public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
* [bitcoin-dev] Taproot activation proposal "Speedy Trial"
@ 2021-03-06  3:43 David A. Harding
  2021-03-06  4:44 ` Jeremy
                   ` (3 more replies)
  0 siblings, 4 replies; 16+ messages in thread
From: David A. Harding @ 2021-03-06  3:43 UTC (permalink / raw)
  To: Bitcoin Protocol Discussion

[-- Attachment #1: Type: text/plain, Size: 9290 bytes --]

On the ##taproot-activation IRC channel, Russell O'Connor recently
proposed a modification of the "Let's see what happens" activation
proposal.[1] The idea received significant discussion and seemed
acceptable to several people who could not previously agree on a
proposal (although this doesn't necessarily make it their first
choice).  The following is my attempt at a description.

1. Start soon: shortly after the release of software containing this
   proposed activation logic, nodes will begin counting blocks towards
   the 90% threshold required to lock in taproot.[2]

2. Stop soon: if the lockin threshold isn't reached within approximately
   three months, the activation attempt fails.  There is no mandatory
   activation and everyone is encouraged to try again using different
   activation parameters.
   
2. Delayed activation: in the happy occasion where the lockin threshold
   is reached, taproot is guaranteed to eventually activate---but not
   until approximately six months after signal tracking started.

## Example timeline

(All dates approximate; see the section below about BIP9 vs BIP8.)

- T+0: release of one or more full nodes with activation code
- T+14: signal tracking begins
- T+28: earliest possible lock in
- T+104: locked in by this date or need to try a different activation process
- T+194: activation (if lockin occurred)

## Analysis

The goal of Speedy Trial is to allow a taproot activation attempt to
either quickly succeed or quickly fail---without compromising safety in
either case.  Details below:

### Mitigating the problems of early success

New rules added in a soft fork need to be enforced by a large part of
the economy or there's a risk that a long chain of blocks breaking the
rules will be accepted by some users and rejected by others, causing a
chain split that can result in large direct losses to transaction
receivers and potentially even larger indirect losses to holders due to
reduced confidence in the safety of the Bitcoin system.

One step developers have taken in the past to ensure widespread adoption
of new consensus rules is programming in a delay between the time software
with those rules is expected to be released and when the software starts
tracking which blocks signal for activation.  For example:

    Soft fork        | Release    | Start      | Delta 
    -----------------+------------+------------+----------
    BIP68 (v0.12.1)  | 2016-04-15 | 2016-05-11 | 26 days 
    BIP141 (v0.13.1) | 2016-10-27 | 2016-11-18 | 24 days

    Sources: BitcoinCore.org, https://gist.github.com/ajtowns/1c5e3b8bdead01124c04c45f01c817bc

Speedy Trial replaces most of that upfront delay with a backend delay.
No matter how fast taproot's activation threshold is reached by miners,
there will be six months between the time signal tracking starts and when
nodes will begin enforcing taproot's rules.  This gives the userbase even
more time to upgrade than if we had used the most recently proposed start
date for a BIP8 activation (~July 23rd).[2] 

### Succeed, or fail fast

The earlier version of this proposal was documented over 200 days ago[3]
and taproot's underlying code was merged into Bitcoin Core over 140 days
ago.[4]  If we had started Speedy Trial at the time taproot
was merged (which is a bit unrealistic), we would've either be less than
two months away from having taproot or we would have moved on to the
next activation attempt over a month ago.

Instead, we've debated at length and don't appear to be any closer to
what I think is a widely acceptable solution than when the mailing list
began discussing post-segwit activation schemes over a year ago.[5]  I
think Speedy Trial is a way to generate fast progress that will either
end the debate (for now, if activation is successful) or give us some
actual data upon which to base future taproot activation proposals.

Of course, for those who enjoy the debate, discussion can continue while
waiting for the results of Speedy Trial.

### Base activation protocol

The idea can be implemented on top of either Bitcoin Core's existing
BIP9 code or its proposed BIP8 patchset.[6]

- BIP9 uses two time-based[7] parameters, starttime and timeout.  Using
  these values plus a time-based parameter for the minimum activation
  delay would give three months for miners to activate taproot, but some
  of that time near the start or the end might not be usable due to
  signals only being measured in full retarget periods.  However, the
  six month time for users to upgrade their node would be not be
  affected by either slow or fast block production.
  
    BIP9 is already part of Bitcoin Core and I think the changes being
    proposed would be relatively small, resulting in a small patch that
    could be easy to review.

- BIP8 uses two height-based parameters, startheight and timeoutheight.
  Using height values would ensure miners had a certain number of
  retarget periods (6) to lock in taproot and that there'd be a certain
  number of blocks (about 24,000) until activation, although latest lock
  in and expected activation could occur moderately earlier or later
  than the estimated three and six months.
  
    BIP8 would likely be used if Speedy Trial fails, so it could be
    advantageous to base this proposal on BIP8 so that we gain
    experience running that code in production.

For additional discussion about using times versus heights, see today's
log for ##taproot-activation.[11]

### Additional concerns

- Encourages false signaling: false signaling is when miners signal
  readiness to enforce rules that their nodes don't actually support.
  This was partially responsible for a six-block reorg shortly after the
  final BIP66 activation[8] and was found to still be a problem during
  the BIP68 lockin period despite BIP9 being designed to avoid it.[9]

  Because Speedy Trial only gives miners a maximum of three months to
  signal support for taproot, it may encourage such false signaling.  If
  taproot locks in as a result of their signaling but most of them fail
  to upgrade by the activation date several months later, unprepared
  miners could lose large amounts of money and users could see long
  reorgs (with unupgraded nodes and SPV lite clients potentially losing
  money).

  Compared to other activation proposals, I think the only difference is
  Speedy Trial's short timeline.  False signaling is possible with any
  other proposal and the same problems can occur if miners fail to
  upgrade for any mandatory activation.

### Additional advantages

- No mandatory signaling: at no time are miners required to signal by
  Speedy Trial.  This includes no mandatory signaling during the
  locked_in period(s), although such signaling will be encouraged (as it
  was with BIP9[10]).

- Party time: to a lesser degree, a benefit mentioned for flag day
  activation may also apply here: we could get up to six months
  advanced notice of taproot activation, allowing users, developers, and
  organizations to prepare software, announcements, and celebrations for
  that event.

## Implementation details and next steps

Initial discussion about implementation may be found in today's
##taproot-activation log.[11] If it appears Speedy Trial may have
traction, Russell O'Connor has offered to work on a patch against BIP8
implementing it.

## Acknowledgments

The original idea for a short-duration attempt was discussed in the
##taproot-activation IRC channel last July and the revised idea saw
additional evaluation there this week.  Despite growing frustration,
discussion has been overwhelmingly constructive, for which all the
contributors should be commended.  Although this should not in any way
imply endorsement, I'm grateful for the review and comments on a draft
of this email by Adam Gibson, Andrew Chow, Anthony Towns, Chris Belcher,
Jeremy Rubin, Jonas Nick, Luke Dashjr, Michael Folkson, Russell
O'Connor, and IRC users maybehuman and proofofkeags

## Footnotes

[1] https://en.bitcoin.it/wiki/Taproot_activation_proposals#Let.E2.80.99s_see_what_happens.2C_BIP8.28false.2C_3m.29

[2] A threshold of 1,815/2,016 blocks (90%) in a single retarget period
    seemed to have near-universal support during the 2021-02-16 IRC
    meeting.  See: https://en.bitcoin.it/wiki/Taproot_activation_proposal_202102

[3] https://en.bitcoin.it/w/index.php?title=Taproot_activation_proposals&oldid=68062

[4] https://github.com/bitcoin/bitcoin/pull/19953

[5] https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2020-January/017547.html

[6] https://github.com/bitcoin/bitcoin/pull/19573

[7] BIP9's times are based on the median of the past 11 blocks, which
    usually trails UTC by about 90 minutes but which can trail behind
    realtime significantly if miners are doing weird things.

[8] https://en.bitcoin.it/wiki/July_2015_chain_forks

[9] https://buildingbitcoin.org/bitcoin-core-dev/log-2016-06-21.html#l-32

[10] https://github.com/bitcoin/bitcoin/blob/ed25cb58f605ba583c735f330482df0bf9348f3a/src/test/versionbits_tests.cpp#L337-L339

[11] http://gnusha.org/taproot-activation/2021-03-05.log

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 16+ messages in thread
* Re: [bitcoin-dev] Taproot activation proposal "Speedy Trial"
@ 2021-03-06 19:56 Michael Folkson
  2021-03-06 21:55 ` Matt Corallo
  0 siblings, 1 reply; 16+ messages in thread
From: Michael Folkson @ 2021-03-06 19:56 UTC (permalink / raw)
  To: Dave Harding, Bitcoin Protocol Discussion

[-- Attachment #1: Type: text/plain, Size: 2982 bytes --]

Hi Matt

> I'm really unsure that three months is a short enough time window that
there wouldn't be a material effort to split the network with divergent
consensus rules. Instead, a three month window is certainly long enough to
organize and make a lot of noise around such an effort, given BIP 148 was
organized and reached its peak within a similar such window.

I'm not sure either. I can't control anyone other than myself. I think (and
Luke has also stated on IRC) that trying a UASF (LOT=true) during a "Speedy
Trial" deployment would be crazy. I would certainly recommend no one tries
that but I can't stop anyone. I'll repeat that soft forks have and always
will contain some limited chain split risk regardless of activation
mechanism. I think you are well intentioned but I'm not sure if you've
fully grasped that yet. Maybe you have and I'm missing something.

