Discussion:
Original Vision
(too old to reply)
Santino Napolitano
2015-06-28 00:14:08 UTC
Permalink
There is much heated debate going on right now and I know it can be very stressful but I'd like to point out that it is really amazing how passionately so many feel about this once very small project. Let's not forget there is something really special going on here and we're all part of it.

The current debate has little to do with block size or hard-forks, IMO. It's about the nature of Bitcoin and what it means to people and how it will grow. I would like to take a moment to share my interpretation of the original author's intent based on everything I could find and read from this person. This is not to say their original vision is paramount-- or even that I got it completely correct but I think it might do us some good to think about.

It seems as though the incentive conceived of for running a full network node was that it would enable mining. The proceeds from mining (new coins and transaction fees) would be the reward and provide a reason to continue operating these nodes. If fees are ever to be a sufficient reward and still allow for a practical and useful system the size of the blocks must grow significantly as must the user base. I'm not sure that this is really contested but I haven't exhaustively reviewed everyone's opinion so please excuse me if I have marginalized you. If you do contest that I would be interested in hearing it.

Further, it appears clear that the original author intended organizations operating full network nodes would provide connectivity to light clients and these light clients would make up the majority of the user base. This is completely consistent with current trends in Internet consumption, e.g. tablets and phones are becoming more preferred to even owning a traditional computer. Having the system be entirely decentralized and trustless for every client does not appear to me to be the original design goal. Yes, the whitepaper speaks of the design goal as not having a need for a trusted third party but it does not say that some amount of trust won't be preferred by a majority of users. In fact, in the SPV section it implies some amount of localized trust is perhaps a necessary trade-off and maybe businesses should still run their own full network node if they want the stronger completely trustless guarantee. The global decentralized consensus appears meant to make the network r
esilient to a single government or other adversary's ability to shut the network down. If you really want to trust no one it is your option at a cost and should be possible by design. The author further gives evidence that they believe Moore's observation would keep the idea of running a full network node a practical one at global scale for perpetuity. It does not appear as if they intended for every individual to run one at home nor in their pocket.

If my interpretation seems incorrect please do point it out. I hope this hasn't been too off-topic and distracting. The original author's engineering ingenuity is what gave me any interest in this project so re-visiting their design and scaling intentions might be helpful for us to move forward-- together.
Aaron Voisine
2015-06-28 01:52:55 UTC
Permalink
This is a reasonable vision, but I think we can do better. We can easily
achieve the goal of letting hobbyists with very limited resources and
connectivity run full nodes. The way to do this is to limit growth of the
blockchain, and the right way to do that is to have fees that reflect the
costs of having large numbers of people validating, storing, and serving
transactions.

I think we're all agreed that decentralization is priority #1. It's what
makes bitcoin unique from everything else. So what then is the best way to
have fees reflect the costs? Having a fixed blocksize (fixed production
quotas) is one very disruptive option that would be a significant departure
from what we have today. The way the network today discourages spam and
other low value uses of the blockchain is with minimum relay fees and
transaction selection rules for blocks. This technique is proven, safe, and
can easily be tuned and experimented with. It's also what all bitcoin
software today is designed to work with.



Aaron Voisine
co-founder and CEO
breadwallet.com

On Sat, Jun 27, 2015 at 5:14 PM, Santino Napolitano <
Post by Santino Napolitano
There is much heated debate going on right now and I know it can be very
stressful but I'd like to point out that it is really amazing how
passionately so many feel about this once very small project. Let's not
forget there is something really special going on here and we're all part
of it.
The current debate has little to do with block size or hard-forks, IMO.
It's about the nature of Bitcoin and what it means to people and how it
will grow. I would like to take a moment to share my interpretation of the
original author's intent based on everything I could find and read from
this person. This is not to say their original vision is paramount-- or
even that I got it completely correct but I think it might do us some good
to think about.
It seems as though the incentive conceived of for running a full network
node was that it would enable mining. The proceeds from mining (new coins
and transaction fees) would be the reward and provide a reason to continue
operating these nodes. If fees are ever to be a sufficient reward and still
allow for a practical and useful system the size of the blocks must grow
significantly as must the user base. I'm not sure that this is really
contested but I haven't exhaustively reviewed everyone's opinion so please
excuse me if I have marginalized you. If you do contest that I would be
interested in hearing it.
Further, it appears clear that the original author intended organizations
operating full network nodes would provide connectivity to light clients
and these light clients would make up the majority of the user base. This
is completely consistent with current trends in Internet consumption, e.g.
tablets and phones are becoming more preferred to even owning a traditional
computer. Having the system be entirely decentralized and trustless for
every client does not appear to me to be the original design goal. Yes, the
whitepaper speaks of the design goal as not having a need for a trusted
third party but it does not say that some amount of trust won't be
preferred by a majority of users. In fact, in the SPV section it implies
some amount of localized trust is perhaps a necessary trade-off and maybe
businesses should still run their own full network node if they want the
stronger completely trustless guarantee. The global decentralized consensus
appears meant to make the network r
esilient to a single government or other adversary's ability to shut the
network down. If you really want to trust no one it is your option at a
cost and should be possible by design. The author further gives evidence
that they believe Moore's observation would keep the idea of running a full
network node a practical one at global scale for perpetuity. It does not
appear as if they intended for every individual to run one at home nor in
their pocket.
If my interpretation seems incorrect please do point it out. I hope this
hasn't been too off-topic and distracting. The original author's
engineering ingenuity is what gave me any interest in this project so
re-visiting their design and scaling intentions might be helpful for us to
move forward-- together.
_______________________________________________
bitcoin-dev mailing list
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
Patrick Strateman
2015-06-28 02:13:16 UTC
Permalink
Post by Santino Napolitano
Further, it appears clear that the original author intended
organizations operating full network nodes would provide connectivity to
light clients and these light clients would make up the majority of the
user base.

Satoshi also believed that fraud proofs would be widely available and
practical.

If fraud proofs were practical SPV client security would be much closer
to full node security than it is today.

Unfortunately no design for fraud proofs which is both efficient and
secure has been proposed; much less implemented and deployed.

In building a system as new and innovative as bitcoin certain things
will be wrong.

The perception that SPV clients could be made nearly as secure as full
nodes is one example of something that was wrong.
Post by Santino Napolitano
There is much heated debate going on right now and I know it can be very stressful but I'd like to point out that it is really amazing how passionately so many feel about this once very small project. Let's not forget there is something really special going on here and we're all part of it.
The current debate has little to do with block size or hard-forks, IMO. It's about the nature of Bitcoin and what it means to people and how it will grow. I would like to take a moment to share my interpretation of the original author's intent based on everything I could find and read from this person. This is not to say their original vision is paramount-- or even that I got it completely correct but I think it might do us some good to think about.
It seems as though the incentive conceived of for running a full network node was that it would enable mining. The proceeds from mining (new coins and transaction fees) would be the reward and provide a reason to continue operating these nodes. If fees are ever to be a sufficient reward and still allow for a practical and useful system the size of the blocks must grow significantly as must the user base. I'm not sure that this is really contested but I haven't exhaustively reviewed everyone's opinion so please excuse me if I have marginalized you. If you do contest that I would be interested in hearing it.
Further, it appears clear that the original author intended organizations operating full network nodes would provide connectivity to light clients and these light clients would make up the majority of the user base. This is completely consistent with current trends in Internet consumption, e.g. tablets and phones are becoming more preferred to even owning a traditional computer. Having the system be entirely decentralized and trustless for every client does not appear to me to be the original design goal. Yes, the whitepaper speaks of the design goal as not having a need for a trusted third party but it does not say that some amount of trust won't be preferred by a majority of users. In fact, in the SPV section it implies some amount of localized trust is perhaps a necessary trade-off and maybe businesses should still run their own full network node if they want the stronger completely trustless guarantee. The global decentralized consensus appears meant to make the network
r
Post by Santino Napolitano
esilient to a single government or other adversary's ability to shut the network down. If you really want to trust no one it is your option at a cost and should be possible by design. The author further gives evidence that they believe Moore's observation would keep the idea of running a full network node a practical one at global scale for perpetuity. It does not appear as if they intended for every individual to run one at home nor in their pocket.
If my interpretation seems incorrect please do point it out. I hope this hasn't been too off-topic and distracting. The original author's engineering ingenuity is what gave me any interest in this project so re-visiting their design and scaling intentions might be helpful for us to move forward-- together.
_______________________________________________
bitcoin-dev mailing list
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
Eric Lombrozo
2015-06-28 04:54:04 UTC
Permalink
Fraud proofs actually don’t need to be made super efficient
but they do need to be secure, of course.

