ZIP 208: Shorter Block Target Spacing

ZIP: 208
Title: Shorter Block Target Spacing
Owners: Daira-Emma Hopwood <daira-emma@electriccoin.co>
Original-Authors: Daira-Emma Hopwood
                  Simon Liu
Status: Final
Category: Consensus
Created: 2019-01-10
License: MIT
Pull-Request: <https://github.com/zcash/zips/pull/237>

Terminology

The key words "MUST" and "SHOULD" in this document are to be interpreted as described in BCP 14 1 when, and only when, they appear in all capitals.

The terms "block chain", "consensus rule change", "consensus branch", and "network upgrade" are to be interpreted as defined in 9.

The term "block target spacing" means the time interval between blocks targeted by the difficulty adjustment algorithm in a given consensus branch. It is normally measured in seconds. (This is also sometimes called the "target block time", but "block target spacing" is the term used in the Zcash Protocol Specification 6.)

The terms "Testnet" and "Mainnet" are to be interpreted as described in section 3.12 of the Zcash Protocol Specification 4.

Abstract

This proposal specifies a change in the block target spacing, to take effect in the Blossom network upgrade 11.

The emission schedule of mined ZEC will be approximately the same in terms of time, but this requires the emission per block to be adjusted to take account of the changed block target spacing.

Motivation

The motivations for decreasing the block target spacing are:

Reduced latency for considering transactions to be sufficiently confirmed;
Greater throughput of transactions in unit time.

The latter goal could alternatively be achieved by increasing the block size limit, but that would not also achieve the former goal.

Note that, for a given security requirement (in terms of the expected cost distribution of a rollback attack), the number of confirmations needed increases more slowly than the decrease in block time, and so, up to a point, decreasing the block target spacing can provide a better trade-off between latency and security. This argument assumes that the validation and propagation time for a block remain small compared to the block target spacing. See 13 for further analysis in various attack models.

Specification

The changes described in this section are to be made in the Zcash Protocol Specification 3, relative to the pre-Blossom specification in [#preblossom-protocol].

Consensus changes

Throughout the specification, rename $\mathsf{HalvingInterval}$ to $\mathsf{PreBlossomHalvingInterval}\!$ , and rename $\mathsf{PoWTargetSpacing}$ to $\mathsf{PreBlossomTargetSpacing}\!$ . These constants retain their values from 2 of $840000$ (blocks) and $150$ (seconds) respectively.

In section 2 (Notation), add $\mathsf{BlossomActivationHeight}$ and $\mathsf{PostBlossomPoWTargetSpacing}$ to the list of integer constants.

In section 5.3 (Constants), define $\mathsf{PostBlossomPoWTargetSpacing} := 75$ seconds.

For a given network (production or test), define $\mathsf{BlossomActivationHeight}$ as the height at which Blossom activates on that network, as specified in 11.

In section 7.6.3 (Difficulty adjustment) [later moved to section 7.7.3], make the following changes:

Define $\mathsf{IsBlossomActivated}(\mathsf{height})$ to return true if $\mathsf{height} \geq \mathsf{BlossomActivationHeight}\!$ , otherwise false.

This specification assumes that $\mathsf{BlossomActivationHeight} \geq \mathsf{SlowStartInterval}\!$ .

Define:

$\mathsf{BlossomPoWTargetSpacingRatio} := \mathsf{PreBlossomPoWTargetSpacing} / \mathsf{PostBlossomPoWTargetSpacing}$
$\mathsf{PostBlossomHalvingInterval} := \mathsf{floor}(\mathsf{PreBlossomHalvingInterval} \cdot \mathsf{BlossomPoWTargetSpacingRatio})\!$ .

In the same section, redefine $mathsf{PoWTargetSpacing} as a function taking a $\mathsf{height}$ parameter, as follows:

$\mathsf{PoWTargetSpacing}(\mathsf{height}) := \begin{cases} \mathsf{PreBlossomPoWTargetSpacing}, &\!\!\text{if not } \mathsf{IsBlossomActivated}(\mathsf{height}) \\ \mathsf{PostBlossomPoWTargetSpacing} &\!\!\text{otherwise} \end{cases}$

Also redefine $\mathsf{AveragingWindowTimespan}\!$ , $\mathsf{MinActualTimespan}\!$ , $\mathsf{MaxActualTimespan}\!$ , $\mathsf{ActualTimespanDamped}\!$ , $\mathsf{ActualTimespanBounded}\!$ , and $\mathsf{Threshold}$ as follows:

add a $\mathsf{height}$ parameter to each of these functions that does not already have one;
ensure that each reference to any of these values, or to $\mathsf{PoWTargetSpacing}\!$ , are replaced with a function call passing the $\mathsf{height}$ parameter.

In section 7.7 (Calculation of Block Subsidy and Founders’ Reward) [later moved to section 7.8], redefine the $\mathsf{Halving}$ and $\mathsf{BlockSubsidy}$ functions as follows:

$\mathsf{Halving}(\mathsf{height}) := \begin{cases} \mathsf{floor}((\mathsf{height} - \mathsf{SlowStartShift}) / \mathsf{PreBlossomHalvingInterval}), &\!\!\text{if not } \mathsf{IsBlossomActivated}(\mathsf{height}) \\ \mathsf{floor}((\mathsf{BlossomActivationHeight} - \mathsf{SlowStartShift}) / \mathsf{PreBlossomHalvingInterval} & \\ \hspace{1em}+\; (\mathsf{height} - \mathsf{BlossomActivationHeight}) / \mathsf{PostBlossomHalvingInterval}) &\!\!\text{otherwise} \end{cases}$

$\mathsf{BlockSubsidy}(\mathsf{height}) := \begin{cases} \mathsf{SlowStartRate} \cdot \mathsf{height}, &\!\!\text{if } \mathsf{height} < \mathsf{SlowStartInterval} / 2 \\ \mathsf{SlowStartRate} \cdot (\mathsf{height} + 1), &\!\!\text{if } \mathsf{SlowStartInterval} / 2 \leq \mathsf{height} \text{ and } \mathsf{height} < \mathsf{SlowStartInterval} \\ \mathsf{floor}(\mathsf{MaxBlockSubsidy} / 2^{\mathsf{Halving}(\mathsf{height})}), &\!\!\text{if } \mathsf{SlowStartInterval} \leq \mathsf{height} \text{ and not } \mathsf{IsBlossomActivated}(\mathsf{height}) \\ \mathsf{floor}(\mathsf{MaxBlockSubsidy} / & \\ \hspace{1em}(\mathsf{BlossomPoWTargetSpacingRatio} \cdot 2^{\mathsf{Halving}(\mathsf{height})})) &\!\!\text{otherwise} \end{cases}$

Note: $\mathsf{BlossomActivationHeight}\!$ , $\mathsf{PostBlossomHalvingInterval}\!$ , and $\mathsf{PostBlossomTargetSpacing}$ are chosen so that:

$(\mathsf{BlossomActivationHeight} - \mathsf{SlowStartShift}) / \mathsf{PreBlossomHalvingInterval}\hspace{-3em}$ $\hspace{3em}+\; (\mathsf{height} - \mathsf{BlossomActivationHeight}) / \mathsf{PostBlossomHalvingInterval}$ is exactly $1$ for some integer $\mathsf{height}\!$ .
$\mathsf{MaxBlockSubsidy} / (\mathsf{BlossomPoWTargetSpacingRatio} \cdot 2^{\mathsf{Halving}(\mathsf{height})})$ is an integer for the next few periods.

In section 7.8 (Payment of Founders’ Reward) [later moved to section 7.9], define:

$\mathsf{FounderAddressAdjustedHeight}(\mathsf{height}) := \begin{cases} \mathsf{height}, &\!\!\text{if not } \mathsf{IsBlossomActivated}(\mathsf{height}) \\ \mathsf{BlossomActivationHeight} + \mathsf{floor}((\mathsf{height} - \mathsf{BlossomActivationHeight}) / \\ \hspace{1em}\mathsf{BlossomPoWTargetSpacingRatio}) &\!\!\text{otherwise} \end{cases}$

and in the definition of $\mathsf{FounderAddressIndex}\!$ , replace the use of $\mathsf{height}$ with $\mathsf{FounderAddressAdjustedHeight}(\mathsf{height})\!$ .

Also define:

$\mathsf{FoundersRewardLastBlockHeight} := \mathsf{max}(\{ \mathsf{height} \;{\small ⦂}\; \mathbb{N} | \mathsf{Halving}(\mathsf{height}) < 1 \})$

Replace the first note in that section with:

No Founders’ Reward is required to be paid for $\mathsf{height} > \mathsf{FoundersRewardLastBlockHeight}$ (i.e. after the first halving), or for $\mathsf{height} = 0$ (i.e. the genesis block).

and in the second note, replace $\mathsf{SlowStartShift} + \mathsf{PreBlossomHalvingInterval} - 1$ with $\mathsf{FoundersRewardLastBlockHeight}\!$ .

Effect on difficulty adjustment

The difficulty adjustment parameters $\mathsf{PoWAveragingWindow}$ and $\mathsf{PoWMedianBlockSpan}$ refer to numbers of blocks, but do not change at Blossom activation. This is because the amount of damping/averaging required is expected to be roughly the same, in terms of the number of blocks, after the change in block target spacing.

The change in the effective value of $\mathsf{PoWTargetSpacing}$ will cause the block spacing to adjust to the new target, at the normal rate for a difficulty adjustment. The results of simulations are consistent with this expected behaviour.

Note that the change in $\mathsf{AveragingWindowTimespan(\mathsf{height})$ takes effect immediately when calculating the target difficulty starting from the block at the Blossom activation height, even though the difficulty of the preceding $\mathsf{PoWAveragingWindow}$ blocks will have been adjusted using the pre-Blossom target spacing. Therefore it is likely that the difficulty adjustment for the first few blocks after activation will be limited by $\mathsf{PoWMaxAdjustDown}\!$ . This is not anticipated to cause any problem.

Minimum difficulty blocks on Testnet

On Testnet from block height 299188 onward, the difficulty adjustment algorithm 6 allows minimum-difficulty blocks, as described in 10, when the block time is greater than a given threshold. This specification changes this threshold to be proportional to the block target spacing.

That is, if the block time of a block at height $\mathsf{height} \geq 299188$ is greater than $6 \cdot \mathsf{PoWTargetSpacing}(\mathsf{height})$ seconds after that of the preceding block, then the block is a minimum-difficulty block. In that case its nBits field MUST be set to $\mathsf{ToCompact}(\mathsf{PoWLimit})\!$ , where $\mathsf{PoWLimit}$ is the value defined for Testnet in section 5.3 of the Zcash Protocol Specification 5, and $\mathsf{ToCompact}$ is as defined in section 7.7.4 of that specification 7.

Note: a previous revision of this ZIP (and 10) incorrectly said that only the target threshold of minimum-difficulty blocks is affected. In fact the nBits field is modified as well, and this affects difficulty adjustment for subsequent blocks.

This change does not affect Mainnet.

Non-consensus node behaviour

End-of-Service halt

zcashd implements an "End-of-Service halt" behaviour that halts the node at a block height that corresponds approximately to a given time after release. This interval SHOULD be adjusted in releases where the End-of-Service halt time will follow Blossom activation.

Default expiry delta

When not overridden by the -txexpirydelta option, zcashd RPC calls that create transactions use a default value for the number of blocks after which a transaction will expire. The default in recent versions of zcashd is 20 blocks, which at the pre-Blossom block target spacing corresponds to roughly 50 minutes.

This default SHOULD change to BlossomPoWTargetSpacingRatio · 20 blocks after Blossom activation, to maintain the approximate expiry time of 50 minutes.

If the -txexpirydelta option is set, then the set value SHOULD be used both before and after Blossom activation.

Sprout to Sapling migration

ZIP 308 12 defines a procedure for migrating funds from Sprout to Sapling z-addresses. In that procedure, migration transactions are sent every 500 blocks, which corresponded to roughly 20.83 hours before Blossom.

The 500-block constant has not been changed. Therefore, migration transactions are now sent roughly every 10.42 hours after Blossom activation. This has been noted in the ZIP, and a table showing the expected time to complete migration has been updated accordingly.

Fingerprinting mitigation

A "fingerprinting attack" is a network analysis technique in which nodes are identified across network sessions, for example using information about which blocks they request or send.

zcashd inherits from Bitcoin Core the following behaviour, described in a comment in main.cpp, intended as a fingerprinting mitigation:

// To prevent fingerprinting attacks, only send blocks outside of the active
// chain if they are valid, and no more than a month older (both in time, and in
// best equivalent proof of work) than the best header chain we know about.

We make no assertion about the significance of fingerprinting for Zcash, and (despite the word "prevent" in the above comment) no claim about the effectiveness of this mitigation.

In any case, to estimate the "best equivalent proof of work" of a given block chain (measured in units of time), we take the total work of the chain as defined in section 7.7.5 of the Zcash Protocol Specification 8, divide by the work of the block at the active tip, and multiply by the target block spacing of that block.

It is not a requirement of the Zcash protocol that this fingerprinting mitigation is used; however, if it is used, then it SHOULD use the target block spacing at the same block height that is used for the current work estimate.

Monitoring for quicker- or slower-than-expected blocks

zcashd previously did this monitoring every 150 seconds; it is now done every 60 seconds.

Block timeout

The timeout for a requested block is calculated as the target block time, multiplied by 2 + (the number of queued validated headers)/2.

Latency optimization when requesting blocks

When zcashd sees an announced block that chains from headers that it does not already have, it will first ask for the headers, and then the block itself. A latency optimization is performed only if the chain is "nearly synced":

// First request the headers preceding the announced block. In the normal fully-synced
// case where a new block is announced that succeeds the current tip (no reorganization),
// there are no such headers.
// Secondly, and only when we are close to being synced, we request the announced block directly,
// to avoid an extra round-trip. Note that we must *first* ask for the headers, so by the
// time the block arrives, the header chain leading up to it is already validated. Not
// doing this will result in the received block being rejected as an orphan in case it is
// not a direct successor.

The heuristic for "nearly synced" is that the timestamp of the block at the active tip is no more than 20 block times before the current "adjusted time". In zcashd this calculation uses the block target spacing as of the best known header. Around Blossom activation when the block target spacing changes, this could cause the heuristic to be based on the pre-Blossom block target spacing until the node has synced headers past the activation block, but this is not anticipated to cause any problem.

Response to getblocks message when pruning

If pruning is enabled, when zcashd responds to an "getblocks" peer-to-peer message, it will only include blocks that it has on disk, and is likely to still have on disk an hour after responding to the message:

// If pruning, don't inv blocks unless we have on disk and are likely to still have
// for some reasonable time window (1 hour) that block relay might require.

For each block, when estimating whether it will still be on disk after an hour, we take MIN_BLOCKS_TO_KEEP = $288$ blocks, minus approximately the number of blocks expected in one hour at the target block spacing as of that block. Around Blossom activation, this might underestimate the number of blocks in the next hour, but given the value of MIN_BLOCKS_TO_KEEP, this is not anticipated to cause any problem.

Estimation of fully synced chain height

zcashd uses the EstimateNetHeight function to estimate the approximate height of the fully synced chain, so that the progress of block download can be displayed to the node operator. This function has been rewritten, simplified, and changed to take account of cases where the time period that needs to be estimated crosses Blossom activation.

Other block-related constants

The following constants, measured in number of blocks, were reviewed and a decision was made not to change them:

/** The number of blocks within expiry height when a tx is considered to be expiring soon */
TX_EXPIRING_SOON_THRESHOLD = 3

/** Maximum reorg length we will accept before we shut down and alert the user. */
MAX_REORG_LENGTH = COINBASE_MATURITY - 1;

static const int COINBASE_MATURITY = 100;

/** Number of blocks that can be requested at any given time from a single peer. */
static const int MAX_BLOCKS_IN_TRANSIT_PER_PEER = 16;

static const unsigned int BLOCK_DOWNLOAD_WINDOW = 1024;

/** Block files containing a block-height within MIN_BLOCKS_TO_KEEP of chainActive.Tip() will not be pruned. */
static const unsigned int MIN_BLOCKS_TO_KEEP = 288;

/**
 * The period before a network upgrade activates, where connections to upgrading peers are preferred (in blocks).
 * This was three days for upgrades up to and including Blossom, and is 1.5 days from Heartwood onward.
 */
static const int NETWORK_UPGRADE_PEER_PREFERENCE_BLOCK_PERIOD = 1728;

Deployment

This proposal will be deployed with the Blossom network upgrade. 11

Backward compatibility

This proposal intentionally creates what is known as a "bilateral consensus rule change". Use of this mechanism requires that all network participants upgrade their software to a compatible version within the upgrade window. Older software will treat post-upgrade blocks as invalid, and will follow any pre-upgrade consensus branch that persists.

Reference Implementation

https://github.com/zcash/zcash/pull/4025

References

1	Information on BCP 14 — "RFC 2119: Key words for use in RFCs to Indicate Requirement Levels" and "RFC 8174: Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words"

2	Zcash Protocol Specification, Version 2018.0-beta-37 (exactly)

3	Zcash Protocol Specification, Version 2021.2.16 or later

4	Zcash Protocol Specification, Version 2021.2.16. Section 3.12: Mainnet and Testnet

5	Zcash Protocol Specification, Version 2021.2.16. Section 5.3: Constants

6	Zcash Protocol Specification, Version 2021.2.16. Section 7.7.3: Difficulty adjustment

7	Zcash Protocol Specification, Version 2021.2.16. Section 7.7.4: nBits conversion

8	Zcash Protocol Specification, Version 2021.2.16. Section 7.7.5: Definition of Work

9	ZIP 200: Network Upgrade Mechanism

10	ZIP 205: Deployment of the Sapling Network Upgrade

11	ZIP 206: Deployment of the Blossom Network Upgrade

12	ZIP 308: Sprout to Sapling Migration

13	On Slow and Fast Block Times