From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id A3E2088A for ; Thu, 8 Jun 2017 09:50:10 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from out1-smtp.messagingengine.com (out1-smtp.messagingengine.com [66.111.4.25]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 9CFA412A for ; Thu, 8 Jun 2017 09:50:09 +0000 (UTC) Received: from compute2.internal (compute2.nyi.internal [10.202.2.42]) by mailout.nyi.internal (Postfix) with ESMTP id DB99E20AD6 for ; Thu, 8 Jun 2017 05:50:08 -0400 (EDT) Received: from web3 ([10.202.2.213]) by compute2.internal (MEProxy); Thu, 08 Jun 2017 05:50:08 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=KH81OJ IZ9R90xMfaakBc6/OJuhcU4xjAc/9FSFVlP1U=; b=ql+Y//QII64XFlZWWjyIZ8 Q62Ho+iGuKGQs2kLKhBhmb0F/X5WCBBp4hMpVbbRhoFmPg6KxOdcNpKcXcxqIbyo eMSFzAP59L9Lk8vrdLYbNTaqQa56zDhs8Ta2NeU45c7jorQe2rpkZ1NCsrSG9dp5 lY+u9jVi/7zxtdU8xqL3QmtCfxbRpDQuWFmCzI9lZsNtcxEuxZs9Lo7Aowg4OVDn MDO2uCHewOWkpGmXOYCkcqtpUfWCuHR5LvuCWE9HPUZ7/KWg+FYZrYWFPPMM0ty7 q6Mu9DzuUAaRf5RHZlXm64/Fuea+cKJy2bcIxI0UHI4Nbunczbt+M6qekPcZ19Og == X-ME-Sender: Received: by mailuser.nyi.internal (Postfix, from userid 99) id B76029ED8F; Thu, 8 Jun 2017 05:50:08 -0400 (EDT) Message-Id: <1496915408.1583369.1002689000.641E8EAB@webmail.messagingengine.com> From: Tomas To: bitcoin-dev@lists.linuxfoundation.org MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: multipart/alternative; boundary="_----------=_149691540815833692" X-Mailer: MessagingEngine.com Webmail Interface - ajax-72fcb609 In-Reply-To: References: Date: Thu, 08 Jun 2017 11:50:08 +0200 X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HTML_MESSAGE,RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org X-Mailman-Approved-At: Thu, 08 Jun 2017 13:31:41 +0000 Subject: Re: [bitcoin-dev] BIP Proposal: Compact Client Side Filtering for Light Clients X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Jun 2017 09:50:10 -0000 This is a multi-part message in MIME format. --_----------=_149691540815833692 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="utf-8" On Thu, Jun 1, 2017, at 21:01, Olaoluwa Osuntokun via bitcoin-dev wrote:> Hi y'all, > > Alex Akselrod and I would like to propose a new light client BIP for > consideration: > * https://github.com/Roasbeef/bips/blob/master/gcs_light_client.mediawiki> > Very interesting. I would like to consider how this compares to another light client type with rather different security characteristics where each client would receive for each transaction in each block, * The TXID (uncompressed) * The spent outpoints (with TXIDs compressed) * The pubkey hash (compressed to reasonable amount of false positives) A rough estimate would indicate this to be about 2-2.5x as big per block as your proposal, but comes with rather different security characteristics, and would not require download since genesis. The client could verify the TXIDs against the merkle root with a much stronger (PoW) guarantee compared to the guarantee based on the assumption of peers being distinct, which your proposal seems to make. Like your proposal this removes the privacy and processing issues from server-side filtering, but unlike your proposal retrieval of all txids in each block can also serve for a basis of fraud proofs and (disprovable) fraud hints, without resorting to full block downloads. I don't completely understand the benefit of making the outpoints and pubkey hashes (weakly) verifiable. These only serve as notifications and therefore do not seem to introduce an attack vector. Omitting data is always possible, so receiving data is a prerequisite for verification, not an assumption that can be made. How could an attacker benefit from "hiding notifications"? I think client-side filtering is definitely an important route to take, but is it worth compressing away the information to verify the merkle root? Regards, Tomas van der Wansem bitcrust --_----------=_149691540815833692 Content-Transfer-Encoding: 7bit Content-Type: text/html; charset="utf-8"
On Thu, Jun 1, 2017, at 21:01, Olaoluwa Osuntokun via bitcoin-dev wrote:
Hi y'all, 

Alex Akselrod and I would like to propose a new light client BIP for
consideration: 



Very interesting.

I would like to consider how this compares to another light client type with rather different security characteristics where each client would receive for each transaction in each block,

* The TXID (uncompressed)
* The spent outpoints (with TXIDs compressed)
* The pubkey hash (compressed to reasonable amount of false positives)

A rough estimate would indicate this to be about 2-2.5x as big per block as your proposal, but comes with rather different security characteristics, and would not require download since genesis.

The client could verify the TXIDs against the merkle root with a much stronger (PoW) guarantee compared to the guarantee based on the assumption of peers being distinct, which your proposal seems to make. Like your proposal this removes the privacy and processing  issues from server-side filtering, but unlike your proposal retrieval of all txids in each block can also serve for a basis of fraud proofs and (disprovable) fraud hints, without resorting to full block downloads.

I don't completely understand the benefit of making the outpoints and pubkey hashes (weakly) verifiable. These only serve as notifications and therefore do not seem to introduce an attack vector. Omitting data is always possible, so receiving data is a prerequisite for verification, not an assumption that can be made.  How could an attacker benefit from "hiding notifications"?

I think client-side filtering is definitely an important route to take, but is it worth compressing away the information to verify the merkle root?

Regards,
Tomas van der Wansem
bitcrust

--_----------=_149691540815833692--