It is **essential** that emergency code be prepared. This code must be able to lower the difficulty by a large factor.
--- This halving-difficulty-drop problem can, with some bad luck, get quite disastrous, very quickly. ( I did a micro-study of this problem here, for those who are unaware: http://www.truthcoin.info/blog/mining-heart-attack ) For example, it is theoretically possible that 100% of miners (not 50% or 10%) will shut off their hardware. This is because it is revenue which ~halves, not profit. If miners are all equal, difficulty causes their profit margin to narrow over time (for example, if BTC revenues are $100, and amortized fixed costs are $10, then difficulty adjustments will cause total energy costs to rise to ~ $89, such that total pre-halving profit is $1 for everyone...post-halving, profit is -$49 for everyone). So, if miners are homogenous the result is disastrous. Fortunately, miners are probably still somewhat heterogenous. However, we don't know how their power contracts (or their hardware turnover) are scheduled...many miners might (?) have already planned, in private, to close down (or substantially reduce) operations after the halving. As the coinbase rewards are currently orders of magnitude larger than tx-fees, fees are unlikely to be able to compensate for this. Users may decide to simply hold-off on transacting until fees decrease. Worse, if the price crashes (possibly as a result of uncertainty surrounding this episode), it will begin to affect miner-revenue. As a result, miners may decide to temporarily halt mining until the difficulty falls naturally. But such a temporary halt is also (potentially) disastrous. Recall the simple fact that difficulty adjustments are measured in blocks, not time (it appears that we have exactly 1015 blocks between the halving block and the next difficulty adjustment block). If excessive difficulty chokes the system, next difficulty adjustment may *never* arrive naturally. In this worst-case (but somewhat plausible) scenario, we will be *forced* to lower the difficulty via hard fork, and we will be forced to do so very very QUICKLY, as word will be spreading that the Bitcoin system has broken! If a specific hard fork is not coded and tested for this, in advance, the delay might be accompanied by endless [contentious] conversations about what else should be included in this hard fork. Worse, since all users will need to upgrade, there will be uncertainty over contentious versions, malicious agents may try to tamper with versions (to steal Bitcoins), etc. We should consider pushing a version out for users to upgrade, in advance of the halving, as soon as possible. What a disaster! I certainly hope it does not happen, but if it does we should have already agreed on what to do. One choice is "which number do we set the difficulty to?". Half may be too much, or too little. However, allow me to suggest that, if this disastrous scenario occurs, we shouldn't take any chances, and reduce difficulty by a huge proportion...80% or so. The difficulty will then quickly begin to increase again...we can warn users of the increased orphan risk, and that they should wait for many confirmations (which should be happening faster). So, "Allow the alert key to reduce the difficulty by 80%, exactly once on one of the 1015 blocks between halving and difficulty adjustment." And we should consider smoothing the rewards (as described in my post, can be done via soft fork) to prevent this from happening again. In microeconomics literature, 'kinks' in incentive-systems are almost-universally agreed to be very undesirable. Paul On 3/2/2016 10:42 AM, Luke Dashjr via bitcoin-dev wrote: > On Wednesday, March 02, 2016 2:56:14 PM Luke Dashjr via bitcoin-dev wrote: >> so it may even be possible to have such a proposal ready in time to be >> deployed alongside SegWit to take effect in time for the upcoming subsidy >> halving. > > Lapse of thinking/clarity here. This probably isn't a practical timeframe for > deployment, unless/until there's an emergency situation. So if the code were > bundled with SegWit, it would need some way to avoid its early activation > outside of such an emergency (which could possibly be detected in code, in > this case). > > Luke > _______________________________________________ > bitcoin-dev mailing list > bitcoin-dev@lists.linuxfoundation.org > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev > _______________________________________________ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
