[bitcoin-dev] OP_DIFFICULTY to enable difficulty hedges (bets) without an oracle and 3rd party.

Tamas Blummer tamas.blummer at gmail.com
Thu May 23 20:26:49 UTC 2019


> On May 23, 2019, at 21:45, Pieter Wuille <pieter.wuille at gmail.com> wrote:
> 
> On Thu, 23 May 2019 at 11:33, Tamas Blummer via bitcoin-dev
> <bitcoin-dev at lists.linuxfoundation.org> wrote:
>> 
>> Difficulty change has profound impact on miner’s production thereby introduce the biggest risk while considering an investment.
>> Commodity markets offer futures and options to hedge risks on traditional trading venues. Some might soon list difficulty futures.
>> 
>> I think we could do much better than them natively within Bitcoin.
>> 
>> A better solution could be a transaction that uses nLocktime denominated in block height, such that it is valid after the difficulty adjusted block in the future.
>> A new OP_DIFFICULTY opcode would put onto stack the value of difficulty for the block the transaction is included into.
>> The output script may then decide comparing that value with a strike which key can spend it.
>> The input of the transaction would be a multi-sig escrow of those who entered the bet.
>> The winner would broadcast.
> 
> If the difficulty can be directly observed by the script language, you
> would need to re-evaluate all scripts in unconfirmed transactions
> whenever the difficulty changes. This complicates implementation of
> mempools, but it also makes reasoning about validity of (chains of)
> unconfirmed transactions harder, as an unconfirmed predecessor may
> have conditions that change over time.
> 
> For things like block time/height, this is solved by not having the
> script itself observe the context state directly, but instead having
> an assertion on the state outside of script (nLockTime for absolute
> time/height and nSequence for relative), and then having opcodes
> inside script that observe the assertion (OP_CLTV and OP_CSV). By
> doing so, script validity is a single context-free yes or not that can
> be evaluated once, and the variable part is just transaction-level
> reasoning that doesn't involve a full script interpreter.
> Additionally, the supported assertions are restricted in such a way
> that if they are true within a particular block, they're also true in
> any descendant, removing the complexity of reasoning about validity
> (apart from the inevitable reasoning about possible double-spend
> before confirmation).
> 
> I feel a similar construction is needed for observing block
> difficulty. This can be done by either having an opcode that as a side
> effect of execution "posts" an assertion (e.g. "difficulty at block
> height X is at least Y"), instead of putting the difficulty on the
> stack. An alternative is having the assertion be part of the
> transaction structure (for example in the annex we propose in
> bip-taproot), and having an opcode that observes the difficulty
> assertion inside script.

Thanks for these suggestions I will follow up while preparing the BIP.

> 
> I don't have a strong opinion either way on the usefulness of having
> difficulty-dependent transaction/scripts.
> 

This is the best reception I could have hoped for :)

> Cheers,
> 
> --
> Pieter

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20190523/9b03f58a/attachment.sig>


More information about the bitcoin-dev mailing list