[RFC-0006] Remove Proof-of-Work Block Signature

hrobeers · November 21, 2017, 7:27pm

Published another RFC, feel free to discuss.

peercoin/rfcs/blob/master/text/0006-remove-pow-block-signature/0006-remove-pow-block-signature.md

# Remove Proof-of-Work Block Signature

- Status: proposed
- Type: enhancement
- Related components: `protocol`
- Start Date: 21-November-2017
- Discussion: (fill me in with link to RFC discussion - shepherd will complete this)
- Supersedes: (fill me in with a link to RFC this supersedes - if applicable)
- Superseded by: (fill me in with a link to RFC this is superseded by - if applicable)
- Author: hrobeers

## Summary

Peercoin blocks contain a block signature covering it's contents, as is required by the Proof-of-Stake algorithm.
Unfortunately this block signature requirement has also been imposed on Proof-of-Work blocks, while these don't strictly need the signature as the Proof-of-Work covers the entire block's content.
This RFC proposes the removal of the requirement for a valid signature in Proof-of-Work blocks.


## Conventions
- The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC 2119](http://tools.ietf.org/html/rfc2119).

This file has been truncated. show original

nohea · November 22, 2017, 10:27pm

I think generally is it a good thing to:

Simplify design and PoW block requirements
Remove the requirement for empty outputs (zero utxo problem)
Get closer to the Bitcoin conventions if possible

If the block signature is required for the staking algorithm, and the requirement for a block signature is removed, then pooled miners don’t need it as the coinbase coins don’t go in the local wallet anyway.

I have some questions:

Would this affect a standalone node mining proof-of-work but then holding in that wallet.dat until coin age maturity and expecting to stake? Could creation of a block signature be optional in that case, instead of mandatory?
Do utxos from a pool PoW mined block not “stake” for the vouts to offline keys? At least until sent/spent to a full node’s wallet?

hrobeers · November 23, 2017, 8:52am

The proposal does not remove the signature, it removes the requirement for a valid signature for proof-of-work blocks.
This means that a miner can use those signature bytes for anything he likes, so if he really wants he could sign his block but it serves no purpose at all. Even worse, it exposes the public key of the miner’s address.
Conceptually there is no difference to mining to a local or offline wallet. When you mine using Peercoin Solo Pool, the payments would show in your wallet as if they are mined locally, the coinbase pays directly to your address it doesn’t matter whether it is mined using your wallet.dat or not.
The wallet.dat is just a database that stores private keys (and some less important indices). Coins do not mature in a wallet.dat, they mature on chain.

Are you aware you can hold the same keys on multiple nodes? Just make sure you don’t mint with all as that is considered bad behavior and will result in getting your blocks orphaned.
A miner can mine to any address on a machine that does not contain any private key and mint those addresses on a different machine, making it harder for an attacker to figure out where the keys are.
Pools should not store their private keys on their server as attackers know those keys hold a lot of coins for a while.
Unfortunately, almost all peercoin pools do store their keys on their server because they need the key to sign the block.
Peercoin Solo Pool seems to be the exception here, it pays to keys not stored on the server and sends a zero output to the online key that is used for signing, it’s a workaround for this vulnerability.

Long story short, that signature requirement for Proof-of-Work blocks does not serve any purpose at all, like the transaction timestamp it’s just plain stupid and opens up attack vectors.

nohea · November 24, 2017, 3:37am

Thanks, this clarifies it for me, I’m on board with the RFC.

Block signature is only needed for proof-of-stake blocks and their coinstake txs.

Proof-of-work coinbase utxos will be able to go an address with externally hosted private keys (as is now) but without having the keys on the miner or having a dummy tx with zero output.

In all cases, the PoW miner can send to external address where a node with the private key is “staking”/minting with the private key continually.

irritant · November 24, 2017, 2:42pm

I dont understand this, isnt the block reward going to the miners address? Is the address not the same as the public key?

hrobeers · November 24, 2017, 6:41pm

No, the address is the hash of the public key in case of a P2PKH output, the public key is not revealed and will remain secret until the first payment.

Currently the block signature requires vout[0] to be a P2PK output that reveals the public key to be able to validate the block signature. But you can just as well mine to P2PKH outputs that don’t reveal the key again only Peercoin Solo Pool seems to be doing that.

peerchemist · April 9, 2019, 1:32pm

This RFC has been implemented and will go live with the v0.8~RC6.