would be
>> just a policy validation that everybody would be free to ignore (like the
>> "first seen" spend conflict tx replacement policy).
>>
>> I don't see how miners would benefit from running this policy so I would
>> not expect them to run it in the long run (like the "first seen" spend
>> conflict tx replacement policy).
>> If miners don't use it, I don't see how users can benefit from running
>> that policy themselves.
>> They will still have to keep waiting some block confirmation to
>> exponentially reduce the chances of a successful double-spend attack with
>> each new confirmation (as explained in the bitcoin white paper).
>>
>> > Mind you, that risk doesn't apply if we prefer non-empty blocks to
>> > empty blocks and leave it at that, or only switch if the new block
>> > doesn't double spend transactions in the old one, so it's a fixable
>> > issue.
>>
>> How do you know which of 2 blocks with the same height is "newer"?
>>
>> > On 11 September 2015 at 12:32, Jorge Timón
>> >  wrote:
>> > >
>> > > On Sep 11, 2015 12:27 PM, "Dave Scotese via bitcoin-dev"
>> > >  wrote:
>> > >>
>> > >> Rather than (promising to, and when they don't actually, at least
>> > >> pretending to) use the first-seen block, I propose that a more
>> sophisticated
>> > >> method of choosing which of two block solutions to accept.
>> > >
>> > > There's already a criterion to chose: the one with more work (in valid
>> > > blocks) on top of it.
>> > >
>> > >
>> > > ___
>> > > bitcoin-dev mailing list
>> > > bitcoin-dev@lists.linuxfoundation.org
>> > > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>> > >
>>
>
>
>
> --
> I like to provide some work at no charge to prove my value. Do you need a
> techie?
> I own Litmocracy  and Meme Racing
>  (in alpha).
> I'm the webmaster for The Voluntaryist 
> which now accepts Bitcoin.
> I also code for The Dollar Vigilante .
> "He ought to find it more profitable to play by the rules" - Satoshi
> Nakamoto
>
>