Andy Parkins [ARCHIVE] on Nostr: 📅 Original date posted:2013-07-23 📝 Original message:On Tuesday 23 July 2013 ...
📅 Original date posted:2013-07-23
📝 Original message:On Tuesday 23 July 2013 11:17:28 Peter Todd wrote:
> On Tue, Jul 23, 2013 at 11:00:24AM +0100, Andy Parkins wrote:
> > > Increasing the resource usage by SPV clients on full nodes is
> > > undesirable;
> >
> > I don't think that's thinking big enough. What I imagine is that making
> > it easier and easier to store a partial blockchain would result in lower
> > demand on full nodes.
>
> Read my proposal for "Partial UTXO" mode:
> http://www.mail-archive.com/bitcoin-development@lists.sourceforge.net/msg02
> 511.html
Very interesting. I love the idea of the UTXO set being tied to a block.
> > I might run a client that has only fetched blocks that contain
> > transactions needed to verify my balances, right back to the genesis
> > block. That will be some small subset of the block chain and will take
> > me very little resource to maintain. I join the network and am my
> > client is willing to verify based on information I have, or supply (by
> > REST or bitcoin protocol) blocks. Imagine then that everyone with a
> > wallet were doing this. The blockchain would be distributed massively.
> > Obviously the miners would still be keeping the entire chain, but we'd
> > have a lot more nodes in the network, each contributing a little bit and
> > so reducing the load on the full nodes.
>
> Actually the really scary thing about partial UTXO mode is miners can
> get away without keeping the entire chain provided they don't (often)
> try to mine transactions spending UTXO's that they haven't verified
> themselves.
You're right. That is scary.
> > > In any case UTXO data currently requires you to have full trust in
> > > whomever is providing you with it, and that situation will continue
> > > until UTXO commitments are implemented - if they are implemented.
> >
> > Almost; because you can go and ask someone else the same question, it's
> > pretty
>
> How do you know they actually are someone else?
You don't. You can't invalidate the lie if all you have access to is lies.
But if you have access to just one honest node; that will reveal the liars.
I'm not claiming that headers-only nodes can ever be made as secure as a full
node. Just _more_ secure than they are now; and potentially able to act as
one of those honest nodes.
> > easy to check if you're being lied to. Also, it's far easier to maintain
> > a headers-only block chain. When you fetch your relevant block subset,
> > you can easily see that they are real blocks in your headers-only
> > blockchain; and so it's pretty much impossible to lie to "give me the
> > block containing transaction X".
>
> Do you think you have SPV or full security in that situation?
> Do you know the difference?
There is absolutely no need to get condescendingly shirty. I thought this was
a friendly list; and we were having a discussion. If you don't want to
respond to posts -- don't. I also didn't realise I had to pass an exam before
I was allowed to speak.
Yes: I know the difference between SPV and full security. SPV is headers only
and so has no way to verify that the transaction outputs references as inputs
to any new as-yet-unverified transaction are valid. Instead it relies on
having some way of proving it's in the chain; and then looking for the number
of blocks built on top of it as "verification". "Full security" (which is
itself a very poor name), is obviously just checking that every output
referenced in the inputs is unspent; that necessarily requires full blocks.
The difference in security being that in SPV there is no way to know if the
referenced Unspent TransaXtion Output really is unspent -- it might have been
spent elsewhere then referenced again in this new transaction.
My suggestion was that we want to be able to fetch a block by transaction; and
that simple nodes can all, in aggregate offer contribution to the network
rather than just being parasitical on the full nodes. When I ask for a block
that contains a transaction, and I do that repeatedly, I have part of the
block chain. If lots of simple nodes are doing that, then the whole chain
should be available if there are enough of them. They would then gain the
ability to do transaction-forwarding in some cases. This is only possible if
a few extra facilities are added to the protocol. One of which is the new
feature I suggested: block-given-transaction. It's not enough on its own, but
if you also add in the ability for a node to tell another about the output
transactions (basically, what block spends it), _then_ the simple nodes are
able to become much more secure -- not 100% of course, they're still not full
nodes, because they have no way of knowing if they are being lied to when they
are told (this transaction is unspent), but all it takes is one honest node to
point them at the truth, and the lie is then exposed.
That facility is just a drain on full nodes for the most part; except if you
start encouraging it whole-sale. The simple node would keep cache both the
incoming and outgoing transactions (or rather the blocks that contain them)
for addresses to which they are paying attention. That gives them a cache
that contains more than just their minimal set; and then they are able to do
just a little bit of verifying on their own. With enough nodes of this sort,
the verification load is reduced.
Perhaps all that effort is not worth it for the tiny reduction. Perhaps it's
not true that that contribution of verification adds nothing. I can live with
those objections. But "do I know the difference" as a reposte? Not so much.
Anyway; going by your post on partial UTXO's; you're well ahead of the game,
and I'm not suggesting anything that hasn't already been thought of, and
thought of better. I'm not sure why you took umbridge at my idea, when it
seems like I'm just a few steps behind what you've already thought of. Not
everything is an attack you know?
Andy
--
Dr Andy Parkins
andyparkins at gmail.com
📝 Original message:On Tuesday 23 July 2013 11:17:28 Peter Todd wrote:
> On Tue, Jul 23, 2013 at 11:00:24AM +0100, Andy Parkins wrote:
> > > Increasing the resource usage by SPV clients on full nodes is
> > > undesirable;
> >
> > I don't think that's thinking big enough. What I imagine is that making
> > it easier and easier to store a partial blockchain would result in lower
> > demand on full nodes.
>
> Read my proposal for "Partial UTXO" mode:
> http://www.mail-archive.com/bitcoin-development@lists.sourceforge.net/msg02
> 511.html
Very interesting. I love the idea of the UTXO set being tied to a block.
> > I might run a client that has only fetched blocks that contain
> > transactions needed to verify my balances, right back to the genesis
> > block. That will be some small subset of the block chain and will take
> > me very little resource to maintain. I join the network and am my
> > client is willing to verify based on information I have, or supply (by
> > REST or bitcoin protocol) blocks. Imagine then that everyone with a
> > wallet were doing this. The blockchain would be distributed massively.
> > Obviously the miners would still be keeping the entire chain, but we'd
> > have a lot more nodes in the network, each contributing a little bit and
> > so reducing the load on the full nodes.
>
> Actually the really scary thing about partial UTXO mode is miners can
> get away without keeping the entire chain provided they don't (often)
> try to mine transactions spending UTXO's that they haven't verified
> themselves.
You're right. That is scary.
> > > In any case UTXO data currently requires you to have full trust in
> > > whomever is providing you with it, and that situation will continue
> > > until UTXO commitments are implemented - if they are implemented.
> >
> > Almost; because you can go and ask someone else the same question, it's
> > pretty
>
> How do you know they actually are someone else?
You don't. You can't invalidate the lie if all you have access to is lies.
But if you have access to just one honest node; that will reveal the liars.
I'm not claiming that headers-only nodes can ever be made as secure as a full
node. Just _more_ secure than they are now; and potentially able to act as
one of those honest nodes.
> > easy to check if you're being lied to. Also, it's far easier to maintain
> > a headers-only block chain. When you fetch your relevant block subset,
> > you can easily see that they are real blocks in your headers-only
> > blockchain; and so it's pretty much impossible to lie to "give me the
> > block containing transaction X".
>
> Do you think you have SPV or full security in that situation?
> Do you know the difference?
There is absolutely no need to get condescendingly shirty. I thought this was
a friendly list; and we were having a discussion. If you don't want to
respond to posts -- don't. I also didn't realise I had to pass an exam before
I was allowed to speak.
Yes: I know the difference between SPV and full security. SPV is headers only
and so has no way to verify that the transaction outputs references as inputs
to any new as-yet-unverified transaction are valid. Instead it relies on
having some way of proving it's in the chain; and then looking for the number
of blocks built on top of it as "verification". "Full security" (which is
itself a very poor name), is obviously just checking that every output
referenced in the inputs is unspent; that necessarily requires full blocks.
The difference in security being that in SPV there is no way to know if the
referenced Unspent TransaXtion Output really is unspent -- it might have been
spent elsewhere then referenced again in this new transaction.
My suggestion was that we want to be able to fetch a block by transaction; and
that simple nodes can all, in aggregate offer contribution to the network
rather than just being parasitical on the full nodes. When I ask for a block
that contains a transaction, and I do that repeatedly, I have part of the
block chain. If lots of simple nodes are doing that, then the whole chain
should be available if there are enough of them. They would then gain the
ability to do transaction-forwarding in some cases. This is only possible if
a few extra facilities are added to the protocol. One of which is the new
feature I suggested: block-given-transaction. It's not enough on its own, but
if you also add in the ability for a node to tell another about the output
transactions (basically, what block spends it), _then_ the simple nodes are
able to become much more secure -- not 100% of course, they're still not full
nodes, because they have no way of knowing if they are being lied to when they
are told (this transaction is unspent), but all it takes is one honest node to
point them at the truth, and the lie is then exposed.
That facility is just a drain on full nodes for the most part; except if you
start encouraging it whole-sale. The simple node would keep cache both the
incoming and outgoing transactions (or rather the blocks that contain them)
for addresses to which they are paying attention. That gives them a cache
that contains more than just their minimal set; and then they are able to do
just a little bit of verifying on their own. With enough nodes of this sort,
the verification load is reduced.
Perhaps all that effort is not worth it for the tiny reduction. Perhaps it's
not true that that contribution of verification adds nothing. I can live with
those objections. But "do I know the difference" as a reposte? Not so much.
Anyway; going by your post on partial UTXO's; you're well ahead of the game,
and I'm not suggesting anything that hasn't already been thought of, and
thought of better. I'm not sure why you took umbridge at my idea, when it
seems like I'm just a few steps behind what you've already thought of. Not
everything is an attack you know?
Andy
--
Dr Andy Parkins
andyparkins at gmail.com