(closed, passed) BUIP001: "Unlimited" inspired extensions to the Bitcoin Client

VeritasSapere

Active Member
Nov 16, 2015
511
1,266
I like this idea, I suppose this could be introduced as a separate BUIP at a later point. This reminds me of the Bitcoin XT big blocks only version, same concept.

I suspect the next voting will go smoother then this, once we become a bit more used to the process.
 

theZerg

Moderator
Staff member
Aug 28, 2015
1,012
2,327
OK voting is closed with 13 YESes and 2 NOs.

The YESes carry the day. We will proceed with the first official BU release ASAP. I will start a final code review and cleanup tonight.

I hope all you YESes (and NOs) will run a BU node when its released to show support for the project. Meanwhile, I think that the next release should be based off if Blockstream Core 0.12... so please start thinking about what additional changes should be made to that branch.
 

cypherdoc

Well-Known Member
Aug 26, 2015
5,257
12,998
ok. i don't mind going with the majority. good luck with this!
 
  • Like
Reactions: Aquent

theZerg

Moderator
Staff member
Aug 28, 2015
1,012
2,327
Unfortunately, I do not own a Mac... maybe someone else will be willing to compile it there.
 

VeritasSapere

Active Member
Nov 16, 2015
511
1,266
OK voting is closed with 13 YESes and 2 NOs.

The YESes carry the day. We will proceed with the first official BU release ASAP. I will start a final code review and cleanup tonight.

I hope all you YESes (and NOs) will run a BU node when its released to show support for the project. Meanwhile, I think that the next release should be based off if Blockstream Core 0.12... so please start thinking about what additional changes should be made to that branch.
Yes, you are my hero! I can talk all day long, but we need someone like you to actually code this thing so that it actually becomes a reality. Thank you so much from the bottom of my heart! :)
 

Windowly

Active Member
Dec 10, 2015
157
385
If there is a mac version I'd be very tempted to run this instead of BIP 101, which I'm trying to run right now. . . Unlimited would make sure we don't have this kind hijacking by developers again in the future.
 

jonny1000

Active Member
Nov 11, 2015
380
101
"Bitcoin Unlimited" is not convergent due to the "excessive block depth" idea

Quote from: Andrew Stone
3. Addition of an Unlimited Dialog / command line option to change the default block “accept” size. Blocks larger than this (excessive blocks) will only be accepted if they are N deep in the blockchain. This will be 16MB by default.

4. Addition of an Unlimited Dialog / command line option to set the excessive block accept depth. This is the N parameter in the description of #3. The default value will be 4.

Source: https://bitco.in/forum/threads/buip001-unlimited-inspired-extensions-to-the-bitcoin-client.222

Within the Bitcoin Unlimited proposal I will talk about three key numbers:
  • L = The blocksize limit at which miners produce blocks, the default is 1MB
  • M = The blocksize limit for incoming blocks, which will be accepted as valid, if the lead is large enough, the default is 16MB
  • N = The lead required over the chain with the blocksize limit L, in order to accept the blocks with a larger size as valid, the default is 4
The above element of the Bitcoin unlimited proposal seem to undermine the principal of a confirmation and partially invalidate the longest chain rule principal behind Bitcoin. At the same time I do not see how this proposed methodology converges on a single version of the blockchain. Let me consider some scenarios below, all of which exclude the fact that both N and the default blocksize limit are locally customizable, creating even more divergence about the one true chain.

Scenario 1 – Upgrade to larger blocks
In this example, L=1MB, M=16MB and n=4MB. There is then a desire to produce a 2MB block. A miner therefore produces a 2MB block B. Most nodes by default reject 2MB block B as it only has one confirmation. Two chains are created an in the example image below, the 1MB block B receives 4 confirmations before the 2MB chain eventually gets a 4 block lead and since N=4, this chain is now considered valid. Transactions which had received 4 confirmations can now be double spent.



However, this upgrade system is not convergent at all, there is no reason why this battle between the 2MB chain and 1MB chain should be resolved quickly. This could occur over many blocks (greater than 4). The two chains in this example could contain conflicting transactions and this "upgrade" process can encourage double spends, with the meaning of a confirmation hugely depreciated.

Scenario 2 – Failed upgrade to larger blocks
Consider the above example again, except the next block to be found is a 1MB G block. Once this block is found nodes would reject the 2MB G, H, I & J blocks, since the 2MB chain no longer has a 4 block lead. This means that finding only one block can invalidate 4 confirmations. This attack could be very attractive for those wishing to do double spends. The whole consensus property of Bitcoin is destroyed.

Unless anyone can tell me why this analysis is incorrect, I would recommend the Bitcoin Unlimited team remove this "excessive block depth" idea from the software and proposal.
 

Zangelbert Bingledack

Well-Known Member
Aug 29, 2015
1,485
5,585
@jonny1000

Welcome to the forums! I was looking forward to hearing your arguments against BU. It may be cleaner to discuss this in a dedicated thread, but I'll leave my reply here for now.

My first impression is that your points are based on a misapprehension of how consensus on blocksize is intended to be reached in BU. I think you have seen N (the oversized-block acceptance depth) as the mechanism for reaching consensus,* when it's really more of a failsafe for miners who don't keep abreast of the situation on the network as well as they should if they want maximum profits.

Miners who are paying attention should have their cap set substantially above the normal maximum blocksize as seen on the network; I see N as a bit of a "gimme" to small block advocates who want to make some sacrifices to discourage large blocks, as N allows them to be a little bit riskier about it (they can safely set their max acceptance size M a bit lower) while still tracking consensus in most situations. However, I think you may have misinterpreted the point of this: N wasn't really necessary for BU to work. The original idea was to have blocksize be unlimited, then user-selectable blocksize was added as a concession to small block advocates who worry about big block attacks, and N was largely a way to make life a little easier for those small block advocates (@theZerg @awemany @Peter R please correct me if I'm wrong).
However, this upgrade system is not convergent at all, there is no reason why this battle between the 2MB chain and 1MB chain should be resolved quickly. This could occur over many blocks (greater than 4).
Such a long-running duel assumes something near a 50/50 split of hash power between the chains, or else they would resolve more quickly, correct? It seems the situation with Core is the same if Core were to try to upgrade to 2MB blocks when miner support was near a 50/50 split on the issue. I know, they won't do this, instead waiting for "overwhelming consensus" like 95% or something, thus avoiding the terrible 50/50 outcome.

However, here I think you are seeing the illusion that the tail is wagging the dog. You apparently view Core's policy of waiting for 95% consensus as the means by which a 50/50 split is avoided, as if miners are all a bunch of robots. Since miners are aren't robots but in fact people who are dead-set on maximizing their profits, they certainly would not mine or build on an over-limit block (blocksize > L) unless they believed that would be a profitable choice. That would only be a profitable choice if it were unlikely to result in their block being orphaned. If a miner is rational, which is the governing assumption of Bitcoin in the first place, this profit/loss calculation will of course take into account the very same 95% that Core is looking for, except the miner is free from that market intervention** and can choose his own threshold percentage while also balancing it with whatever other factors he deems relevant to the profit/loss calculation in his own individual situation - with his own unique power costs and connectivity and the transaction fees in the mempool at the time - to dynamically determine the point at which he himself has an expected positive return on mining a bigger block.

The first miner to mine a bigger block can be assumed to have performed such a calculation as a profit-maximizing agent, and then others may follow suit by raising their limits. Why would miners be monitoring the network that closely? Perhaps they aren't now, but they will have to in the future if they want to stay profitable, because their competitors will. They will do so when blockspace becomes limited enough and fees become high enough that their expected return on mining a block with some extra juicy fees overshadows the orphan probability based on various factors, including the XX% miner signaling.

Centrally planning the switchover at 95% is economically suboptimal. The Core devs imagine that without their paternalistic setting of that 95% threshold, miners would be unable to make the calculation for themselves - even though they are privy to the very same information, and in real time at that! And again, Core devs cannot know the profit/loss calculations that apply to each miner's individual situation. This is akin to Soviet-style price fixing and falls afoul of the Economic Calculation problem as explained by Ludwig von Mises, or the problems with the use of knowledge in society as explained by F.A. Hayek: no central planner can know all the individual valuations and tradeoffs each person in the economy will want to make.

The one-size-fits-all approach destroys the whole idea of the division of labor, the mainspring of human progress for the past 6000 years. Core's one-size-fits-all decrees are NOT where consensus comes from; consensus comes from miners not being idiots.*** The miners are the dog and the devs are the tail. Just like governments, they do something like require seatbelts in cars right as the auto industry is putting in seatbelts on its own and imagine that they - the wise overseers - are the source of auto safety. The tail imagines it wags the dog. Everyone can see the decree and the effect, but few can see that the same thing - or probably something far less clunky - would have happened without the decree. If a miner has a positive expected return on an oversize block, he will mine it even if it does end up orphaned. Other miners can see this and adjust accordingly, especially once they start getting outcompeted by accepting fewer fees that they could be. Miners stay in consensus because they are econo-rational, not because of developer nannyism.

I would therefore expect blocksize to creep up very conservatively, and barring miner agreement on a flag-day upgrade - which is always a possibility even with BU except they can do without mucking about with the Core devs - this will only happen when there are enough fees to warrant the orphan risk, as well as a high percentage of miners signalling support for a bigger blocksize. It would probably move up in some kind of Schelling-point increments like 2MB.

*unless you think BU is good and your point is simply that BU shouldn't have the "excessive block depth." That may indeed be and I would have to think about your scenarios more.

**which is, after all, nothing more than the inconvenience of adjusting that 95% threshold in the Core code oneself or finding someone to do to it for you

***Some might say that miners really are idiots, but this violates the basic assumption of Bitcoin, that miners are economically rational. Sure, some miners now might not have to be very smart about their operations, but in the future this will have to change. Right now being dumb in some ways as a miner doesn't make you economically irrational, but in the future where forking and emergent coordination must occur, it will. Miners that refuse to monitor the network and make prudent profit/loss calculations will be outcompeted by those who do.
 
Last edited:
  • Like
Reactions: awemany and Peter R

Peter R

Well-Known Member
Aug 28, 2015
1,398
5,595
Welcome to the forum, Jonny.

I believe you're mistaken about the settings. By default, BU will accept any block up to 16 MB, however it will not mine a block over 1 MB. The excessive block behaviour is only for blocks larger than 16 MB. The excessive block logic is really only an emergency and prevents the hypothetical network split attack; in practice we don't expect it to ever be used (except by node operators who forget to upgrade their software for several years).

Could you re-run your attack scenario with this new information?
 
  • Like
Reactions: awemany

jonny1000

Active Member
Nov 11, 2015
380
101
Dear Peter & Zangelbert

Thanks for responding on Christmas. I wish you both a happy Christmas and a great new year.

a misapprehension of how consensus on blocksize is intended to be reached in BU.
I am not sure what you or anyone else intends is important, what is important is we consider as many scenarios which could arise from these new rules as we can. Please remember that BU and the excessive block depth element introduces a new attack vector, how you intend miners to behave may not be relevant. I think it is important that some people build systems and have plans on how its intended to work, but Bitcoin in particular is about being resilient against many forms of attacks.


I see N as a bit of a "gimme" to small block advocates
Please let me know if this N has convinced any small block advocates to support BU. I don't know if you consider me as a small block advocate, I am against BIP101, but see myself in the middle ground and could even be persuaded to support a contentious hardfork to increase the blocksize, for example BIP102 or BIP100, should the core developers continue to refuse to significantly compromise once BIP101 is dropped as a proposal. I am certainly unimpressed with the N factor.

I consider the block depth element of the proposal to be a challenge to bitcoin's longest chain rule and I think this is the last thing that should be messed with.

Such a long-running duel assumes something near a 50/50 split of hash power between the chains, or else they would resolve more quickly, correct?
This is not how I am thinking no. I think Bitcoin is a pretty crazy concept, having miners compete for a valid hash and then everyone accepting the longest valid chain is mad, who would have thought this would have worked so long. I think part of the reason this process has been so successful is because of the highly convergent nature of bitcoin mining. The network has been resilient in the face of potentially catastrophic events, for example the March 2013 fork or July 2015 SPV mining near failure. Looking back at these incidents its important to realize what has made the network so resilient, its because bitcoin mining is highly convergent, I think its the most convergent system anyone has ever made. Miners are incentivised to always try to converge with the group, for every second of every day. There are no gaps in this process, miners always try to mine on the longest chain with the best chance of winning, whatever has happened in the past. This is why I think proof of stake systems will fail, because to prevent the nothing at stake problem miners have bonds which they lose if they change their mind. However, miners need to be able to change there mind, they need to be willing to adjust and support the longest valid chain all of the time. This is why the longest or most work chain idea is so effective and resilient. I feel that BU partly messes up this most work chain idea, by having this depth idea.

I don't assume this duel needs something near a 50/50 slit no. I see that this kind of duel will occur in some periods of time and this makes the network less convergent.

Since miners are aren't robots but in fact people who are dead-set on maximizing their profits, they certainly would not mine or build on an over-limit block (blocksize > L) unless they believed that would be a profitable choice. That would only be a profitable choice if it were unlikely to result in their block being orphaned.
Yes I get that. I do think BIP100 >> BU = Core >> BIP101, except for the N depth thing. Please remove this from the proposal.

The first miner to mine a bigger block can be assumed to have performed such a calculation as a profit-maximizing agent
Or the miner is planning on a double spend attack. As I explained above, with BU, finding only one block can invalidate 4 confirmations.

Centrally planning the switchover at 95% is economically suboptimal.
Happy to compromise between 75% in BIP101 and 95%, 85% seems fair to me.

F.A. Hayek: no central planner can know all the individual valuations and tradeoffs each person in the economy will want to make.
This is why I support BIP100, which leaves the choice to the miners and oppose BIP101, which locks in central planning to 2035. BU almost seems exactly the same as core, as people can modify the default settings in core to.

Do you recognize the potential existence of the tragedy of the commons type problem? Or do you think the free market is always best and we should never have regulation?


William Forster Lloyd - 1833
"If a person puts more cattle into his own field, the amount of the subsistence which they consume is all deducted from that which was at the command, of his original stock; and if, before, there was no more than a sufficiency of pasture, he reaps no benefit from the additional cattle, what is gained in one way being lost in another. But if he puts more cattle on a common, the food which they consume forms a deduction which is shared between all the cattle, as well that of others as his own, in proportion to their number, and only a small part of it is taken from his own cattle. In an inclosed pasture, there is a point of saturation, if I may so call it, (by which, I mean a barrier depending on considerations of interest) beyond which no prudent man will add to his stock. In a common, also, there is in like manner a point of saturation. But the position of the point in the two cases is obviously different. Were a number of adjoining pastures, already fully stocked, to be at once thrown open, and converted into one vast common, the position of the point of saturation would immediately be changed"

Hayek and Mises would say that the tragedy of the commons is caused by a lack of property rights and that all the commons should have an owner. But the fact is, we do have a property rights problem with the blockchain.

Bitcoin mining also has positive externalities, another concept I am sure you may struggle with. Again, I am sure Mises and Hayek would blame property rights, but Bitcoin is pretty unique with respect to property rights and I am sure Hayek and Mises never encountered anything like Bitcoin.

Peter R said:
By default, BU will accept any block up to 16 MB, however it will not mine a block over 1 MB. The excessive block behaviour is only for blocks larger than 16 MB.
Sorry my understanding was the defaults are the following:
Less than 1MB = Accepted
Between 1M and 16MB = Requires N depth and overall lead
Over 16MB = Always rejected as invalid

From what you said above, my understanding is now:
Less than 1MB = Accepted
Between 1M and 16MB = Accepted, but not mined by default
Over 16MB = Requires N depth and overall lead


Is this right?

If this is the case, I do not understand what the 1MB limit does or why it has any impact. Miners will choose the size to maximize their profit, why would they care about this 1MB? This also makes this N depth idea seem even more pointless, why not just get rid of it and reject blocks over this upper limit? I do not see how BU adds anything over core, all it does is introduce this significant N depth attack vector, which can be used to double spend.
 
Last edited:

Zangelbert Bingledack

Well-Known Member
Aug 29, 2015
1,485
5,585
@jonny1000

Thank you! A merry Christmas to you, too!
I am not sure what you or anyone else intends is important,
I agree, I just meant, "It's not as if N is intended to be the saving grace that makes Bitcoin Unlimited work."
Please let me know if this N has convinced any small block advocates to support BU.
I expect it to convince some, but you may be right that it has problems (fortunately, BU lets users not use it at all, which is part of the point: giving users control more user-friendlily; although right now it's enabled by default, this could be changed).

As for N in general, as I said in my footnote, most of my points were under the assumption that you had a problem with BU in general and thought N was supposed to be what made it all work and converge properly. Now I see that you're saying N is actually bad because it prevents convergence. For that I have to think more and it is probably more the realm of knowledge of some other posters here so I'll leave it to them.
Happy to compromise between 75% in BIP101 and 95%, 85% seems fair to me.
Well this is exactly the kind of central judgment I'd like to see avoided. However, in supporting BIP100 you do seem to have a sense that central planning isn't good. I initially thought it could be a good idea, but I just don't think having the miners vote is optimal. It might work, but it seems to add a lot of unknowns and complexity, plus it's not as pure an expression of the market as some other things. BU seems more pure to me, N notwithstanding, though still not the purest: a spinoff or fork arbitrage is the purest, I think. (Note that BIP100 was taken off the table by its originator, Jeff Garzik. That of course is irrelevant to its viability, but it does affect its likelihood of being implemented in Core.)
Do you recognize the potential existence of the tragedy of the commons type problem? Or do you think the free market is always best and we should never have regulation?
Yes to both, because like you guessed I hold that any true tragedy of the commons is the result of a lack of property rights. If there is a tragedy of the commons-like situation somewhere in Bitcoin, it is probably being caused by Core policy or maybe even original Satoshi design. The market, given time, should be able to sort it out as problems arise. We have already relied on that all this time as we have no choice, and it has worked.
Bitcoin mining also has positive externalities, another concept I am sure you may struggle with.
The fact that non-mining nodes exist makes things dicey, I agree, and this is most of the reason the debate has been difficult. Whether that diceyness is properly called "externalities" I'm not sure, but it is something akin to or analogous to it. We are discussing the issue of non-mining nodes that in another thread (GCBU) just now. You can see my very tentative positions on that there.
 
Last edited:

Zangelbert Bingledack

Well-Known Member
Aug 29, 2015
1,485
5,585
Whatever the case turns out to be with the block acceptance depth:


If BU really wanted to drive the point home, a setting that allows the user to adjust the coinbase size could be included (with a ton of warnings, of course). It would be a bad idea PR-wise just because someone might adjust it, but hypothetically it would make the point very clear: just giving users an option in no way impels them to use it; the reason miners don't do stupid stuff is they know they'll lose money, not because Core is shepherding them; inconvenience is a weak reed to lean on for system security.

BU can be called just a more user-friendly version of Core, in that it is user friendly to make some changes in parameters, unlike Core where you have to know code to do it.
 
Last edited:

theZerg

Moderator
Staff member
Aug 28, 2015
1,012
2,327
Note to other forum members and jonny if he cares how he is perceived by others: he has been sending multiple messages to multiple forums and reddit making strong statements against BU prior to even understanding how it works. This is both intellectually dishonest and implies a strong preexisting negative bias.

He has made other classic troll moves in my exhaustive discussion with him on Reddit (such as moving goal posts) in which I addressed his concerns.

I finally left this discussion with a challenge for him to actually prove his assertions rather than endlessly hand wave.

Jonny if you are really coming here to help I suggest that you rethink your approach, apply some rigor to your claims and actually do the simulation that you began the discussion with. Such a contribution would be very valuable.
 

jonny1000

Active Member
Nov 11, 2015
380
101

If BU really wanted to drive the point home, a setting that allows the user to adjust the coinbase size could be included (with a ton of warnings, of course).
In principle I agree with this. Please let users change the coinbase size if they want. However my point is the debate then shifts from hard coded values to what the default value should be. I do not think the default value of N should be 4, it should be either 1 or infinity, otherwise we introduce a new double spend attack vector.


... sending multiple messages to multiple forums and reddit making strong statements against BU prior to even understanding how it works.
I admit I do not fully understand how it works and my initial comment admits this, however I have asked for clarification and still not received it. What is clear is that there is an N depth element to BU, which destroys the longest chain rule, leaving nodes deliberately on a shorter chain, before potentially switching to another chain. I think this is likely to be a bad idea regardless of what the rest of BU does, or is at least a major change to the security model which requires an explanation.

He has made other classic troll moves in my exhaustive discussion with him on Reddit (such as moving goal posts) in which I addressed his concerns.
In my view, none of my concerns were addressed.

I finally left this discussion with a challenge for him to actually prove his assertions rather than endlessly hand wave.
There are circumstances when the majority of nodes consider a shorter chain as valid, before potentially switching to the longer chain, if it gets more confirmations. This is a perfect scenario to double spend on a shorter chain. How is pointing out that BU undermines the core security principle of Bitcoin "endlessly hand-waving"?
 

achow101

Member
Dec 26, 2015
32
21
Why have the node accept a blockchain after N excessive blocks? Why not just do as Bitcoin Core does now (with blockchain reorgs) and alert the user that there is a chain that is above the N excessive blocks threshold and that they can switch to use it if they want by changing their accepted block limit? Maybe they don't want to switch to another blockchain.
 

jonny1000

Active Member
Nov 11, 2015
380
101
Why not make BU more simple? BU could have one blocksize limit, which the user can change. Remove the N depth and the other limit, which makes BU unnecessarily complicated. I could support BU if it had one simple limit, that the user could change.
 

_mr_e

Active Member
Aug 28, 2015
159
266
But then if the rest of the network begins accepting a bigger block and building on that chain you will forever be stuck on the wrong chain. This is the only purpose of the N depth limit, to ensure you can stay on the right chain if the network moves on past your defined limit.