public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
* Re: [bitcoin-dev] Hash-based accumulators with quick insertion
@ 2020-06-08 22:01 German Luna
  0 siblings, 0 replies; 2+ messages in thread
From: German Luna @ 2020-06-08 22:01 UTC (permalink / raw)
  To: Bitcoin Protocol Discussion, salvatore.ingala

[-- Attachment #1: Type: text/plain, Size: 663 bytes --]

Interesting work! I should be fortunate to make time to read it.

I will point out, in case you'd not considered it, that you can support
addition and removal indirectly by formulating it as a difference of sets.
Similar to the collision-resistant replicated data types (CRDTs) concept.
Checking for membership would simply become CheckMembershipInAdditionSet &&
!CheckMembershipInRemovalSet, assuming an item could only be added/removed
once. You could also perhaps support multiple addition/removal by attaching
a count of how many times it's been added though that might break some of
the building blocks in the paper.

-- 
Germán
Mathematician

[-- Attachment #2: Type: text/html, Size: 834 bytes --]

^ permalink raw reply	[flat|nested] 2+ messages in thread
* [bitcoin-dev] Hash-based accumulators with quick insertion
@ 2020-06-08  9:28 Salvatore Ingala
  0 siblings, 0 replies; 2+ messages in thread
From: Salvatore Ingala @ 2020-06-08  9:28 UTC (permalink / raw)
  To: bitcoin-dev

[-- Attachment #1: Type: text/plain, Size: 1990 bytes --]

Dear all,

I have been working on some constructions for cryptographic accumulators
that optimise for quick insertion.

As a brief background, an accumulator is a data structure that maintains
compact commitments to a potentially very large (and dynamic) set, while
keeping proofs of membership short. Unsurprisingly, they are getting more
popular, and one notable application in Bitcoin is to create light-weight
full nodes that do not need to store the UTXO set (Utreexo accumulator[1]).

In this work, I focus on additive accumulators that supports adding new
elements, but not removing them. My motivation is to support extending
Script with access to an arbitrarily large portion of the blockchain
history and state (e.g., past blocks, txids, or any more complex state
obtained from them - with all due care). The additional storage and
computation cost for nodes is small, and the cost (in additional bytesize)
for any transaction that wishes to access state committed in the
accumulator should be just slightly bigger than typical Merkle proofs.

I have focused on:
- An accumulator with insertion time O(1) and proof size O(log^2 n)
- A construction with insertion time O(log log n) and proof size O(log n
log log n)

All the performance metrics above are in "number of hashes".

You can find:
- draft writeup:
https://github.com/bigspider/accumulator/blob/master/docs/paper-draft.pdf
- sample python code (only for the first construction at this time):
https://github.com/bigspider/accumulator

While this is still an unfinished work, the ideas in the draft are
hopefully clear enough and easy to understand. I wanted to share it at this
stage as it can benefit from comments to improve the constructions, to
cover any related work or to find potential applications in Bitcoin (e.g.
Script, layer2, side chains, etc).

Best,
Salvatore Ingala

[1] - Thaddeus Dryja, Utreexo: A dynamic hash-based accumulator optimized
for the Bitcoin UTXO set - https://eprint.iacr.org/2019/611.pdf

[-- Attachment #2: Type: text/html, Size: 2309 bytes --]

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2020-06-08 22:01 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-06-08 22:01 [bitcoin-dev] Hash-based accumulators with quick insertion German Luna
  -- strict thread matches above, loose matches on Subject: below --
2020-06-08  9:28 Salvatore Ingala

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox