Progress On Hardfork Proposals Following The Segwit Blocksize Increase | Peter Todd | Aug 05 2016
Peter Todd on Aug 05 2016: Repost by request from my blog, apologies for the somewhat screwy formatting! layout: post title: "Progress On Hardfork Proposals Following The Segwit Blocksize Increase" date: 2016-08-05 tags:
With segwit getting close to its initial testnet release in Bitcoin Core v0.13.0 - expected to be followed soon by a mainnet release in Bitcoin Core v0.13.1 - I thought it'd be a good idea to go over work being done on a potential hard-fork to follow it, should the Bitcoin community decide to accept the segwit proposal. First of all, to recap, in addition to many other improvements such as fixing transaction malleability, fixing the large transaction signature verification DoS attack, providing a better way to upgrade the scripting system in the future, etc. segwit increases the maximum blocksize to 4MB. However, because it's a soft-fork - a backwards compatible change to the protocol - only witness (signature) data can take advantage of this blocksize increase; non-witness data is still limited to 1MB total per block. With current transaction patterns it's expected that blocks post-segwit won't use all 4MB of serialized data allowed by the post-segwit maximum blocksize limit. Secondly, there's two potential upgrades to the Bitcoin protocol that will further reduce the amount of witness data most transactions need: [Schnorr signatures](https://bitcoinmagazine.com/articles/the-power-of-schnorr-the-signature-algorithm-to-increase-bitcoin-s-scale-and-privacy-1460642496) and BLS aggregate signatures. Basically, both these improvements allow multiple signatures to be combined, the former on a per-transaction level, and the latter on a per-block level. Last February some of the mining community and some of the developer community got together to discuss potential hard-forks, with the aim of coming up with a reasonable proposal to take to the wider community for further discussion and consensus building. Let's look at where that effort has lead.
Ethereum: Lessons to be learned
But first, Ethereum. Or as some have quipped, the Etherea: The Battle for Etherea. https://t.co/2ATQRQRXnH">https://t.co/2ATQRQRXnH— Samson Mow (@Excellion) https://twitter.com/Excellion/status/759677608753627136">July 31, 2016 If you've been following the crypto-currency space at all recently, you probably know that the Ethereum community has split in two following a very controversial hard-fork to the Ethereum protocol, To make a long story short, a unintended feature in a smart-contract called "The DAO" was exploited by a as-yet-unknown individual to drain around $50 million worth of the Ethereum currency from the contract. While "white-hat attackers" did manage to recover a majority of the funds in the DAO, a hard-fork was proposed to rewrite the Ethereum ledger to recover all funds - an action that many, including myself, have described as a bailout. The result has been a big mess. This isn't the place to talk about all the drama that's followed in depth, but I think it's fair to say that the Ethereum community found out the hard way that just because you give a new protocol the same name as an existing protocol, that doesn't force everyone to use it. As of writing, what a month ago was called "Ethereum" - Ethereum Classic - has 20% of the hashing power as the bailout chain, and peaked only two or three days ago at around 30%. As for market cap, while the combined total for the two chains is similar to the one chain pre-fork, this is likely misleading: there's probably a lot of coins on both chains that aren't actually accessible and don't represent liquid assets on the market. Instead, there's a good chance a significant amount of value has been lost. In particular, both chains have suffered significantly from transaction replay issues. Basically, due to the way the Ethereum protocol is designed - in particular the fact that Ethereum isn't based on a UTXO model - when the Ethereum chain split transactions on one chain were very often valid on another chain. Both attacks and accidents can lead to transactions from one chain ending up broadcast to others, leading to unintentional spends. This wasn't an unexpected problem: .https://twitter.com/petertoddbtc">@petertoddbtc we knew it would happen weeks before launch, we didn't want to implement replay-protection b.c. of implementation complexity— Vlad Zamfir (@VladZamfir) https://twitter.com/VladZamfistatus/759552287157133313">July 31, 2016 ...and it's lead to costly losses. Among others Coinbase has lost [an unknown amount of funds](https://twitter.com/eiaine/status/758560296017416194) that they may have to buy back. Even worse, BTC-e lost pretty much their entire balance of original Ethereum coins - apparently becoming insolvent - and instead of returning customer funds, they decided to declare the original Ethereum chain a scam instead. A particularly scary thing about this kind of problem is that it can lead to artificial demand for a chain that would otherwise die: for all we know Coinbase has been scrambling behind the scenes to buy replacement ether to make up for the ether that it lost due to replay issues. More generally, the fact that the community split shows the difficulty - and unpredictability - of achieving consensus, maintaining consensus, and measuring consensus. For instance, while the Ethereum community did do a coin vote as I suggested, turnout was extremely low - around 5% - with a significant minority in opposition (and note that exchanges' coins were blacklisted from the vote due to technical reasons). Additionally, the miner vote also had low turnout, and again, significant minority opposition. With regard to drama resulting from a coin split, something I think not many in the technical community had considered, is that exchanges can have perverse incentives to encourage it. The split resulted in significant trading volume on the pre-fork, status quo, Ethereum chain, which of course is very profitable for exchanges. The second exchange to list the status-quo chain was Poloniex, who have over 100 Bitcoin-denominated markets for a very wide variety of niche currencies - their business is normally niche currencies that don't necessarily have wide appeal. Finally, keep in mind that while this has been bad for Ethereum, it'd be even worse for Bitcoin: unlike Ethereum, Bitcoin actually has non-trivial usage in commerce, by users who aren't necessarily keeping up to date with the latest dramaHHHHH news. We need to proceed carefully with any non-backwards-compatible changes if we're to keep those users informed, and protect them from sending and receiving coins on chains that they didn't mean too.
So how can we split safely? Luke Dashjr has written both a BIP, and preliminary code to do a combination of a hard-fork, and a soft-fork. This isn't a new idea, in fact Luke posted it to the bitcoin-dev mailing list last February, and it's been known as an option for years prior; I personally mentioned it on this blog last January. The idea is basically that we do a hard-fork - an incompatible rule change - by "wrapping" it in a soft-fork so that all nodes are forced to choose one chain or the other. The new soft-forked rule-set is simple: no transactions are allowed at all. Assuming that a majority of hashing power chooses to adopt the fork, nodes that haven't made a decision are essentially 51% attacked and will follow an empty chain, unable to make any transactions at all. For those who choose not to adopt the hard-fork, they need to themselves do a hard-fork to continue transacting. This can be as simple as blacklisting the block where the two sides diverged, or something more complex like a proof-of-work change. On the plus side, Luke's proposal maximizes safety in many respects: so long as a majority of hashing power adopts the fork no-one will accidentally accept funds from a chain that they didn't intend too.
Giving Everyone A Voice
It's notable that what Luke calls a "soft-hardfork" has also been called a "forced soft-fork" by myself, as well as an "evil fork" by many others - what name you give it is a matter of perspective. From a technical point of view, the idea is a 51% attack against those who choose not to support the new protocol; it's notable that when I pointed this out to some miners they were very concerned about the precedent this could set if done badly. Interestingly, due to implementation details Ethereum hard-fork was similar to Luke's suggestion: pre-fork Ethereum clients would generally fail to start due to an implementation flaw - in most cases - so everyone was forced to get new software. Yet, Ethereum still split into two economically distinct coins. This shows that attempting to k...[message truncated here by reddit bot]... original: https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2016-August/012936.html
A conversation with Dan Boneh (2016-08-01) | Bryan Bishop | Aug 02 2016
Bryan Bishop on Aug 02 2016: Some Bitcoin developers and miners went to visit with Dan Boneh at Stanford earlier today, and I thought I would share what we talked about. Transcript: http://diyhpl.us/wiki/transcripts/2016-july-bitcoin-developers-miners-meeting/dan-boneh/ Topics discussed include elliptic curve crypto, ECDSA, Schnorr signatures, signature aggregation, BLS signature schemes, pairing crypto, group signatures, block-level signature aggregation, transaction-level signature aggregation, post-quantum crypto, quantum mining ASICs, provable solvency schemes, scrypt password hashing, and balloon hashing. (I would include the text directly but it's nearly 60 kilobytes in size and past the point where I am presently comfortable with gunking up other mailboxes.)
Unlike the scripting language in the bitcoin Protocol, EVMS support loops, so the platform uses a mechanism called gas to limit contracts that can take a long time to execute. Academic and Professional Reception . Dan Boneh of Stanford and Vipul Goyal of Carnegie Mellon told CNBC that some of their respective students are starting their own cryptocurrency projects. Cornell University, UC ... Dan Boneh - Dan Boneh. Aus Wikipedia, der freien Enzyklopädie. Dan Boneh. Geboren: 1969 (Alter 48-49) Israel. Residenz: UNS: Alma Mater: Princeton, 1996: Bekannt für: Pairing-basierte Kryptographie ; ID-basierte Verschlüsselung; Auszeichnungen: Gödel-Preis; ACM Computing-Preis; Sloan Research Fellowship; wissenschaftlicher Werdegang: Felder: Geheimschrift: Institutionen: Universität in ... ^ Dan Boneh at the Mathematics Genealogy Project ^ "Google Scholar citations of Boneh-Franklin paper". ^ "Dan Boneh's Publications by Topic". ^ "Dan Boneh's Google Scholar Profile". ^ "Dan Boneh". Coursera instructor profile. Retrieved April 8, 2018. ^ "Dan Boneh: 1999 Fellow". David and Lucile Packard Foundation. Bitcoin Dan Boneh Bitcoin Comments Bitcoin Price Chart 2010 Bitcoin Dan Boneh Bitcoin Mining Energy Bitcoin Mining Pools Ratings How To Make Bitcoin Wallet pure cbd ... Dan Boneh. doğmuş : 1969 (yaş 48-49) ... 2015: için ödeme delillerini Gizlilik-koruyarak Bitcoin alışverişi; 2010: (Shweta Agrawal ve Xavier Boyen ile) Hatalar kabulü ile Öğrenme gelen Verimli Kimlik Tabanlı Şifreleme; 2010: O tasarımında yer aldı tcpcrypt aktarım düzeyi güvenliği için, TCP uzantılar ı; 2005: Kısmen homomorfik şifreleme (Eu-Jin Goh ve Kobbi Nissim ile ...
Bên trong 'chuồng trâu cày' Bitcoin cá nhân 2 tỷ đồng tại ...
Stanford Online Course (Dan Boneh) on Bitcoin and Crypto Currencies And of course the papers, slide decks, and videos on the Chia Network site should provide enough background for the presentation ... UW CSE Distinguished Lecture: Dan Boneh (Stanford University) - Duration: 55:35. ... Stanford Seminar - BTC: Bitcoin, a New Value Chain in China - Duration: 1:12:19. stanfordonline 30,496 views. 1 ... Dan Boneh: What is the future of cryptography? - Duration: 4:53. Stanford University School of Engineering 17,751 views. 4:53. Lecture 1 — Intro to Crypto and Cryptocurrencies - Duration: 58:42 ... Zing.vn ghi lại hình ảnh một địa chỉ đào tiền ảo ở Đắk Lắk. Zing Công Nghệ - Chuyên mục video về Xe, Công nghệ của Zing.vn Đăng ký: https://goo.gl/nAOx9w ... Gier frisst Hirn. Diese einfache Erkenntnis ist nicht neu. Denken wir nur an die börseneuphorische dot.com-Blase, die sich vor knapp 20 Jahren weltweit aufba...