Brainstorming some things we should consider:

1. Does adding this put anyone at risk?
2. Does adding this somehow hurt Bitcoin's code base?
3. Does adding this require some long term maintenance / increase the weight on devs for support in the future?

1. Since Testnet has been used at some points to scam people out of money, I could see how this could be used in a similar way. However, with something like this it would be easier for someone to create a signet and give it value (aka use it to create a permission-ed altcoin and mooch 100% off Bitcoin Core development. At least with current altcoin, they have a "keep up to date with merging Core patches" barrier of entry... this would not have such a barrier.)
2. I would say no. But that would need more in-depth technical review.
3. If scams run rampant in my scenario in number 1, some people might propose hard coding blacklists that will require scammers to maintain patches removing themselves from the signet blacklist etc... But other than that, I don't see much problem.

I am leaning towards concept ACK. But I am slightly concerned about someone abusing this like testnet has been abused in the past, and how signet's differences make those abuses easier or harder.

@junderw

Thanks for feedback, comments below:

1. Does adding this put anyone at risk?

Example?

2. Does adding this somehow hurt Bitcoin's code base?

There is a tiny amount of risk involved as it touches consensus validation code, but this is a tiny code change.

If for some reason someone managed to flip the "signet" flag on a running node, for example, that would cause those nodes to start rejecting bitcoin blocks. I don't foresee this as very likely, personally.

3. Does adding this require some long term maintenance / increase the weight on devs for support in the future?

Yes, same as adding any feature to a system. I assume the point of your question is if the added maintenance is worth it; in my opinion it is. Signet is fairly self-contained (3 main parts: signet, wallet RPC, miner RPC, and some sprinkled stuff; there are also the contrib/signet scripts but I see those as irrelevant in this case as they're not a part of the C++ codebase), so it shouldn't be that hard to maintain.

4. Since Testnet has been used at some points to scam people out of money, I could see how this could be used in a similar way. However, with something like this it would be easier for someone to create a signet and give it value (aka use it to create a permission-ed altcoin and mooch 100% off Bitcoin Core development. At least with current altcoin, they have a "keep up to date with merging Core patches" barrier of entry... this would not have such a barrier.)

I don't think this is an issue, to be honest. People can already copy the codebase and tweak it to make a new coin, or start up a regtest and ask their victim to connect to it using This Special Bitcoin.conf File [tm] which so happens to have regtest=1 in it.

People can already copy the codebase and tweak it to make a new coin, or start up a regtest and ask their victim to connect to it using This Special Bitcoin.conf File [tm] which so happens to have regtest=1 in it.

Which is why I am mostly leaning toward concept ACK.

But tbh, if someone said "hey, we have a 7-of-13 multisig based faster Bitcoin!" as compared to "hey use this regtest thing, totally decentralized, we swear!" could be argued by pedantic people as "not technically false"... so a regtest based scam has less of a chance of someone understanding the tech aspect saying "yeah, that's not centralized" than a signet based scam.

Also, there are also many scams that copy-pasted the code base, sure... but with a signet based scam, they don't even need to maintain a patch. Just tell the victims to download Bitcoin Core. And it works out of the box (with a conf tweak)...

So while the risk is super low, it is objectively higher than regtest and testnet...

That being said. The benefit is great compared to that risk. Which, again, is why I say "leaning towards concept ACK."

It would be very powerful to have someone who already has Bitcoin Core downloaded and running to spin up another instance with some args that lets them try out taproot etc etc...

Yep, I see what you're saying. Ultimately both cases require a conf tweak, though (regtest or testnet scam vs signet scam), and signet case requires them to give you a big ugly signet challenge and signet seed node(s), so I'm not sure how viable the attack really is in the end.

Concept ACK, though I am unsure if signet should be configurable at all. (via signet_blockscript for example)

It should just be a shared public network, an alternative (or replacement) of testnet.

The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

Conflicts

Reviewers, this pull request conflicts with the following ones:

• BIP-325: Signet [consensus] #18267 (BIP-325: Signet [consensus] by kallewoof)
• Abstract out script execution out of VerifyWitnessProgram() #18002 (Abstract out script execution out of VerifyWitnessProgram() by sipa)
• Implement BIP 340-342 validation (Schnorr/taproot/tapscript) #17977 ([WIP] Implement BIP 340-342 validation (Schnorr/taproot/tapscript) by sipa)
• rpc: Add generateblock to mine a custom set of transactions #17693 (rpc: Add generateblock to mine a custom set of transactions by andrewtoth)
• Testschains: Many regtests with different genesis and default datadir #17037 (Testschains: Many regtests with different genesis and default datadir by jtimon)
• Tests: Chainparams: Make regtest almost fully customizable #17032 (Tests: Chainparams: Make regtest almost fully customizable by jtimon)
• script: add simple signature support (checker/creator) #16653 (script: add simple signature support (checker/creator) by kallewoof)
• Replace -upgradewallet startup option with upgradewallet RPC #15761 (Replace -upgradewallet startup option with upgradewallet RPC by achow101)
• Restrict timestamp when mining a diff-adjustment block to prev-600 #15481 (Restrict timestamp when mining a diff-adjustment block to prev-600 by TheBlueMatt)
• Make script interpreter independent from storage type CScript #13062 (Make script interpreter independent from storage type CScript by sipa)

If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first.

The code does not seems to be that much to maintain, I would advise though to open a separate pull requests for most changes in validation.cpp/h.

Would be nice to have a contrib/signet/README.md to explain what those sh scripts are supposed to be doing

@MarcoFalke Added README file. Also missing release notes. Since it is Needs Concept Review stage, I am not gonna rush that just yet.

I added a "noteworthy" section to the OP of this PR, which points out a number of changes to existing functionality.

Concept ACK

Thanks for doing this - would be very useful for testing.

🐙 This pull request conflicts with the target branch and needs rebase.

But you need them to have different genesis blocks. For example, the genesis block is the chain_id in lightning networks.

@jtimon per bolt-00 you don't have to use the genesis block as the chain id, so I think it should be fine to use block 1 as the chain id for testing lightning on signet

Well, but in that case, you would need to hardcode the second block instead of the genesis block and you have the same problem @NicolasDorier complains about, no?

I understand that some use cases don't need a chain_id or anything like that, and for those it is fine to have the same the same genesis hash and they don't even care about the second block hash because they won't hardcode that either.
But for lightning, I think you need a chain_id.

Supporting multiple chains doesn't require external software to hardcode every new chain though, that's just a design decision.
Just like bitcoin core generates the hash in a deterministic way, other software can too.
Instead of implementing only a few hardcoded signets or only the default one, external software could implement them all possible signets at once, just like bitcoin core does.

For this, it would help to not mine the genesis block and thus not need to handle the nonce as configurable anywhere, but that's orthogonal.
Sorry to insist, but can we discuss what are the advantages of grinding the genesis block again?

Back to @NicolasDorier 's proposal of committing the challenge to the second block instead of the first one, I'm all fine with that, it's just that I also want to generate chains that do have different genesis blocks when I want to. This could be done, for example, by hashing the network name.
People wanting the same genesis hash could all just leave the default "signet" while others could customize different names, resulting in different genesis blocks, like in #17037

This again would be simpler if the genesis block wasn't mined.

Or perhaps we could even allow both having the challenge being committed on the genesis block or on the second one as a configuration option?

I just want to add to this that, with the hard coded genesis block, all software will still need to re-generate the magic number (message header / message start / whatever you wanna call it) when they switch signets. I think this is significantly easier than a dynamic genesis block hash, but it's still not "plug-and-play" to switch to a different signet. Ping @NicolasDorier.

Closing in favor of #18267.