>Under this point-of-view, then, extension block is "not" soft fork. >It is "evil" soft fork since older nodes are forced to upgrade as their >intended functionality becomes impossible. >In this point-of-view, it is no better than a hard fork, which at least is >very noisy about how older fullnode versions will simply stop working
Offtopic: I believe that this kind of "evil soft fork" where nodes who don't upgrade can continue to read the blockchain, update their utxoset, etc. but can't actually spend some or all of the coins they have has been referred to as a "firm fork". I think this is a pretty useful term to pass around when talking about potential future forks. The earliest reference I can find to that term from a quick search is this talk from 2016 by Adam Back: http://diyhpl.us/wiki/transcripts/adam3us-bitcoin-scaling-tradeoffs/ -Trey Del Bonis On Tue, Feb 12, 2019 at 7:48 AM ZmnSCPxj via bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org> wrote: > > Good morning Kenshiro, > > > - Soft fork: old nodes see CT transactions as "sendtoany" transactions > > There is a position that fullnodes must be able to get a view of the UTXO > set, and extension blocks (which are invisible to pre-extension-block > fullnodes) means that fullnodes no longer have an accurate view of the UTXO > set. > SegWit still provides pre-SegWit fullnodes with a view of the UTXO set, > although pre-SegWit fullnodes could be convinced that a particular UTXO is > anyone-can-spend even though they are no longer anyone-can-spend. > > Under this point-of-view, then, extension block is "not" soft fork. > It is "evil" soft fork since older nodes are forced to upgrade as their > intended functionality becomes impossible. > In this point-of-view, it is no better than a hard fork, which at least is > very noisy about how older fullnode versions will simply stop working. > > > - Safe: if there is a software bug in CT it's impossible to create new > > coins because the coins move from normal block to normal block as public > > transactions > > I think more relevant here is the issue of a future quantum computing breach > of the algorithms used to implement confidentiality. > > I believe this is also achievable with a non-extension-block approach by > implementing a globally-verified publicly-visible counter of the total amount > in all confidential transaction outputs. > Then it becomes impossible to move from confidential to public transactions > with a value more than this counter, thus preventing inflation even if a > future QC breach allows confidential transaction value commitments to be > opened to any value. > > (do note that a non-extension-block approach is a definite hardfork) > > > - Capacity increase: the CT signature is stored in the extension block, so > > CT transactions increase the maximum number of transactions per block > > This is not an unalloyed positive: block size increase, even via extension > block, translates to greater network capacity usage globally on all fullnodes. > > Regards, > ZmnSCPxj > _______________________________________________ > bitcoin-dev mailing list > bitcoin-dev@lists.linuxfoundation.org > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev _______________________________________________ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
