Changing merge-mining format for BIP9

phelix
Posts: 1634
Joined: Thu Aug 18, 2011 6:59 am

Re: Changing merge-mining format for BIP9

Post by phelix »

Cleaning things up certainly is good but I am worried that not having the chainID hashed may shrink our set of options regarding fragment PoW for single/small series of headers. E.g. it would be possible to fake a header by using another merge mined chains header IIUC.

If we can make the chainID unhashed why not remove it alltogether?

I will try to contact forrestv as biolizard suggested. @domob: or do you think it's not relistic to think about p2pool shareable mergrd mining?

edit: I realize there is only a difference in SPV as the client has the full block and the header contains a hash of the block.
nx.bit - some namecoin stats
nf.bit - shortcut to this forum

domob
Posts: 1129
Joined: Mon Jun 24, 2013 11:27 am
Contact:

Re: Changing merge-mining format for BIP9

Post by domob »

phelix wrote:If we can make the chainID unhashed why not remove it alltogether?
Thinking about it, I guess that we actually really have to include the chain ID in the hashing. Otherwise one could mine a Namecoin block and use it as PoW for a second block at once, which is prevented by the chain ID in the current implementation. So maybe using the nonce is, indeed, a good idea. What do others think?
phelix wrote: I will try to contact forrestv as biolizard suggested. @domob: or do you think it's not relistic to think about p2pool shareable mergrd mining?

edit: I realize there is only a difference in SPV as the client has the full block and the header contains a hash of the block.
I don't really know about that, so maybe just ask and let's keep the discussion open here. :)
BTC: 1domobKsPZ5cWk2kXssD8p8ES1qffGUCm | NMC: NCdomobcmcmVdxC5yxMitojQ4tvAtv99pY
BM-GtQnWM3vcdorfqpKXsmfHQ4rVYPG5pKS
Use your Namecoin identity as OpenID: https://nameid.org/

domob
Posts: 1129
Joined: Mon Jun 24, 2013 11:27 am
Contact:

Re: Changing merge-mining format for BIP9

Post by domob »

Thinking further about it, we cannot really use the nonce either: Since we have to enforce that the chain ID is present also for non-auxpow blocks (to avoid reusing them as auxpow as described above), we have to allow miners to change the nonce. Not sure what else to do, though - any ideas?

A possibly more radical suggestion is the following: We could use the nonce field to signal the chain ID, and further require all blocks to be merge-mined - at least on mainnet. Testnet does not enforce the chain ID and could be allowed to have directly mined blocks for simplicity. Do you think that enforcing merge-mining on mainnet is a restriction in practice?
BTC: 1domobKsPZ5cWk2kXssD8p8ES1qffGUCm | NMC: NCdomobcmcmVdxC5yxMitojQ4tvAtv99pY
BM-GtQnWM3vcdorfqpKXsmfHQ4rVYPG5pKS
Use your Namecoin identity as OpenID: https://nameid.org/

phelix
Posts: 1634
Joined: Thu Aug 18, 2011 6:59 am

Re: Changing merge-mining format for BIP9

Post by phelix »

domob wrote:Thinking further about it, we cannot really use the nonce either: Since we have to enforce that the chain ID is present also for non-auxpow blocks (to avoid reusing them as auxpow as described above), we have to allow miners to change the nonce.
Ah, so you would get two Namecoin blocks for one.
Not sure what else to do, though - any ideas?
Only idea I got so far that should be relatively future proof includes messing with nVersion: flip the highest bit to indicate a Namecoin block. Using the highest bit would mean a hardfork for Bitcoin. We could then simply try whether we have a regular block or an auxPOW block.

Other than that I don't see a way without extending the hashed header.
A possibly more radical suggestion is the following: We could use the nonce field to signal the chain ID, and further require all blocks to be merge-mined - at least on mainnet. Testnet does not enforce the chain ID and could be allowed to have directly mined blocks for simplicity. Do you think that enforcing merge-mining on mainnet is a restriction in practice?
It might become one in case Bitcoin should brake :) Seriously, it would still be possibly to mine Namecoin with fake Bitcoin blocks, wouldn't it?

edit: Are you also thinking about Huntercoin and other coins? Then of course the single bit trick is not enough... ouch.
nx.bit - some namecoin stats
nf.bit - shortcut to this forum

biolizard89
Posts: 2001
Joined: Tue Jun 05, 2012 6:25 am
os: linux

Re: Changing merge-mining format for BIP9

Post by biolizard89 »

I think auxpow blocks can cite fake parent blocks, but I don't remember the details. If that's correct, then it might be okay to require all Namecoin blocks to be auxpow blocks. Daniel, thoughts?
Jeremy Rand, Lead Namecoin Application Engineer
NameID: id/jeremy
DyName: Dynamic DNS update client for .bit domains.

Donations: BTC 1EcUWRa9H6ZuWPkF3BDj6k4k1vCgv41ab8 ; NMC NFqbaS7ReiQ9MBmsowwcDSmp4iDznjmEh5

domob
Posts: 1129
Joined: Mon Jun 24, 2013 11:27 am
Contact:

Re: Changing merge-mining format for BIP9

Post by domob »

biolizard89 wrote:I think auxpow blocks can cite fake parent blocks, but I don't remember the details. If that's correct, then it might be okay to require all Namecoin blocks to be auxpow blocks. Daniel, thoughts?
Yes, that's true. I do this (in a simple format) in the auxpow regtests already. It just makes solo-mining a little bit more complicated to set up, but I see no other real restriction.

In that case, we could simply remove the additional information - the auxpow bit must always be set, and the chain ID is fixed anyway. I don't think that this together with the constraint that the block must be merge-mined allows for reusing PoW for multiple blocks. What do others think?

This only has the slight drawback that it won't work for Huntercoin, since the chain ID is there used to indicate the mining algo (SHA256D vs Scrypt). But this is a different problem to solve, and probably not too much of an issue at all, either. We could mandate the nonce to include the chain ID to work around this issue and to preserve the currently existing information in the block header.
BTC: 1domobKsPZ5cWk2kXssD8p8ES1qffGUCm | NMC: NCdomobcmcmVdxC5yxMitojQ4tvAtv99pY
BM-GtQnWM3vcdorfqpKXsmfHQ4rVYPG5pKS
Use your Namecoin identity as OpenID: https://nameid.org/

cassini
Posts: 336
Joined: Sun May 26, 2013 6:36 pm

Re: Changing merge-mining format for BIP9

Post by cassini »

domob wrote:It just makes solo-mining a little bit more complicated to set up,
This would have consequences for p2pool merged-miners, too. Currently they are solo miners from the Namecoin point of view.
phelix wrote:@domob: or do you think it's not relistic to think about p2pool shareable mergrd mining?
(see phelix's comment at https://github.com/p2pool/p2pool/issues/265
Also note forrestv's Merged-Mining-2 specs draft: https://github.com/forrestv/mm2-spec )

domob
Posts: 1129
Joined: Mon Jun 24, 2013 11:27 am
Contact:

Re: Changing merge-mining format for BIP9

Post by domob »

cassini wrote:
domob wrote:It just makes solo-mining a little bit more complicated to set up,
This would have consequences for p2pool merged-miners, too. Currently they are solo miners from the Namecoin point of view.
I probably used the wrong word, I didn't mean solo-mining in the sense of without a pool, but without merge-mining. AFAIK P2Pool miners are merge-mining and thus not affected by the proposed change. It is not related to pool vs no-pool mining.
BTC: 1domobKsPZ5cWk2kXssD8p8ES1qffGUCm | NMC: NCdomobcmcmVdxC5yxMitojQ4tvAtv99pY
BM-GtQnWM3vcdorfqpKXsmfHQ4rVYPG5pKS
Use your Namecoin identity as OpenID: https://nameid.org/

phelix
Posts: 1634
Joined: Thu Aug 18, 2011 6:59 am

Re: Changing merge-mining format for BIP9

Post by phelix »

Assuming it is not necessary for difficulty to ever again go down all the way to the bottom ('ASICS') it might also be safe to use a couple bits from "bits". That might be more "robust" as it can not be altered in other coins as easily as the nonce...
nx.bit - some namecoin stats
nf.bit - shortcut to this forum

domob
Posts: 1129
Joined: Mon Jun 24, 2013 11:27 am
Contact:

Re: Changing merge-mining format for BIP9

Post by domob »

phelix wrote:Assuming it is not necessary for difficulty to ever again go down all the way to the bottom ('ASICS') it might also be safe to use a couple bits from "bits". That might be more "robust" as it can not be altered in other coins as easily as the nonce...
Sounds like a possibility, but I strongly object such an "abuse". It was abusing the version in ways people thought would be safe that brought us this "mess" in the first place. ;)
BTC: 1domobKsPZ5cWk2kXssD8p8ES1qffGUCm | NMC: NCdomobcmcmVdxC5yxMitojQ4tvAtv99pY
BM-GtQnWM3vcdorfqpKXsmfHQ4rVYPG5pKS
Use your Namecoin identity as OpenID: https://nameid.org/

Post Reply