public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
From: Peter Todd <pete@petertodd.org>
To: Eric Lombrozo <elombrozo@gmail.com>
Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] comments on BIP 100
Date: Mon, 15 Jun 2015 05:11:49 +0100	[thread overview]
Message-ID: <20150615041149.GA13286@muck> (raw)
In-Reply-To: <674CED15-3F4C-4E24-BCA2-3C474CC01708@gmail.com>

[-- Attachment #1: Type: text/plain, Size: 3783 bytes --]

On Sun, Jun 14, 2015 at 05:53:05PM -0700, Eric Lombrozo wrote:
> I think the whole complexity talk is missing the bigger issue.
> 
> Sure, per block validation scales linearly (or quasilinearly…there’s an O(log n) term in there somewhere but it’s probably dominated by linear factors at current levels…asymptotic limits don’t always apply very well to finite systems). And there’s an O(n^2) bandwidth issue.
> 
> The real issue, though, is validation cost. The n in O(n) here does not represent block size - it represents the size of the entire block chain for every new validator that must be synchronized! It means we have no way to construct short proofs (or at least arguments that are computationally *hard* to forge) without requiring the validator to maintain the complete system state. And currently, there is no mechanism for directly compensating validators.

...and can there be? The goal of validation after all is finding if a
mistake has been made, and current production cryptography doesn't have
any way to prove you have done that honestly. You need "moon math" like
recursive SNARKS to do that, and it's unknown when they'll be available
for production usage.

When we say "compensating validators", if we're being honest with
outselves what we really mean is the much more boring task of
compensating servers who are giving us blockchain data. That has nothing
to do with validation.

A useful task would be to make an SPV archival node implementation that
did no validation at all, while distributing the blockchain data linked
to the longest chain. Such an implementation can and should serve SPV
clients, as this is what their actual security model usually is given
the lack of authentication of the identity of the server they're
connecting too. Actually implementing this would be a simple matter of
patching Bitcoin Core to turn off block validation.

> A full validator that goes offline even for a short period of time takes a while to fully catch up to the rest of the network - and starting up a new validator from scratch will continue to be painful…even for those of us who’ve turned this into routine by now, let alone new nontechnical users.

Concretely, 20MB blocks lead to 20GB/week of blocks. On my 1MB/second
down internet, turning on my node after a week away would take five
hours; starting up a new node after two years of 20MB blocks would take
23 days - likely longer in practice.

There's serious unsolved and undiscussed devops and development issues
with this. For instance, after changes to the validation code, it's
routine to resync/reindex Bitcoin Core to ensure starting up a new node
actually works. Even now we haven't really come to grips with what
consistent 1MB blocks looks like from this point of view after a few
years of usage, let another order of magnitude longer sync times.

> Satoshi’s SPV is not a real solution - it’s a mere suggestion that wasn’t fully thought out at the time of the Bitcoin white paper. Besides lacking a good validation security model, practical implementations of it weaken privacy and complicate client implementations substantially…and the worst part, it still doesn’t scale all that well. The validator still has to query every single block (even if filtered) back to the first transaction (which cannot be determined without doing a blockchain scan anyway).

Note how with 20MB blocks it would take up to 1TB of IO per year-synced
for a bloom-filter-using wallet to sync the blockchain. We already have
a bloom IO DoS attack issue - what are the consequences of making that
issue 20x worse? Nobody has analysed it yet.

-- 
'peter'[:-1]@petertodd.org
0000000000000000127ab1d576dc851f374424f1269c4700ccaba2c42d97e778

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 650 bytes --]

  parent reply	other threads:[~2015-06-15  4:12 UTC|newest]

Thread overview: 36+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-06-14 21:23 [Bitcoin-development] comments on BIP 100 Adam Back
2015-06-14 22:23 ` Mike Hearn
2015-06-14 23:58   ` Adam Back
2015-06-15  0:53     ` Eric Lombrozo
2015-06-15  0:55       ` Eric Lombrozo
2015-06-15  4:11       ` Peter Todd [this message]
2015-06-15  4:43         ` Eric Lombrozo
2015-06-15  9:27     ` Mike Hearn
2015-06-15  9:39       ` Eric Lombrozo
2015-06-15 10:24       ` Pieter Wuille
2015-06-15 10:36         ` Mike Hearn
2015-06-15 10:40           ` Pieter Wuille
2015-06-15 10:50             ` Mike Hearn
2015-06-15 11:16               ` Rebroad (sourceforge)
2015-06-15 17:53                 ` Raystonn .
2015-06-15 18:14                   ` Adam Back
2015-06-15 18:57                     ` [Bitcoin-development] The Bitcoin Node Market Raystonn .
2015-06-15 19:18                       ` sickpig
2015-06-15 19:36                         ` Raystonn .
2015-06-15 20:12                           ` sickpig
2015-06-16  3:30                             ` Kevin Greene
2015-06-16  3:41                               ` Luke Dashjr
2015-06-16  3:49                                 ` Kevin Greene
2015-06-16  4:05                                   ` Kevin Greene
2015-06-16  4:12                                   ` Aaron Voisine
2015-06-16  5:28                                   ` justusranvier
2015-06-16  5:30                                     ` Potter QQ
2015-06-16  7:55                                     ` Aaron Voisine
2015-06-16 13:32                                       ` justusranvier
2015-06-16 17:04                                         ` Aaron Voisine
2015-06-16 17:22                                         ` Aaron Voisine
2015-06-16 15:52                                       ` devrandom
2015-06-15  4:43   ` [Bitcoin-development] comments on BIP 100 Peter Todd
2015-06-15  9:06     ` Mike Hearn
2015-06-15  2:28 ` Jeff Garzik
2015-06-15  2:44   ` Jeff Garzik

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20150615041149.GA13286@muck \
    --to=pete@petertodd.org \
    --cc=bitcoin-development@lists.sourceforge.net \
    --cc=elombrozo@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox