wumpus changed the topic of #bitcoin-wizards to: This channel is is for discussing theoretical ideas with regard to cryptocurrencies, not about short-term Bitcoin development | http://bitcoin.ninja/ | This channel is logged. | For logs and more information, visit http://bitcoin.ninja
Dizzle has quit [Quit: Leaving...]
Dizzle has joined #bitcoin-wizards
belcher is now known as Guest73067
belcher_ has joined #bitcoin-wizards
<gmaxwell>
In any case, my view after numerious hard to correct mistakes in bitcoin is that its unreasonable to get designs for new stuff right in a vacuum.
dEBRUYNE has quit [Ping timeout: 265 seconds]
* Adlai
picks up thread from #bitcoin-dev re:SPV
<phantomcircuit>
gmaxwell, i think it would be hugely amusing to build a sidechain that strongly supports fraud proofs and call it fraudcoin
<Adlai>
so apparently my reading of section 8 is not what the author intended... but it still seems a valid approach
<petertodd>
phantomcircuit: +1
<Adlai>
this being, "headers-first until wallet creation, merkle-pruned henceforth"
<petertodd>
Adlai: what's missing, is proving fraud :)
belcher_ has quit [Excess Flood]
<phantomcircuit>
Adlai, the white paper actually suggests the entire block as a fraud proof
<phantomcircuit>
which technically we can implement today
<gmaxwell>
but unfortunately you need more than the block for many kinds of misbehavior.
<petertodd>
Adlai: for instance, how do you compactly prove that a transaction output *doesn't* exist, which made a transaction invalid because it spent money that didn't exist?
<Adlai>
fraudcoin++, but yes, this is exactly what i mean... you download entire blocks, wait for confirmations, keep around a bunch for reorgs, etc
<phantomcircuit>
gmaxwell, you just need that block and all the blocks before it
<gmaxwell>
e.g. excess subsidy needs the whole block and every full transaction being spent.
<phantomcircuit>
wait a second...
Guest73067 has quit [Ping timeout: 272 seconds]
adam3us has quit [Quit: Leaving.]
* Adlai
is imagining a trust-minimized client for a three-digit-gigabyte-memory smartphone
<gmaxwell>
we know how to fix this, for years now, but it's tricky.
Guest63600 has joined #bitcoin-wizards
<Adlai>
which to the rest of the network would look like a node that can't relay old blocks
frankenmint has joined #bitcoin-wizards
<petertodd>
gmaxwell: excess subsidy is hard because fees require full transactions for all inputs; the whole block and every transaction associated with every full transaction
<gmaxwell>
In particular, making it safe probably requires restructuring validation so that _all_ validation works by fraud proof. (and sending whole blocks instead of proofs of non-fraud is just a compression method)
<phantomcircuit>
petertodd, well you make the transaction prove that it's inputs are spending outputs that do exist
<gmaxwell>
petertodd: in EA the whole block is sufficient.
CodeShark has joined #bitcoin-wizards
<gmaxwell>
(because fees are an explicit field in the transactions in it)
Guest63600 has quit [Remote host closed the connection]
<petertodd>
gmaxwell: oh, sure, I mean with stock bitcoin
<gmaxwell>
yea yea.
<phantomcircuit>
petertodd, but now how do you prove that those weren't already spent? (it's easy to prove that there is a double spend, but not that there isn't a double spend)
<petertodd>
phantomcircuit: well, remember our(?) discussion about how the additional indexes needed aren't actually all that bad?
* Adlai
forgot that bitcoin inputs are pointers, not data >_<
<phantomcircuit>
petertodd, no
<phantomcircuit>
heh
<petertodd>
phantomcircuit: make every block contain an index of evrey txin prevout, saying what block each prevout 's transaction was in
<phantomcircuit>
yeah that's what i was saying
<petertodd>
phantomcircuit: then you've constrained where the prevouts came from, which means a per-block sorted tx hash tree is sufficient
<phantomcircuit>
hmm
<petertodd>
phantomcircuit: easy to implement with TXO commitments, even the version where you don't modify the TXO values when they're spent
<phantomcircuit>
yeah i see what you're saying
<petertodd>
phantomcircuit: which I guess we should call "TXO-spentness commitments"
<MRL-Relay>
[tacotime] you could also maintain consensus trees of both TXO and UTXO, and test inclusion in one or the other i guess
<petertodd>
tacotime: I think UTXO anything needs to die in a fire; unbounded UTXO sets are horrid
<MRL-Relay>
[tacotime] yeah, i was gonna say, if you wanted to spend the rest of your life debugging reorganizations and trying to figure out how to optimize it so it actually works with some degree of efficiency
rusty has joined #bitcoin-wizards
<MRL-Relay>
[tacotime] in a magical land where you could easily maintain an ordered TXO and UTXO set and commit to them in the header, it'd work
<petertodd>
tacotime: no, my view is that the UTXO set needs to be fixed-size, with old entries thrown out, and a "backup" method supported via TXO proofs to spend old UTXOs
<Adlai>
what of the magical land where these commitments are optional?
<petertodd>
tactotime: hard part is that the overhead of that is high... good O() scaling, but high k constant factor :(
<MRL-Relay>
[tacotime] ah
<Adlai>
even if a tiny fraction of altruistic hashpower consistently puts a commitment, say on a monthly basis. recreating the sets from the last commitment is easier than from genesis?
adam3us has joined #bitcoin-wizards
<MRL-Relay>
[tacotime] Adlai: then you're back to standard Bitcoin i'd think. full nodes are verifying the headers and whether or not the set is valid.
<MRL-Relay>
[tacotime] Adlai: well, then you're trusting the subset of participants
<CodeShark>
I still think that the extra validation overhead for txout commitment schemes would be worth it. A commitment structure that is optimized for these operations would probably be even less validation overhead than what we have now but would probably require a hard fork and painful app migrations
<CodeShark>
The blockchain structure should really be designed to make it possible to construct short proofs of all the main queries of interest
TheDarkLord has joined #bitcoin-wizards
<Adlai>
tacotime: softfork incorrect commitments as invalid, so miners can confirm the commitment without having to generate it themselves?
* Adlai
needs to better understand the mechanics of such commitments
<MRL-Relay>
[tacotime] it'd more the nightmare of jamming everything utxo into a merkelized b+tree and having it work quickly, and also being able to validate non-mainchain blocks easily
<MRL-Relay>
[tacotime] i think that weird cryptonite blockchain (from bitfreak) did it
<MRL-Relay>
[tacotime] but the code for that fork is particularly scary
jaekwon has quit [Remote host closed the connection]
jgarzik_ is now known as jgarzik
<MRL-Relay>
[tacotime] keep in mind for evaluating non-mainchain blocks with such a merkelized utxo set, you need to alter a whole tree of hashes for every insertion/deletion
jgarzik has quit [Changing host]
jgarzik has joined #bitcoin-wizards
<rusty>
Is there an agreed term for a chunk of 2016 blocks? Block-fortnight? Difficulty group?
TheDarkLord has quit [Ping timeout: 246 seconds]
<MRL-Relay>
[tacotime] two weeks(tm), the bitcoin measurement of delivery quality
<Adlai>
retarget period
<rusty>
Adlai: thanks.
<Adlai>
(unless you mean any arbitrary set)
<Adlai>
s/arbitrary/continuous/
<MRL-Relay>
[tacotime] Adlai: that was stuff i was working on in 2013, but the complexity is generally bad and implementation difficulty. though i mean, the theory is nice.
* Adlai
is still pondering the security of "Adlai-style SPV"... so you wait a few (dozen? dozendozen?) more confirmations, since you can't validate very-old transactions... it's still much more private than the existing "SPV" modes
poutine has joined #bitcoin-wizards
dcousens has joined #bitcoin-wizards
<dcousens>
Adlai: you were saying? :P
<phantomcircuit>
lol there's someone mining nVersion=2 blocks on testnet
<Adlai>
dcousens: there have been proposals to commit to the UTXO set in block headers, or something along those lines, so that nodes that don't have old blocks (or even any!) can still validate incoming transactions
* Adlai
also points to the channel logs, in the topic; this was just being discussed a few minutes ago
<jgarzik>
rusty, IMO #bitcoin-dev material as well
Dr-G has quit [Disconnected by services]
Dr-G2 has joined #bitcoin-wizards
jaekwon has joined #bitcoin-wizards
jaekwon has quit [Ping timeout: 240 seconds]
StormDev has quit [Read error: Connection reset by peer]
StormDev has joined #bitcoin-wizards
mr_burdell has quit [Ping timeout: 255 seconds]
mr_burdell has joined #bitcoin-wizards
erasmospunk has quit [Quit: ttm]
<fkhan>
is there a specific line of research that covers cryptographic fraud proofs (even ones that specifically cover bitcoin)? i'm seeking related reading materials
bedeho has quit [Remote host closed the connection]
<CodeShark>
Just as a general principle, it seems if we're looking for scalability it's better to focus on how we handle the invalid cases, using economic incentives to dissuade people from attempting to send invalid stuff...and having a mechanism to invalidate stuff after-the-fact. Problem is how to handle dependencies
bedeho has joined #bitcoin-wizards
roasbeef has quit [Ping timeout: 244 seconds]
<psztorc>
Our principle should be that "scalability research" should focus on "invalid messages"?
NewLiberty has joined #bitcoin-wizards
<CodeShark>
Perhaps we can sacrifice a little bit of the hardness of settlement outcomes...but with quantified risks and mechanisms for spreading/delegating risk
<CodeShark>
It's not really so much about invalid messages as it is about only requiring global consensus to settle disputes
<psztorc>
I'm just trying to understand the principle.
TheDarkLord has joined #bitcoin-wizards
<psztorc>
Clearly a higher [valid messages]/[blockchain kB] is good, everyone would agree with that.
<CodeShark>
the principle is the same reason you don't need to go to court to record everytime someone honors a contract
<CodeShark>
It's only when there's a breach that courts come in
<psztorc>
Yes that is part of why I find Ethereum to be so ridiculous.
roasbeef has joined #bitcoin-wizards
<psztorc>
Ok, but what you said would seem to say that: people who are focused on scalability should not try to figure out "the right blocksize"?
<CodeShark>
I don't think block size is about scalability - it's about economics
<CodeShark>
Resource supply and demand
<CodeShark>
And ensuring proper incentives for validation to occur
TheDarkLord has quit [Ping timeout: 244 seconds]
<CodeShark>
Block space is inherently scarce...it cannot accomodate every time someone buys a soda at a vending machine
adam3us has quit [Quit: Leaving.]
<psztorc>
Ok, just to be clear about "blocksize is not about scalability". Are you saying "we do not need to increase the blocksize to scale Bitcoin" or "the blocksize isn't even related to scalability"?
CodeShark_ has quit [Ping timeout: 255 seconds]
adam3us has joined #bitcoin-wizards
<CodeShark>
More the former...but the latter as well with misplaced incentives
<CodeShark>
If validation incentives were properly aligned, we could consider bigger blocks to be related to scalability
<psztorc>
Aren't you saying the reverse?
metamarc has quit [Ping timeout: 265 seconds]
<psztorc>
That until they are aligned, validation will be a problem (and so will bigger blocks)?
<CodeShark>
yes, that's what I mean
<CodeShark>
Bigger blocks provide greater throughput...but only by a relatively small factor before the externalized costs and risks are unbearable
<psztorc>
Wouldn't your principle really be "if we're looking for scalability we should focus on making validation cheap"?
<psztorc>
I would happen to agree completely with that principle.
<CodeShark>
yes, indeed
<psztorc>
Yes, my view is that if we had superfast TOR we could then safely increase blocksizes. If TOR became slower we would have to decrease blocksizes.
<CodeShark>
And the place where there seems to be the most promise of optimization is in not requiring everyone to validate everything :)
<psztorc>
Yes, the lightning network.
<CodeShark>
all such schemes require the ability to invalidate after-the-fact
priidu has quit [Ping timeout: 245 seconds]
<CodeShark>
in the lightning network, invalidation is done by giving the claimant the ability to "steal" transactions on the blockchain within a certain time period
<psztorc>
LN really can't steal funds
<CodeShark>
by "steal" I mean punishing people who publish revoked transactions
<psztorc>
I'm not following you
<psztorc>
"steal" usually means "take what you do not own"
<CodeShark>
bitcoin has no built-in retroactive invalidation mechanism besides regular reorgs
<psztorc>
Ok
<CodeShark>
In a bidirectional payment channel, you revoke previous commitments by sharing a secret with the counterparty that would allow them to steal the funds if we try to publish a revoked commitment
<CodeShark>
So it requires vigilance and action within a deadlne
<CodeShark>
But in principle it leads to cooperation as the equilibrium strategy
<psztorc>
It does, but there's a cool trick where, even if you aren't around to broadcast, you can pre-broadcast something else that gives you YourMoney-epsilon, with epslion going to anyone else
<psztorc>
and those people can broadcast if you fail to do so.
<CodeShark>
Right - vigilance might be outsourceable
<psztorc>
Yes yes
<psztorc>
and if the outsourcing is really really cheap, attackers would expect to fail and not even bother trying
eric has quit [Ping timeout: 250 seconds]
<psztorc>
But to summarize: scalability is related to the cost of validation.
<CodeShark>
yes
Dizzle has quit [Remote host closed the connection]
Dizzle has joined #bitcoin-wizards
<CodeShark>
similar idea involved in bidirectional payment channels could be applied to blockchain validation itself, perhaps...via fraud proofs
eric has joined #bitcoin-wizards
<gmaxwell>
duplex payment channels work because the threat of the blockchain, you need a recourse.
<gmaxwell>
though there are other optimization scheme possible.
King_Rex has quit [Remote host closed the connection]
King_Rex has joined #bitcoin-wizards
<CodeShark>
point is you could have a blockchain system where people only need to validate transactions that interest them and challenge outcomes they don't like within a window of time
<CodeShark>
But it comes at the cost of money time value
<gmaxwell>
though there are other optimization scheme possible. e.g. https://bitcointalk.org/index.php?topic=281848.0 (look at all those responses from people who care so much about scalablity!)
<psztorc>
Also that is kind of the Treechains idea
<psztorc>
And hypocrisy re: scalability caring is the worst
<psztorc>
Which is why I responded to your thing at all, because you used the word "principle".
adam3us has quit [Quit: Leaving.]
<psztorc>
A concept currently absent from just about all current Bitcoin discourse.
cryptowest has quit [Ping timeout: 244 seconds]
GGuyZ_ has quit [Ping timeout: 246 seconds]
King_Rex has quit [Ping timeout: 250 seconds]
<CodeShark>
I like that atomic tx mutation idea, gmaxwell
<gmaxwell>
Yea, its tricky to implement, just from a software engineering perspective, but it's a true scalablity improvement.
Dizzle has quit [Remote host closed the connection]
jtimon has quit [Ping timeout: 244 seconds]
Dizzle has joined #bitcoin-wizards
GGuyZ has joined #bitcoin-wizards
c0rw1n is now known as c0rw|zZz
<psztorc>
yes, well explained "I permit you to conflict this transaction with one that pays its children, if you can figure out how"
cryptowest has joined #bitcoin-wizards
<gmaxwell>
and no one gave a shit; ::shrugs:: it's the same general story. The people who care about scalablity are working on it; while people who don't throw rocks in the name of scalablity... probably the same story for any major work in human history. :)
<CodeShark>
the trick is making sure you get the last laugh ;)
<psztorc>
I have all kinds of theories about that...like that some people are more "guillible", and information diffuses faster through them than through the "critical" people. So all low-quality signals will always diffuse faster.
drwin_ has quit [Read error: Connection reset by peer]
<CodeShark>
it also takes a far deeper level of understanding to see the benefits of these ideas than to buy the faux explanations
drwin has joined #bitcoin-wizards
<CodeShark>
Issues that appear superficially simple but have subtle depth are probably the most dangerous for mob mentality
Dizzle has quit [Quit: Leaving...]
<Adlai>
"If you believe gullibility can be cured by a neuroscientist, you should have that operation performed"
<Adlai>
(hofstadter)
<psztorc>
Don't you mean neurosurgeon? A Scientist probably would eventually be able to cure it.
<Adlai>
context: hofstadter is talking about high level features associated with "the mind" as emergent phenomena of lower levels
* Adlai
doesn't have the text handy, might have misquotes
snthsnth has quit [Ping timeout: 264 seconds]
[7] has quit [Disconnected by services]
TheSeven has joined #bitcoin-wizards
<CodeShark>
gullibility can sometimes be treated, if not cured, as long as all parties have sufficient humility and desire understanding. Gullibility combined with sanctimony is not even treatable, though
<CodeShark>
Add arguments by authority and you've got the beginnings of a cult
lmatteis has quit [Ping timeout: 246 seconds]
vonzipper has quit [Ping timeout: 246 seconds]
<rusty>
gmaxwell: I like it.... "Replace by congruency"?
<Adlai>
the owner of the GEB copy i just finished said she didn't like it because it's a cult book :(
lmatteis has joined #bitcoin-wizards
<CodeShark>
Hah
vonzipper has joined #bitcoin-wizards
GreenIsMyPepper has quit [Ping timeout: 246 seconds]
<Adlai>
which is a little like hating avatar, but only because it broke titanic's record
huseby has quit [Ping timeout: 246 seconds]
<CodeShark>
My favorite hofstaedter book is an old printing I have of Metamagical Themas
<gmaxwell>
(thats a uh.. 12 year old picture of my partner with one of our copies of GEB; nnoooo chance that its a cult book)
snthsnth has quit [Ping timeout: 240 seconds]
jtimon has quit [Ping timeout: 244 seconds]
<gmaxwell>
(the context for the book is that a shared like of hofstaedter's work was why my script-to-add-to-my-aim-client-people-who-shared-interests-with-me-on-livejournal introduced her to me)
adam3us has joined #bitcoin-wizards
<moa>
"So all low-quality signals will always diffuse faster." Mark Twain