The trick is aligning incentives. In order for fraud proofs to be widely available there needs to be a market for them - there must be a way to buy one (because producing one is not free). What makes such a scheme actually practical is that very few of these fraud proofs ever need to actually be executed - it’s a classical Nimzowischian case of the threat being much stronger than the execution.

- Eric Lombrozo
Post by Santino Napolitano
Post by Santino Napolitano
Further, it appears clear that the original author intended
organizations operating full network nodes would provide connectivity to
light clients and these light clients would make up the majority of the
user base.
Satoshi also believed that fraud proofs would be widely available and
practical.
If fraud proofs were practical SPV client security would be much closer
to full node security than it is today.
Unfortunately no design for fraud proofs which is both efficient and
secure has been proposed; much less implemented and deployed.
In building a system as new and innovative as bitcoin certain things
will be wrong.
The perception that SPV clients could be made nearly as secure as full
nodes is one example of something that was wrong.
Post by Santino Napolitano
There is much heated debate going on right now and I know it can be very stressful but I'd like to point out that it is really amazing how passionately so many feel about this once very small project. Let's not forget there is something really special going on here and we're all part of it.
The current debate has little to do with block size or hard-forks, IMO. It's about the nature of Bitcoin and what it means to people and how it will grow. I would like to take a moment to share my interpretation of the original author's intent based on everything I could find and read from this person. This is not to say their original vision is paramount-- or even that I got it completely correct but I think it might do us some good to think about.
It seems as though the incentive conceived of for running a full network node was that it would enable mining. The proceeds from mining (new coins and transaction fees) would be the reward and provide a reason to continue operating these nodes. If fees are ever to be a sufficient reward and still allow for a practical and useful system the size of the blocks must grow significantly as must the user base. I'm not sure that this is really contested but I haven't exhaustively reviewed everyone's opinion so please excuse me if I have marginalized you. If you do contest that I would be interested in hearing it.
Further, it appears clear that the original author intended organizations operating full network nodes would provide connectivity to light clients and these light clients would make up the majority of the user base. This is completely consistent with current trends in Internet consumption, e.g. tablets and phones are becoming more preferred to even owning a traditional computer. Having the system be entirely decentralized and trustless for every client does not appear to me to be the original design goal. Yes, the whitepaper speaks of the design goal as not having a need for a trusted third party but it does not say that some amount of trust won't be preferred by a majority of users. In fact, in the SPV section it implies some amount of localized trust is perhaps a necessary trade-off and maybe businesses should still run their own full network node if they want the stronger completely trustless guarantee. The global decentralized consensus appears meant to make the network
r
Post by Santino Napolitano
esilient to a single government or other adversary's ability to shut the network down. If you really want to trust no one it is your option at a cost and should be possible by design. The author further gives evidence that they believe Moore's observation would keep the idea of running a full network node a practical one at global scale for perpetuity. It does not appear as if they intended for every individual to run one at home nor in their pocket.
If my interpretation seems incorrect please do point it out. I hope this hasn't been too off-topic and distracting. The original author's engineering ingenuity is what gave me any interest in this project so re-visiting their design and scaling intentions might be helpful for us to move forward-- together.
_______________________________________________
bitcoin-dev mailing list
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
_______________________________________________
bitcoin-dev mailing list
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
Patrick Strateman
2015-06-28 05:29:24 UTC
Permalink
Fraud proofs need to be at least more efficient than full node validation.

Currently they are not.
Fraud proofs actually don’t need to be made super efficient…but they do need to be secure, of course.
The trick is aligning incentives. In order for fraud proofs to be widely available there needs to be a market for them - there must be a way to buy one (because producing one is not free). What makes such a scheme actually practical is that very few of these fraud proofs ever need to actually be executed - it’s a classical Nimzowischian case of the threat being much stronger than the execution.
- Eric Lombrozo
Post by Santino Napolitano
Post by Santino Napolitano
Further, it appears clear that the original author intended
organizations operating full network nodes would provide connectivity to
light clients and these light clients would make up the majority of the
user base.
Satoshi also believed that fraud proofs would be widely available and
practical.
If fraud proofs were practical SPV client security would be much closer
to full node security than it is today.
Unfortunately no design for fraud proofs which is both efficient and
secure has been proposed; much less implemented and deployed.
In building a system as new and innovative as bitcoin certain things
will be wrong.
The perception that SPV clients could be made nearly as secure as full
nodes is one example of something that was wrong.
Post by Santino Napolitano
There is much heated debate going on right now and I know it can be very stressful but I'd like to point out that it is really amazing how passionately so many feel about this once very small project. Let's not forget there is something really special going on here and we're all part of it.
The current debate has little to do with block size or hard-forks, IMO. It's about the nature of Bitcoin and what it means to people and how it will grow. I would like to take a moment to share my interpretation of the original author's intent based on everything I could find and read from this person. This is not to say their original vision is paramount-- or even that I got it completely correct but I think it might do us some good to think about.
It seems as though the incentive conceived of for running a full network node was that it would enable mining. The proceeds from mining (new coins and transaction fees) would be the reward and provide a reason to continue operating these nodes. If fees are ever to be a sufficient reward and still allow for a practical and useful system the size of the blocks must grow significantly as must the user base. I'm not sure that this is really contested but I haven't exhaustively reviewed everyone's opinion so please excuse me if I have marginalized you. If you do contest that I would be interested in hearing it.
Further, it appears clear that the original author intended organizations operating full network nodes would provide connectivity to light clients and these light clients would make up the majority of the user base. This is completely consistent with current trends in Internet consumption, e.g. tablets and phones are becoming more preferred to even owning a traditional computer. Having the system be entirely decentralized and trustless for every client does not appear to me to be the original design goal. Yes, the whitepaper speaks of the design goal as not having a need for a trusted third party but it does not say that some amount of trust won't be preferred by a majority of users. In fact, in the SPV section it implies some amount of localized trust is perhaps a necessary trade-off and maybe businesses should still run their own full network node if they want the stronger completely trustless guarantee. The global decentralized consensus appears meant to make the network
r
Post by Santino Napolitano
esilient to a single government or other adversary's ability to shut the network down. If you really want to trust no one it is your option at a cost and should be possible by design. The author further gives evidence that they believe Moore's observation would keep the idea of running a full network node a practical one at global scale for perpetuity. It does not appear as if they intended for every individual to run one at home nor in their pocket.
If my interpretation seems incorrect please do point it out. I hope this hasn't been too off-topic and distracting. The original author's engineering ingenuity is what gave me any interest in this project so re-visiting their design and scaling intentions might be helpful for us to move forward-- together.
_______________________________________________
bitcoin-dev mailing list
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
_______________________________________________
bitcoin-dev mailing list
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
Eric Lombrozo
2015-06-28 05:32:57 UTC
Permalink
Just to clarify, SPV is fundamentally busted as it currently exists. I’m talking about potential optimizations for future protocols.

- Eric Lombrozo
Post by Patrick Strateman
Fraud proofs need to be at least more efficient than full node validation.
Currently they are not.
Post by Eric Lombrozo
Fraud proofs actually don’t need to be made super efficient
but they do need to be secure, of course.
The trick is aligning incentives. In order for fraud proofs to be widely available there needs to be a market for them - there must be a way to buy one (because producing one is not free). What makes such a scheme actually practical is that very few of these fraud proofs ever need to actually be executed - it’s a classical Nimzowischian case of the threat being much stronger than the execution.
- Eric Lombrozo
Post by Santino Napolitano
Post by Santino Napolitano
Further, it appears clear that the original author intended
organizations operating full network nodes would provide connectivity to
light clients and these light clients would make up the majority of the
user base.
Satoshi also believed that fraud proofs would be widely available and
practical.
If fraud proofs were practical SPV client security would be much closer
to full node security than it is today.
Unfortunately no design for fraud proofs which is both efficient and
secure has been proposed; much less implemented and deployed.
In building a system as new and innovative as bitcoin certain things
will be wrong.
The perception that SPV clients could be made nearly as secure as full
nodes is one example of something that was wrong.
Post by Santino Napolitano
There is much heated debate going on right now and I know it can be very stressful but I'd like to point out that it is really amazing how passionately so many feel about this once very small project. Let's not forget there is something really special going on here and we're all part of it.
The current debate has little to do with block size or hard-forks, IMO. It's about the nature of Bitcoin and what it means to people and how it will grow. I would like to take a moment to share my interpretation of the original author's intent based on everything I could find and read from this person. This is not to say their original vision is paramount-- or even that I got it completely correct but I think it might do us some good to think about.
It seems as though the incentive conceived of for running a full network node was that it would enable mining. The proceeds from mining (new coins and transaction fees) would be the reward and provide a reason to continue operating these nodes. If fees are ever to be a sufficient reward and still allow for a practical and useful system the size of the blocks must grow significantly as must the user base. I'm not sure that this is really contested but I haven't exhaustively reviewed everyone's opinion so please excuse me if I have marginalized you. If you do contest that I would be interested in hearing it.
Further, it appears clear that the original author intended organizations operating full network nodes would provide connectivity to light clients and these light clients would make up the majority of the user base. This is completely consistent with current trends in Internet consumption, e.g. tablets and phones are becoming more preferred to even owning a traditional computer. Having the system be entirely decentralized and trustless for every client does not appear to me to be the original design goal. Yes, the whitepaper speaks of the design goal as not having a need for a trusted third party but it does not say that some amount of trust won't be preferred by a majority of users. In fact, in the SPV section it implies some amount of localized trust is perhaps a necessary trade-off and maybe businesses should still run their own full network node if they want the stronger completely trustless guarantee. The global decentralized consensus appears meant to make the network
r
Post by Santino Napolitano
esilient to a single government or other adversary's ability to shut the network down. If you really want to trust no one it is your option at a cost and should be possible by design. The author further gives evidence that they believe Moore's observation would keep the idea of running a full network node a practical one at global scale for perpetuity. It does not appear as if they intended for every individual to run one at home nor in their pocket.
If my interpretation seems incorrect please do point it out. I hope this hasn't been too off-topic and distracting. The original author's engineering ingenuity is what gave me any interest in this project so re-visiting their design and scaling intentions might be helpful for us to move forward-- together.
_______________________________________________
bitcoin-dev mailing list
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
_______________________________________________
bitcoin-dev mailing list
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
_______________________________________________
bitcoin-dev mailing list
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
Eric Lombrozo
2015-06-28 05:48:04 UTC
Permalink
"Unfortunately no design for fraud proofs which is both efficient and
secure has been proposed”

Also to clarify, there’s no disagreement here, Patrick.
Post by Eric Lombrozo
Just to clarify, SPV is fundamentally busted as it currently exists. I’m talking about potential optimizations for future protocols.
- Eric Lombrozo
Post by Patrick Strateman
Fraud proofs need to be at least more efficient than full node validation.
Currently they are not.
Post by Eric Lombrozo
Fraud proofs actually don’t need to be made super efficient
but they do need to be secure, of course.
The trick is aligning incentives. In order for fraud proofs to be widely available there needs to be a market for them - there must be a way to buy one (because producing one is not free). What makes such a scheme actually practical is that very few of these fraud proofs ever need to actually be executed - it’s a classical Nimzowischian case of the threat being much stronger than the execution.
- Eric Lombrozo
Post by Santino Napolitano
Post by Santino Napolitano
Further, it appears clear that the original author intended
organizations operating full network nodes would provide connectivity to
light clients and these light clients would make up the majority of the
user base.
Satoshi also believed that fraud proofs would be widely available and
practical.
If fraud proofs were practical SPV client security would be much closer
to full node security than it is today.
Unfortunately no design for fraud proofs which is both efficient and
secure has been proposed; much less implemented and deployed.
In building a system as new and innovative as bitcoin certain things
will be wrong.
The perception that SPV clients could be made nearly as secure as full
nodes is one example of something that was wrong.
Post by Santino Napolitano
There is much heated debate going on right now and I know it can be very stressful but I'd like to point out that it is really amazing how passionately so many feel about this once very small project. Let's not forget there is something really special going on here and we're all part of it.
The current debate has little to do with block size or hard-forks, IMO. It's about the nature of Bitcoin and what it means to people and how it will grow. I would like to take a moment to share my interpretation of the original author's intent based on everything I could find and read from this person. This is not to say their original vision is paramount-- or even that I got it completely correct but I think it might do us some good to think about.
It seems as though the incentive conceived of for running a full network node was that it would enable mining. The proceeds from mining (new coins and transaction fees) would be the reward and provide a reason to continue operating these nodes. If fees are ever to be a sufficient reward and still allow for a practical and useful system the size of the blocks must grow significantly as must the user base. I'm not sure that this is really contested but I haven't exhaustively reviewed everyone's opinion so please excuse me if I have marginalized you. If you do contest that I would be interested in hearing it.
Further, it appears clear that the original author intended organizations operating full network nodes would provide connectivity to light clients and these light clients would make up the majority of the user base. This is completely consistent with current trends in Internet consumption, e.g. tablets and phones are becoming more preferred to even owning a traditional computer. Having the system be entirely decentralized and trustless for every client does not appear to me to be the original design goal. Yes, the whitepaper speaks of the design goal as not having a need for a trusted third party but it does not say that some amount of trust won't be preferred by a majority of users. In fact, in the SPV section it implies some amount of localized trust is perhaps a necessary trade-off and maybe businesses should still run their own full network node if they want the stronger completely trustless guarantee. The global decentralized consensus appears meant to make the network
r
Post by Santino Napolitano
esilient to a single government or other adversary's ability to shut the network down. If you really want to trust no one it is your option at a cost and should be possible by design. The author further gives evidence that they believe Moore's observation would keep the idea of running a full network node a practical one at global scale for perpetuity. It does not appear as if they intended for every individual to run one at home nor in their pocket.
If my interpretation seems incorrect please do point it out. I hope this hasn't been too off-topic and distracting. The original author's engineering ingenuity is what gave me any interest in this project so re-visiting their design and scaling intentions might be helpful for us to move forward-- together.
_______________________________________________
bitcoin-dev mailing list
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
_______________________________________________
bitcoin-dev mailing list
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
_______________________________________________
bitcoin-dev mailing list
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
Mark Friedenbach
2015-06-28 15:23:49 UTC
Permalink
There's a couple of things that Patrick could have been referring to when
he said "Fraud proofs need to be at least more efficient than full node
validation. Currently they are not."

One of the issues is that you cannot efficiently encode or validate a proof
of a negative. If a transaction input is a double-spend, you can build a
semi-reasonable sized proof of the prior spend (or very reasonably sized
with block header commitments). However if a transaction spends an output
which never existed in the first place, there is no reasonable way to
assert this other than witnessing the entire block history, as a full node
does.

UTXO commitments are the nominal solution here. You commit the validator
state in each block, and then you can prove things like a negative by
referencing that state commitment. The trouble is this requires maintaining
a hash tree commitment over validator state, which turns out to be insanely
expensive. With the UTXO commitment scheme (the others are not better) that
ends up requiring 15 - 22x more I/O during block validation. And I/O is
presently a limiter to block validation speed. So if you thought 8MB was
what bitcoin today could handle, and you also want this commitment scheme
for fraud proofs, then you should be arguing for a block size limit
decrease (to 500kB), not increase.
Post by Eric Lombrozo
Just to clarify, SPV is fundamentally busted as it currently exists. I’m
talking about potential optimizations for future protocols.
- Eric Lombrozo
On Jun 27, 2015, at 10:29 PM, Patrick Strateman <
Fraud proofs need to be at least more efficient than full node
validation.
Currently they are not.
Post by Eric Lombrozo
Fraud proofs actually don’t need to be made super efficient
but they do
need to be secure, of course.
Post by Eric Lombrozo
The trick is aligning incentives. In order for fraud proofs to be
widely available there needs to be a market for them - there must be a way
to buy one (because producing one is not free). What makes such a scheme
actually practical is that very few of these fraud proofs ever need to
actually be executed - it’s a classical Nimzowischian case of the threat
being much stronger than the execution.
Post by Eric Lombrozo
- Eric Lombrozo
On Jun 27, 2015, at 7:13 PM, Patrick Strateman <
Post by Santino Napolitano
Further, it appears clear that the original author intended
organizations operating full network nodes would provide connectivity
to
Post by Eric Lombrozo
light clients and these light clients would make up the majority of the
user base.
Satoshi also believed that fraud proofs would be widely available and
practical.
If fraud proofs were practical SPV client security would be much closer
to full node security than it is today.
Unfortunately no design for fraud proofs which is both efficient and
secure has been proposed; much less implemented and deployed.
In building a system as new and innovative as bitcoin certain things
will be wrong.
The perception that SPV clients could be made nearly as secure as full
nodes is one example of something that was wrong.
Post by Santino Napolitano
There is much heated debate going on right now and I know it can be
very stressful but I'd like to point out that it is really amazing how
passionately so many feel about this once very small project. Let's not
forget there is something really special going on here and we're all part
of it.
Post by Eric Lombrozo
Post by Santino Napolitano
The current debate has little to do with block size or hard-forks,
IMO. It's about the nature of Bitcoin and what it means to people and how
it will grow. I would like to take a moment to share my interpretation of
the original author's intent based on everything I could find and read from
this person. This is not to say their original vision is paramount-- or
even that I got it completely correct but I think it might do us some good
to think about.
Post by Eric Lombrozo
Post by Santino Napolitano
It seems as though the incentive conceived of for running a full
network node was that it would enable mining. The proceeds from mining (new
coins and transaction fees) would be the reward and provide a reason to
continue operating these nodes. If fees are ever to be a sufficient reward
and still allow for a practical and useful system the size of the blocks
must grow significantly as must the user base. I'm not sure that this is
really contested but I haven't exhaustively reviewed everyone's opinion so
please excuse me if I have marginalized you. If you do contest that I would
be interested in hearing it.
Post by Eric Lombrozo
Post by Santino Napolitano
Further, it appears clear that the original author intended
organizations operating full network nodes would provide connectivity to
light clients and these light clients would make up the majority of the
user base. This is completely consistent with current trends in Internet
consumption, e.g. tablets and phones are becoming more preferred to even
owning a traditional computer. Having the system be entirely decentralized
and trustless for every client does not appear to me to be the original
design goal. Yes, the whitepaper speaks of the design goal as not having a
need for a trusted third party but it does not say that some amount of
trust won't be preferred by a majority of users. In fact, in the SPV
section it implies some amount of localized trust is perhaps a necessary
trade-off and maybe businesses should still run their own full network node
if they want the stronger completely trustless guarantee. The global
decentralized consensus appears meant to make the network
Post by Eric Lombrozo
r
Post by Santino Napolitano
esilient to a single government or other adversary's ability to shut
the network down. If you really want to trust no one it is your option at a
cost and should be possible by design. The author further gives evidence
that they believe Moore's observation would keep the idea of running a full
network node a practical one at global scale for perpetuity. It does not
appear as if they intended for every individual to run one at home nor in
their pocket.
Post by Eric Lombrozo
Post by Santino Napolitano
If my interpretation seems incorrect please do point it out. I hope
this hasn't been too off-topic and distracting. The original author's
engineering ingenuity is what gave me any interest in this project so
re-visiting their design and scaling intentions might be helpful for us to
move forward-- together.
Post by Eric Lombrozo
Post by Santino Napolitano
_______________________________________________
bitcoin-dev mailing list
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
_______________________________________________
bitcoin-dev mailing list
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
_______________________________________________
bitcoin-dev mailing list
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
_______________________________________________
bitcoin-dev mailing list
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
Jorge Timón
2015-06-28 15:51:54 UTC
Permalink
UTXO commitments are the nominal solution here. You commit the validator state in each block, and then you can prove things like a negative by referencing that state commitment. The trouble is this requires maintaining a hash tree commitment over validator state, which turns out to be insanely expensive. With the UTXO commitment scheme (the others are not better) that ends up requiring 15 - 22x more I/O during block validation. And I/O is presently a limiter to block validation speed. So if you thought 8MB was what bitcoin today could handle, and you also want this commitment scheme for fraud proofs, then you should be arguing for a block size limit decrease (to 500kB), not increase.
What about a TXO and a STXO O(1)-append commitment? That shouldn't
cause that much overhead and you can build UTXO from TXO - STXO.
I know it's not so efficient in some respects but it scales better I think.
Mark Friedenbach
2015-06-28 16:15:28 UTC
Permalink
Assuming randomly-picked outputs, it's actually worse. The slowdown factor
has to do with the depth of the tree, and TXO and STXO trees are always
growing. It's still complexity O(log N), but with TXO/STXO N is the size of
the entire block chain history, whereas with UTXO it's just the set of
unspent transaction outputs.

Of course that's not a fair assumption since in an insertion-ordered tree
using the Merkle mountain range data structure would have significantly
shorter paths for recent outputs. But the average case might be about the
same, and it comes with a slew of other tradeoffs that make it hard to
compare head-to-head in the abstract. Ultimately both need to be written
and benchmarked.

But it is not the case that TXO/STXO gives you constant time updates. The
append-only TXO tree might be close to that, but you'd still need the spent
or unspent tree which is not insertion ordered. There are alternatives like
updating the TXO tree and requiring blocks and transactions to carry proofs
with them (so validators can be stateless), but that pushes the same
(worse, actually) problem to whoever generated or assembled the proof. It
may be a tradeoff worth making, but it's not an easy answer...
Post by Mark Friedenbach
Post by Mark Friedenbach
UTXO commitments are the nominal solution here. You commit the validator
state in each block, and then you can prove things like a negative by
referencing that state commitment. The trouble is this requires maintaining
a hash tree commitment over validator state, which turns out to be insanely
expensive. With the UTXO commitment scheme (the others are not better) that
ends up requiring 15 - 22x more I/O during block validation. And I/O is
presently a limiter to block validation speed. So if you thought 8MB was
what bitcoin today could handle, and you also want this commitment scheme
for fraud proofs, then you should be arguing for a block size limit
decrease (to 500kB), not increase.
What about a TXO and a STXO O(1)-append commitment? That shouldn't
cause that much overhead and you can build UTXO from TXO - STXO.
I know it's not so efficient in some respects but it scales better I think.
Santino Napolitano
2015-06-28 21:53:23 UTC
Permalink
Is the security concern that a newly announced block may not actually reflect a valid block (but valid enough to trick the client; i.e. it appears to link to the best-work chain) in an attempt to defraud the light client?

Like I pointed out, I'm not sure the goal was _perfect_ decentralization. The author seemed primarily keen to avoid having a single organization with direct control over the ledger. I think your specific fear could be mitigated by the light client peering with a node the light client somewhat trusts -- or at least one which has no incentive to cooperate in some attack against it which requires non-trivial mining expenditure. The IP would be logged and the fraud could be taken to a court if the light client chooses a node in the proper jurisdiction. I think for many use cases that might be sufficient. If it's a more serious transaction other nodes could be consulted.

If my reasoning is in error please correct. I'm sure many of you are much better at game theory than I.
Post by Santino Napolitano
 Further, it appears clear that the original author intended
organizations operating full network nodes would provide connectivity to
light clients and these light clients would make up the majority of the
user base.
Satoshi also believed that fraud proofs would be widely available and
practical.
If fraud proofs were practical SPV client security would be much closer
to full node security than it is today.
Unfortunately no design for fraud proofs which is both efficient and
secure has been proposed; much less implemented and deployed.
In building a system as new and innovative as bitcoin certain things
will be wrong.
The perception that SPV clients could be made nearly as secure as full
nodes is one example of something that was wrong.
 There is much heated debate going on right now and I know it can be very stressful but I'd like to point out that it is really amazing how passionately so many feel about this once very small project. Let's not forget there is something really special going on here and we're all part of it.
 The current debate has little to do with block size or hard-forks, IMO. It's about the nature of Bitcoin and what it means to people and how it will grow. I would like to take a moment to share my interpretation of the original author's intent based on everything I could find and read from this person. This is not to say their original vision is paramount-- or even that I got it completely correct but I think it might do us some good to think about.
 It seems as though the incentive conceived of for running a full network node was that it would enable mining. The proceeds from mining (new coins and transaction fees) would be the reward and provide a reason to continue operating these nodes. If fees are ever to be a sufficient reward and still allow for a practical and useful system the size of the blocks must grow significantly as must the user base. I'm not sure that this is really contested but I haven't exhaustively reviewed everyone's opinion so please excuse me if I have marginalized you. If you do contest that I would be interested in hearing it.
 Further, it appears clear that the original author intended organizations operating full network nodes would provide connectivity to light clients and these light clients would make up the majority of the user base. This is completely consistent with current trends in Internet consumption, e.g. tablets and phones are becoming more preferred to even owning a traditional computer. Having the system be entirely decentralized and trustless for every client does not appear to me to be the original design goal. Yes, the whitepaper speaks of the design goal as not having a need for a trusted third party but it does not say that some amount of trust won't be preferred by a majority of users. In fact, in the SPV section it implies some amount of localized trust is perhaps a necessary trade-off and maybe businesses should still run their own full network node if they want the stronger completely trustless guarantee. The global decentralized consensus appears meant to make the netwo
rk
Post by Santino Napolitano
  r
  esilient to a single government or other adversary's ability to shut the network down. If you really want to trust no one it is your option at a cost and should be possible by design. The author further gives evidence that they believe Moore's observation would keep the idea of running a full network node a practical one at global scale for perpetuity. It does not appear as if they intended for every individual to run one at home nor in their pocket.
 If my interpretation seems incorrect please do point it out. I hope this hasn't been too off-topic and distracting. The original author's engineering ingenuity is what gave me any interest in this project so re-visiting their design and scaling intentions might be helpful for us to move forward-- together.
 _______________________________________________
 bitcoin-dev mailing list
 https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
_______________________________________________
bitcoin-dev mailing list
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
Continue reading on narkive:
Loading...