Bitcoin Core :: Segregated Witness Benefits

/u/jl_2012 comments on new extension block BIP - "a block reorg will almost guarantee changing txid of the resolution tx, that will permanently invalidate all the child txs based on the resolution tx"

Comments from jl_2012
I feel particularly disappointed that while this BIP is 80% similar to my proposal made 2 months ago ( ), Matt Corallo was only the person replied me. Also, this BIP seems ignored the txid malleability of the resolution tx, as my major technical critique of xblock design.
But anyway, here I’m only making comments on the design. As I said in my earlier post, I consider this more as an academic topic than something really ready for production use.
This specification defines a method of increasing bitcoin transaction throughput without altering any existing consensus rules.
Softforks by definition tighten consensus rules
There has been great debate regarding other ways of increasing transaction throughput, with no proposed consensus-layer solutions that have proven themselves to be particularly safe.
so the authors don’t consider segwit as a consensus-layer solution to increase transaction throughput, or not think segwit is safe? But logically speaking if segwit is not safe, this BIP could only be worse. OTOH, segwit also obviously increases tx throughput, although it may not be as much as some people wish to have.
This specification refines many of Lau's ideas, and offers a much simpler method of tackling the value transfer issue, which, in Lau's proposal, was solved with consensus-layer UTXO selection.
The 2013 one is outdated. As the authors are not quoting it, not sure if they read my January proposal
extension block activation entails BIP141 activation.
I think extension block in the proposed form actually breaks BIP141. It may say it activates segregated witness as a general idea, but not a specific proposal like BIP141
The merkle root is to be calculated as a merkle tree with all extension block txids and wtxids as the leaves.
It needs to be more specific here. How are they exactly arranged? I suggest it uses a root of all txids, and a root of all wtxids, and combine them as the commitment. The reason is to allow people to prune the witness data, yet still able to serve the pruned tx to light wallets. If it makes txid and wtxid as pairs, after witness pruning it still needs to store all the wtxids or it can’t reconstruct the tree
Outputs signal to exit the extension block if the contained script is either a minimally encoded P2PKH or P2SH script.
This hits the biggest question I asked in my January post: do you want to allow direct exit payment to legacy addresses? As a block reorg will almost guarantee changing txid of the resolution tx, that will permanently invalidate all the child txs based on the resolution tx. This is a significant change to the current tx model. To fix this, you need to make exit outputs unspendable for up to 100 blocks. Doing this, however, will make legacy wallet users very confused as they do not anticipate funding being locked up for a long period of time. So you can’t let the money sent back to a legacy address directly, but sent to a new format address that only recognized by new wallet, which understands the lock up requirement. This way, however, introduces friction and some fungibility issues, and I’d expect people using cross chain atomic swap to exchange bitcoin and xbitcoin
To summarise, my questions are: 1. Is it acceptable to have massive txid malleability and transaction chain invalidation for every natural happening reorg? Yes: the current spec is ok; No: next question (I’d say no) 2. Is locking up exit outputs the best way to deal with the problem? (I tried really hard to find a better solution but failed) 3. How long the lock-up period should be? Answer could be anywhere from 1 to 100 4. With a lock-up period, should it allow direct exit to legacy address? (I think it’s ok if the lock-up is short, like 1-2 block. But is that safe enough?) 5. Due to the fungibility issues, it may need a new name for the tokens in the ext-block
Verification of transactions within the extension block shall enforce all currently deployed softforks, along with an extra BIP141-like ruleset.
I suggest to only allow push-only and OP_RETURN scriptPubKey in xblock. Especially, you don’t want to replicate the sighash bug to xblock. Also, requires scriptSig to be always empty
This leaves room for 7 future soft-fork upgrades to relax DoS limits.
Why 7? There are 16 unused witness program versions
Witness script hash v0 shall be worth the number of accurately counted sigops in the redeem script, multiplied by a factor of 8.
There is a flaw here: witness script with no sigop will be counted as 0 and have a lot free space
every 73 bytes in the serialized witness vector is worth 1 additional point.
so 72 bytes is 1 point or 0 point? Maybe it should just scale everything up by 64 or 128, and make 1 witness byte = 1 point . So it won’t provide any “free space” in the block.
Currently defined witness programs (v0) are each worth 8 points. Unknown witness program outputs are worth 1 point. Any exiting output is always worth 8 points.
I’d suggest to have at least 16 points for each witness v0 output, so it will make it always more expensive to create than spend UTXO. It may even provide extra “discount” if a tx has more input than output. The overall objective is to limit the UTXO growth. The ext block should be mainly for making transactions, not store of value (I’ll explain later)
Dust Threshold
In general I think it’s ok, but I’d suggest a higher threshold like 5000 satoshi. It may also combine the threshold with the output witness version, so unknown version may have a lower or no threshold. Alternatively, it may start with a high threshold and leave a backdoor softfork to reduce it.
It is a double-edged sword. While it is good for us to be able to discard an unused chain, it may create really bad user experience and people may even lose money. For example, people may have opened Lightning channels and they will find it not possible to close the channel. So you need to make sure people are not making time-locked tx for years, and require people to refresh their channel regularly. And have big red warning when the deactivation SF is locked in. Generally, xblock with deactivation should never be used as long-term storage of value.
———— some general comments:
  1. This BIP in current form is not compatible with BIP141. Since most nodes are already upgraded to BIP141, this BIP must not be activated unless BIP141 failed to activate. However, if the community really endorse the idea of ext block, I see no reason why we couldn’t activate BIP141 first (which could be done in 2 weeks), then work together to make ext block possible. Ext block is more complicated than segwit. If it took dozens of developers a whole year to release segwit, I don’t see how ext block could become ready for production with less time and efforts.
  2. Another reason to make this BIP compatible with BIP141 is we also need malleability fix in the main chain. As the xblock has a deactivation mechanism, it can’t be used for longterm value storage.
  3. I think the size and cost limit of the xblock should be lower at the beginning, and increases as we find it works smoothly. It could be a predefined growth curve like BIP103, or a backdoor softfork. With the current design, it leaves a massive space for miners to fill up with non-tx garbage. Also, I’d also like to see a complete SPV fraud-proof solution before the size grows bigger.
submitted by jonny1000 to Bitcoin [link] [comments]

BIP proposal: Increase block size limit to 2 megabytes | Gavin Andresen | Feb 05 2016

Gavin Andresen on Feb 05 2016:
This has been reviewed by merchants, miners and exchanges for a couple of
weeks, and has been implemented and tested as part of the Bitcoin Classic
and Bitcoin XT implementations.
Constructive feedback welcome; argument about whether or not it is a good
idea to roll out a hard fork now will be unproductive, so I vote we don't
go there.
Draft BIP:
Increase block size limit to 2,000,000 bytes.
After 75% hashpower support then 28-day grace period.
With accurate sigop counting, but existing sigop limit (20,000)
And a new, high limit on signature hashing
Blog post walking through the code:
Blog post on a couple of the constants chosen:

Gavin Andresen
-------------- next part --------------
An HTML attachment was scrubbed...
submitted by dev_list_bot to bitcoin_devlist [link] [comments]

03-10 04:07 - 'parallel block validation sort of addresses the big blocks problem and the sighash problem (though I would prefer a sigop limit on transactions). But as for the big blocks problem, miners set their Acceptance Depth (AD) to wha...' by /u/lexensi1 removed from /r/Bitcoin within 74-79min

parallel block validation sort of addresses the big blocks problem and the sighash problem (though I would prefer a sigop limit on transactions). But as for the big blocks problem, miners set their Acceptance Depth (AD) to whatever they want. So a block that is too large will have to have many blocks mined on top of it as well before it is accepted. The only way that can happen is if a majority of miners agree that the block is not too large.
As for malleability, there is the flextrans proposal but I don't know if it's under consideration by BU or not. Segwit doesn't solve malleability once and for all either, because the old-style transactions are still valid, so exchanges and wallets and other software still need to take into account that it's possible in the way they program their software.
Not sure what the median EB attack is.
Firstly AD is now 12. Therefore EB=1MB miners can get 12 blocks orphaned, which would take an expected 4 hours. There would be no warning for users and they could see funds wiped from their wallets after 11 confirmations.
After this then all the EB = 1MB miners would have their sticky gates triggered, whilst all the EB = 1.1MB would have their sticky gates closed. Now a malicious miner can split the hashrate 50/50 again. This time the smaller blockers ironically on the larger block chain and vica versa. It would be a massive confusing mess.
It does not actually address either, unfortunately. A mining consortium would be perfectly capable of gaming Bitcoin mining with larger-than-tolerable blocks (or more-than-tolerable cumulative sighash ops within those blocks), regardless of whether smalleleaner alternative blocks were able to be validated in parallel to them.
This particular risk vector actually compounds on itself, too. Initially, a coalition of 50.1% of hashrate could (possibly even accidentally, especially due to network limiters like the Great Firewall of China) mine and extend-upon blocks that are larger than the other 49.9% are able to validate competitively. Even if the 49.9% of miners are able to validate smaller blocks in parallel, they will ultimately be doomed trying to compete with the 50.1%, and as their orphan rates climb and their profitability declines, they would eventually be forced to shut down (assuming they are motivated by profit). This means that the remaining 50.1% of miners now make up the entire mining network... and the process can then repeat, with fewer participants on each iteration.
