On Tue, Apr 06, 2021 at 01:17:58PM -0400, Russell O'Connor via bitcoin-dev wrote: > Not only that, but the "time_until_next_retargeting_period" is a variable > whose > distribution could straddle between 0 days and 14 days should the > MIN_LOCKIN_TIME end up close to a retargeting boundary.
As noted in [0] the observed time frame of a single retarget period over the last few years on mainnet is 11-17 days, so if LOCKED_IN is determined by a min lock in time, then activation should be expected to occur between 11 days (if the min lock in time is reached just prior to a retarget boundary and the next period is short) and 34 days (if the min lock in the is reached just after the retarget boundary and both that period and the following one are long). [0] https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2021-April/018728.html > MTP risks having a > persistent two week error in estimating the activation time (which is the time > that nodes need to strive to be upgraded) That's a range of 16 days, consistenly after the time that's specified and which cannot be brought forward even if miners were to attempt to a timewarp attack. That compares to the height based approach, which gives a similar error for the 7 period / 3 month target, and larger errors for anything longer, and which can be both earlier or later in attack scenarios. The errors are worse if you consider times prior to the 2015 cut-off I used, but hopefully that's because of the switch to ASICs and won't be repeated? > which may not be resolved until only > two weeks prior to activation! If MIN_LOCKIN_TIME ends up close to a > retargeting boundary, then the MTP estimate becomes bimodal and provides much > worse estimates than provided by height based activation, just as we are > approaching the important 4 weeks (or is it 2 weeks?) prior to activation! That doesn't seem like a particularly important design goal to me? Having a last minute two week delay seems easy to deal with, while having to make estimates of how many blocks we might have in an X month period X+K months in advance is not. If it were important, I expect we could change the state machine to reflect that goal and make the limit tighter (in non-attack scenarios). > The short of it is that MTP LOCKIN only really guarantees a minimum 2 week > notice prior to activation, If the timeout is at X and MTP min lockin is at X+Y then you guarantee a notice period of at least Y + (1 retarget period). Cheers, aj _______________________________________________ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
