From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from sog-mx-3.v43.ch3.sourceforge.com ([172.29.43.193] helo=mx.sourceforge.net) by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1Z4siC-0000jJ-Bs for bitcoin-development@lists.sourceforge.net; Tue, 16 Jun 2015 15:23:40 +0000 Received-SPF: pass (sog-mx-3.v43.ch3.sourceforge.com: domain of gmail.com designates 209.85.223.182 as permitted sender) client-ip=209.85.223.182; envelope-from=akaramaoun@gmail.com; helo=mail-ie0-f182.google.com; Received: from mail-ie0-f182.google.com ([209.85.223.182]) by sog-mx-3.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1Z4siA-0000Hs-Un for bitcoin-development@lists.sourceforge.net; Tue, 16 Jun 2015 15:23:40 +0000 Received: by iebgx4 with SMTP id gx4so15115811ieb.0 for ; Tue, 16 Jun 2015 08:23:33 -0700 (PDT) MIME-Version: 1.0 X-Received: by 10.107.36.84 with SMTP id k81mr1238167iok.35.1434468213573; Tue, 16 Jun 2015 08:23:33 -0700 (PDT) Sender: akaramaoun@gmail.com Received: by 10.64.20.229 with HTTP; Tue, 16 Jun 2015 08:23:33 -0700 (PDT) In-Reply-To: References: <557D2571.601@gmail.com> Date: Tue, 16 Jun 2015 15:23:33 +0000 X-Google-Sender-Auth: 3RRV21iPbxTKm6BUIhuPn9_gL1I Message-ID: From: Andrew To: Mike Hearn Content-Type: multipart/alternative; boundary=001a114027a44fcef90518a428d5 X-Spam-Score: -0.6 (/) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (akaramaoun[at]gmail.com) -0.0 SPF_PASS SPF: sender matches SPF record 1.0 HTML_MESSAGE BODY: HTML included in message -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-Headers-End: 1Z4siA-0000Hs-Un Cc: Bitcoin Dev Subject: Re: [Bitcoin-development] Scaling Bitcoin with Subchains X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Jun 2015 15:23:40 -0000 --001a114027a44fcef90518a428d5 Content-Type: text/plain; charset=UTF-8 Let me ask a simpler question. How do you prove the state of the UTXO database corresponding to your wallet? With my subchain method, all the addresses in a wallet can be constrained to a path of subchains, so the proof is O(log n). Yes, I know some people will say that it is not really a proof because I didn't verify the transactions involving sibling chains outside my path of chains. But the protocol is "parent chain always decides in case of conflict". And the parent chains will have an incentive to be careful with what child blocks they commit to as they will be merge mining the (direct) child chains. Yes, the parents can make a mistake with some really deep children chain transactions, but the deeper you go, the less value the transactions, and the less important. Also, the children of the parents are parents themselves so they will have incentive to be careful with what child chains they commit to. So recursively, the system takes care of itself. I challenge anyone to come up with a <= O(log n) proof that each address (output) they have in their wallet really has the balance they think it has. If someone can do this, then maybe I will drop this idea. Actually, rusty asked this on #bitcoin-wizards last night and no one was able to answer it. On Mon, Jun 15, 2015 at 6:00 PM, Andrew wrote: > Pieter: I kind of see your point (but I think you're missing some key > points). You mean just download all the headers and then just verify the > transactions you filter out by using their corresponding merkle trees, > right? But still, I don't think that would scale as well as with the tree > structure I propose. Because, firstly, you don't really need the headers of > the sibling chains. You just need the headers of the parent chains since > the parent verifies all the siblings. All you really need in a typical > (non-mining) situation is the headers or full blocks in one path going down > the tree starting from the root chain. So that means O(log n) needs to be > stored (headers or blocks) (n the number of transaction on the network). > With big blocks, you still need O(n) headers. I know headers are small, but > still they take up space and verification time. Also, since you are storing > the full blocks on the chains you want, you are validating the headers of > those blocks and you are sure that you are seeing all transactions on those > blocks. And if certain addresses must stay on those blocks, you will know > that you are catching all of the transactions corresponding to those > blocks. If you just filter out based on addresses or other criteria, you > can be denied some of those transactions by full nodes, and you may not > know about it. Say for example, your government representative publishes on > of his public addresses that is used for paying for expenses. Then with my > system, you can be sure to catch every transaction being spent from that > address (or UTXO or whatever you want to call it). If you just filter on > any transaction that includes that address, you may not catch all of those > transactions. Same with incoming funds. > > There are also advantages for mining decentralization as I have explained > in my previous posts. So still not sure you are right here... > > Thanks > > On Mon, Jun 15, 2015 at 5:18 PM, Mike Hearn wrote: > >> It's simple: either you care about validation, and you must validate >>> everything, or you don't, and you don't validate anything. >>> >> Pedantically: you could validate a random subset of all scripts, to give >> yourself probabilistic verification rather than full vs SPV. If enough >> people do it with a large enough subset the probability of a problem being >> detected goes up a lot. You still pay the cost of the database updates. >> >> But your main point is of course completely right, that side chains are >> not a way to scale up. >> > > > > -- > PGP: B6AC 822C 451D 6304 6A28 49E9 7DB7 011C D53B 5647 > -- PGP: B6AC 822C 451D 6304 6A28 49E9 7DB7 011C D53B 5647 --001a114027a44fcef90518a428d5 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Let me ask a simpler question. How do you prove the s= tate of the UTXO database corresponding to your wallet? With my subchain me= thod, all the addresses in a wallet can be constrained to a path of subchai= ns, so the proof is O(log n). Yes, I know some people will say that it is n= ot really a proof because I didn't verify the transactions involving si= bling chains outside my path of chains. But the protocol is "parent ch= ain always decides in case of conflict". And the parent chains will ha= ve an incentive to be careful with what child blocks they commit to as they= will be merge mining the (direct) child chains. Yes, the parents can make = a mistake with some really deep children chain transactions, but the deeper= you go, the less value the transactions, and the less important. Also, the= children of the parents are parents themselves so they will have incentive= to be careful with what child chains they commit to. So recursively, the s= ystem takes care of itself.

I challenge anyone to come up with= a <=3D O(log n) proof that each address (output) they have in their wal= let really has the balance they think it has. If someone can do this, then = maybe I will drop this idea. Actually, rusty asked this on #bitcoin-wizards= last night and no one was able to answer it.

On Mon, Jun 15, 2015 at 6:00 PM, Andr= ew <onelineproof@gmail.com> wrote:
Pieter: I kind of see your point (but I th= ink you're missing some key points). You mean just download all the hea= ders and then just verify the transactions you filter out by using their co= rresponding merkle trees, right? But still, I don't think that would sc= ale as well as with the tree structure I propose. Because, firstly, you don= 't really need the headers of the sibling chains. You just need the hea= ders of the parent chains since the parent verifies all the siblings. All y= ou really need in a typical (non-mining) situation is the headers or full b= locks in one path going down the tree starting from the root chain. So that= means O(log n) needs to be stored (headers or blocks) (n the number of tra= nsaction on the network). With big blocks, you still need O(n) headers. I k= now headers are small, but still they take up space and verification time. = Also, since you are storing the full blocks on the chains you want, you are= validating the headers of those blocks and you are sure that you are seein= g all transactions on those blocks. And if certain addresses must stay on t= hose blocks, you will know that you are catching all of the transactions co= rresponding to those blocks. If you just filter out based on addresses or o= ther criteria, you can be denied some of those transactions by full nodes, = and you may not know about it. Say for example, your government representat= ive publishes on of his public addresses that is used for paying for expens= es. Then with my system, you can be sure to catch every transaction being s= pent from that address (or UTXO or whatever you want to call it). If you ju= st filter on any transaction that includes that address, you may not catch = all of those transactions. Same with incoming funds.

There are also = advantages for mining decentralization as I have explained in my previous p= osts. So still not sure you are right here...

Thanks

= On Mon, Jun 15, 2015 at 5:18 PM, Mike Hearn <mike@plan99.net> wrote:

It's simple: either you care about validation, and you = must validate everything, or you don't, and you don't validate anyt= hing.

Pedantically: you could validate a random= subset of all scripts, to give yourself probabilistic verification rather = than full vs SPV. If enough people do it with a large enough subset the pro= bability of a problem being detected goes up a lot. You still pay the cost = of the database updates.

But your main point is of= course completely right, that side chains are not a way to scale up.=C2=A0=



-= -
PGP: B6AC 822C 451D 6304 6A28 =C2=A049E9 7DB7 011C D53B 5647



--
PGP: B6AC 822C 451D 6304 6A28 =C2=A049E9 7DB7 011C D53B 5647
--001a114027a44fcef90518a428d5--