Peter Todd also explained this idea very well years ago.
Parallel block validation, while an important step forward, unfortunately does nothing to address the underlying issue here.
That's why most Bitcoin engineers consider flex-cap proposals to be untenable unless they include proper incentive-alignment controls (e.g. the sacrifice of mining rewards in exchange for larger allowed block-sizes
Context Link
Go1dfish undelete link
unreddit undelete link
Author: lexensi1
submitted by removalbot to removalbot [link] [comments]

Bitcoin Trading Sites- Best Cryptocurrency Exchanges What's the Best Bitcoin Exchange!? HOW TO BUY BITCOINS? THE BEST EXCHANGE & MARKETPLACE. How to buy bitcoin and cryptocurrency using exchange??';;'.;.[? Best Crypto Exchange- ZERO FEES HACK

ACM SIGOPS Operating Systems We also present our study on three separate time spans and show that empirical correlations can be found between the bitcoin price and some bitcoin exchange graph Bitcoin Stack Exchange is a question and answer site for Bitcoin crypto-currency enthusiasts. It only takes a minute to sign up. Sign up to join this community. For non-segwit inputs, these numbers are multiplied by 4, so 4 sigops for OP_CHECKSIG and OP_CHECKSIGVERIFY, Abstract. Bitcoin exchanges are a vital component of the Bitcoin ecosystem. They are a gateway from the classical economy to the cryptocurrency economy, facilitating the exchange between fiat currency and bitcoins. Find out what your expected return is depending on your hash rate and electricity cost. Find out if it's profitable to mine Bitcoin, Ethereum, Litecoin, DASH or Monero. Do you think you've got what it takes to join the tough world of cryptocurrency mining? Without limiting the number of sigops a single block can contain, an easy DOS (denial of service) attack can be constructed by creating a block that takes a very long to validate due to it containing transactions that require a disproportionately large number of sigops. Bitcoin Exchange Guide is a hyperactive hybrid of heavy-handed

[index] [900] [5862] [18479] [15801] [25512] [14772] [25541] [24632] [29960] [3673]

Bitcoin Trading Sites- Best Cryptocurrency Exchanges

24/7 Live Bitcoin Algo Trading on Deribit Exchange (DeriBot) Bitcoin Trading Robots 251 watching Live now I Tried Creating A $100,000 Shopify Dropshipping Business In 7 Days *LIVE* - Duration: 40:17. What is the best exchange to buy Bitcoin at? This can be a difficult question, especially for people new to Bitcoin. In the video I go over the most popular exchanges, (USA), and give pros and ... 🐙 number one exchange to buy and sell bitcoin & ethereum 👉 buy bitcoin on kraken 💰number one exchange for trading altcoins #bitcoin #crypto #cryptocurrencies In this video I give my top 5 exchanges for buying Bitcoin & general cryptocurrencies! These exchanges are aimed at beginner to intermediate level people in the ... HOW TO EXCHANGE TBC TO BTC WITH INFINITY TBC TRADE - Duration: 4:13. INFINITY TBC 25,408 views. 4:13. ... Bitcoin Basics (Part 1) - "Explained For Beginners" - Duration: 24:27.

Flag Counter