Yeah, just pulled up my old recalculation of orphan rates (original table had some flaw) and I believe what I stated here is accurate. Basically, as block times shorten, the delta between orphan rates, as subblock quantity increases, remains higher compared to the same subblock quantities with longer block times. But confirmation still would be helpful!
Hm, now that I’m thinking about this, I should create a new table that actually lowers the blocksize as the block interval shortens. That would give an even clearer picture. I believe the above is actually keeping 32MB blocks even at the shorter intervals. Let me do this and post a new table.
The problem with Tailstorm is that it’s still just PoW.
PoW will never provide much economic security at the tip of the chain, and this is still true with a massive amount of tail emission.
Interesting! So when I update for block size diminishing returns does come back at faster block times. Which actually makes sense.
Now, these are high orphan rate maxes but this is also assuming a latency of 5 seconds (per the tailstorm paper). I can update for a more realistic one if requested.
1 Like
yes but it’s an accounting trick
you see same forking rate, you just don’t count subblock forks because they get merged, right?
w/o talstorm: fork rate = orphan rate
w/ tailstorm: fork rate = orphan rate + uncle rate
@bitcoincashautist Is there a reason you are using the orphan rate cap calc you have in the CHIP vs the one used in the tailstorm paper? The tailstorm paper formula was derived from Peter Rizzun’s orphan rate calc ( Peter R. Rizun. Subchains: A technique to scale bitcoin and improve the user experience. Ledger, 1:38–52, 2016.), which provide the below orphan rates at different block times (I adapted one to represent 1min blocks).
There are notably lower orphan rate limits. Tho perhaps I’m missing something.
Also, this paper might be a great reference for other things if you haven’t already looked
I think the CHIP uses basically the same formula as k=1, just a bit rearranged, and different latency and bandwidth (or impedance, if you will, which is 1/bandwidth) estimates.
Is it, though? I’m not certain, as I recall from reading the paper because of the parallel PoW mechanism, there might actually be less overall waste. But, I could absolutely be wrong here and as I’m not an expert, I’ll drop that here haha
The other benefits of tailstorm are irrelevant here so I’ll look back and mention on another chain.
Also, none of this CHIP would prevent tailstorm from being implemented in the future, if deemed necessary, so again, mostly irrelevant discussion for here beyond orphan rates.
1 Like
yes there is less scrapped work, so network gets more bang-for-the-buck, but is that really the thing to optimize for? saving some % in orphan rate “buys” us that much % more hashes per unit of block revenue, that’s it - just few % more hashes per block. We can just wait for the price go up for that much % and we’ll get that much more hashes, too.
One more thing, just reducing to 1-min blocks should be compared to tailstorm of T=10min and k=10, so 0.887% vs 0.089% (for 0.5s latency)
Well because that’s not the only benefit, the other (which idk is relevant to this topic) is making mining more fair and punishing selfish miners (amongst others like weak PoW which could have some benefit, and reduced confirmation latency, censorship resistance to varying degrees (which lower block times also help with!)) at the same time. Tailstorm is a nice wrap-up of general improvements.
I don’t believe so. The 1min block times without tailstorm should be compared to 1min block times with tailstorm. But I suppose that depends on the angle you’re looking at it from. I would compare 1min with to 1min without. Not a major difference but a bigger one.
1 Like
The 1min block time with tailstorm k=15 will have 4second subblocks and a huge uncle rate, which is not seen in the table, can’t just sweep that under the rug. Game mechanics of 4s subblocks and all those uncles and uncle trees haven’t been analyzed enough IMO + there’s the issue of 0 block subsidy, what then? How does the “fair” feature work out then?
1 Like
I think part of the analysis is that k-15 is too great anyways. Diminishing returns with more subblocks. k=3 or k=5 would obtain most of the benefit. Perhaps the mechanics have not been analyzed enough yet, but gaming is less fruitful when the rewards are discounted. The point of 0 block subsidy in the far future which I believe is why attack vectors considering transaction fees (which I can’t imagine would be worse with tailstorm, just equivalent (though perhaps this itself would need to be further explored)) were outside the scope of the original tailstorm paper.
But sure, let’s say 12 second subblocks (though given the tree structure not sure 12s is necessarily accurate across all cases since you could have multiple branches with discounted rewards), that certainly would increase the “uncle” rate but how drastic, I’m not actually sure. Back to the gaming of it, absolutely, further analysis would be needed.
Either way, this all makes me excited for Nexa’s implementation of Tailstorm with their 2min blocks. Perhaps not apples to apples, but should be very close for us to examine!
2 Likes
In a world where my UTXOs can come from many non-p2pkh sources, how can anyone I send money to rely on 0-conf without better doublespend protections? (ZCE?)
If I’m trying to send you $1000 and then some DeFi transaction that I got that money from gets rolled back, do we get screwed?
3 Likes
That’s a great question, thank you for that one!
Security of payments in Bitcoin Cash rests on a lot of details, stuff people like me and others have been pushing on being important. For instance the utxo model doesn’t make miner-extracted-value a thing in most cases where it is in the account model. We have been pushing to keep MeV out of the protocols and contract designs for a range of reasons.
One of the nice side-effects of MeV being absent is that it makes the miner replacing a transaction something that just isn’t economically feasible. Which is the status quo on most Bitcoin related chains and we haven’t seen it for 15 years.
This is the underlying reason why zero conf works, because first seen is actually practiced by miners. They have no reason to do otherwise. Notice that as our ecosystem grows that the full nodes people will be sending transactions to are going to be owned by non-miners (like merchants). Meaning miners won’t ever see the double spending transaction at all.
This is the bottom line why you hear the people that actually do in-person payments have no historical double spend risk. The incentives are there to keep and protect first-seen.
The tests done by BU and published by Peter Rizen in 2018 showed the propagation of a transaction onto the network was a steep starting curve with a slow tail. Meaning that 50% knew it practically instantly, the vast majority in 3 seconds. The laggards in 5 seconds.
This research is insanely useful in understanding the possible double spend attacks. With miners not accepting (or even seeing) double spends after mere seconds after the network already has the “original” transaction paying you.
The 15 years of history shows this well, bitcoin core had to ram through replace-by-fee code to break it. Because it actually works out of the box.
You asked about a non-p2pkh transaction and this is very likely in reference to the double spend proof not protecting such. What you have to understand is that the double spend proof is meant to be a signal to the merchant (or receiver) in order to catch the ‘thief’. Like I explained in my 2018 talk (vimeo), the chance of a double spend getting through is very low, but we can’t guarentee it being zero. So the double spend proof is there to make sure that thiefs can’t just try for free until it may actually succeed. Instead the merchant gets notified.
The double spend proof doesn’t prevent or avoid technical things, it just moves the cost of trying to the thief instead of the merchant. It is meant to change behavior of people.
A non-supported transaction doesn’t mean the risk of stealing went up, it just means that you won’t get notified if they tried. The risk is, and stays, insanely low.
Next to that, wallets can (and IMO should) use p2pkh for person to person payments. So a defi wallet would transfer the money to the same person’s payments wallet where they pay the merchant from. And you instantly have a double spend proof supported scenario. Everyone happy.
Knowing that a transaction is settled within one or two seconds and knowing that miners have no incentive to assist theft, a user can then quite confidently accept a payment without confirmation. Has been the case for years now.
Normal caveats still apply. If you buy a house or a car or anything bigger, you are going to have to KYC oneself anyway. So a double spend is simply seen as a “you haven’t paid yet”.
Nowadays if you buy a car of similar, your payment has to have settled before they hand over the product. That is counted in days in the legacy finance system, so waiting couple of blocks is still going to be an amazing improvement.
2 Likes
If people pay with for example a child of a unconfirmed Moria liquidating transaction propagating on the network, then this transaction will likely be orphaned since every pool will be working to include their own to collect the 1.2x. When you have anyone-can-spend UTXOs, with high reward to those who claim, then pools will start to include their own transaction because of rational self-interest. Such a UTXO will create a totally new threat model for zero-conf.
1 Like
And the first one to suffer from that is the actual users of the protocol, the users of the script. THEIR money is being stolen by those miners.
As such, if this happens, the designers either fix it, or the users will go to another script that solves it.
Nobody wants MeV in an ‘app’, for extremely obvious reasons.
Do note that this is not solved with faster blocks. As such this example, should it become widespread, doesn’t take away the argument that to grow Bitcoin Cash, we should aim as zero conf as the main usability target.
The first user, that managed to get his liquidating transaction propagated on the network, was able to do a swap to another crypto on a service accepting zero-conf. He is now a happy ZEC owner and lost no MUSD.
Edit:
Faster blocks is not a proper solution, but it makes it a little better. If we want a proper fix we should implement Avalanche. Eliminating MEV (except from cross chain MEV) on BCH with a combination of the UTXO model and Avalanche Pre-Consensus is the way to go. The UTXO model eliminates sandwiching and Avalanche Pre-Consensus gives rapid economic security. With Avalanche Pre-Consensus, as developed on eCash, you will vote on transactions and not allow orphaning of accepted transactions in blocks for some time.
Reducing block time or enhancing security for sub-blocks is, in my opinion, far superior to ZCE. The two potential solutions that exist is either simplify the process by reducing block time while maintaining the same reward scheme (equivalent to a 10-minute block reward) or implement Tailstorm for sub-blocks, which increases complexity. The former is the better option, especially with faster internet connections.
Economic security is what matters. PoW will never provide much of it at the tip of the chain.
I thought this could be relatable on confirming that Orphan rate is very low look at Shadow research
2 Likes