Page 2 of 5
Re: Testnet Merged Mining Block Number
Posted: Mon Aug 08, 2011 3:30 am
by vinced
I have version nc0.3.24.54-rc4 up. This version fixes an exploitable bug where the same work can be used to submit multiple auxiliary blocks, by adding multiple auxiliary trees to the parent coinbase. This version only allows one auxiliary chain tree. Someone should ask luke-jr if this is the bug he found.
This version also sets the starting merged mining block on testnet to zero and advances the client version.
It would be useful if the namecoin block explorer showed the block nVersion. This would allow us to see what % of the mining power is using the merged mining patches.
Re: Testnet Merged Mining Block Number
Posted: Mon Aug 08, 2011 3:35 am
by doublec
vinced wrote:I have version nc0.3.24.54-rc4 up. This version fixes an exploitable bug where the same work can be used to submit multiple auxiliary blocks, by adding multiple auxiliary trees to the parent coinbase. This version only allows one auxiliary chain tree. Someone should ask luke-jr if this is the bug he found.
He pretty much suggested he was trolling previously in the channel about exploiting a bug. With regards to this one:
15:33 < luke-jr> interesting idea
15:33 < luke-jr> no, that hadn't occurred to me
...
15:34 < luke-jr> that would have been a pretty big bug
15:34 < luke-jr> non-obvious too
Re: Testnet Merged Mining Block Number
Posted: Mon Aug 08, 2011 3:37 am
by vinced
nodemaster wrote:Thanks to s3harvey who donated more than 3Ghash/s on testnet we have more than 120 blocks generated on merged mining testnet. This blockchain is now nearly 130 blocks ahead the vanilla testnet blockchain. We now have a couple of freshly minted merged mining testnet coins. If you want some for testing you can either mine on
https://alpha.masterpool.eu (which is set to instant payout and rather fast ATM) or you can trigger me. I'll send you some coins for testing. But please make sure, that you have the modified client mentioned above.
...
Thank you for taking the initiative with testing. I decided to set the starting point for testnet to zero, since we can always reset it.
Re: Testnet Merged Mining Block Number
Posted: Mon Aug 08, 2011 3:38 am
by vinced
doublec wrote:vinced wrote:I have version nc0.3.24.54-rc4 up. This version fixes an exploitable bug where the same work can be used to submit multiple auxiliary blocks, by adding multiple auxiliary trees to the parent coinbase. This version only allows one auxiliary chain tree. Someone should ask luke-jr if this is the bug he found.
He pretty much suggested he was trolling previously in the channel about exploiting a bug. With regards to this one:
Good to know. Thank you for following up with him.
Re: Testnet Merged Mining Block Number
Posted: Tue Aug 09, 2011 9:37 pm
by doublec
vinced wrote:I have version nc0.3.24.54-rc4 up. This version fixes an exploitable bug where the same work can be used to submit multiple auxiliary blocks, by adding multiple auxiliary trees to the parent coinbase. This version only allows one auxiliary chain tree. Someone should ask luke-jr if this is the bug he found.
There was some discussion about this fix on #bitcoin-dev between luke-jr (Eligius pool owner) and forrestv (p2pool developer). There seem to be coinbase conflicts with these other developers:
16:10 < forrestv> grah, that commit makes merged mining incompatible with p2pool...
16:10 < luke-jr> forrestv: it does?
16:11 < forrestv> yes. before, you could stick the aux reference anywhere in the coinbase
16:11 < forrestv> p2pool takes up the start of the coinbase with its own information, but leaves all the rest free as a nonce
16:11 < forrestv> which you could stick the aux reference in
16:13 < luke-jr> wait, that patch requires it to be at the start?
16:13 < luke-jr> that conflicts with my stuff too
16:13 < luke-jr> and makes multiple aux chains impossible
16:13 < luke-jr> that's a retarded fix
16:14 < forrestv> well, the aux reference is indistinguishable from random data, as it is, more or less
16:14 < forrestv> i guess adding some sort of unique header and making sure that only one existed would make more sense?
16:14 < luke-jr> forrestv: irrelevant
16:14 < luke-jr> no
16:14 < forrestv> then what?
16:14 < luke-jr> just only accept an upstream-block once in the aux chain
16:14 < luke-jr> duh
I asked luke-jr if he could come on here and explain but he wasn't interested.
Re: Testnet Merged Mining Block Number
Posted: Wed Aug 10, 2011 2:53 am
by vinced
doublec wrote:There was some discussion about this fix on #bitcoin-dev between luke-jr (Eligius pool owner) and forrestv (p2pool developer). There seem to be coinbase conflicts with these other developers:
...
I asked luke-jr if he could come on here and explain but he wasn't interested.
Version nc0.3.24.55-rc5 fixes this by using a header. It allows the merged mining info to be anywhere in the parent coinbase. It is backwards compatible with the previous version.
Re: Testnet Merged Mining Block Number
Posted: Wed Aug 10, 2011 3:46 am
by Luke-Jr
Ok, as much as it annoys me to sign up for stupid forums for a one-off discussion, implicitly relaying stuff through doublec is slow etc. And despite not really caring much about namecoin, I can't seem to resist the urge to make sure this gets done right... :p
Problems with this "header" approach:
1) It takes up extra space in the coinbase -- we only have 100 bytes, each merkle takes up 33; that gives us room for 3 aux chains at most. Adding 4 more bytes for a header kills any hope of ever doing 3 aux chains. (in fact, it would be nice if the space requirements were reduced...)
2) Since the code only allows the header once, you can't have two aux chains.
3) The header can occur accidentally in other coinbase data.
Why is it so hard to simply disallow a master-chain block from "vouching for" more than one block in each aux chain? :/
Re: Testnet Merged Mining Block Number
Posted: Fri Aug 12, 2011 8:56 pm
by nodemaster
Thank you four your feedback. it is much appreciated!
Luke-Jr wrote:
1) It takes up extra space in the coinbase -- we only have 100 bytes, each merkle takes up 33; that gives us room for 3 aux chains at most. Adding 4 more bytes for a header kills any hope of ever doing 3 aux chains. (in fact, it would be nice if the space requirements were reduced...)
Yeah, that sounds reasonable. In fact I guess it would be desirable to even support more AUX chains
Luke-Jr wrote:2) Since the code only allows the header once, you can't have two aux chains.
I would really like to see more than one blockchain supported. There are a couple of blockchains in the make and IMHO it won't make sense to only support BTC and NMC.
Luke-Jr wrote:3) The header can occur accidentally in other coinbase data.
I'm not a C programmer, but I understand that this could lead to unwanted problems. Any idea on how to find a "coinbase proof header"?
Luke-Jr wrote:Why is it so hard to simply disallow a master-chain block from "vouching for" more than one block in each aux chain? :/
Mhmm, If I understand it correctly this might be undesirable because it might be (and is common) that you solve several AUX chain blocks and have one master-block vouching for them, right? This problem would only be solved if the difficulty of both blockchains draw levels.
Re: Testnet Merged Mining Block Number
Posted: Sat Aug 13, 2011 7:06 pm
by vinced
Luke-Jr wrote:...
Problems with this "header" approach:
1) It takes up extra space in the coinbase -- we only have 100 bytes, each merkle takes up 33; that gives us room for 3 aux chains at most. Adding 4 more bytes for a header kills any hope of ever doing 3 aux chains. (in fact, it would be nice if the space requirements were reduced...)
2) Since the code only allows the header once, you can't have two aux chains.
3) The header can occur accidentally in other coinbase data.
Why is it so hard to simply disallow a master-chain block from "vouching for" more than one block in each aux chain? :/
These concerned have already been addressed in the current code. The aux chain
merkle root is stored in the parent coinbase. You can have any number of aux chains under that root with no growth in the parent coinbase.
The chance of accidental appearance of the header in coinbase data is too small to worry about - 2^-32.
Re: Testnet Merged Mining Block Number
Posted: Sat Aug 13, 2011 7:15 pm
by vinced
nodemaster wrote:
Luke-Jr wrote:Why is it so hard to simply disallow a master-chain block from "vouching for" more than one block in each aux chain? :/
Mhmm, If I understand it correctly this might be undesirable because it might be (and is common) that you solve several AUX chain blocks and have one master-block vouching for them, right? This problem would only be solved if the difficulty of both blockchains draw levels.
This was solved in the current code by requiring each chain to appear in a specific (pseudo-random) spot in the aux chain merkle tree, based on the chain ID. So for a specific chain ID, you would only be able to "solve" one aux chain block per parent block.
It's good to see you all evaluating the details of the implementation and I appreciate the feedback. The more eyes on this the better.