Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cold minting #78

Open
wants to merge 5 commits into
base: develop
Choose a base branch
from
Open

Cold minting #78

wants to merge 5 commits into from

Conversation

sigmike
Copy link
Member

@sigmike sigmike commented Dec 26, 2014

This pull request includes a few more changes than just cold minting. The cold minting changes are in commit 8df4a03. They do not include any change in the GUI yet, so you can only create cold minting addresses through RPC.

The protocol switch time is set very far in the future until we decide the final time.

The other changes include:

  • improvements on the functional test system (11dafc9)
  • a fix on duplicate stake rejection (there was problems when a new block was received on top of a rejected block) (7c5e5a3)
  • a bitcoin 0.8 protocol change delayed until protocol switch (edd3f09)

@sigmike
Improved tests
11dafc9
@sigmike
Fixed duplicate stake when a new chain is received on top of the reve…
7c5e5a3 
…rted blocks
@sigmike
Cold minting
8df4a03 
Users can generate a "cold minting" address from a "minting only" address and a "spending" address with the new RPC "addcoldmintingaddress".
Only a wallet having the minting key will be allowed to mint coins sent to this new address. And only a wallet with the spending key will be allowed to send the coins.

See src/test/features/cold_minting.feature for example scenarios.
@sigmike
Do not check block version until protocol v05 switch, because there a…
edd3f09 
…lready is a super majority on testnet whereas the change has not been released yet
@sigmike
Copy link
Member Author

sigmike commented Dec 27, 2014

Note that there's no restriction on the CoinStake output when a minting-only key is used. I'll add that shortly.

@sigmike
Restrict the outputs when a minting-only key is used
f36cb26 
OP_COINSTAKE was renamed to OP_MINT because it now also verifies that
the transaction is purely minting, and not moving the coins nor
destroying them.

So using a minting-only key is now only allowed:

* inside a CoinStake transaction (like before)
* when the input and output scripts are all the same
* and when the total output value is greater than or equal to the total
  input value
@sigmike
Copy link
Member Author

sigmike commented Dec 28, 2014

I was going to add some restrictions on the CoinStake transaction when a minting key was used but I actually found a cleaner way.

I added the restriction checks inside the OP_COINSTAKE opcode (which became OP_MINT). So we are certain the minting key can only be used when all the conditions are met.

The conditions are:

  • the transaction is a CoinStake
  • all the output and input scripts are the same (so you cannot move the coins, and cannot combine inputs from multiple addresses)
  • an no value is destroyed.

@Thireus
Copy link

Thireus commented Jan 6, 2015

Hi sigmike,

Would you mind giving us a brief answer about what security risks could be involved if a single person holds all or more than a certain % of the minting keys (amount % equivalent of 51% of mature coinage)?

I'm asking because there is no risk to the individual for disclosing minting keys (thus no incentive to keep this key private). Since PoS is certainly going to increase with this cold minting feature (or in the future), people will also tend to centralise the minting effort and by that I mean use a third-party to keep minting permanently online.

Thank you!

@sigmike
Copy link
Member Author

sigmike commented Jan 17, 2015

what security risks could be involved if a single person holds all or more than a certain % of the minting keys

There would be the same security concerns as if someone holds the same % of the coins.

there is no risk to the individual for disclosing minting keys

With the proposed implementation there are 2 risks:

  1. Getting the reward is not enforced by the protocol, so someone with your minting key can finds blocks and drop your reward. You can't loose coins but you can loose the reward.
  2. When 2 clients have the same keys there's a risk their block will be rejected by the network, so your reward may be delayed indefinitely if multiple persons have your minting keys

people will also tend to centralise the minting effort and by that I mean use a third-party to keep minting permanently online.

There was some discussions about that in the (long) proposal thread.

The proposed implementation doesn't permit variance reduction pools because the minter cannot merge the stakes. Variance reduction is what leads to centralization because a bigger pool is better than a smaller one, so small pools tend to disappear and the biggest ones tend to always grow. I believe removing that removes the mechanism that leads to centralization. I tried to explain that here, here and probably in other posts in this thread.

@kac-
Copy link

kac- commented Jan 19, 2015

@sigmike is this PR final? Is it still possible to introduce percentage of stake loss due to minting key leakage?

E.g. 5% of stake can be sent to different address in second tx output?

I think that w/o it, it will be impossible to prevent wide and silent key leakage -> disaster.

@7h0m45
Copy link

7h0m45 commented Jan 19, 2015

I don't understand why peercointalk forum members are asking questions here when this topic has been thoroughly discussed for months in the forum. Duplicate stake rejection elegantly solves the "key leakage" problem. lf you disagree, why not post your concerns in the forum for community discussion?

@sigmike
Copy link
Member Author

sigmike commented Jan 20, 2015

is this PR final?

Yes, unless we find issues or the community doesn't want it. But what I understood from the peercointalk discussion is that there's pretty much a consensus for this solution.

Is it still possible to introduce percentage of stake loss due to minting key leakage?

It's possible, but if you allow a percentage to be lost you almost allow everything to be lost because you could loose X% each time a block is found.

I think that w/o it, it will be impossible to prevent wide and silent key leakage -> disaster.

The 2 protections I mentioned above are good enough to prevent that IMO.

You make a minting key to get your reward safely. If someone else gets it you may loose that reward, so you have an incentive to protect it.

@kac-
Copy link

kac- commented Jan 20, 2015

@7h0m45

 Duplicate stake rejection elegantly solves the "key leakage" problem

If it does, there is no risk of x% loss. Cold minted blocks have same weight as hot minted = cold minting keys represent value = using them should be exposed to some risk. Making it „safe” is unhygienic, illogical and leads to bad practices.

 lf you disagree, why not post your concerns in the forum for community discussion?

I've shown my concerns few times on public forum. It's common to discuss PRs using this form.

FuzzyBearBTC pushed a commit to FuzzyBearBTC/peercoin that referenced this pull request Nov 11, 2015
@JordanLeePeershares
Merge pull request peercoin#78 from pennybreak/unity.pbinvoice
959b6d0 
unity pbinvoice 20140531
@sigmike sigmike mentioned this pull request May 26, 2018
Closed
@peerchemist peerchemist deleted the branch peercoin:develop November 2, 2021 17:08
@peerchemist peerchemist closed this Nov 2, 2021
@backpacker69 backpacker69 reopened this Nov 3, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@sigmike @Thireus @kac- @7h0m45 @peerchemist @backpacker69