Pages:
Author

Topic: Strange Timestamp Argument (Read 317 times)

legendary
Activity: 3038
Merit: 4418
Crypto Swap Exchange
August 01, 2021, 10:21:22 AM
#28
Do miners check that confirmed transactions from other miners have waited a sufficient nlocktime for a transaction? They must do...
Nodes do.
If not, then I still don't fully understand what prevents a miner from processing delayed transactions early, since the signed transaction has all information viewable at any stage and a delayed locktime isn't relayed downstream, as far as I understand. It's mostly related to the honesty of the miners, isn't it? It's not really a concern, since the number of people desiring such a method would be minimal.
Each node will check the transactions within a block such that they have to be final with respect to the MTP of the past 11 blocks. Miners can include non-final transactions, but it would just result in the block being considered invalid to the rest of the network.
sr. member
Activity: 333
Merit: 506
August 01, 2021, 10:13:40 AM
#27
When a unix time is specified, we used to determine it by comparing directly to the block timestamp, which really isn't as accurate as the one that we've implemented now.
I read it. Okay, so the point for this accuracy improvement is to prevent any miner from claiming more transaction fees by lying their block timestamp.

There are two safe guards though:

1) The blockchain has a time stamp that the processed transactions must adhere to, within the previous 11 blocks. So lying about timestamps is limited to that.

2) Most users will want to have their transactions processed sooner rather than later. If a miner wants to process transactions faster, then this will typically not be an issue.
The number of users who want delayed processing will be so low to make this effect insignificant.

-
Do miners check that confirmed transactions from other miners have waited a sufficient nlocktime for a transaction? They must do...
If not, then I still don't fully understand what prevents a miner from processing delayed transactions early, since the signed transaction has all information viewable at any stage and delayed locktime information isn't relayed downstream, as far as I understand. It's mostly related to the honesty of the miners, isn't it? It's not really a concern, since the number of people desiring such a method would be minimal.
legendary
Activity: 3472
Merit: 10611
August 01, 2021, 03:59:12 AM
#26
But, why did you say block height 499,999,999 if the 32-bit limit will be reached far earlier than that?
Because there are 2 ways to set the locktime value. If that integer value is smaller than (and not equal to) 500,000,000 it will be interpreted as a block height so the maximum height value of a locktime is 499,999,999; and if it is bigger than or equal to 500,000,000 it will be interpreted as datetime so maximum datetime value of a locktime is Feb 07 2106 06:28:15.
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
August 01, 2021, 02:08:52 AM
#25
These are Epoch Unix timestamps and when you convert the maximum possible value for a locktime to datetime you get the exact time I posted above. The locktime variable is a 32-bit unsigned integer so it can be as big as 0xffffffff which is equal to 4294967295. An example online tool for conversion: https://www.unixtimestamp.com/
But, why did you say block height 499,999,999 if the 32-bit limit will be reached far earlier than that? Besides, that shouldn't be a concern. A soft fork could be desired anytime where it replaces the 32-bit variable with a 64-bit one.

When a unix time is specified, we used to determine it by comparing directly to the block timestamp, which really isn't as accurate as the one that we've implemented now.
I read it. Okay, so the point for this accuracy improvement is to prevent any miner from claiming more transaction fees by lying their block timestamp.
legendary
Activity: 3038
Merit: 4418
Crypto Swap Exchange
August 01, 2021, 01:51:47 AM
#24
I read in our wiki that the median time past is based on the last eleven blocks. Is there any specific reason the developers chose this or is it arbitrary?
See the BIP that I referenced a few post prior. Using the MTP allows for a strictly increasing block time which is more accurate than just using the block's timestamp to check if the nlocktime transaction can be included in the block.

When a unix time is specified, we used to determine it by comparing directly to the block timestamp, which really isn't as accurate as the one that we've implemented now.
legendary
Activity: 3472
Merit: 10611
August 01, 2021, 01:40:24 AM
#23
Are you sure about that date? Did you possibly mean something like the year 6836 instead?
These are Epoch Unix timestamps and when you convert the maximum possible value for a locktime to datetime you get the exact time I posted above. The locktime variable is a 32-bit unsigned integer so it can be as big as 0xffffffff which is equal to 4294967295. An example online tool for conversion: https://www.unixtimestamp.com/
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
August 01, 2021, 01:18:58 AM
#22
If nLocktime is time based it is not based on the current time, it is based on the blockchain's median time past.
I read in our wiki that the median time past is based on the last eleven blocks. Is there any specific reason the developers chose this or is it arbitrary?

Block height 499,999,999 or if time is used a time equal to Sun Feb 07 2106 06:28:15.
Are you sure about that date? Did you possibly mean something like the year 6836 instead?
legendary
Activity: 3472
Merit: 10611
August 01, 2021, 12:37:56 AM
#21
Is there a theoretical most distant future locktime that a transaction can have?
Block height 499,999,999 or if time is used a time equal to Sun Feb 07 2106 06:28:15.

Quote
I imagine the fee would have to be quite large for miners to want to keep it in the mempool for that amount of time, and then it might become a race to see who could publish it the soonest after the benchmarked time.
That would be their choice to keep a non-mineable transaction until becomes mineable. They usually don't waste their memory and stick to the standard rule and reject transactions that have a far away locktime.
sr. member
Activity: 333
Merit: 506
July 31, 2021, 07:55:34 PM
#20
If you change the transaction, then the signature on the transaction will no longer be valid.  This prevents anyone from changing anything about the transaction (including the amount being paid, the address it's being paid to, and/or the locktime.

Thanks. Of course!

Is there a theoretical most distant future locktime that a transaction can have?

I imagine the fee would have to be quite large for miners to want to keep it in the mempool for that amount of time, and then it might become a race to see who could publish it the soonest after the benchmarked time.
legendary
Activity: 3472
Merit: 4801
July 31, 2021, 07:08:28 PM
#19
Is there anything that prevents a future nLocktime transaction from being used early?

For example, if nLocktime were to be set for 6 months in the future, but a miner wanted to process the transaction now --
then could they republish the transaction with an nLocktime of now or the past?

If you change the transaction, then the signature on the transaction will no longer be valid.  This prevents anyone from changing anything about the transaction (including the amount being paid, the address it's being paid to, and/or the locktime.
sr. member
Activity: 333
Merit: 506
July 31, 2021, 04:57:12 PM
#18
Transactions don't have any timestamp at all.  They may, however, have an nLocktime.

nLocktime can be time based or height based.

If nLocktime is time based it is not based on the current time, it is based on the blockchain's median time past.

A transaction with a time based lock won't be relayed until it can be included in the next block coming up.


Is there anything that prevents a future nLocktime transaction from being used early?

For example, if nLocktime were to be set for 6 months in the future, but a miner wanted to process the transaction now --
then could they republish the transaction with an nLocktime of now or the past?

The hypothetical scenarios would be a donor who wanted to donate significant funds say 10 years after they thought they would be dead,
or an employer that wanted to set the payout to an individual to be on a particular each month for the next 6 months.
They benefit to the donor or employer is that they could change their mind by transacting at an earlier nLocktime.
staff
Activity: 4284
Merit: 8808
July 30, 2021, 10:43:52 PM
#17
Transactions don't have any timestamp at all.  They may, however, have an nLocktime.

nLocktime can be time based or height based.

If nLocktime is time based it is not based on the current time, it is based on the blockchain's median time past.

A transaction with a time based lock won't be relayed until it can be included in the next block coming up.
legendary
Activity: 3038
Merit: 4418
Crypto Swap Exchange
July 30, 2021, 12:37:27 PM
#16
My question is:  Should the second transaction be considered valid if everyone can confirm that one of those transactions contains a false timestamp?
No. The timestamp is to be matched with the block that it is in. If your block includes a CLTV with a unix time after that, then it would be valid, if it isn't then it won't be. The validity of the block is also dependent on the deviation from the network adjusted time as well, if it isn't synchronized within the limits, then it would be invalid as well until the time limit reaches. Nodes do not independently decide to invalidate any transactions.

BIP113 introduced MTP for locktime quite a while ago which utilizes the median as compared to the actual block timestamp.
sr. member
Activity: 333
Merit: 506
July 30, 2021, 11:43:25 AM
#15
You probably didn't understand my query, but that's okay, I'll just make it clearer.
..
My question is:  Should the second transaction be considered valid if everyone can confirm that one of those transactions contains a false timestamp?

Sorry, I still don't get it.

But no, the second transaction would be shown already as spent and ignored by the miners.
If it didn't behave this way, then the system would be abusable as your hypothetical puts it.

-
Check my edits as I've added more information that might clarify.

There is no time stamp in the sent transaction.
There are timestamps in miner blocks and connecting nodes, but these are not transactions, nor required for an individual to have for making a transaction.
Specific to the transaction, a lock time is not a time stamp, even if it might be used as such.
Specific to the miner, a miner has the incentive to have a near matching time stamp to other miners so that ze can get transaction fees without rejection.
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
July 30, 2021, 11:35:11 AM
#14
...

You probably didn't understand my query, but that's okay, I'll just make it clearer.

  • You enter a timestamp that represents the present. (e.g 19:00)
  • You sign that transaction and then broadcast it.
  • The transaction is successfully included into a block.
  • Then you create another transaction with a timestamp that represents a time prior the one that is signed in the previous transaction. (e.g 18:00)
  • For that very transaction, you select an output of the first transaction.
  • You then sign the second transaction and broadcast it.

My question is:  Should the second transaction be considered valid if everyone can confirm that one of those transactions contains a false timestamp?
sr. member
Activity: 333
Merit: 506
July 30, 2021, 11:24:14 AM
#13
Broadcasting a transaction has zero dependency on your computer's system time.
I didn't said that it has. You can obviously sign whatever you want from scratch. I was just wondering why the second transaction should be considered valid after every node observed that the user is cheating the system.

Could the user also enter an arbitrary time like 01-01-1970? He should, if the timestamp isn't somehow verified.
There isn't a time stamp in a transaction broadcast, so it's irrelevant.

The second won't be considered valid because it arrived or was confirmed later.
Once the first transaction is confirmed, the second one will be rejected due to unavailable funds.
This is the double spend problem, right?

https://99bitcoins.com/double-spending/

A transaction broadcast may look like this [note the lack of a timestamp]

Quote
Array
(
    [txid] => e3a865d391af57193e4faad75080f3c8178cb696910cc19ea75877f06b9a3598
    [hash] => e3a865d391af57193e4faad75080f3c8178cb696910cc19ea75877f06b9a3598
    [version] => 2
    [size] => 85
    [vsize] => 85
    [weight] => 340
    [locktime] => 0
    [vin] => Array
        (
            
  • => Array
               (
                    [txid] => 24e4ccbe8faedc59fa16465e787a0943d5b1b780ab58d00a15a7d7e2390c0edc
                    [vout] => 1
                    [scriptSig] => Array
                        (
                            [asm] =>
                            [hex] =>
                        )

                    [sequence] => 4294967295
                )

        )

    [vout] => Array
        (
            
  • => Array
               (
                    [value] => 0.045
                    [n] => 0
                    [scriptPubKey] => Array
                        (
                            [asm] => OP_DUP OP_HASH160 043ea5736aa3a48ebdd5034309b590505d8bdd90 OP_EQUALVERIFY OP_CHECKSIG
                            [hex] => 76a914043ea5736aa3a48ebdd5034309b590505d8bdd9088ac
                            [reqSigs] => 1
                            [type] => pubkeyhash
                            [addresses] => Array
                                (
                                    
  • => 1PSkWTzac8K8QGCq17ff27gPw1eHw3gTC
                               )

                        )

                )

        )

)

But you don't need a node to broadcast a transaction..

You need an accurate system time for your node though, or your node won't update properly, which is probably the most common tool for broadcasting transactions.
"To connect to a peer, you send a version message containing your version number, block count, and current time."
https://en.bitcoin.it/wiki/Network

The double spender isn't necessarily trying to cheat the system. There could be several reasons why it happens, such as the replace-by-fee being increased.
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
July 30, 2021, 11:17:42 AM
#12
Broadcasting a transaction has zero dependency on your computer's system time.
I didn't said that it has. You can obviously sign whatever you want from scratch. I was just wondering why the second transaction should be considered valid after every node observed that the user is cheating the system.

Could the user also enter an arbitrary time like 01-01-1970? He should, if the timestamp isn't somehow verified.
sr. member
Activity: 333
Merit: 506
July 30, 2021, 11:10:34 AM
#11
What happens if you broadcast a signed a transaction at 19:00 using your system's clock, then once is confirmed, broadcast a signed transaction that spends an output from the previous once, but at 18:00. In other words, if you tease your system's clock and any node can confirm that you have, does that make the second transaction invalid?

Broadcasting a transaction has zero dependency on your computer's system time.
So, no, the later transaction would not overwrite the earlier one, assuming the fee and hashrate was the same.

There is a locktime argument that can be pushed, but that doesn't depend on any user/node clock, but on the blockchain time stamps noted above.
https://hedgetrade.com/what-is-locktime/

Core has interesting behaviors related to your system clock, but that's different than broadcasting a transaction.
If you get a block more than 2 hours in the future you won't accept it until its within 2 hours.  Any timestamp that passes these criteria is valid, anything else will be ignored.
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
July 30, 2021, 11:04:00 AM
#10
What happens if you broadcast a signed a transaction at 19:00 using your system's clock, then once is confirmed, broadcast a signed transaction that spends an output from the previous once, but at 18:00. In other words, if you tease your system's clock and any node can confirm that you have, does that make the second transaction invalid?
legendary
Activity: 3472
Merit: 10611
July 30, 2021, 10:10:44 AM
#9
If I understood Maxwell's comment correctly, let's give the hypothetical that there were only two miners on the network, and that they published blocks two years into the future:

Nodes would then wait two years before updating their own records, after their own clocks matched the published blocks, and only if there weren't conflicting blocks published before then. So, there is incentive for miners to be reasonably accurate.

Would that be correct? I've not looked into the code enough yet to know myself.
The full node software uses the system clock and will not change it. If it receives a block that is 2 years in the future it will simply reject it as invalid and waits for a valid block without updating anything.
If the computer clock is wrong then the user has to manually fix it before they can continue syncing. If the miners are creating wrong blocks there will always be a miner that won't and the chain will continue to grow with valid blocks.
Pages:
Jump to: