[Soft-fork] Add consensus-enforced rules for block-final transactions for miner commitments

[maaku]

This series of patches adds "block-final transactions", which are a sort of second coinbase transaction generated by the miner, after all other transactions in a block, and a BIP9 soft-fork deployment mechanism for these features.

Having a block-final transaction under miner control allows the miner to collect certain anyone-can-spend outputs from within the block itself, return some of this value to the coinbase as fee, and to carry forward consensus-meaningful locked fund balances from block to block. It also provides a convenient location for consensus commitments that have value for lightweight nodes, as a proof of the block-final transaction is shorter for non-balanced Merkle trees. The last output of the last transaction is where the segwit commitment will go, where merged mining and the forward block shard commitments will go, and where non-consensus commitments like share chains will go. When forward blocks is deployed, it can become a consensus rule that the compatibility block contains 2^n+1 total transactions (2^n-1 user transactions), which makes the path to block-final commitments only a single 32-byte hash (the sub-tree of 2^n prior transactions) plus a midstate skipping to the end of the block-final transaction.

Miner coordination is required to deploy these features because the miner needs an output to spend in order to create a valid block-final transaction, since a transaction can't be without inputs, so coinbase of the first block upon activation has an anyone-can-spend output that starts the chain of block-final transactions. The first block-final transaction is COINBASE_MATURITY blocks later, and spends this output. It is a consensus rule that each block-final transaction contains at least one anyone-can-spend output of a certain form, and that all such outputs are spent by the block-final transaction of the next block.

TODO:

• [x] Write functional tests for deployment mechanism.
• [x] Write p2p tests to check that transactions spending a block-final tx are rejected.
• [x] Write mempool tests to make sure that block-final transactions don't enter the mempool in a reorg.

One area of review that can use some focus is interaction with the mempool. It is critical that the mempool never contain a transaction spending a block-final txout, and that this remain true even in the case of block reorgs

[maaku]

A couple of fixes from the prior version, which I force-pushed since it hadn't been reviewed. Mostly changes to make a couple of assert calls into return false / return NULL so as to not unnecessarily crash the client and provide better feedback in erroneous situations.

I'm still undecided as to whether to accept the last output being an OP_RETURN data output. I'm going to run the numbers and see if that's a real efficiency gain with our anticipated use cases.

The testing code still needs to be written.

[maaku]

Removed the requirement from the OP that the last output be permitted to be an OP_RETURN, as I see no reason for this complication.

[maaku]

Well it’s not all my codebase. I maintain patches on top of bitcoin core, and the concern is more that a refactor might happen there and not be caught by me.

On Jul 27, 2019, at 6:56 PM, kallewoof notifications@github.com wrote:

@kallewoof commented on this pull request.

In src/main.cpp:

@@ -2363,11 +2363,128 @@ bool ConnectBlock(const CBlock& block, CValidationState& state, CBlockIndex* pin nLockTimeFlags |= LOCKTIME_VERIFY_SEQUENCE; }

• // Coordinate enforcement of block-final transaction using versionbits
• // logic.
• const bool enforce_block_final = pindex->pprev && VersionBitsState(pindex->pprev, chainparams.GetConsensus(), Consensus::DEPLOYMENT_BLOCKFINAL, versionbitscache) == THRESHOLD_ACTIVE; Writing code with the assumption that you will screw up a refactor later sounds like you will have a less-than optionally clean codebase, but I honestly don't have a strong opinion on it. I just found it unusual. :)

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or mute the thread.