Open JeremyRand opened 7 years ago
I've not yet read through all the details, but this sounds to me like the same thing that segwit is doing for being a softfork rather than hardfork. Sounds like a nifty idea, but I wonder if the supposed benefit is really worth the complexity all of that adds. Given that I'm basically the only maintainer of the core consensus code and I'm not even working fulltime on this (far from it), I think that this is also something we should keep in mind - and something that clearly shifts our situation with respect to decisions made for Bitcoin, which has at least some fulltime developers working on it.
I've not yet read through all the details, but this sounds to me like the same thing that segwit is doing for being a softfork rather than hardfork.
Quite similar in concept, which is probably because both the SegWit softfork and the Soft Hard Fork were created by Luke-Jr -- this is sort of his signature style, I just adapted it to name transactions.
Sounds like a nifty idea, but I wonder if the supposed benefit is really worth the complexity all of that adds. Given that I'm basically the only maintainer of the core consensus code and I'm not even working fulltime on this (far from it), I think that this is also something we should keep in mind - and something that clearly shifts our situation with respect to decisions made for Bitcoin, which has at least some fulltime developers working on it.
My main motivation for thinking about this is that a lot of the proposed name improvements are hardforks, and it seems preferable to avoid hardforks when feasible. Particularly given that I'd rather not roll a lot of stuff into AAA, and it's unclear that we'll have another chance to hardfork for a while. So basically, the 2 options I was pondering were (1) try to roll more into AAA, or (2) not roll more into AAA, and instead do this method later when we're ready, on our own schedule. :) This basically gives us a way out so that we don't need to choose between delaying AAA and scheduling another disruptive hardfork.
It occurs to me that the script versioning system in SegWit, or the hardfork signaling in Luke's merged mining BIP, could plausibly be hijacked in order to do something vaguely equivalent to this, but it's unclear to me if that's a good idea, since script versioning isn't usually supposed to touch a global state that affects multiple script versions, and hardfork signaling would usually result in currency transactions being invisible too. (We could hack around that, I suppose, but defining new name opcodes seems simpler and less risky at that point.)
I think HF bitcoin and HF namecoin is a completely different matter. The difference is about 1:2000. Such a small coin can afford to HF and use this advantage to create a better design than hacking a workaround on top of the current protocol.
xochipilli:
I think HF bitcoin and HF namecoin is a completely different matter. The difference is about 1:2000. Such a small coin can afford to HF and use this advantage to create a better design than hacking a workaround on top of the current protocol.
I don't think that Namecoin's smaller status necessarily implies that it's safe to hardfork. On one hand, there are fewer stakeholders who need to be convinced to upgrade, which probably makes hardforks easier to do safely. On the other hand, many Namecoin users probably have less self-perceived stake in Namecoin, and it may be more difficult to convince them to upgrade. The largest NMC holder is believed to be the btc-e cold wallet, and last time we tried to contact btc-e about a fairly high-priority issue, crickets. Not to mention that many users haven't had any luck contacting squatters to negotiate buying a name.
I've talked to a number of Bitcoin people who are much more knowledgeable about this stuff than I am, and while they're basically in agreement that AAA needs a hardfork, they also think that for non-critical things, softforks are still substantially safer for Namecoin than hardforks are.
Cheers.
As we all know, softforks are safer and less disruptive than hardforks, meaning that:
I've been looking at the fork wishlist. That wishlist was compiled from grepping the forum and GitHub for "hardfork" and "softfork". I think it's close to complete.
I notice that most of the hardforks on the list only involve name transactions. Luke-Jr told me recently about a "soft hardfork", in which clients who haven't upgraded see a valid blockchain with full hashrate, but the blocks have no transactions. I was thinking about whether we can do something similar to do arbitrary changes to the name system such that old clients don't get kicked off the chain.
So let's say that we wanted to change the behavior of the name opcodes in some way. This could be any of the following:
And let's say that we wanted this to be a softfork. Consider this mechanism, which becomes enforced at softfork activation:
NAME_NEW
outputs are now considered invalid.NAME_FIRSTUPDATE
andNAME_UPDATE
outputs must have an address script ofOP_RETURN
.OP_NAME_MIGRATE_2
.OP_NAME_MIGRATE_2
's semantics are identical to the pre-fork behavior ofOP_NAME_UPDATE
(except as specified herein).OP_NAME_MIGRATE_2
is invalid unless it appears in a transaction that also includes anOP_NAME_FIRSTUPDATE
orOP_NAME_UPDATE
for the same name. (As a correlary,OP_NAME_MIGRATE_2
appearing in the same transaction as a pre-fork name opcode is not invalid.)OP_NAME_NEW_2
,OP_NAME_FIRSTUPDATE_2
, andOP_NAME_UPDATE_2
; herein referred to as "v2 name opcodes"OP_NAME_FIRSTUPDATE_2
must spendOP_NAME_NEW_2
, not the v1OP_NAME_NEW
.OP_NAME_UPDATE_2
must spendOP_NAME_FIRSTUPDATE_2
,OP_NAME_UPDATE_2
, orOP_NAME_MIGRATE_2
, not the v1OP_NAME_FIRSTUPDATE
orOP_NAME_UPDATE
.name_show
RPC call) is redefined according to arbitrary new rules.Pre-fork clients don't consider the new opcodes to be name opcodes; they therefore consider scriptPubKeys that contain them to be currency transactions (with some useless data pushed to the stack and then immediately dropped). As a result, pre-fork clients will see the following as a result of the softfork:
OP_RETURN
addresses.OP_RETURN
) never are relayed or confirmed (except by nodes and miners who have failed to upgrade; any blocks mined by such miners will be orphaned).Critically, the existing naming semantics are not enforced by old clients against name transactions issued after the softfork, because the post-softfork name transactions look like currency transactions to old clients. That means the softfork can change basically anything about the behavior of the naming system.
Why is this better than a traditional hardfork?
Is this concerning?
Thoughts on this? Are there attacks here that I'm not thinking of?