Move coinbase & coinstake to P2PKH #1700
Conversation
furszy
changed the title
furszy
force-pushed
the
2020_move_to_p2pkh
branch
from
7248a73 to
64805e0
Compare
furszy
changed the title
furszy
force-pushed
the
2020_move_to_p2pkh
branch
2 times, most recently
from
951de39 to
f0daf85
Compare
|
This is a consensus change. A client updated with this code, staking a P2PKH utxo, will produce a P2PKH coinstake output, and old clients will not be able to verify the block signature (they will try to get the public key from the coinstake output, which in this case will have only the pubkey hash). Further, enforcing That said, I agree conceptually with the change (although it'll have to wait for 5.0) for the space savings (the privacy/security gain is kinda pointless, as we are spending the same script in the same tx, thus revealing the public key since the creation of the new output anyway). |
|
yep 👍 , for 5.0 will be. |
furszy
force-pushed
the
2020_move_to_p2pkh
branch
from
f0daf85 to
cb6f9e3
Compare
|
Updated it with the v5 upgrade check. |
There was a problem hiding this comment.
It seems that the upgrade logic has been enforced with a block version check.
But the CBlock::CURRENT_VERSION is not bumped here and it sits at 7 (even after the network upgrade).
The variable onlyP2PK , defined in CreateCoinStake, depends on the chain height (and not on the block version). So, with this code, after the v5 NU, clients would create blocks with P2PKH coinstakes, but still with version 7, and thus those would be rejected by other peers because CheckBlockSignature would fail.
That said, the block version, alone, is not enough to ensure that the new rules apply only after the enforcement: consensus does not prevent block versions higher than CURRENT_VERSION, it only rejects outdated versions (i.e. it is possible to stake v8 blocks, before the v5 network upgrade… it is NOT possible to stake v7 blocks after… see ContextualCheckBlockHeader).
Also, I know that, with 5.0, we will have to bump the block version due to other reasons… but this particular change does not require it (as nothing changes in the block structure or serialization): all the logic could be handled simply checking the chain height (both on block creation and on block verification).
Finally, given the risks involved, this needs a functional test.
Yeah ok, this PR was another extraction from the Sapling work. The block version bump is due the new Sapling notes merkle tree hash stored on the header. It's not here, neither we are enforcing block v8 at all on this PR. It's done later on the Sapling work. Will add the enforcement height check. The idea there was try to prevent the height check as it makes the code ugly. In other scenarios (if we wouldn't be doing a hardfork for Sapling anyway), we could had made this upgrade as a soft fork. About the test, we spoke about it during the last meeting. Currently, the miner unit tests are not connected and our miner code needs a major refactoring (adapting the |
|
Actually, there are other issues making the height enforcement change. As the code is now, we cannot add the enforcement height check there. Will think more about this topic. We shouldn't move the signature check to be a tip contextual check, it needs to be done before even try to look for the previous block on disk to detect fake blocks/chains and not request them. |
furszy
force-pushed
the
2020_move_to_p2pkh
branch
4 times, most recently
from
eb86cc5 to
435af8f
Compare
|
PR updated with an unit test covering the pre/post enforcement block signature verification, added documentation in |
|
as an extra note, have rebased the PR on top of #1747 to not duplicate the v5 activation height set for regtest. |
random-zebra
added
Block Generation
furszy
force-pushed
the
2020_move_to_p2pkh
branch
from
435af8f to
3a27245
Compare
|
done, rebased |
rpc_blockchain.py: decreased the amount of bytes
For some reason, `GetKeyFromPool` could return an already used key. Most likely has to do with the way that we are creating blocks in regtest. Before, the issue was not popping up because we were using P2PK in the coinbase and coinstake. And in P2PK scripts even when the pubkey was already used, the used/unused key check only checks for P2PKH scripts.
…5 upgrade. Only P2PK and P2CS outputs were accepted before block version 8 due a badly implemented block signature check.
If the staking tx has a P2PK scriptsig input and a P2PKH scriptpubkey output, there is no way to obtain the public key from any of the scripts to verify the block signature. Added a good description and an early verification failed return (before it was failing on the pubkey verification, when the problem is actually the staking transaction entirely).
Testing: 1) P2PK block signature pre v5 enforcement. 2) P2PK block signature post v5 enforcement. 3) P2PKH block signature pre v5 enforcement. 4) P2PKH block signature post v5 enforcement.
furszy
force-pushed
the
2020_move_to_p2pkh
branch
from
3a27245 to
a7d4511
Compare
|
Updated per review. |
…rced conversion 50ee79d [wallet] Move loopTxsBalance and RecoverSaplingNote to use const reference inputs/iterators. (furszy) a46b837 [wallet] Remove now unneeded stake P2PKH->P2PK out forced conversion (furszy) 433a14e [wallet] Remove unreachable IsZPIV() in `CreateCoinStake` (furszy) Pull request description: Since v5 activation, #1700 is active and there is no need to continue checking for the v5 NU enforcement during the coinstake generation in the mining process. This PR removes the extra validations and script conversion inside the wallet. ACKs for top commit: random-zebra: re-utACK 50ee79d after rebase Fuzzbawls: utACK 50ee79d Tree-SHA512: ff1ce1de7ef14dee399e729a25ee4a80e791213e2470154e6cce9d79ed69b40ca557035d35be13d7c046b4e5f2c3d71a8bc13186c01c1c0479eceda204850e67
Moved the last remaining P2PK scripts to P2PKH (coinbase and the staking output to the current P2PKH standard).
The main argument used for the migration is that we are already using it as a standard everywhere in the sources (same as upstream) and has an increased, theorical, security due the pub key not being revealed initially (scriptsig reveals it).