Return-Path: Received: from smtp4.osuosl.org (smtp4.osuosl.org [IPv6:2605:bc80:3010::137]) by lists.linuxfoundation.org (Postfix) with ESMTP id 468A9C001A for ; Sun, 27 Feb 2022 23:51:00 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id 21B274092B for ; Sun, 27 Feb 2022 23:51:00 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org X-Spam-Flag: NO X-Spam-Score: -2.098 X-Spam-Level: X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: smtp4.osuosl.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5wIpSnzfV3Y3 for ; Sun, 27 Feb 2022 23:50:59 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.8.0 Received: from mail-qv1-xf32.google.com (mail-qv1-xf32.google.com [IPv6:2607:f8b0:4864:20::f32]) by smtp4.osuosl.org (Postfix) with ESMTPS id D893A4092A for ; Sun, 27 Feb 2022 23:50:58 +0000 (UTC) Received: by mail-qv1-xf32.google.com with SMTP id a1so11128151qvl.6 for ; Sun, 27 Feb 2022 15:50:58 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=message-id:date:mime-version:user-agent:content-language:to :references:from:subject:in-reply-to; bh=gLK4B8U4GhxmvWFmvgpoeKTuaofeqV8hIfvBMqXyOZc=; b=q2CVCNncdflr0M0lfZ7UPBPym+G6hVY55DyVDUkZ2gP7xxQAnIeD7yt/DajbEzzpDI tMu6q9EZ7hHSTtqQaKKIe6Oxisd0qjanu4VOYdpaz+PTv1iQOeFhCt5kHkoLdKGffndz tLXckMSb6k1W1TYQnCQNSOTrSEEN4Ut4tze4l4Zea62VPy4F+5AVzQhL6dyCT7SVCSqe iac86oBIdtKN2ZcLOgcGdfuUunakz5VAI3da479M2T9JI/glEF6l5M07GrB9jntLjYJ7 dtuygstkfgY7QKJ7ueX+nfhIoAb8i78AfSefUUoVSOm2Ed4l75TlMakVnm13qx/1XGZd cFew== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:message-id:date:mime-version:user-agent :content-language:to:references:from:subject:in-reply-to; bh=gLK4B8U4GhxmvWFmvgpoeKTuaofeqV8hIfvBMqXyOZc=; b=RJzhV0ZJBdGSIrWdkOzOZg0GpZc8vYgVTswpnoJfhVmm/swZB512WuVMpieNefkAos w3c7RPD0sAuSeFWUugoYZYjphqASA96kQRDoFyxnGvZm05QmhVJvdzZbVzyj3J8gi95Q pNYP5HSz2uXj28viXQaTmq6Ujiq2eCK3C1hAoyEBvq89yViLoGN9xBOyOeURRUlLQwiw J8Aps2BBnOhyY3cmNgDtNub9CVB5aeKmc+znJLvHAfHEJuRikiiyJgQg7Y1gkBtyVi5J 9Zrg+XzBNuspa5LkXIPE8aubOkE4UwMKHYpI9oAdkivIrlD1s1EDznhjqfTux90uRmZ7 H5FA== X-Gm-Message-State: AOAM53117klApdnkAPY+nfpoquFdBrY/hpbPe2Q+xZk5RLjgpHFMqB4O ztnHA3Li1K3blsdV0LtmuJXP7+iZiUs= X-Google-Smtp-Source: ABdhPJzRbPWtm4zUy4cGIj2MJ+/CBj5RDywnNmKiSrS3V+YUF6dPh6QM2xybv/0KClNiQMOkCkjfBw== X-Received: by 2002:ad4:5225:0:b0:42d:f3a3:c9e0 with SMTP id r5-20020ad45225000000b0042df3a3c9e0mr12346993qvq.82.1646005857286; Sun, 27 Feb 2022 15:50:57 -0800 (PST) Received: from [192.168.0.165] (ool-45714b6d.dyn.optonline.net. [69.113.75.109]) by smtp.googlemail.com with ESMTPSA id g202-20020a379dd3000000b0047d87ec72bbsm4391386qke.28.2022.02.27.15.50.55 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sun, 27 Feb 2022 15:50:56 -0800 (PST) Content-Type: multipart/alternative; boundary="------------tSEHM8PVNHsjRWsbyJ1Tl0Oo" Message-ID: <15720fdd-4e25-f5b5-496f-739f074e61ce@gmail.com> Date: Sun, 27 Feb 2022 18:50:54 -0500 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0 Thunderbird/91.5.0 Content-Language: en-US To: Bitcoin Protocol Discussion References: <20220224065305.GB1965@erisian.com.au> <0a6d4fea-2451-d4e7-8001-dd75a2e140ae@gmail.com> From: Paul Sztorc In-Reply-To: Subject: Re: [bitcoin-dev] Recursive covenant opposition, or the absence thereof, was Re: TXHASH + CHECKSIGFROMSTACKVERIFY in lieu of CTV and ANYPREVOUT X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 27 Feb 2022 23:51:00 -0000 This is a multi-part message in MIME format. --------------tSEHM8PVNHsjRWsbyJ1Tl0Oo Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit On 2/27/2022 11:59 AM, Billy Tetrud via bitcoin-dev wrote: > @Paul > > I think largeblocksidechainsshould be reconsidered: > > * They are not a blocksize increase. > This is short sighted. They would absolutely be a blocksize increase > for those following a large block sidechain. While sure, it wouldn't > affect bitcoin users who don't follow that sidechain, its misleading > to call it "not a blocksize increase" for everyone. Your larger explanation is entirely correct. Many of the important anti-largeblock arguments are not relevant to the largeblock sidechain strategy, but some of them still are. My concern is that people will jump to conclusions, and use the old 2015 arguments against "a blocksize increase" against this idea. Hence my small bullet point. > > * They allow users to be different. Some can pay more (for more decentralization), some less (for less decentralization). > > gambling the entire future of BTC, on the premise that strong decentralization will always be needed at all points in time. > Decentralization isn't just something where more is more valuable and less is less valuable. Decentralization is either enough to stop a class of attack or its not. Its pretty binary. If the decentralization is not enough, it would be a pretty huge catastrophe for those involved. Its pretty clear that making the blocksize eg 10 times larger is a poor design choice. So advocating for such a thing on a sidechain is just as bad as advocating for it on an altcoin. > Even if people only put a couple satoshis in such a sidechain at a time, and don't feel the loss very much, the *world* would feel the loss. Eg if everyone had $1 in such a system, and someone stole it all, it would be a theft of billions of dollars. The fact that no individual would feel much pain would make it not much less harmful to society. I believe that you have missed my point. Let me try to explain it in more detail. First, imagine a magic spell is cast, which 100% prevents the "class of attack" which you mention. In that situation, all of the work that BTC does to remain decentralized, is a pure burden with absolutely no benefit whatsoever. Rational users will then become indifferent to centralization. Since decentralization has tradeoffs, users will tend to be drawn towards 'crypto' projects that have very low decentralization. Next, imagine that the spell is lifted, and the attacks start. Users will be, of course, drawn back towards BTC, and they will appreciate it for its decentralization. So what's the problem? Well, I believe that money has very strong network effects. Therefore, I believe that "user inertia" will be much stronger than usual. At a certain critical mass it may be insurmountable. So, at certain points along the spectrum, users will "clump up" and get "stuck". Thus, we may "clump" on a chain that is not the most decentralized one. And an adversary can use this to their advantage. They can "grow" the centralized chain at first, to help it, and help ensure that they do not have to deal with the most decentralized chain. This entire issue is avoided completely, if all the chains --decentralized and centralized-- and in the same monetary unit. Then, the monetary network effects never interfere, and the decentralized chain is always guaranteed to exist. As for the phrase " Its pretty clear that making the blocksize eg 10 times larger is a poor design choice" I think this entire way of reasoning about the blocksize, is one that only applies to a non-sidechain world. In contrast, in a world where many chains can be created, it does not matter what Some Guy thinks is "pretty clear". The only thing that matters is that people can try things out, are rewarded for successes, and are punished for mistakes. So: if someone makes a largeblock sidechain, and the design is bad, the chain fails, and their reputation suffers. In my way-of-reasoning, someone is actually in the wrong, if they proactively censor an experiment of any type. If a creator is willing to stand behind something, then it should be tried. In fact, it is often best for everyone (especially the end user), if a creator keeps their ideas secret (from the "peer review" community). That way they can at least get credit/glory. The soon-to-be-successful experiments of tomorrow, should be incomprehensible to the experts of today. That's what makes them innovations. Finally, to me it makes no difference if users have their funds stolen from a centralized Solana contract (because there is only one full node which the operator resets), or from a bip300 centralized bit-Solana sidechain (for the same reason). I don't see why the tears shed would be any different. > > We can learn from past mistakes -- when a new largeblock sidechain is needed, we can make a new one from scratch, using everything we know. > If there's some design principles that *allow* for safely increasing the blocksize substantially like that, then I'd advocate for it in bitcoin. But the goal of sidechains should not be "shoot from the hip and after everyone on that sidechain gets burned we'll have learned valuable lessons". That's not how engineering works. That's akin to wreckless human experimentation. Again, we perhaps have a fundamental disagreement on this point. In 2008 a FED chairman might have said to Satoshi, "If there were design principles that *allowed* for private, digital, bearer-instrument, payments, then of course I'd advocate for it here at the FED. But the goal of bitcoin should not be 'shoot from the hip ...'. That's not how engineering works. That's akin to wreckless human experimentation." I think that the most dangerous experiment of all, is to adopt the 'reckless' policy of suppressing creativity. If instead you said something like, "If a 10x blocksize chain is ever demonstrated to have property XYZ, then I will repent my error by putting my own children to death", then the audience would at least have some idea of your confidence and sincerity. But, again, a FED chairman could say exactly that, about Bitcoin. And they would still have been wrong. And even if they were right (on a fluke) they would still have been wrong to prevent the idea from being tried. Censorship (the suppression of ideas, merely because you disagree with them) is not only immoral, on this issue it is also largely pointless. Today, a Bitcoiner can sell their BTC for Solana, or BSV, and there is nothing anyone here can do about it. Altcoin Solana vs bip300 bit-Solana, would seem to be equivalently reckless to me. So, your implicit advice (of bureaucracy-based sidechain drop/add), seems to fail to meet your own criterion (of preventing human recklessness). And it certainly does other bad things for no reason (pumps an altcoin, decreases btc fee revenues /hashrate, etc). Paul --------------tSEHM8PVNHsjRWsbyJ1Tl0Oo Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit
On 2/27/2022 11:59 AM, Billy Tetrud via bitcoin-dev wrote:
@Paul
> I think largeblock sidechains should be reconsidered:
> * They are not a blocksize increase.
This is short sighted. They would absolutely be a blocksize increase for those following a large block sidechain. While sure, it wouldn't affect bitcoin users who don't follow that sidechain, its misleading to call it "not a blocksize increase" for everyone. 
Your larger explanation is entirely correct. 

Many of the important anti-largeblock arguments are not relevant to the largeblock sidechain strategy, but some of them still are.

My concern is that people will jump to conclusions, and use the old 2015 arguments against "a blocksize increase" against this idea.

Hence my small bullet point.


> * They allow users to be different. Some can pay more (for more decentralization), some less (for less decentralization).
> gambling the entire future of BTC, on the premise that strong decentralization will always be needed at all points in time.
Decentralization isn't just something where more is more valuable and less is less valuable. Decentralization is either enough to stop a class of attack or its not. Its pretty binary. If the decentralization is not enough, it would be a pretty huge catastrophe for those involved. Its pretty clear that making the blocksize eg 10 times larger is a poor design choice. So advocating for such a thing on a sidechain is just as bad as advocating for it on an altcoin. 
Even if people only put a couple satoshis in such a sidechain at a time, and don't feel the loss very much, the *world* would feel the loss. Eg if everyone had $1 in such a system, and someone stole it all, it would be a theft of billions of dollars. The fact that no individual would feel much pain would make it not much less harmful to society. 
I believe that you have missed my point. Let me try to explain it in more detail.

First, imagine a magic spell is cast, which 100% prevents the "class of attack" which you mention. In that situation, all of the work that BTC does to remain decentralized, is a pure burden with absolutely no benefit whatsoever. Rational users will then become indifferent to centralization. Since decentralization has tradeoffs, users will tend to be drawn towards 'crypto' projects that have very low decentralization.

Next, imagine that the spell is lifted, and the attacks start. Users will be, of course, drawn back towards BTC, and they will appreciate it for its decentralization.

So what's the problem? Well, I believe that money has very strong network effects. Therefore, I believe that "user inertia" will be much stronger than usual. At a certain critical mass it may be insurmountable. So, at certain points along the spectrum, users will "clump up" and get "stuck".

Thus, we may "clump" on a chain that is not the most decentralized one. And an adversary can use this to their advantage. They can "grow" the centralized chain at first, to help it, and help ensure that they do not have to deal with the most decentralized chain.

This entire issue is avoided completely, if all the chains --decentralized and centralized-- and in the same monetary unit. Then, the monetary network effects never interfere, and the decentralized chain is always guaranteed to exist.


As for the phrase " Its pretty clear that making the blocksize eg 10 times larger is a poor design choice" I think this entire way of reasoning about the blocksize, is one that only applies to a non-sidechain world.

In contrast, in a world where many chains can be created, it does not matter what Some Guy thinks is "pretty clear". The only thing that matters is that people can try things out, are rewarded for successes, and are punished for mistakes.

So: if someone makes a largeblock sidechain, and the design is bad, the chain fails, and their reputation suffers.

In my way-of-reasoning, someone is actually in the wrong, if they proactively censor an experiment of any type. If a creator is willing to stand behind something, then it should be tried.

In fact, it is often best for everyone (especially the end user), if a creator keeps their ideas secret (from the "peer review" community). That way they can at least get credit/glory. The soon-to-be-successful experiments of tomorrow, should be incomprehensible to the experts of today. That's what makes them innovations.


Finally, to me it makes no difference if users have their funds stolen from a centralized Solana contract (because there is only one full node which the operator resets), or from a bip300 centralized bit-Solana sidechain (for the same reason). I don't see why the tears shed would be any different.
> We can learn from past mistakes -- when a new largeblock sidechain is needed, we can make a new one from scratch, using everything we know.
If there's some design principles that *allow* for safely increasing the blocksize substantially like that, then I'd advocate for it in bitcoin. But the goal of sidechains should not be "shoot from the hip and after everyone on that sidechain gets burned we'll have learned valuable lessons". That's not how engineering works. That's akin to wreckless human experimentation.

Again, we perhaps have a fundamental disagreement on this point.

In 2008 a FED chairman might have said to Satoshi, "If there were design principles that *allowed* for private, digital, bearer-instrument, payments, then of course I'd advocate for it here at the FED. But the goal of bitcoin should not be 'shoot from the hip ...'. That's not how engineering works. That's akin to wreckless human experimentation."

I think that the most dangerous experiment of all, is to adopt the 'reckless' policy of suppressing creativity.

If instead you said something like, "If a 10x blocksize chain is ever demonstrated to have property XYZ, then I will repent my error by putting my own children to death", then the audience would at least have some idea of your confidence and sincerity. But, again, a FED chairman could say exactly that, about Bitcoin. And they would still have been wrong. And even if they were right (on a fluke) they would still have been wrong to prevent the idea from being tried.

Censorship (the suppression of ideas, merely because you disagree with them) is not only immoral, on this issue it is also largely pointless. Today, a Bitcoiner can sell their BTC for Solana, or BSV, and there is nothing anyone here can do about it. Altcoin Solana vs bip300 bit-Solana, would seem to be equivalently reckless to me. So, your implicit advice (of bureaucracy-based sidechain drop/add), seems to fail to meet your own criterion (of preventing human recklessness). And it certainly does other bad things for no reason (pumps an altcoin, decreases btc fee revenues /hashrate, etc). 


Paul

--------------tSEHM8PVNHsjRWsbyJ1Tl0Oo--