From: Gregory Maxwell <gmaxwell@gmail•com>
To: Bitcoin Development <bitcoin-development@lists•sourceforge.net>
Subject: [Bitcoin-development] Supermajority mining votes for valid->invalid changes.
Date: Mon, 3 Oct 2011 00:53:51 -0400 [thread overview]
Message-ID: <CAAS2fgRSw8ry7wjL5Fao1U+Ps0-6hfDcme_V_OCSkKaRTm2r9w@mail.gmail.com> (raw)
It is possible to made changes to the distributed algorithm which make
previously valid txn invalid without necessarily creating any lasting
chain splits. This has been proposed for the addition of the eval
opcode by using one of the existing NOPs.
One challenge is that if transactions are emitted which are invalid
under the new scheme but valid under the old after the block height
that the rule is coded to take effect and a super-majority of miners
are not yet upgraded the upgrade may cause a long reorganization and
serious disruption.
Here I explain one possible way of avoiding this.
Upgraded nodes get the following rules:
(0) Never forward or mine a txn which would be invalid under the new rule.
(1) Apply old behavior before height X unconditionally.
(X set far enough in the future to get reasonable deployment by
large miners)
(2) Begin applying the new rule only after the first point in the chain
after X when none of the last Y blocks have contained an invalid transaction
under the new rules.
After the software has been released members of the bitcoin community then
begin _intentionally_ transmitting transactions which are invalid under
the new rules. (What would have been an attack under simplest deployment plan)
By setting Y high enough that all major miners have a chance to mine
in the window,
this actually becomes an effective vote for the change by miners with
a stochastic
super-majority threshold. All nodes are able to exactly determine at what block
the election has completed because it is an objective fact of the chain.
With this scheme the new encoding will only become active when enough mining
capacity supports it (or at least helpfully refuses to mine the who class
of transactions) so that a large reorganization will not happen due to
incompatible blocks during deployment.
This could be further enhanced with conflicting block discouragement (e.g.
refusing to extend or forward a rules violating block until it is burred)
but I think this scheme is sufficient without that, and that this is generally
superior to discouragement for this purpose.
Cheers.
next reply other threads:[~2011-10-03 4:53 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-10-03 4:53 Gregory Maxwell [this message]
2011-10-03 5:32 ` Luke-Jr
2011-10-03 5:39 ` Gregory Maxwell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAAS2fgRSw8ry7wjL5Fao1U+Ps0-6hfDcme_V_OCSkKaRTm2r9w@mail.gmail.com \
--to=gmaxwell@gmail$(echo .)com \
--cc=bitcoin-development@lists$(echo .)sourceforge.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox