Zerocoin: Anonymous Distributed E-Cash from Bitcoin

<< < (22/33) > >>

Mike Hearn:
Quote from: jl2012 on July 04, 2013, 05:11:05 PM

Rule changes could be backwards compatible, e.g. allowing homosexual marriage would not make any existing or future heterosexual marriage illegal. The opposite is true for bitcoin: tightening rules would not make existing clients obsolete

The point of a soft fork is that the rules don't tighten - from the perspective of old clients, anyone can spend any zerocoin and you will happily accept blocks that contain bogus spends written by unauthorized users. This reduces your node to SPV level security (you blindly trust whichever chain the majority of mining is done on). Silently downgrading peoples security level is not only a nasty hack, it's untrustworthy behaviour which is why I objected to it for P2SH.

Bitcoin has never been designed to "soft fork". That's something other people came up with later. Everything in Bitcoins design is intended to trigger hard forks when the protocol changes.

Hard forks are not impossible or the end of the world, they just require co-ordination and communication. It is the right way to do things and I will continue to strongly object to "upgrades" that convert full nodes into SPV nodes.

jl2012:
Quote from: Mike Hearn on July 05, 2013, 08:29:39 AM

Quote from: jl2012 on July 04, 2013, 05:11:05 PM

Rule changes could be backwards compatible, e.g. allowing homosexual marriage would not make any existing or future heterosexual marriage illegal. The opposite is true for bitcoin: tightening rules would not make existing clients obsolete

The point of a soft fork is that the rules don't tighten - from the perspective of old clients, anyone can spend any zerocoin and you will happily accept blocks that contain bogus spends written by unauthorized users. This reduces your node to SPV level security (you blindly trust whichever chain the majority of mining is done on). Silently downgrading peoples security level is not only a nasty hack, it's untrustworthy behaviour which is why I objected to it for P2SH.

Bitcoin has never been designed to "soft fork". That's something other people came up with later. Everything in Bitcoins design is intended to trigger hard forks when the protocol changes.

Hard forks are not impossible or the end of the world, they just require co-ordination and communication. It is the right way to do things and I will continue to strongly object to "upgrades" that convert full nodes into SPV nodes.

No soft-fork is possible without majority of miners agree. If they decide to tighten the rules, all users have no choice but to follow. This is a known feature (or vulnerability) of bitcoin from day one. Sometimes it is called a "soft-fork", while sometimes it is called a "51% attack". Anyway, it's the users' responsibility to keep their client up-to-date to adopt the tightened rules.

If Satoshi had never thought of possibility of soft-fork, I couldn't see why he included so many useless OP_NOP codes in the script.

Mike Hearn:
No, that's not true at all. The whole point of running a Bitcoin full node is that you do NOT blindly follow any rule changes miners agree on. That's fundamental. If you do blindly follow them then you're using simplified payment verification.

jl2012:
Quote from: Mike Hearn on July 05, 2013, 10:26:32 AM

No, that's not true at all. The whole point of running a Bitcoin full node is that you do NOT blindly follow any rule changes miners agree on. That's fundamental. If you do blindly follow them then you're using simplified payment verification.

If the majority of miners decide to restrict block size to 100kbytes, what non-mining full node could do? They could either follow, or join a shorter fork with bigger block size (i.e. hardfork ). Non-mining nodes don't really have much choice

adam3us:
Anyway other than the question of whether soft forks make sense or not: what about making an all zerocoin based alt-coin (no bitcoins, nothing but zerocoins), that is either-or mined with bitcoin. Then people can trade in and out of zerocoins by buying or selling them for bitcoin with an atomic transaction, probably p2p without some trusted exchange like mtgox.

Either-or mined (as distinct from merge-mined) I mean that each mined coin set is either a set of 25 bitcoins or a set of 25 zerocoins. If its a zerocoin set its not a valid bitcoin set, and if its a bitcoin its not a valid zerocoin. I'm not sure the zerocoins or bitcoins have to do much with mining events for the other network other than check they have the expected number of bits as they wont automatically know how to validate the other network. Some miners may choose to validate both networks, but thats a choice for them.

In that way people can experiment with zerocoin, without bloating the block chain, complicating bitcoin, and without slowing validation on the bitcoin network. And the two coins should have approximately the same cost (and maybe therefore value, though the price would be subject to demand/supply and any taint discount for bitcoins; zerocoins are taint free, or perfectly blended taint at least).

Adam

Navigation

 Message Index