From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from sog-mx-4.v43.ch3.sourceforge.com ([172.29.43.194] helo=mx.sourceforge.net) by sfs-ml-1.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1YsG5o-0002Hf-Hz for bitcoin-development@lists.sourceforge.net; Tue, 12 May 2015 19:43:52 +0000 Received-SPF: pass (sog-mx-4.v43.ch3.sourceforge.com: domain of gmail.com designates 209.85.220.54 as permitted sender) client-ip=209.85.220.54; envelope-from=gappleto97@gmail.com; helo=mail-pa0-f54.google.com; Received: from mail-pa0-f54.google.com ([209.85.220.54]) by sog-mx-4.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1YsG5n-000579-35 for bitcoin-development@lists.sourceforge.net; Tue, 12 May 2015 19:43:52 +0000 Received: by pacwv17 with SMTP id wv17so24067091pac.0 for ; Tue, 12 May 2015 12:43:45 -0700 (PDT) MIME-Version: 1.0 X-Received: by 10.68.224.72 with SMTP id ra8mr31023514pbc.29.1431459825253; Tue, 12 May 2015 12:43:45 -0700 (PDT) Received: by 10.66.85.165 with HTTP; Tue, 12 May 2015 12:43:45 -0700 (PDT) Received: by 10.66.85.165 with HTTP; Tue, 12 May 2015 12:43:45 -0700 (PDT) In-Reply-To: References: <20150512171640.GA32606@savin.petertodd.org> Date: Tue, 12 May 2015 15:43:45 -0400 Message-ID: From: gabe appleton To: Jeff Garzik Content-Type: multipart/alternative; boundary=047d7b2e0979650a320515e7b64f X-Spam-Score: -0.3 (/) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (gappleto97[at]gmail.com) -0.0 SPF_PASS SPF: sender matches SPF record 0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in digit (gappleto97[at]gmail.com) 1.0 HTML_MESSAGE BODY: HTML included in message -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.0 AWL AWL: Adjusted score from AWL reputation of From: address X-Headers-End: 1YsG5n-000579-35 Cc: Bitcoin Dev Subject: Re: [Bitcoin-development] Proposed additional options for pruned nodes X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 May 2015 19:43:52 -0000 --047d7b2e0979650a320515e7b64f Content-Type: text/plain; charset=UTF-8 Yet this holds true in our current assumptions of the network as well: that it will become a collection of pruned nodes with a few storage nodes. A hybrid option makes this better, because it spreads the risk, rather than concentrating it in full nodes. On May 12, 2015 3:38 PM, "Jeff Garzik" wrote: > One general problem is that security is weakened when an attacker can DoS > a small part of the chain by DoS'ing a small number of nodes - yet the > impact is a network-wide DoS because nobody can complete a sync. > > > On Tue, May 12, 2015 at 12:24 PM, gabe appleton > wrote: > >> 0, 1, 3, 4, 5, 6 can be solved by looking at chunks chronologically. Ie, >> give the signed (by sender) hash of the first and last block in your range. >> This is less data dense than the idea above, but it might work better. >> >> That said, this is likely a less secure way to do it. To improve upon >> that, a node could request a block of random height within that range and >> verify it, but that violates point 2. And the scheme in itself definitely >> violates point 7. >> On May 12, 2015 3:07 PM, "Gregory Maxwell" wrote: >> >>> It's a little frustrating to see this just repeated without even >>> paying attention to the desirable characteristics from the prior >>> discussions. >>> >>> Summarizing from memory: >>> >>> (0) Block coverage should have locality; historical blocks are >>> (almost) always needed in contiguous ranges. Having random peers >>> with totally random blocks would be horrific for performance; as you'd >>> have to hunt down a working peer and make a connection for each block >>> with high probability. >>> >>> (1) Block storage on nodes with a fraction of the history should not >>> depend on believing random peers; because listening to peers can >>> easily create attacks (e.g. someone could break the network; by >>> convincing nodes to become unbalanced) and not useful-- it's not like >>> the blockchain is substantially different for anyone; if you're to the >>> point of needing to know coverage to fill then something is wrong. >>> Gaps would be handled by archive nodes, so there is no reason to >>> increase vulnerability by doing anything but behaving uniformly. >>> >>> (2) The decision to contact a node should need O(1) communications, >>> not just because of the delay of chasing around just to find who has >>> someone; but because that chasing process usually makes the process >>> _highly_ sybil vulnerable. >>> >>> (3) The expression of what blocks a node has should be compact (e.g. >>> not a dense list of blocks) so it can be rumored efficiently. >>> >>> (4) Figuring out what block (ranges) a peer has given should be >>> computationally efficient. >>> >>> (5) The communication about what blocks a node has should be compact. >>> >>> (6) The coverage created by the network should be uniform, and should >>> remain uniform as the blockchain grows; ideally it you shouldn't need >>> to update your state to know what blocks a peer will store in the >>> future, assuming that it doesn't change the amount of data its >>> planning to use. (What Tier Nolan proposes sounds like it fails this >>> point) >>> >>> (7) Growth of the blockchain shouldn't cause much (or any) need to >>> refetch old blocks. >>> >>> I've previously proposed schemes which come close but fail one of the >>> above. >>> >>> (e.g. a scheme based on reservoir sampling that gives uniform >>> selection of contiguous ranges, communicating only 64 bits of data to >>> know what blocks a node claims to have, remaining totally uniform as >>> the chain grows, without any need to refetch -- but needs O(height) >>> work to figure out what blocks a peer has from the data it >>> communicated.; or another scheme based on consistent hashes that has >>> log(height) computation; but sometimes may result in a node needing to >>> go refetch an old block range it previously didn't store-- creating >>> re-balancing traffic.) >>> >>> So far something that meets all those criteria (and/or whatever ones >>> I'm not remembering) has not been discovered; but I don't really think >>> much time has been spent on it. I think its very likely possible. >>> >>> >>> ------------------------------------------------------------------------------ >>> One dashboard for servers and applications across Physical-Virtual-Cloud >>> Widest out-of-the-box monitoring support with 50+ applications >>> Performance metrics, stats and reports that give you Actionable Insights >>> Deep dive visibility with transaction tracing using APM Insight. >>> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y >>> _______________________________________________ >>> Bitcoin-development mailing list >>> Bitcoin-development@lists.sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/bitcoin-development >>> >> >> >> ------------------------------------------------------------------------------ >> One dashboard for servers and applications across Physical-Virtual-Cloud >> Widest out-of-the-box monitoring support with 50+ applications >> Performance metrics, stats and reports that give you Actionable Insights >> Deep dive visibility with transaction tracing using APM Insight. >> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y >> _______________________________________________ >> Bitcoin-development mailing list >> Bitcoin-development@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/bitcoin-development >> >> > > > -- > Jeff Garzik > Bitcoin core developer and open source evangelist > BitPay, Inc. https://bitpay.com/ > --047d7b2e0979650a320515e7b64f Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

Yet this holds true in our current assumptions of the networ= k as well: that it will become a collection of pruned nodes with a few stor= age nodes.

A hybrid option makes this better, because it spreads the ri= sk, rather than concentrating it in full nodes.

On May 12, 2015 3:38 PM, "Jeff Garzik"= <jgarzik@bitpay.com> wrote= :
O= ne general problem is that security is weakened when an attacker can DoS a = small part of the chain by DoS'ing a small number of nodes - yet the im= pact is a network-wide DoS because nobody can complete a sync.


On Tue, M= ay 12, 2015 at 12:24 PM, gabe appleton <gappleto97@gmail.com> wrote:

0, 1, 3, 4, 5,= 6 can be solved by looking at chunks chronologically. Ie, give the signed = (by sender) hash of the first and last block in your range. This is less da= ta dense than the idea above, but it might work better.

That said, this is likely a less secure way to do it. To imp= rove upon that, a node could request a block of random height within that r= ange and verify it, but that violates point 2. And the scheme in itself def= initely violates point 7.

On May 12, 2015 3:07 PM, "Gregory Maxwell&q= uot; <gmaxwell@g= mail.com> wrote:
It's a little frustrating to see this just repeated without even paying attention to the desirable characteristics from the prior
discussions.

Summarizing from memory:

(0) Block coverage should have locality; historical blocks are
(almost) always needed in contiguous ranges.=C2=A0 =C2=A0Having random peer= s
with totally random blocks would be horrific for performance; as you'd<= br> have to hunt down a working peer and make a connection for each block
with high probability.

(1) Block storage on nodes with a fraction of the history should not
depend on believing random peers; because listening to peers can
easily create attacks (e.g. someone could break the network; by
convincing nodes to become unbalanced) and not useful-- it's not like the blockchain is substantially different for anyone; if you're to the<= br> point of needing to know coverage to fill then something is wrong.
Gaps would be handled by archive nodes, so there is no reason to
increase vulnerability by doing anything but behaving uniformly.

(2) The decision to contact a node should need O(1) communications,
not just because of the delay of chasing around just to find who has
someone; but because that chasing process usually makes the process
_highly_ sybil vulnerable.

(3) The expression of what blocks a node has should be compact (e.g.
not a dense list of blocks) so it can be rumored efficiently.

(4) Figuring out what block (ranges) a peer has given should be
computationally efficient.

(5) The communication about what blocks a node has should be compact.

(6) The coverage created by the network should be uniform, and should
remain uniform as the blockchain grows; ideally it you shouldn't need to update your state to know what blocks a peer will store in the
future, assuming that it doesn't change the amount of data its
planning to use. (What Tier Nolan proposes sounds like it fails this
point)

(7) Growth of the blockchain shouldn't cause much (or any) need to
refetch old blocks.

I've previously proposed schemes which come close but fail one of the a= bove.

(e.g. a scheme based on reservoir sampling that gives uniform
selection of contiguous ranges, communicating only 64 bits of data to
know what blocks a node claims to have, remaining totally uniform as
the chain grows, without any need to refetch -- but needs O(height)
work to figure out what blocks a peer has from the data it
communicated.;=C2=A0 =C2=A0or another scheme based on consistent hashes tha= t has
log(height) computation; but sometimes may result in a node needing to
go refetch an old block range it previously didn't store-- creating
re-balancing traffic.)

So far something that meets all those criteria (and/or whatever ones
I'm not remembering) has not been discovered; but I don't really th= ink
much time has been spent on it. I think its very likely possible.

---------------------------------------------------------------------------= ---
One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-de= velopment

-----------------------------------------------------------= -------------------
One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
= _______________________________________________
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-de= velopment




--
Jef= f Garzik
Bitcoin core developer and open source evangelist
BitPay, In= c. =C2=A0 =C2=A0 =C2=A0ht= tps://bitpay.com/
--047d7b2e0979650a320515e7b64f--