Return-Path: <rusty@ozlabs.org> Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 0B738F22 for <bitcoin-dev@lists.linuxfoundation.org>; Tue, 16 Jan 2018 02:27:49 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from ozlabs.org (ozlabs.org [103.22.144.67]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 6992514E for <bitcoin-dev@lists.linuxfoundation.org>; Tue, 16 Jan 2018 02:27:48 +0000 (UTC) Received: by ozlabs.org (Postfix, from userid 1011) id 3zLDdt48RLz9sR8; Tue, 16 Jan 2018 13:27:46 +1100 (AEDT) From: Rusty Russell <rusty@rustcorp.com.au> To: Russell O'Connor <roconnor@blockstream.io>, Pieter Wuille <pieter.wuille@gmail.com> In-Reply-To: <CAMZUoKn4noCEQR6eqf9hiZSMdk-3b8UHR1NrEFrKNoLSMzVjGQ@mail.gmail.com> References: <87608btgyd.fsf@rustcorp.com.au> <DB7E57AC-5588-4BBA-9ABC-B9B4F6BAECE2@friedenbach.org> <CAPg+sBgRrqZryiETZYCWiqHNOmN2bCfsvr30znjN-gKiU5Vfjg@mail.gmail.com> <CAMZUoKn4noCEQR6eqf9hiZSMdk-3b8UHR1NrEFrKNoLSMzVjGQ@mail.gmail.com> Date: Tue, 16 Jan 2018 11:36:14 +1030 Message-ID: <87zi5ehat5.fsf@rustcorp.com.au> MIME-Version: 1.0 Content-Type: text/plain X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED, T_RP_MATCHES_RCVD autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Cc: Bitcoin Dev <bitcoin-dev@lists.linuxfoundation.org>, Russell O'Connor <roconnor@blockstream.com>, Kalle Alm <kalle.alm@gmail.com> Subject: Re: [bitcoin-dev] BIP 117 Feedback X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org> List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>, <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe> List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/> List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org> List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help> List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>, <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe> X-List-Received-Date: Tue, 16 Jan 2018 02:27:49 -0000 "Russell O'Connor" <roconnor@blockstream.io> writes: > However, if I understand correctly, the situation for BIP 117 is entirely > different. As far as I understand there is currently no restrictions about > terminating a v0 witness program with a non-empty alt-stack, and there are > no restrictions on leaving non-canonical boolean values on the main stack. BIP-141: "The script must not fail, and result in exactly a single TRUE on the stack." And it has long been non-standard for P2SH scripts to not do the same (don't know exactly when). > There could already be commitments to V0 witness programs that, when > executed in some reasonable context, leave a non-empty alt-stack and/or > leave a non-canonical true value on the main stack. Unlike the P2SH or > Segwit soft-forks, these existing commitments could be real outputs that > currently confer non-trivial ownership over their associated funds. If BIP > 117 were activated, these commitments would be subject to a new set of > rules that didn't exist when the commitments were made. In particular, > these funds could be rendered unspendable. Because segwit commitments are > hashes of segwit programs, there is no way to even analyze the blockchain > to determine if these commitments currently exist (and even if we could it > probably woudln't be adequate protection). The rule AFAICT is "standard transactions must still work". This was violated with low-S, but the transformation was arguably trivial. OTOH, use of altstack is completely standard, though in practice it's unused and so only a theoretical concern. My concern remains unanswered: I want hard numbers on the worst-case time taken by sigops with the limit removed. It's about 120 usec per sigop (from [1]), so how bad could it be? I think Russell had an estimate like 1 in 3 ops, so 160 seconds to validate a block? Thanks, Rusty. [1] https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-December/015346.html