Re: [Bitcoin-development] Assurance contracts to fund the network with OP_CHECKLOCKTIMEVERIFY
On Fri, May 08, 2015 at 06:00:37AM -0400, Jeff Garzik wrote: > That reminds me - I need to integrate the patch that automatically sweeps > anyone-can-pay transactions for a miner. You mean anyone-can-spend? I've got code that does this actually: https://github.com/petertodd/replace-by-fee-tools/blob/master/spend-brainwallets-to-fees.py Needs to have a feature where it replaces the txout set with simply OP_RETURN-to-fees if the inputs don't sign the outputs though. (SIGHASH_NONE for instance) -- 'peter'[:-1]@petertodd.org 0ee99382ac6bc043120085973b7b0378811c1acd8e3cdd9c signature.asc Description: Digital signature -- One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y___ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
Re: [Bitcoin-development] Assurance contracts to fund the network with OP_CHECKLOCKTIMEVERIFY
Sorry for the spam of the last mail. I hit send by accident. Assurance contracts are better than simple donations. Donating to a project means that you always end up losing the money but the project might still not get funded. An assurance contract is like Kickstarter, you only get your CC charged if the project is fully funded. There is lower risk, either you get your money back or the project is funded. It might still be worth risking it and hoping it gets funded. Kickstarter does have pledge rewards to reward pledgers. That helps with creating the momentum to encourage people to pledge. -- One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y___ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
Re: [Bitcoin-development] Assurance contracts to fund the network with OP_CHECKLOCKTIMEVERIFY
On Fri, May 8, 2015 at 3:54 PM, Benjamin wrote: > AC does not solve the problem. AC works if people gain directly from > the payment. Not necessarily. > Imagine a group of people paying tax - nobody gains from > paying it. You have to actually need to enforce negative outcomes to > enable it (jail for tax fraud). Hence in Bitcoin we have the enforced > subsidy. AFAIK the problem of how to incentivize transaction > verification without subsidy is unsolved. Who determines a fair price? > People around here should study more economics, game theory, etc. > instead of debating low level encodings all the time. > > On Fri, May 8, 2015 at 4:15 PM, Tier Nolan wrote: > > Just to clarify the process. > > > > Pledgers create transactions using the following template and broadcast > > them. The p2p protocol could be modified to allow this, or it could be a > > separate system. > > > > Input: 0.01 BTC > > Signed with SIGHASH_ANYONE_CAN_PAY > > > > Output 50BTC > > Paid to: <1 million> OP_CHECKLOCKTIMEVERIFY OP_TRUE > > > > Output 0.01BTC > > Paid to OP_TRUE > > > > This transaction is invalid, since the inputs don't pay for the output. > The > > advantage of the sighash "anyone can pay" field is that other people can > add > > additional inputs without making the signature invalid. Normally, any > > change to the transaction would make a signature invalid. > > > > Eventually, enough other users have added pledges and a valid transaction > > can be broadcast. > > > > Input: 0.01 BTC > > Signed with SIGHASH_ANYONE_CAN_PAY > > > > Input: 1.2 BTC > > Signed with SIGHASH_ANYONE_CAN_PAY > > > > Input: 5 BTC > > Signed with SIGHASH_ANYONE_CAN_PAY > > > > > > > > Input: 1.3 BTC > > Signed with SIGHASH_ANYONE_CAN_PAY > > > > Output 50BTC > > Paid to: <1 million> OP_CHECKLOCKTIMEVERIFY OP_TRUE > > > > Output 0.01BTC > > Paid to OP_TRUE > > > > This transaction can be submitted to the main network. Once it is > included > > into the blockchain, it is locked in. > > > > In this example, it might be included in block 999,500. The 0.01BTC > output > > (and any excess over 50BTC) can be collected by the block 999,500 miner. > > > > The OP_CHECKLOCKTIMEVERIFY opcode means that the 50BTC output cannot be > > spent until block 1 million. Once block 1 million arrives, the output is > > completely unprotected. This means that the miner who mines block 1 > million > > can simply take it, by including his own transaction that sends it to an > > address he controls. It would be irrational to include somebody else's > > transaction which spent it. > > > > If by block 999,900, the transaction hasn't been completed (due to not > > enough pledgers), the pledgers can spend the coin(s) that they were > going to > > use for their pledge. This invalidates those inputs and effectively > > withdraws from the pledge. > > > > On Fri, May 8, 2015 at 11:01 AM, Benjamin > > wrote: > >> > >> 2. "A merchant wants to cause block number 1 million to effectively > >> have a minting fee of 50BTC." - why should he do that? That's the > >> entire tragedy of the commons problem, no? > > > > > > No, the pledger is saying that he will only pay 0.01BTC if the miner > gets a > > reward of 50BTC. > > > > Imagine a group of 1000 people who want to make a donation of 50BTC to > > something. They all way that they will donate 0.05BTC, but only if > everyone > > else donates. > > > > It still isn't perfect. Everyone has an incentive to wait until the last > > minute to pledge. > -- One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y___ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
Re: [Bitcoin-development] Assurance contracts to fund the network with OP_CHECKLOCKTIMEVERIFY
>> Imagine a group of 1000 people who want to make a donation of 50BTC to >> something. They all way that they will donate 0.05BTC, but only if everyone >> else donates. It still isn't perfect. Everyone has an incentive to wait until the last minute to pledge. << AC does not solve the problem. AC works if people gain directly from the payment. Imagine a group of people paying tax - nobody gains from paying it. You have to actually need to enforce negative outcomes to enable it (jail for tax fraud). Hence in Bitcoin we have the enforced subsidy. AFAIK the problem of how to incentivize transaction verification without subsidy is unsolved. Who determines a fair price? People around here should study more economics, game theory, etc. instead of debating low level encodings all the time. On Fri, May 8, 2015 at 4:15 PM, Tier Nolan wrote: > Just to clarify the process. > > Pledgers create transactions using the following template and broadcast > them. The p2p protocol could be modified to allow this, or it could be a > separate system. > > Input: 0.01 BTC > Signed with SIGHASH_ANYONE_CAN_PAY > > Output 50BTC > Paid to: <1 million> OP_CHECKLOCKTIMEVERIFY OP_TRUE > > Output 0.01BTC > Paid to OP_TRUE > > This transaction is invalid, since the inputs don't pay for the output. The > advantage of the sighash "anyone can pay" field is that other people can add > additional inputs without making the signature invalid. Normally, any > change to the transaction would make a signature invalid. > > Eventually, enough other users have added pledges and a valid transaction > can be broadcast. > > Input: 0.01 BTC > Signed with SIGHASH_ANYONE_CAN_PAY > > Input: 1.2 BTC > Signed with SIGHASH_ANYONE_CAN_PAY > > Input: 5 BTC > Signed with SIGHASH_ANYONE_CAN_PAY > > > > Input: 1.3 BTC > Signed with SIGHASH_ANYONE_CAN_PAY > > Output 50BTC > Paid to: <1 million> OP_CHECKLOCKTIMEVERIFY OP_TRUE > > Output 0.01BTC > Paid to OP_TRUE > > This transaction can be submitted to the main network. Once it is included > into the blockchain, it is locked in. > > In this example, it might be included in block 999,500. The 0.01BTC output > (and any excess over 50BTC) can be collected by the block 999,500 miner. > > The OP_CHECKLOCKTIMEVERIFY opcode means that the 50BTC output cannot be > spent until block 1 million. Once block 1 million arrives, the output is > completely unprotected. This means that the miner who mines block 1 million > can simply take it, by including his own transaction that sends it to an > address he controls. It would be irrational to include somebody else's > transaction which spent it. > > If by block 999,900, the transaction hasn't been completed (due to not > enough pledgers), the pledgers can spend the coin(s) that they were going to > use for their pledge. This invalidates those inputs and effectively > withdraws from the pledge. > > On Fri, May 8, 2015 at 11:01 AM, Benjamin > wrote: >> >> 2. "A merchant wants to cause block number 1 million to effectively >> have a minting fee of 50BTC." - why should he do that? That's the >> entire tragedy of the commons problem, no? > > > No, the pledger is saying that he will only pay 0.01BTC if the miner gets a > reward of 50BTC. > > Imagine a group of 1000 people who want to make a donation of 50BTC to > something. They all way that they will donate 0.05BTC, but only if everyone > else donates. > > It still isn't perfect. Everyone has an incentive to wait until the last > minute to pledge. -- One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y ___ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
Re: [Bitcoin-development] Assurance contracts to fund the network with OP_CHECKLOCKTIMEVERIFY
Just to clarify the process. Pledgers create transactions using the following template and broadcast them. The p2p protocol could be modified to allow this, or it could be a separate system. *Input: 0.01 BTC* *Signed with SIGHASH_ANYONE_CAN_PAY* *Output 50BTC* *Paid to: <1 million> OP_CHECKLOCKTIMEVERIFY OP_TRUE* *Output 0.01BTC* *Paid to OP_TRUE* This transaction is invalid, since the inputs don't pay for the output. The advantage of the sighash "anyone can pay" field is that other people can add additional inputs without making the signature invalid. Normally, any change to the transaction would make a signature invalid. Eventually, enough other users have added pledges and a valid transaction can be broadcast. *Input: 0.01 BTC* *Signed with SIGHASH_ANYONE_CAN_PAY* *Input: 1.2 BTCSigned with SIGHASH_ANYONE_CAN_PAY* *Input: 5 BTCSigned with SIGHASH_ANYONE_CAN_PAY* ** *Input: 1.3 BTCSigned with SIGHASH_ANYONE_CAN_PAYOutput 50BTC* *Paid to: <1 million> OP_CHECKLOCKTIMEVERIFY OP_TRUE* *Output 0.01BTC**Paid to OP_TRUE* This transaction can be submitted to the main network. Once it is included into the blockchain, it is locked in. In this example, it might be included in block 999,500. The 0.01BTC output (and any excess over 50BTC) can be collected by the block 999,500 miner. The OP_CHECKLOCKTIMEVERIFY opcode means that the 50BTC output cannot be spent until block 1 million. Once block 1 million arrives, the output is completely unprotected. This means that the miner who mines block 1 million can simply take it, by including his own transaction that sends it to an address he controls. It would be irrational to include somebody else's transaction which spent it. If by block 999,900, the transaction hasn't been completed (due to not enough pledgers), the pledgers can spend the coin(s) that they were going to use for their pledge. This invalidates those inputs and effectively withdraws from the pledge. On Fri, May 8, 2015 at 11:01 AM, Benjamin wrote: > 2. "A merchant wants to cause block number 1 million to effectively > have a minting fee of 50BTC." - why should he do that? That's the > entire tragedy of the commons problem, no? > No, the pledger is saying that he will only pay 0.01BTC if the miner gets a reward of 50BTC. Imagine a group of 1000 people who want to make a donation of 50BTC to something. They all way that they will donate 0.05BTC, but only if everyone else donates. It still isn't perfect. Everyone has an incentive to wait until the last minute to pledge. -- One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y___ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
Re: [Bitcoin-development] Assurance contracts to fund the network with OP_CHECKLOCKTIMEVERIFY
Interesting. 1. How do you know who was first? If one node can figure out where more transactions happen he can gain an advantage by being closer to him. Mining would not be fair. 2. "A merchant wants to cause block number 1 million to effectively have a minting fee of 50BTC." - why should he do that? That's the entire tragedy of the commons problem, no? On Fri, May 8, 2015 at 11:49 AM, Mike Hearn wrote: > Looks like a neat solution, Tier. > > -- > One dashboard for servers and applications across Physical-Virtual-Cloud > Widest out-of-the-box monitoring support with 50+ applications > Performance metrics, stats and reports that give you Actionable Insights > Deep dive visibility with transaction tracing using APM Insight. > http://ad.doubleclick.net/ddm/clk/290420510;117567292;y > ___ > Bitcoin-development mailing list > Bitcoin-development@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/bitcoin-development > -- One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y ___ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
Re: [Bitcoin-development] Assurance contracts to fund the network with OP_CHECKLOCKTIMEVERIFY
That reminds me - I need to integrate the patch that automatically sweeps anyone-can-pay transactions for a miner. On Thu, May 7, 2015 at 7:32 PM, Tier Nolan wrote: > One of the suggestions to avoid the problem of fees going to zero is > assurance contracts. This lets users (perhaps large merchants or > exchanges) pay to support the network. If insufficient people pay for the > contract, then it fails. > > Mike Hearn suggests one way of achieving it, but it doesn't actually > create an assurance contract. Miners can exploit the system to convert the > pledges into donations. > > https://bitcointalk.org/index.php?topic=157141.msg1821770#msg1821770 > > Consider a situation in the future where the minting fee has dropped to > almost zero. A merchant wants to cause block number 1 million to > effectively have a minting fee of 50BTC. > > He creates a transaction with one input (0.1BTC) and one output (50BTC) > and signs it using SIGHASH_ANYONE_CAN_PAY. The output pays to OP_TRUE. > This means that anyone can spend it. The miner who includes the > transaction will send it to an address he controls (or pay to fee). The > transaction has a locktime of 1 million, so that it cannot be included > before that point. > > This transaction cannot be included in a block, since the inputs are lower > than the outputs. The SIGHASH_ANYONE_CAN_PAY field mean that others can > pledge additional funds. They add more input to add more money and the > same sighash. > > There would need to be some kind of notice boeard system for these > pledges, but if enough pledge, then a valid transaction can be created. It > is in miner's interests to maintain such a notice board. > > The problem is that it counts as a pure donation. Even if only 10BTC has > been pledged, a miner can just add 40BTC of his own money and finish the > transaction. He nets the 10BTC of the pledges if he wins the block. If he > loses, nobody sees his 40BTC transaction. The only risk is if his block is > orphaned and somehow the miner who mines the winning block gets his 40BTC > transaction into his block. > > The assurance contract was supposed to mean "If the effective minting fee > for block 1 million is 50 BTC, then I will pay 0.1BTC". By adding his > 40BTC to the transaction the miner converts it to a pure donation. > > The key point is that *other* miners don't get 50BTC reward if they find > the block, so it doesn't push up the total hashing power being committed to > the blockchain, that a 50BTC minting fee would achieve. This is the whole > point of the assurance contract. > > OP_CHECKLOCKTIMEVERIFY could be used to solve the problem. > > Instead of paying to OP_TRUE, the transaction should pay 50 BTC to "<1 > million> OP_CHECKLOCKTIMEVERIFY OP_TRUE" and 0.01BTC to "OP_TRUE". > > This means that the transaction could be included into a block well in > advance of the 1 million block point. Once block 1 million arrives, any > miner would be able to spend the 50 BTC. The 0.01BTC is the fee for the > block the transaction is included in. > > If the contract hasn't been included in a block well in advance, pledgers > would be recommended to spend their pledged input, > > It can be used to pledge to many blocks at once. The transaction could > pay out to lots of 50BTC outputs but with the locktime increasing by for > each output. > > For high value transactions, it isn't just the POW of the next block that > matters but all the blocks that are built on top of it. > > A pledger might want to say "I will pay 1BTC if the next 100 blocks all > have at least an effective minting fee of 50BTC" > > > -- > One dashboard for servers and applications across Physical-Virtual-Cloud > Widest out-of-the-box monitoring support with 50+ applications > Performance metrics, stats and reports that give you Actionable Insights > Deep dive visibility with transaction tracing using APM Insight. > http://ad.doubleclick.net/ddm/clk/290420510;117567292;y > ___ > Bitcoin-development mailing list > Bitcoin-development@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/bitcoin-development > > -- Jeff Garzik Bitcoin core developer and open source evangelist BitPay, Inc. https://bitpay.com/ -- One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y___ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
Re: [Bitcoin-development] Assurance contracts to fund the network with OP_CHECKLOCKTIMEVERIFY
Looks like a neat solution, Tier. -- One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y___ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
[Bitcoin-development] Assurance contracts to fund the network with OP_CHECKLOCKTIMEVERIFY
One of the suggestions to avoid the problem of fees going to zero is assurance contracts. This lets users (perhaps large merchants or exchanges) pay to support the network. If insufficient people pay for the contract, then it fails. Mike Hearn suggests one way of achieving it, but it doesn't actually create an assurance contract. Miners can exploit the system to convert the pledges into donations. https://bitcointalk.org/index.php?topic=157141.msg1821770#msg1821770 Consider a situation in the future where the minting fee has dropped to almost zero. A merchant wants to cause block number 1 million to effectively have a minting fee of 50BTC. He creates a transaction with one input (0.1BTC) and one output (50BTC) and signs it using SIGHASH_ANYONE_CAN_PAY. The output pays to OP_TRUE. This means that anyone can spend it. The miner who includes the transaction will send it to an address he controls (or pay to fee). The transaction has a locktime of 1 million, so that it cannot be included before that point. This transaction cannot be included in a block, since the inputs are lower than the outputs. The SIGHASH_ANYONE_CAN_PAY field mean that others can pledge additional funds. They add more input to add more money and the same sighash. There would need to be some kind of notice boeard system for these pledges, but if enough pledge, then a valid transaction can be created. It is in miner's interests to maintain such a notice board. The problem is that it counts as a pure donation. Even if only 10BTC has been pledged, a miner can just add 40BTC of his own money and finish the transaction. He nets the 10BTC of the pledges if he wins the block. If he loses, nobody sees his 40BTC transaction. The only risk is if his block is orphaned and somehow the miner who mines the winning block gets his 40BTC transaction into his block. The assurance contract was supposed to mean "If the effective minting fee for block 1 million is 50 BTC, then I will pay 0.1BTC". By adding his 40BTC to the transaction the miner converts it to a pure donation. The key point is that *other* miners don't get 50BTC reward if they find the block, so it doesn't push up the total hashing power being committed to the blockchain, that a 50BTC minting fee would achieve. This is the whole point of the assurance contract. OP_CHECKLOCKTIMEVERIFY could be used to solve the problem. Instead of paying to OP_TRUE, the transaction should pay 50 BTC to "<1 million> OP_CHECKLOCKTIMEVERIFY OP_TRUE" and 0.01BTC to "OP_TRUE". This means that the transaction could be included into a block well in advance of the 1 million block point. Once block 1 million arrives, any miner would be able to spend the 50 BTC. The 0.01BTC is the fee for the block the transaction is included in. If the contract hasn't been included in a block well in advance, pledgers would be recommended to spend their pledged input, It can be used to pledge to many blocks at once. The transaction could pay out to lots of 50BTC outputs but with the locktime increasing by for each output. For high value transactions, it isn't just the POW of the next block that matters but all the blocks that are built on top of it. A pledger might want to say "I will pay 1BTC if the next 100 blocks all have at least an effective minting fee of 50BTC" -- One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y___ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
