ZIP: 113 Title: Median Time Past as endpoint for lock-time calculations Author: Daira Hopwood <daira@electriccoin.co> Credits: Thomas Kerin <me@thomaskerin.io> Mark Friedenbach <mark@friedenbach.org> Gregory Maxwell Category: Consensus Status: Draft Created: 2019-06-07 License: MIT
The key words "MUST" and "MAY" in this document are to be interpreted as described in RFC 2119. [1]
This ZIP is a proposal to redefine the semantics used in determining a time-locked transaction's eligibility for inclusion in a block. The median of the last PoWMedianBlockSpan (11) blocks is used instead of the block's timestamp, ensuring that it increases monotonically with each block.
At present, transactions are excluded from inclusion in a block if the present time or block height is less than or equal to that specified in the locktime. Since the consensus rules do not mandate strict ordering of block timestamps, this has the unfortunate outcome of creating a perverse incentive for miners to lie about the time of their blocks in order to collect more fees by including transactions that by wall clock determination have not yet matured.
This ZIP proposes comparing the locktime against the median of the past PoWMedianBlockSpan blocks' timestamps, rather than the timestamp of the block including the transaction. Existing consensus rules guarantee this value to monotonically advance, thereby removing the capability for miners to claim more transaction fees by lying about the timestamps of their block.
This proposal seeks to ensure reliable behaviour in locktime calculations as required by [3] (CHECKLOCKTIMEVERIFY) and matching the behavior of [5] (CHECKSEQUENCEVERIFY). This also matches the use of Median Time Past in difficulty adjustment as specified in section 7.6.3 of [2].
Let PoWMedianBlockSpan be as defined in [2] section 5.3, and let the median function be as defined in [2] section 7.6.3.
The Median Time Past of a block is specified as the median of the timestamps of the prior PoWMedianBlockSpan blocks, as calculated by MedianTime(height) in [2] section 7.6.3.
The values for transaction locktime remain unchanged. The difference is only in the calculation determining whether a transaction can be included. After activation of this ZIP, lock-time constraints of a transaction MUST be checked according to the Median Time Past of the transaction's block.
[FIXME make this a proper specification, independent of the zcashd implementation.]
Lock-time constraints are checked by the consensus method IsFinalTx()
. This method
takes the block time as one parameter. This ZIP proposes that after activation calls to
IsFinalTx()
within consensus code use the return value of GetMedianTimePast(pindexPrev)
instead.
The new rule applies to all transactions, including the coinbase transaction.
This will be based on Bitcoin PR 6566.
This ZIP is based on BIP 113, authored by Thomas Kerin and Mark Friedenbach.
Mark Friedenbach designed and authored the reference implementation for Bitcoin.
Gregory Maxwell came up with the original idea, in #bitcoin-wizards on 2013-07-16 and 2013-07-17.
At the time of writing it has not been decided which network upgrade (if any) will implement this proposal.
This ZIP is designed to be deployed simultaneously with [4] and [5].
At the post-Blossom block target spacing of 75 seconds, transactions generated using time-based lock-time will take approximately 7.5 minutes longer to confirm than would be expected under the old rules. This is not known to introduce any compatibility concerns with existing protocols. This delay is less than in Bitcoin due to the faster block target spacing in Zcash.
[1] | Key words for use in RFCs to Indicate Requirement Levels |
[2] | (1, 2, 3, 4) Zcash Protocol Specification, Version 2019.0.1 or later [Overwinter+Sapling+Blossom] |
[3] | BIP 65: OP_CHECKLOCKTIMEVERIFY |
[4] | ZIP 68: Consensus-enforced transaction replacement signaled via sequence numbers |
[5] | (1, 2) ZIP 112: CHECKSEQUENCEVERIFY |