> A. Every pollee signs messages like <utxo_id, {soft_fork: 9 oppose:90%
> support:10%}> for each UTXO they want to respond to the poll with.
It should not be expressed in percents, but in amounts. It would be easier and
more compatible with votes where there is 100% oppose or 100% support (and also
easier to handle if some LN user would move one satoshi, because rounding
percents would be tricky). Anyway, you need to convert percents to amounts, so
better use amounts from the very beginning. Also, it could be just some kind of
transaction, where you have utxo_id just as transaction input, amount of coins
as some output, and then add your message as "OP_RETURN <commitment>" in your
input, in this way your signature would be useless in a different context than
voting.
Also note that such voting would be some kind of Proof of Stake. And it does
not really matter if you store that commitments on-chain to preserve signalling
results in consensus rules or if there would be some separate chain for storing
commitments and nothing else. It would be Proof of Stake, where users would put
their coins at stake to vote. Also, you probably solved "nothing at stake"
problem in a nice way, because it would be protected by Proof of Work chain to
decide who can vote. So, voters could only freeze their coins for getting some
voting power or move their coins and lose their votes.
For me, it sounds similar to "Merged Signing" proposed by stwenhao here:
https://bitcointalk.org/index.php?topic=5390027.0. I think it is kind of
dangerous and unstoppable (so nobody could stop you if you would ignore any
criticism and implement that). Fortunately, it is also possible to add some
Proof of Work if any staking-like system would be present in Bitcoin, just
OP_SUBSTR would do the trick (if enabled; if not, we could still use OP_HASH256
and force the target by some kind of soft-fork on top of your voting system).
On 2022-03-17 20:58:35 user Billy Tetrud via bitcoin-dev
<bitcoin-dev@lists.linuxfoundation.org> wrote:
@Jorge
> Any user polling system is going to be vulnerable to sybil attacks.
Not the one I'll propose right here. What I propose specifically is a
coin-weighted signature-based poll with the following components:
A. Every pollee signs messages like <utxo_id, {soft_fork: 9 oppose:90%
support:10%}> for each UTXO they want to respond to the poll with.
B. A signed message like that is valid only while that UTXO has not been spent.
C. Poll results are considered only at each particular block height, where the
support and opposition responses are weighted by the UTXO amount (and the
support/oppose fraction in the message). This means you'd basically see a
rolling poll through the blockchain as new signed poll messages come in and as
their UTXOs are spent.
This is not vulnerable to sybil attacks because it requires access to UTXOs and
response-weight is directly tied to UTXO amount. If someone signs a poll
message with a key that can unlock (or is in some other designated way
associated with) a UTXO, and then spends that UTXO, their poll response stops
being counted for all block heights after the UTXO was spent.
Why put support and oppose fractions in the message? Who would want to both
support and oppose something? Any multiple participant UTXO would. Eg lightning
channels would, where each participant disagrees with the other. They need to
sign together, so they can have an agreement to sign for the fractions that
match their respective channel balances (using a force channel close as a last
resort against an uncooperative partner as usual).
This does have the potential issue of public key exposure prior to spending for
current addresses. But that could be fixed with a new address type that has two
public keys / spend paths: one for spending and one for signing.
> In perfect competition the mining power costs per chain tends to equal the
> rewards offered by that chain, both in subsidy and transaction fees.
Agreed, but it takes time for an economic shock to reach its new equilibrium.
That period of time, which might be rather precarious, should be considered in
a plan to preserve a minority fork.
> Would you rather that proposal be deployed with speedy trial activation or
> with BIP8+LOT=true activation?
For a proposal I don't want to succeed, I absolutely would prefer speedy trial
over BIP8+LOT=true. Speedy trial at 90% signaling threshold can quickly
determine that the proposal (hopefully) does not have enough consensus among
miners. By contrast, BIP8+LOT=true could polarize the debate, worsening the
community's ability to communicate and talk through issues. It would also
basically guarantee that a fork happens, which in the best case (in my
hypothetical point of view where I don't like the proposal) would mean some
small minority forks off the network, which reduces the main chain's value
somewhat (at least temporarily). Worst case a small majority forces the issue
at near 50% which would cause all sorts of blockchain issues and would have a
high probability of leading to a hardfork by the minority.
All this sounds rather more tenable with speedy trial. Any proposal has less
chance of causing an actual fork (soft or otherwise) with speedy trial vs
LOT=true. LOT=true guarantees a fork if even a single person is running it.
LOT=true could certainly come in handy to initiate a UASF, but IMO that's
better left as a plan B or C.
> segwit... all the consequences of the change are not opt in.
I definitely agree there. The consequences of a soft fork are not always opt
in. That's basically what my example of a "dumb majority soft fork" is, and
sounds like what your "evil fork" basically is.
On Thu, Mar 17, 2022 at 7:19 AM Jorge Timón via bitcoin-dev
<bitcoin-dev@lists.linuxfoundation.org> wrote:
On Sat, Mar 12, 2022 at 2:35 PM Russell O'Connor via bitcoin-dev
<bitcoin-dev@lists.linuxfoundation.org> wrote:
>
> On Fri, Mar 11, 2022 at 9:03 AM Jorge Timón <jti...@jtimon.cc> wrote:
> A mechanism of soft-forking against activation exists. What more do you
> want? Are we supposed to write the code on behalf of this hypothetical group
> of users who may or may not exist for them just so that they can have a node
> that remains stalled on Speedy Trial lockin? That simply isn't reasonable,
> but if you think it is, I invite you to create such a fork.
I want BIP+LOT=true to be used. I want speedy trial not to be used.
Luke wrote the code to resist BIP8+LOT=true, and if he didn't, I could
write it myself, yes.
If you think that's not reasonable code to ever run, I don't think
you're really getting the "softfork THAT YOU OPPOSE" part of the
hypothetical right. Let me try to help with an example, although I
hope we don't get derailed in the implementation details of the
hypothetical evil proposal.
Suppose someone proposes a weight size limit increase by a extension
block softfork.
Or instead of that, just imagine the final version of the covenants
proposal has a backdoor in it or something.
Would you rather that proposal be deployed with speedy trial
activation or with BIP8+LOT=true activation?
>>
>> Please, try to imagine an example for an activation that you wouldn't like
>> yourself. Imagine it gets proposed and you, as a user, want to resist it.
>
>
> If I believe I'm in the economic majority then I'll just refuse to upgrade my
> node, which was option 2. I don't know why you dismissed it.
Not upgrading your node doesn't prevent the softfork from being
activated in your chain.
A softfork may affect you indirectly even if you don't use the new
features yourself directly.
You may chose to stay in the old chain even if you don't consider
you're "in the economic majority" at that moment.
> Not much can prevent a miner cartel from enforcing rules that users don't
> want other than hard forking a replacement POW. There is no effective
> difference between some developers releasing a malicious soft-fork of Bitcoin
> and the miners releasing a malicious version themselves. And when the miner
> cartel forms, they aren't necessarily going to be polite enough to give a
> transparent signal of their new rules. However, without the economic
> majority enforcing their set of rules, the cartel continuously risks falling
> apart from the temptation of transaction fees of the censored transactions.
It is true that a mining cartel doesn't need to use speedy trial or
BIP8+LOT=true to apply rule changes they want just because we do.
But they would do if they wanted to maintain the appearance of benevolence.
> On the other hand, If I find out I'm in the economic minority then I have
> little choice but to either accept the existence of the new rules or sell my
> Bitcoin. Look, you cannot have the perfect system of money all by your
> lonesome self. Money doesn't have economic value if no one else wants to
> trade you for it. Just ask that poor user who YOLO'd his own taproot
> activation in advance all by themselves. I'm sure they think they've got
> just the perfect money system, with taproot early and everything. But now
> their node is stuck at block 692261 and hasn't made progress since. No doubt
> they are hunkered down for the long term, absolutely committed to their fork
> and just waiting for the rest of the world to come around to how much better
> their version of Bitcoin is than the rest of us.
Well, you could also have the option to stay in the old chain with the
economic minority, it doesn't have to be you alone.
We agree that one person alone can't use a currency.
> Even though you've dismissed it, one of the considerations of taproot was
> that it is opt-in for users to use the functionality. Future soft-forks
> ought to have the same considerations to the extent possible.
Well, the same could be said about segwit. And yet all the
consequences of the change are not opt in.
For example, segwit contained a block size limit increase.
Sure, you can just not validate the witnesses, but then you're no
longer a full node.
_______________________________________________
bitcoin-dev mailing list
bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
_______________________________________________
bitcoin-dev mailing list
bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
