Return-Path: Received: from smtp2.osuosl.org (smtp2.osuosl.org [140.211.166.133]) by lists.linuxfoundation.org (Postfix) with ESMTP id 7E45FC002D for ; Thu, 14 Jul 2022 09:33:24 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp2.osuosl.org (Postfix) with ESMTP id 57E8B4169E for ; Thu, 14 Jul 2022 09:33:24 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org 57E8B4169E Authentication-Results: smtp2.osuosl.org; dkim=pass (1024-bit key) header.d=gazeta.pl header.i=@gazeta.pl header.a=rsa-sha256 header.s=2013 header.b=Rz21lNx4 X-Virus-Scanned: amavisd-new at osuosl.org X-Spam-Flag: NO X-Spam-Score: -2.099 X-Spam-Level: X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from smtp2.osuosl.org ([127.0.0.1]) by localhost (smtp2.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ltgy8Ho-diwj for ; Thu, 14 Jul 2022 09:33:23 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.8.0 DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org 731F64169B Received: from smtpo95.poczta.onet.pl (smtpo95.poczta.onet.pl [213.180.149.148]) by smtp2.osuosl.org (Postfix) with ESMTPS id 731F64169B for ; Thu, 14 Jul 2022 09:33:22 +0000 (UTC) Received: from pmq5v.m5r2.onet (pmq5v.m5r2.onet [10.174.35.25]) by smtp.poczta.onet.pl (Onet) with ESMTP id 4Lk8Rv1nHmzlj0RP; Thu, 14 Jul 2022 11:33:15 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gazeta.pl; s=2013; t=1657791195; bh=coXktdUy4qlOfaumQiFI08FDXjhjs9e6Cgc1M7sWqBk=; h=From:To:In-Reply-To:Date:Subject:From; b=Rz21lNx4d60KNRtbR9Q9XqeNN73GgyW5r1WIgL8PFByNY2Yc7d9OCY6HHo/KyxjMQ gYfudw8HVNex+bPyemZYEqQuhuFL3tdj3Kv+0zyUx4oDnFNKbwS/XZHcYAvXEoE0nU MmJrHEaWAcdDlshuiEBgP1UaY6azjBm+9dJbs0Co= Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received: from [82.177.167.2] by pmq5v.m5r2.onet via HTTP id ; Thu, 14 Jul 2022 11:33:15 +0200 From: vjudeu@gazeta.pl X-Priority: 3 To: "Manuel Costa , Bitcoin Protocol Discussion" , Gino Pinuto , Bitcoin Protocol Discussion In-Reply-To: Date: Thu, 14 Jul 2022 11:33:13 +0200 Message-Id: <164548764-bff50cb79078c9964aa8ac1e51c13070@pmq5v.m5r2.onet> X-Mailer: onet.poczta X-Onet-PMQ: ;82.177.167.2;PL;2 X-Mailman-Approved-At: Thu, 14 Jul 2022 09:35:19 +0000 Subject: Re: [bitcoin-dev] Security problems with relying on transaction fees for security X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Jul 2022 09:33:24 -0000 > This specific approach would obviously not work as most of those outputs = would be dust and the miner would need to waste an absurd amount of block s= pace just to grab them, but maybe there's a smarter way to do it. There is a smarter way. Just send 0.01 BTC per block to the timelocked outp= uts. Now, we have 6.25 BTC, so it means less than 0.2%. But that percentage= will grow over time, as basic block reward will shrink, and we will have m= andatory 0.01 BTC endlessly moved, until it will wrap. And guess what: if i= t will be 0.01 BTC per block, wrapped every 210,000 blocks, it simply means= you can lock 2,100 BTC in an endless circulation loop, and avoid this "tai= l supply attack". So, fortunately, even if "tail supply attackers" will win, we will still ha= ve a chance to counter-attack by burning those coins, or (even better) by l= ocking them in an endless circulation loop, just to satisfy their malicious= soft-fork, whatever amount it will require. Because even if it will be man= datory to timelock 0.01 BTC to the current block number plus 210,000, then = it is still perfectly valid to move that amount endlessly, without taking i= t, just to resist this "tail supply attack". On 2022-07-13 20:01:39 user Manuel Costa via bitcoin-dev wrote: > What about burning all fees and keep a block reward that will smooth out = while keeping the ~21M coins limit ? This would be a hard fork afaict as it would go against the rules of the co= inbase transaction following the usual halving schedule. However, if instead we added a rule that fees have to be sent to an anyone = can spend output with a timelock we might be able to achieve a similar thin= g. Highly inefficient example: - Split blocks into 144 (about a day) - A mined block takes all the fees and distributes them equally into 144 ne= w outputs (anyone can spend) time locked=C2=A0to each of the 144 blocks of = the next day. - Next day, for each block, we'd have available an amount equivalent to the= previous day total fees / 144. So we deliver previous day's fees smoothed = out. Notes: 144 is arbitrary in the example. This specific approach would obviously not work as=C2=A0most of those outpu= ts would be dust and the miner would need to waste an absurd=C2=A0amount of= block space just to grab them, but maybe there's a smarter way to do it. Gino Pinuto via bitcoin-dev escreve= u no dia quarta, 13/07/2022 =C3=A0(s) 13:19: What about burning all fees and keep a block reward that will smooth out wh= ile keeping the ~21M coins limit ? Benefits : - Miners would still be incentivized to collect higher fees transaction wit= h the indirect perspective to generate more reward in future. - Revenues are equally distributed over time to all participants and we sol= ve the overnight discrepancy. - Increased velocity of money will reduce the immediate supply of bitcoin c= ooling down the economy. - Reduction of velocity will have an impact on miners only if it persevere = in the long term but short term they will still perceive the buffered rewar= d. I don't have ideas yet on how to elegantly implement this. On Wed, 13 Jul 2022, 12:08 John Tromp via bitcoin-dev, wrote: > The emission curve lasts over 100 years because Bitcoin success state req= uires it to be entrenched globally. It effectively doesn't. The last 100 years from 2040-2140 only emits a pittance of about 0.4 of all bitcoin. What matters for proper distribution is the shape of the emission curve. If you emit 99% in the first year and 1% in the next 100 years, your emission "lasts" over 100 years, and you achieve a super low supply inflation rate immediately after 1 year, but it's obviously a terrible form of distribution. This is easy to quantify as the expected time of emission which would be 0.99 * 0.5yr + 0.01* 51yr =3D 2 years. Bitcoin is not much better in that the expected time of emission of an bitcoin satisfies x =3D 0.5*2yr + 0.5*(4+x) and thus equals 6 years. Monero appears much better since its tail emission yields an infinite expected time of emission, but if we avoid infinities by looking at just the soft total emission [1], which is all that is emitted before a 1% yearly inflation, then Monero is seen to actually be a lot worse than Bitcoin, due to emitting over 40% in its first year and halving the reward much faster. Ethereum is much worse still with its huge premine and PoS coins like Algorand are scraping the bottom with their expected emission time of 0. There's only one coin whose expected (soft) emission time is larger than bitcoin's, and it's about an order of magnitude larger, at 50 years. [1] https://john-tromp.medium.com/a-case-for-using-soft-total-supply-1169a1= 88d153 _______________________________________________ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev _______________________________________________ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev