wumpus changed the topic of #bitcoin-wizards to: This channel is is for discussing theoretical ideas with regard to cryptocurrencies, not about short-term Bitcoin development | http://bitcoin.ninja/ | This channel is logged. | For logs and more information, visit http://bitcoin.ninja
tripleslash has quit [Read error: Connection reset by peer]
bendavenport has quit [Read error: Connection reset by peer]
nwilcox has quit [Ping timeout: 268 seconds]
bendavenport has joined #bitcoin-wizards
maaku has quit [Remote host closed the connection]
maaku_ has quit [Read error: Connection reset by peer]
maaku has joined #bitcoin-wizards
maaku is now known as Guest24437
orik has quit [Ping timeout: 240 seconds]
maaku_ has joined #bitcoin-wizards
chris13243 has joined #bitcoin-wizards
maaku_ is now known as maaku
King_Rex has quit [Remote host closed the connection]
<bramc>
If an incentive is created for minimizing the number of utxos, it's important that that incentive not be so large that it causes everyone to combine all utxos into one giant one because they're getting paid for it.
<bramc>
Here's an interesting question: Let's say that a lot of people have dust which is so small as to be worthless, but there's an incentive for fewer utxos which will make them get paid for destroying it. Can you construct a massive collaborative protocol so that a whole lot of people with such dust can make one giant transaction with all of them as inputs where the output goes to one of them by lottery, proportionately weig
<bramc>
hted by their amount of input?
<gmaxwell>
with the priority logic in bitcoin core I very carfully and intentionally capped it so at best the spend makes the utxo consumption 'free', but never negative in cost.
bendavenport has quit [Quit: bendavenport]
<bramc>
gmaxwell, I'm assuming some kind of fee structure imposed by the blockchain itself, including the possibility for the fee to go negative in this extreme case, and narcissistic randian calculation on the part of local wallets
Ylbam has quit [Quit: Connection closed for inactivity]
orik has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
<bramc>
Your treehugger notions of default altruistic behavior in the bitcoin core are ridiculous. Obviously all end users will hand modify and recompile their wallets to optimize for transaction fees.
c0rw1n has quit [Read error: Connection reset by peer]
c0rw1n has joined #bitcoin-wizards
<gmaxwell>
bramc: what I just described avoids the bad behavior. Basically if you cap the benefit of consuming a utxo so that it can never go negative (but instead perhaps be small) it won't create crazy incentives like creating lots of utxo so you can burn them later. And yea, w/ priority there is no real incentive to follow it, but the same kind of logic should be workable to things that can't just be by
<gmaxwell>
passed.
orik has joined #bitcoin-wizards
<bramc>
gmaxwell, Ideally if there's reward for destroying utxos there should be punishment for creating them in the first place (although that's covered somewhat reasonably by per-byte transaction fees)
<gmaxwell>
right, but now imagine that you have a block cost limit that is creating a limited supply for space. If utxo consumption has a sufficiently negative cost it would be in your interest to make sure you always emit a maximum size block to store up the cost for the future, if there aren't otherwise enough transactions to fill it.
gielbier has quit [Read error: Connection reset by peer]
snthsnth has joined #bitcoin-wizards
chris13243 has quit [Ping timeout: 252 seconds]
<bramc>
Yes, it isn't clear how to make an incentive for reducing utxos which doesn't also create a bunch of nasty side effects
<bramc>
I haven't really thought about this before except in the most vague and hand-wavy of ways. I don't really like it.
belcher has quit [Quit: Leaving]
snthsnth has quit [Ping timeout: 272 seconds]
Dr-G has quit [Disconnected by services]
Dr-G2 has joined #bitcoin-wizards
Giszmo has quit [Quit: Leaving.]
chris13243 has joined #bitcoin-wizards
Giszmo has joined #bitcoin-wizards
AaronvanW has joined #bitcoin-wizards
maaku has quit [Remote host closed the connection]
maaku has joined #bitcoin-wizards
maaku is now known as Guest88900
mnsl has joined #bitcoin-wizards
wallet42 has joined #bitcoin-wizards
orik has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
zooko has joined #bitcoin-wizards
chris13243 has quit [Ping timeout: 256 seconds]
MagikSquirrel has quit [Ping timeout: 240 seconds]
mnsl_ has joined #bitcoin-wizards
Giszmo has quit [Quit: Leaving.]
mnsl has quit [Ping timeout: 246 seconds]
AaronvanW has quit [Ping timeout: 246 seconds]
roconnor has joined #bitcoin-wizards
MagikSquirrel has joined #bitcoin-wizards
zooko has quit [Ping timeout: 264 seconds]
MagikSquirrel has quit [Ping timeout: 240 seconds]
davec has quit [Read error: Connection reset by peer]
King_Rex has quit [Remote host closed the connection]
davec has joined #bitcoin-wizards
sparetire_ has quit [Quit: sparetire_]
jtimon has quit [Ping timeout: 264 seconds]
CodeShark has quit [Ping timeout: 240 seconds]
TheSeven has quit [Disconnected by services]
[7] has joined #bitcoin-wizards
MagikSquirrel has joined #bitcoin-wizards
Guest88900 has quit [Remote host closed the connection]
c-cex-yuriy has quit [Quit: Connection closed for inactivity]
<Taek>
much appreciated. like the push to accompany ideas with their criticisms
<Taek>
*I like
nwilcox has quit [Ping timeout: 240 seconds]
ASTP001 has joined #bitcoin-wizards
<kanzure>
so far that "push" hasn't actually worked! seems that i have to keep manually adding the criticism, instead of authors doing this on their own.
<kanzure>
(in some cases, it's hard to know that criticism even exists at all; not everyone monitors all irc channels for all possible forms of criticism, although it would make sense to consider -wizards an obvious place to look......)
<Taek>
I haven't made any proposals recently but I'm committed to collecting criticisms I receive.
Yoghur114 has quit [Remote host closed the connection]
Yoghur114 has joined #bitcoin-wizards
zooko has quit [Remote host closed the connection]
Yoghur114 has quit [Remote host closed the connection]
<kanzure>
"Fraud proof removes all the attacker's revenue. It's like the attacker sacrifices an entire block for double spending in the current system. I think Luke-Jr got it right at that discussion."
<kanzure>
but... you missed all the stuff about out-of-band fees (OP_TRUE), or the inherent unreliability and meaninglessness of the lesser confirmation type....
<kanzure>
someone else will have to reply to that email; i don't care enough.
<kanzure>
(it's bad enough that i have to aggregate this information for the authors; even worse that they don't actually read it?)
Yoghur114 has joined #bitcoin-wizards
Yoghur114 has quit [Remote host closed the connection]
Yoghur114 has joined #bitcoin-wizards
eudoxia has joined #bitcoin-wizards
<gmaxwell>
even at the worst, where there is no incentive argument, it might not be so bad.
<gwillen>
kanzure: I've been collaborating with them -- I can try to pass stuff along
<gmaxwell>
(at least in the presence of subsidy)
<gwillen>
I don't promise to agree with all of it obviously but I will at least make sure it gets to their attention :-)
<kanzure>
out-of-band fees, the "weaker" confirmations are useless because everyone has to wait for the "real" confirmations because of double spending problems, subsidy revocation is not enough because they might have earned other fees during the attacks anyway
zooko has joined #bitcoin-wizards
gielbier has joined #bitcoin-wizards
<gwillen>
with regard to the weaker confirmations being useless, I think they're not useless, they're ... weaker
<gwillen>
as advertised
<kanzure>
what possible utility is there?
<kanzure>
faster transaction propagation for the upcoming real blocks? eg. a variant of weak-blocks or near-blocks? because that didn't seem to be the motivation.......
<gwillen>
it seems like you're conflating "the level of assurance that a bitcoin confirmation provides" with "any level of assurance at all"
<kanzure>
yes, you have to look at worst-case
<gwillen>
my impression at present is that, in the worst case, there are real incentives backing the weaker confirmations
<kanzure>
huh?
<gmaxwell>
At least the argument for assurance in the paper gives no assurance for them in the case where users/miners are rationally fee hiding and where there is no subsidy; I believe.
<gwillen>
hmmm, I need to sit down and study the case without subsidy
bramc has joined #bitcoin-wizards
<gwillen>
I have been modelling the case with subsidy in my head
<gmaxwell>
Yes, but thats mistaken. For two reasons: one subsidy goes to nothing, and two subsidy is not infinite in size (and goes down), and attackers pick the size of the attack, so there is some aggregate attack that can eclipse any subsidy.
<gmaxwell>
It's tricky, because bitcoin is also not awesome in these cases; but at least its differently bad (you can't costlessly tear off blocks in the longest chain race).
zooko has quit [Ping timeout: 240 seconds]
<gmaxwell>
also when you consider "bitcoin compatable" propagation improvements like weak block schemes the two things become much closer in behavior. So what exactly should it be compared against?
Guest31036 is now known as smooth
<gmaxwell>
gwillen: as an aside, why are there multiple microblocks? why is there not just one microblock which the miner is allowed to replace with purely additive extensions (perhaps in the safe-rbf "each txout recieves >= the amount of coins, sense or something more limited, like just appending)?
<Taek>
I don't see why you couldn't have just a single iterative microblock, that seems completely up to the miner
<Taek>
Also, thinking about the fee splitting, it seems that the fee splitting is purely to protect the creator of the microblocks
<gmaxwell>
The distinction could then be that the permitted rate of new microblocks could be much faster-- basically 1 update per new transaction that comes in-- e.g. just send the new transaction and the new signature to append to the currently open microblock.
mnsl has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
<gmaxwell>
Taek: you can't 'just' do that because it interacts with the fraud proofs.
<Taek>
oh right
<kanzure>
"That conversation missed a second issue. Namely that there is no way to punish people if there is a double spend in a micro block that happens in key block which reorg'd away the first transaction. eg one miner mines a transaction in a micro block, another miner (either by not having seen the first yet, or being malicious - potentially the same miner) mines a key block which reorgs away the first micro block and then, in their first ...
<kanzure>
... micro block, mines a double spend. This can happen at any time, so you end up having to fall back to regular full blocks for confirmation times :(."
<kanzure>
"so you end up having to fall back to regular full blocks for confirmation times" as a conclusion was in the original conversation, but yeah not that reasoning, which is a good point
<gmaxwell>
Taek: as far as the splitting goes; it's argued that this creates the incentive for the next miner to not just tear off the last key's transactions and include them himself; but he gets 60% of the fees for not tearing, instead of 40% of if he did. But this logic is incorrect.
<gmaxwell>
Taek: because instead he can get (say) 90% of the fees by allowing the user to pay the fees 'out of (fee) band'. E.g. gives the users a discount on fees if they send him copies that pay him exclusively via outputs.
<Taek>
right
<Taek>
but, by accepting fees out-of-band, the miner is opening itself up to potential censorship
<gmaxwell>
Taek: he can always also roll some fees forward.
<kanzure>
locktime trickery?
<gmaxwell>
No doubt there is some equlibrium but I don't see any reason why it's stable. (e.g. you can always make more by taking a bit more)
<Taek>
which makes me think that the scheme isn't so broken - instead of forcing a 40-60 split, you let miners choose splits
<Taek>
b/c the entity being protected by the split is the entity choosing the split
<gmaxwell>
Taek: you can do that but the market process destroys few-conf security by upsetting convergence.
<gmaxwell>
esp since other miners can't even tell for sure what the real fee is.
<gmaxwell>
and they now have costless strategic behavior of ripping out the microblocks that bitcoin doesn't have. (it's not costless in bitcoin, even with no fees; because of the best work chain selection metric)
<gmaxwell>
Taek: fwiw, I really want any bitcoin hardfork to include the ability of coinbases to spend coinbase outputs without maturity, so miners can roll fees forward to incentivize extension of their blocks... I don't think those ideas are nuts even if they can be bypassed; but I think all this really weaks the security argument for the NG microblocks.
mnsl has joined #bitcoin-wizards
<Taek>
I agree, the NG security model seems pretty fragile.
<gwillen>
sorry, I now want to catch up all that's just been said here but I just sat down to eat lunch
<gmaxwell>
mmm. lunch.
nwilcox has joined #bitcoin-wizards
<Taek>
wrt miners rolling fees forward - may not be necessary if there's a large enough backlog of transactions at all times
<Taek>
miner's aren't incentivized to snipe blocks unless reward could be doubled by doing so
<gmaxwell>
Taek: Yes, I believe it is not strictly needed, so long as the blocksize limit is tight enough relative to the offered load that there is always a backlog of fairly uniform fees.
<gmaxwell>
Taek: also depends on the hashrate distribution.
<Taek>
true, much less of a problem if the hashrate is very well distributed
<gmaxwell>
but imagine that a bogon transaction comes in with a fee larger than the backlog. ... do you .. uh.. not mine it because doing so greatly increases you sniping risk? that would be nuts!
<gmaxwell>
Instead, what you should do is pay forward any excess so that the next miner will make just as much as you do.
<gmaxwell>
(e.g. he takes his gulp of the backlog and it's less than yours, but you rolled forward enough to make up for it)
paveljanik has joined #bitcoin-wizards
<Taek>
you don't mine it so you decentivize bogons :P
<gmaxwell>
lol but thats nuts, it just encourages miners to play chicken. :)
<Taek>
in all seriousness though, if you are relying on a transaction backlog then you have a non-technological reason to limit the blocksize
<Taek>
which is ideally a bottleneck that we'd like to eliminate
bedeho has quit [Ping timeout: 250 seconds]
<gmaxwell>
perhaps some people in all their eager and zeal forget that bitcoin is not secure from a cryptographic perspective; and in spite of decades of work no real progress has been made on a cryptographically secure decenteralized consensus system. ... there is always going to be a very strong economic component to bitcoin's security.
snthsnth has joined #bitcoin-wizards
<gmaxwell>
in any case, fee roll-forward reduces the need for backlog; ... and in the presence of some amount of altruistic hashpower it might be enough that the confirmation time isn't infinite.
<gmaxwell>
Better to have that ability than not have it (or have it really poorly as we do now).
afk11 has quit [Ping timeout: 265 seconds]
orik has joined #bitcoin-wizards
priidu has joined #bitcoin-wizards
bramc has quit [Quit: This computer has gone to sleep]
giel__ has joined #bitcoin-wizards
hazirafel has joined #bitcoin-wizards
gielbier has quit [Ping timeout: 240 seconds]
afk11 has joined #bitcoin-wizards
priidu has quit [Read error: Connection reset by peer]
giel__ is now known as gielbier
ThomasV has joined #bitcoin-wizards
shen_noe has quit [Ping timeout: 255 seconds]
priidu has joined #bitcoin-wizards
bramc has joined #bitcoin-wizards
shen_noe has joined #bitcoin-wizards
snthsnth has quit [Ping timeout: 250 seconds]
belcher has joined #bitcoin-wizards
blackwraith has joined #bitcoin-wizards
shen_noe has quit [Quit: Leaving]
priidu has quit [Ping timeout: 240 seconds]
maraoz has joined #bitcoin-wizards
bsm1175321 has joined #bitcoin-wizards
Guyver2 has quit [Quit: :)]
maraoz has quit [Ping timeout: 240 seconds]
snthsnth has joined #bitcoin-wizards
<Eliel>
I kind of like the microblock idea in that NG paper, but having to have a leader to monopolize creating them is somewhat undesirable. I think you could use a more traditional consensus algorithm in between blocks to pick the contents for the microblocks and replace the leader election with a mechanism for deciding which nodes can participate.
bedeho has joined #bitcoin-wizards
<Eliel>
umm, not election, lottery. (I guess I need to start thinking about sleeping)
<gmaxwell>
Eliel: har har. gwillen was telling me earlier today he was proposing that to the paper's authors (he's collaborating with them some)
<gwillen>
gmaxwell: yeah, specifically, the thing that we talked about last year sometime, which turned out to be similar to what ended up as bitcoin-ng, used a scheme like that
<gmaxwell>
I pointed out in response that one must be careful to not amplify censorship problems. E.g. if some of the elected signers costlessly say "haha, no screw you, I won't sign for that-- drop that wikileaks transaction and we'll talk" it can amplify miners ability to cheaply deny txn.
<gmaxwell>
gwillen: oh yea right.
maraoz has joined #bitcoin-wizards
<gwillen>
gmaxwell: I still want to talk about the censorship things so I understand why it would make it worse vs. better to add more signers -- once I'm not in a meeting
nwilcox has quit [Ping timeout: 255 seconds]
Burrito has joined #bitcoin-wizards
bedeho has quit [Ping timeout: 240 seconds]
<gmaxwell>
K. No rush... main point was that more signers always mean more people with a veto: Keep in mind that disjoint set requires at least a majority (and presumably you'd like to be byzantine secure...). Plus the power to block is further amplified by parties that go offline.
JackH has joined #bitcoin-wizards
<amiller>
i like the idea of using p2pool shares / partial proofs of work / whatever we're calling it to act as partial confirmations... i haven't figured out how that relates to bitcoin-ng yet, if at all
<gmaxwell>
I think it's related, but not isomorphic.
<Eliel>
ok, so a consensus set of one leader might actually end up having better anti-censorship properties...
<gwillen>
amiller: I think one of the reasons I put the ng-like idea down last year was that I got convinced that p2pool shares are an easier way to accomplish similar ends
<gwillen>
but that doesn't seem to be interesting enough for people to make it happen ;-)
<gmaxwell>
The observation around shares is that the benefits bitcoinNG provides is basically by having a consensus before the consensus. (the consensus by this definition in bitcoin NG is the next keyblock)
<Eliel>
gwillen: for what it's worth, I've been thinking about something along those lines too. using partial proofs to get an idea of what transaction set miners are actually mining.
<kanzure>
Eliel: lookup near-block and weak-block for that
<gwillen>
right, which ng-style doesn't give you
<gmaxwell>
In the case of bitcoinNG the consensus before the consensus is a 'proof of stake' by the last keyblock miner.
<gmaxwell>
In the case of the weak-blocks stuff we were talking about it is (some) hashcash scheme.
<gmaxwell>
in both cases the propagation of transaction data is removed from the critical path in the top level POW scheme; which is what gives the gains.
<Eliel>
but more generally, I'm intrigued by the possibility of using a fast to converge but weak in the long run consensus mechanism for the immediate future and then adding PoW on top and completely forgetting about the weaker system after there's that.
<gmaxwell>
Both bitcoinng and the weakblocks schemes seem to have bad behavior in the worst case under strageic or malicious operation by miners. :(
<gmaxwell>
which might degread the utility of the weak confirmations.
<Eliel>
it could degrade it sure, but that's not the important question. The question is, would it degrade too much to be useful?
<kanzure>
weak-blocks was for transaction and block propagation reasons, if that's the motivation then whatever, but iirc that was not the motivation in that design
<gmaxwell>
well also how do bitcoinng and weakblock schemes degrade?
<gmaxwell>
kanzure: if you look at the bitcoinng paper all their analysis is around convergence times, and preservation of fairness for large transaction throughput rates.
bendavenport_ has joined #bitcoin-wizards
<gmaxwell>
the zero conf aspect could be ignored.
<kanzure>
oh
<gmaxwell>
kanzure: more clear from the paper than the presentation. IMO.
* gwillen
happens to like it for improved zeroconf
<gwillen>
but I could be wrong about its utility for that.
<kanzure>
yeah i sort of skipped to the section of the paper about attacks/defenses, didn't read anything else :-)
bendavenport has quit [Read error: Connection reset by peer]
bendavenport_ is now known as bendavenport
dEBRUYNE_ is now known as dEBRUYNE
<gmaxwell>
Well it's pretty weak, like if you are willing to accept sybiling attackers which could totally network isolate you; then I think the NG scheme is of very low value for zeroconf.
<gmaxwell>
but so are weak block schemes unless you use ghost-like augmentation of longest chain selection via them.
<Eliel>
I don't think sybil attacks are a problem for the long term. They're pretty difficult to pull off against a target that's actively trying to make that difficult. They're only a problem against targets who don't know how or care.
paveljanik has quit [Quit: Leaving]
snthsnth has quit [Ping timeout: 244 seconds]
PRab has quit [Read error: Connection reset by peer]
belcher has quit [Read error: Connection reset by peer]
belcher has joined #bitcoin-wizards
ThomasV has quit [Ping timeout: 240 seconds]
<kanzure>
lmatteis: i don't have my links with me at the moment, but there was an excellent academic page about the problem with different voting/election schemes and their consequences (from a math perspective).
<kanzure>
(the link is in the logs for this channel though, i think it has "votesim" in the url)
<gmaxwell>
lmatteis: do your slides explain why you think you can avoid the reliable failure of every similar system that has come before and become popular-- including slashdot, digg, kuro5hin, and (increasingly) reddit itself-- where dishonest manipulators game the system to gain huge advantage over ordinary valuable users (who's contributions are valuable enough that they're happy to take their ball else
<gmaxwell>
where, rather than participate in the game for points)?
<lmatteis>
not really, but because the points are somewhat scarce (similar to bitcoins), you can only game it so much
<lmatteis>
kanzure: that page is blank on all browsers i tried
<kanzure>
gmaxwell: i think reddit should be running far more experiments at-scale about alternatives to voting.
<kanzure>
e.g. randmoly segment the population and have 1k groups tested against different signal/noise filtration systems
[7] has quit [Ping timeout: 240 seconds]
TheSeven has joined #bitcoin-wizards
eudoxia has quit [Quit: Leaving]
<kanzure>
one strategy i was considering for mailing lists was to hire a technical editor to serve as moderator, who would work with each emailer to revise and elaborate on emails to make them even higher signal.
<gmaxwell>
lmatteis: I don't see how that argument works. What I think matters is the ratio of manipulating usage to honest usage. But honest users are already giving graciously of their time and participate at a loss, they don't want to amplify their loss by participating in a complex scheme. So most of the participants are manipulators.
<lmatteis>
what do you mean by "game the system"?
<gmaxwell>
lmatteis: we've seen this with bitcoin-OTC, to get usefully ranked you (mostly) have to trade (a cost) with other established members--- and yet some of the most highly rated users ever have been scammers. (e.g. pirate40, aethero)
<gmaxwell>
lmatteis: that depends on the details of the system; in the case of otc and ebay the easiest way to farm reputation is to make lots of near-par/slight-loss small (and nearly zero sum) transactions... also be aware of all the rules of the system, be sure to nag others to rate you, grant reciprical ratings very liberally to encourage positive ratings of you.
<gmaxwell>
In the case of reddit, people run bots to repost highly rated content.
<gmaxwell>
(and specialize in doing so, then later sell the 'high reputation' accounts to marketers and trolls)
<lmatteis>
right
<lmatteis>
i guess that kind of gaming is somewhat inevitable, even with centralized systems analyzing everything
hazirafel has quit [Read error: Connection reset by peer]
<lmatteis>
so my idea wasn't meant to solve all of that
<lmatteis>
rather, a platform to enable free discussion
<kanzure>
oh, you mean a remailer?
bedeho has quit [Ping timeout: 260 seconds]
<lmatteis>
yup... i sat out to build a spamming system :)
<kanzure>
what?
<kanzure>
i mean the mail mixer one
<lmatteis>
my intuition is rather basic: points are scarce; users earn points by posting relevant content; DHT keys are ranked this way. gaming the system by constantly posting good content, can be considered gaming, but if there are people willing to upvote, so be it
PRab has joined #bitcoin-wizards
<lmatteis>
there are certain measures i describe in the paper, such as constant amounts. for instance, a transaction (aka vote) can only be of 1 point to the recipient and 1 to the miner
hazirafel has joined #bitcoin-wizards
<lmatteis>
a horrible side effect of all of this is that only users with points can upvote content, which might not be exactly what i was hoping for
<gmaxwell>
lmatteis: sounds like the reddit problem; people will gain 1000 fold the points by using a reposting bot.
<lmatteis>
but surely that repost was upvoted by others with points... so if they can pull it off, they deserve the extra points
<lmatteis>
and again, users can't create N accounts and upvote themselves, points are scarce and can only either be mined or received
bramc has quit [Quit: This computer has gone to sleep]
<gmaxwell>
turns out lots of people upvote cat pictures that were posted less expertly a week before. :) and, of course, if you make poits costly then people whom gain from gaiming will pay that cost easily while people like me, who consider their time valuable will say "uh, no thanks"
Dizzle has quit [Quit: Leaving...]
<Taek>
difficult to predict without having actual data+research, but I imagine that costly votes would change the behavior of the common voter out of favor of 'candy' such as cat pics or buzzfeed, and more heavily towards 'meat' like interesting news
<gmaxwell>
You're presuming there even is a common voter. Just getting people to participate in ratings schemes even when doing so is free is hard. (e.g. on reddit only a tiny tiny fraction of the viewers vote already)
AnoAnon has joined #bitcoin-wizards
AnoAnon has quit [Max SendQ exceeded]
the`doctor has joined #bitcoin-wizards
bramc has joined #bitcoin-wizards
<amiller>
has there been any discussion of the countermeasures suggested in "Tampering with the Delivery of Blocks and Transactions in Bitcoin" https://eprint.iacr.org/2015/578
<amiller>
one of them is just to send the 80 byte header rather than the 32 byte inv
blackwraith has quit [Read error: Connection reset by peer]
<amiller>
another is to randomly select among the nodes that advertised a block
<gmaxwell>
amiller: randomly selecting depends on delaying your response. Sending the header doesn't solve the issue.
<gmaxwell>
It's a tradeoff with the inv process. If you are overeager on bypassing inv you waste bandwidth. Because the design of bitcoin core has no feedback when a block is in flight but not recieved yet, we risk congestion collapse if the timeout is too twitchy.
<amiller>
i think the idea is that you should query the first advertiser immediately... but after a (short, dynamic) timeout, randomly select among the remaining ones
<kanzure>
also you should in general remember where you learned about other peers (if it's from the same machine as an advertisement... might not be good)
rusty has joined #bitcoin-wizards
<gmaxwell>
amiller: yes, thats what I ment by delaying. But if you aren't utterly latency critical, you're not mining, and then the current behavior isn't too terribly concerning; you'll converge eventually.
blackwraith has quit [Read error: Connection reset by peer]
<gmaxwell>
e.g. you'll time them out and disconnect them on the first unanswered request after 20 minutes.
<gmaxwell>
I suppose if they had multiple low latency peers they could manage to keep racing and winning.
erasmospunk has quit [Ping timeout: 240 seconds]
<gmaxwell>
in any case, as mentioned sending the header first doesn't help. They can still stall you on the actual block transfer.
Yoghur114 has quit [Remote host closed the connection]
priidu has joined #bitcoin-wizards
<phantomcircuit>
and for today i shall try to remove all the networking code from bitcoin core
<phantomcircuit>
this should be interesting
<phantomcircuit>
oh boy
<phantomcircuit>
nvm
<maaku>
when phantomcircuit says "this should be interesting", I get very worried
<bramc>
The benefit to not having a UX is there's no way for networking code to be embedded deep in the UX code.
nwilcox has quit [Ping timeout: 250 seconds]
orik has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
<maaku>
possibly useful musing for bitcoinng - have the mining income either (a) spendable by proof-of-double-commitment by miner, or (b) perhaps more simply have the commitment be a single-use signature scheme
lecusemb1e has quit [Ping timeout: 264 seconds]
lecusemble has joined #bitcoin-wizards
bsm1175321 has quit [Ping timeout: 272 seconds]
rusty has quit [Ping timeout: 240 seconds]
bedeho has joined #bitcoin-wizards
bedeho has quit [Remote host closed the connection]
bedeho_ has joined #bitcoin-wizards
DougieBot5000 has joined #bitcoin-wizards
bramc has quit [Quit: Leaving]
alpalp has joined #bitcoin-wizards
lecusemble has quit [Ping timeout: 260 seconds]
jgarzik has joined #bitcoin-wizards
jgarzik has joined #bitcoin-wizards
jgarzik has quit [Remote host closed the connection]
davispuh has quit [Remote host closed the connection]
paci has quit [Ping timeout: 240 seconds]
paci has joined #bitcoin-wizards
bramc has joined #bitcoin-wizards
paci_ has joined #bitcoin-wizards
mnsl has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
gill3s has quit [Read error: Connection reset by peer]
MoALTz has quit [Read error: Connection reset by peer]