[bitcoin-dev] Yesterday's Taproot activation meeting on lockinontimeout (LOT)

[Keagan McClelland]

I wanted to follow up on what Jeremy and others are saying regards finding
consensus on LOT. I've seen a few other opinions saying that finding
consensus on the LOT value is far more important than what the LOT value
actually is. This makes sense because if 100% of economic activity is
running the same rule set, there is no divergence, regardless of which
value is picked.

It is my understanding that those who oppose LOT=true are mostly opposed on
the grounds of it *appearing* "unnecessarily coercive" and that this lack
of consensus can precipitate a chain split at the "brinksmanship period" as
Jeremy refers to it. I don't think that we can say that LOT=true is
coercive at all unless there is some opposition to Taproot itself.
Opposition on the grounds that it *may* be opposed by others and Core does
not want to assert control over the protocol is a conservative view but
ultimately contingent upon opposition to Taproot for more fundamental
reasons. If no one opposes it, then by definition you have consensus, and
in that case I also don't think that the LOT=true (or false) in that regard
sets meaningful precedent, as I would expect precedents to only be
meaningful if they were established during a contentious scenario. As it
stands we have precedents for both MASF's and UASF's to execute soft forks
in Bitcoin.

Of course it seems intractable to ascertain the views of ~100% of the
Bitcoin constituency, and therefore it gives credibility to the argument
that by coming to consensus on LOT=false among those who *are* speaking up
is safer with the embedded assumptions that modifying consensus beyond what
core ships is an active choice, presumably by those who know what they are
doing. However, the simple act of Core choosing to ship an unconfigurable
LOT=false value does not *prevent* the forking and creation of a UASF
client. As Jeremy points out, the LOT=true possibility always exists here,
and we have multiple high profile people saying they will be running that
regardless of how things turn out. It seems to me that in this scenario,
LOT=false does less to prevent a chain split.

In regards to precedent, there may be good reasons to force that minority
to fork themselves off the network, as would be the case if a hypothetical
soft fork was a consensus action to blacklist some UTXO's or something else
that weaponizes consensus against some subset of Bitcoin's user base, but I
haven't heard a single person who advocates for LOT=false on the grounds
that they *themselves* oppose the consensus change that is being proposed
here. So if the goal is to prevent a chain split, and the soft fork is
benign and essentially "annexing unoccupied territory" with respect to
script versions, and no one actually has opposed Taproot itself, then I
fail to see how LOT=false is safer in the presence of a grenade defense by
the LOT=true crowd.

I personally *prefer* LOT=true for these reasons, but I am NOT going to be
joining the ranks of the intolerant minority if Core ultimately ships
LOT=false. I think it is more important to stay in consensus, and as a
result I am able to be convinced that false is the right answer. My
question to everyone else (true AND false advocates) is this: what would
you have to observe, in order to change your mind or is it immutably made
up? If we have a significant portion of the community that is immutably
made up to go false, and another portion that is going to go true, the
asymmetry of the fork almost *requires* that those of us whose opinions are
malleable to break for true.

If social consensus is what drives technical consensus and not the other
way around it seems as if there cannot exist a valid (rational?) reason to
oppose Taproot itself, and then by extension with the arguments laid out
above, LOT=true seems to be the logical conclusion of all of this, even if
Core ships LOT=false at the outset.

Where am I wrong here?

Keagan

On Mon, Feb 22, 2021 at 7:11 PM Jeremy via bitcoin-dev <
bitcoin-dev at lists.linuxfoundation.org> wrote:

> Not responding to anyone in particular, but it strikes me that one can
> think about the case where a small minority (let's say H = 20%?) of nodes
> select the opposite of what Core releases (LOT=false, LOT=true). I'm
> ignoring the case where a critical bug is discovered in Taproot for reasons
> I could expand on if anyone is interested (I don't think LOT=true/false has
> much of a diff in that regard).
>
> You'll note an asymmetry with LOT=true / false analysis. LOT=true nodes
> are clearly updated (or lying), LOT=false nodes may be un-upgraded (or
> however you want to interpret it).
>
>
> *# 80% on LOT=false, 20% LOT=True*
>
> - Case 1: Activates ahead of time anyways
>
> No issues.
>
> - Case 2: Fails to Activate before timeout...
>
> 20% *may* fork off with LOT=true. Bitcoin hashrate reduced, chance of
> multi block reorgs at time of fork relatively high, especially if network
> does not partition.
>
> Implication is that activation % being 90%, then X% fewer than 70% of
> miners are signaling for Taproot at this time.  If X% is small the
> increased orphan rate caused by the LOT=true miners will cause it to
> activate anyways. If X% is larger, then there will be a consensus split.
>
>
>
> *# 80% on LOT=true, 20% LOT=False*
> - Case 1: Activates ahead of time Anyways
>
> No issues.
>
> - Case 2: Fails to Activate before timeout...
>
> A% + B% + C% = 20%
>
> A% (upgraded, signal activate) remain on majority chain with LOT=false,
> blocks mined universally valid.
>
> B% (upgraded, not signaling) succeeds in activating and maintaining
> consensus, blocks are temporarily lost during the final period, but
> consensus re-emerges.
>
> C% (not upgraded/not signalling) both fail to activate (not upgraded) and
> blocks are rejected (not signaling) during mandatory signalling.
> Essentially becomes an SPV miner, should still not select transactions
> improperly given mempool policy, but may mine a bad tip.
>
> (I argue that group B is irrational entirely, as in this case the majority
> has upgraded, inevitably winning, and is orphaning their blocks so B should
> effectively be 0% or can be combined with group C as being somehow not
> upgraded if they are unable to switch once it becomes clear after say the
> first 100 blocks in the period that LOT > 50%. The only difference in
> lumping B with C is that group C SPV mines after the fork and B should, in
> theory, have full validation.).
>
>
>
> Apologies if my base analysis is off -- happy to take corrections.
>
>
> My overall summary is thus:
>
> 1) People care what Core releases because we assume the majority will
> likely run it. If core were a minority project, we wouldn't really care
> what core released.
> 2) People are upset with LOT=true being suggested as release parameters
> because of the *narrative* that it puts devs in control.
> 3) LOT=true having a sizeable minority running it presents major issues to
> majority LOT=false in terms of lost blocks during the final period and in
> terms of a longer term fork.
> 4) Majority LOT=true has no long term instability on consensus (majority
> LOT=true means the final period always activates, any instability is short
> lived + irrational).
> 5) On the balance, the safer parameter to release *seems* to be LOT=true.
> But because devs are sensitive to control narrative, LOT=false is preferred
> by devs.
> 6) Almost paradoxically, choosing a *less safe* option for a narrative
> reason is more of a show of dev control than choosing a more safe option
> despite appearances.
> 7) This all comes down to if we think that a reasonable number of
> important nodes will run LOT=true.
> 8) This all doesn't matter *that much* because taproot will have many
> opportunities to activate before the brinksmanship period.
>
> As a plan of action, I think that means that either:
>
> A) Core should release LOT=true, as a less disruptive option given stated
> community intentions to do LOT=true
> B) Core  community should vehemently anti-advocate running LOT=true to
> ensure the % is as small as possible
> C) Do nothing
> D) Core community should release LOT=false and vehemently advocate
> manually changing to LOT=true to ensure the % is supermajority, but leaving
> it as a user choice.
>
>
> Overall, I worry that plan B has a mild Streissand effect and would result
> in boosting LOT=true (which could be OK, so long as LOT=true +
> LOT=false+signal yes becomes the large majority, but would be not fun for
> anyone if LOT=true + LOT=false+signal yes are a small majority). Plan C
> most likely ends up with some % doing LOT=true anyways. D feels a little
> silly, but maybe a good tradeoff.
>
> If I had to summarize the emotional dynamic among developers around
> LOT=true, I think devs wish it didn't exist because it is clear LOT=true
> *creates* the issues here. LOT=false would be fine if the LOT=true strategy
> didn't exist at all. But unfortunately the cat is out of the bag and cannot
> be put back in. To validate the emotions, I think it is fine to be angry
> about LOT=true and not like it, but we should either accept that it is most
> likely to create consensus OR we should find a new game theoretic
> activation strategy with better pro-social equilibriums.
>
> Personally, I think with either plan the ultimate risk of forking is low
> given probability to activate before timeout, so we should just pick
> something and move on, accepting that we aren't setting a precedent by
> which all future forks should abide. Given my understanding of the
> tradeoffs, I believe that the safest choice is LOT=true, but I wouldn't
> move to hold back a plan of LOT=false (but would probably take mitigative
> steps on community advocacy if it looks like there is non majority but non
> negligible LOT=true uptake).
>
> Cheers,
>
> Jeremy
>
>
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev at lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20210223/5d65c6e3/attachment-0001.html>