> Worse, because the obvious alternative after a three month activation
failure is a significant delay prior to activation, the vocal UASF minority
may be encouraged to pursue such a route to avoid such a delay.

Again I can only speak for myself but I wouldn't support a UASF until this
"fail fast" Speedy Trial has completed and failed. Luke agrees with that
and other people (eg proofofkeags) on the ##uasf IRC channel have also
supported this "Speedy Trial" proposal. If you want me (or anyone else for
that matter) to guarantee there won't be an attempted UASF during a Speedy
Trial deployment obviously nobody can do that. All I can say is that
personally I won't support one.

> One alternative may be to reduce the signaling windows involved and start
slightly later. Instead of the likelihood of failure growing on the
horizon, simply have two signaling windows (maybe two weeks, maybe a moth
each?). In order to ensure success remains likely, begin them somewhat
later after software release to give pools and miners a chance to configure
their mining software in advance.

The parameters for Speedy Trial are being hammered out on IRC as we speak.
I'd encourage you to engage with those discussions. I'd really like to
avoid a scenario where we have broad consensus on the details of Speedy
Trial and then you come out the woodwork weeks later with either an
alternative proposal or a criticism for how the details of Speedy Trial
were finalized.

I've read your email as you're concerned about a UASF during a Speedy Trial
deployment. Other than that I think (?) you support it and you are free to
join the discussion on IRC if you have particular views on parameters.
Personally I don't think those parameters should be chosen assuming there
will be a UASF during the deployment but you can argue that case on IRC if
you wish. All proposals you have personally put forward suffer from chain
split risk in the face of a competing incompatible activation mechanism.


-- 
Michael Folkson
Email: michaelfolkson@gmail•com
Keybase: michaelfolkson
PGP: 43ED C999 9F85 1D40 EAF4 9835 92D6 0159 214C FEE3

[-- Attachment #2: Type: text/html, Size: 3385 bytes --]

^ permalink raw reply	[flat|nested] 16+ messages in thread
* Re: [bitcoin-dev] Taproot activation proposal "Speedy Trial"
@ 2021-03-15 14:06 Michael Folkson
  0 siblings, 0 replies; 16+ messages in thread
From: Michael Folkson @ 2021-03-15 14:06 UTC (permalink / raw)
  To: achow101-lists; +Cc: Bitcoin Protocol Discussion

> I don't think we should have a followup deployment start so close to to
timeout of ST. I think it would be better to schedule the followup
around ST, especially since the details around that are fuzzier and
dependent on the results of ST itself.

Until Core pull request(s) are merged I don't think we can finalize
startheight (and hence the timeout) for Speedy Trial either.

Speedy Trial seems to have the most community consensus of any
activation proposal thus far and I'm confident it will at some point
in the near future it will be merged into Core.

Community feedback:
https://gist.github.com/michaelfolkson/92899f27f1ab30aa2ebee82314f8fe7f

Therefore I think the onus is on any UASF release to fit around a
Speedy Trial deployment in Core. I haven't thought enough about what
my preference would be assuming activation fails with Speedy Trial re
a follow up deployment in Core and/or a UASF release. However, I would
be 100 percent opposed to any UASF release that conflicts or is not
compatible with a Speedy Trial deployment in Core.

On 3/14/21 10:51 PM, Luke Dashjr wrote:
> The last period before timeoutheight here overlaps with the current BIP8(True)
> deployment plan. So if this period specifically were to reach 90% signalling,
> nodes would activate Taproot at height 697536, but ST-only nodes would still
> wait until 709632 instead.
>
> Probably the best solution is to just move this ST window 1 period earlier?
>
> Luke



-- 
Michael Folkson
Email: michaelfolkson@gmail•com
Keybase: michaelfolkson
PGP: 43ED C999 9F85 1D40 EAF4 9835 92D6 0159 214C FEE3


^ permalink raw reply	[flat|nested] 16+ messages in thread
end of thread, other threads:[~2021-03-15 14:07 UTC | newest]

Thread overview: 16+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-03-06  3:43 [bitcoin-dev] Taproot activation proposal "Speedy Trial" David A. Harding
2021-03-06  4:44 ` Jeremy
2021-03-06  6:04 ` Andrew Chow
2021-03-06 14:44   ` Russell O'Connor
2021-03-15  2:51   ` Luke Dashjr
2021-03-15  3:14     ` Andrew Chow
2021-03-06  9:29 ` Anthony Towns
2021-03-06 10:26   ` Eric Voskuil
2021-03-06 18:11 ` Matt Corallo
2021-03-06 20:23   ` David A. Harding
2021-03-06 21:48     ` Matt Corallo
2021-03-06 20:44   ` Ariel Luaces
2021-03-06 20:55     ` Keagan McClelland
2021-03-06 19:56 Michael Folkson
2021-03-06 21:55 ` Matt Corallo
2021-03-15 14:06 Michael Folkson

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox