Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 6A60936 for ; Thu, 17 May 2018 20:19:19 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-qk0-f169.google.com (mail-qk0-f169.google.com [209.85.220.169]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id E4B7D6A3 for ; Thu, 17 May 2018 20:19:18 +0000 (UTC) Received: by mail-qk0-f169.google.com with SMTP id d125-v6so4694925qkb.8 for ; Thu, 17 May 2018 13:19:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=iv0TCaZzIjDfZrH2PPp5F8EAAEPXWd3j602StFfqCvk=; b=PZncOYop8c1e6OZzSCvD11ikYr8xUoLECBnRRnq7/E/lPXBzSizkqVNY4ED4kIQe3h nRvkaXuHbAxYFVJntE+nxY3imnIislyDq3Efs4DAGC9fSNNYU8ooAk5kni1htbMNKKy0 agOcxsYz0Heeju1IMozERkcLET0ivroGjTKlIY58IK7L5DD6MAM43E3pW+plWoKkLN0W 8bqHNgSH4Bk7YYBthxxD3SpXn3PwAe68AtpmP2u2UTFDmGsQxFjcSQVbNgXIwpb/9/XR /RIq1tPiPEU0ZHGCUYB7E1Hf0xW8IZk+n1J3IGCwwIC4FQd34z7uvIjaCSrq+Mt2hhCR j03w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=iv0TCaZzIjDfZrH2PPp5F8EAAEPXWd3j602StFfqCvk=; b=Z0IXrza2GiPk/XFDFWrJwNrEaKlnFtNeV0VadCrwaKI6EYMqjKsfYpbnQRzTYCnvlu xzeHBqfABNhtsL+BDraMZdmTje0U9z6hPLyCY6TU7BCQrwxzWd1W3D2bv7BuKbD1kw3x 8kTUEYp6NtXl0/raZVSKwhjjU8tZR05XUUbvlMj6P0RBE7KCXq37bZIa3M+ro3r79+Ew haNT39rJAeONtJMjnbAL4iGaYoc0mwtOjQdssA6zDNojRwNuPrbTCXY3ltPR1MdSb75L B44iKnLKxO3m2Itg+b5/s7TUeb9F0n+7N4GPCO9Kx3OEDCLQ04xfmajTfd4820iJDCUA QrEQ== X-Gm-Message-State: ALKqPwdIcWtzOTd+45mAk03fPTQA5GVQ/ZHQ89RN+o6n0T8tgcCcmzed hToAySeobo9Hswq42SZH9hyXb+3M5zGvf7pncjM= X-Google-Smtp-Source: AB8JxZp1DTUDl0PgSHzN0xAGBbBfP8qG4eHpSf/JnVrGlr81DZRkblnCanO5Wyia2c7hnrQbwhXBaS5tng6xXUv0p4k= X-Received: by 2002:a37:2287:: with SMTP id i129-v6mr6169195qki.209.1526588357955; Thu, 17 May 2018 13:19:17 -0700 (PDT) MIME-Version: 1.0 Received: by 10.200.50.92 with HTTP; Thu, 17 May 2018 13:19:17 -0700 (PDT) In-Reply-To: References: <22d375c7-a032-8691-98dc-0e6ee87a4b08@mattcorallo.com> From: Jim Posen Date: Thu, 17 May 2018 13:19:17 -0700 Message-ID: To: Gregory Maxwell , Bitcoin Protocol Discussion Content-Type: multipart/alternative; boundary="000000000000cb58c4056c6c8c87" X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM, HTML_MESSAGE, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org X-Mailman-Approved-At: Thu, 17 May 2018 20:21:04 +0000 Subject: Re: [bitcoin-dev] BIP 158 Flexibility and Filter Size X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 May 2018 20:19:19 -0000 --000000000000cb58c4056c6c8c87 Content-Type: text/plain; charset="UTF-8" > > I think lite clients cross checking is something which very likely > will never be implemented by anyone, and probably not stay working > (due to under-usage) if it is implemented. This thought is driven by > three things (1) the bandwidth overhead of performing the check, (2) > thinking about the network-interacting-state-machine complexity of it, > and by the multitude of sanity checks that lite clients already don't > implement (e.g. when a lite client noticed a split tip it could ask > peers for the respective blocks and check at least the stateless > checks, but none has ever done that), and... > In my opinion, it's overly pessimistic to design the protocol in an insecure way because some light clients historically have taken shortcuts. If the protocol can provide clients the option of getting additional security, it should. On the general topic, Peter makes a good point that in many cases filtering by txid of spending transaction may be preferable to filtering by outpoint spend, which has the nice benefit that there are obviously fewer txs in a block than txins. This wouldn't work for malleable transactions though. I'm open to the idea of splitting the basic filter into three separate filters based on data type, but there are some bandwidth concerns. First, the GCS encoding gets better compression with a greater number of elements, though as I recall in my analysis, that starts to tail off at ~1000 elements per filter with P=20, in which case it's not as much of a concern given current block sizes. The other is that clients need to download and/or store the filter header chain for each filter type, which are 32 bytes each per block. So if a client is expected to download all three filter types anyway, or even two of three, it's less efficient in these terms. It would be possible though to split the filters themselves, but still have the basic filter header cover all three filters. This would mean that full nodes could not support just a subset of the basic filters -- they'd have to compute all of them to compute the filter header. --000000000000cb58c4056c6c8c87 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
I think lite clients cross checking is something= which very likely
will never be implemented by anyone, and probably not stay working
(due to under-usage) if it is implemented.=C2=A0 This thought is driven by<= br> three things=C2=A0 (1) the bandwidth overhead of performing the check, (2)<= br> thinking about the network-interacting-state-machine complexity of it,=
and by the multitude of sanity checks that lite clients already don't implement (e.g. when a lite client noticed a split tip it could ask
peers for the respective blocks and check at least the stateless
checks, but none has ever done that), and...

In my opinion, it's overly pessimistic = to design the protocol in an insecure way because some light clients histor= ically have taken shortcuts. If the protocol can provide clients the option= of getting additional security, it should.
=C2=A0
On the general topic, Peter makes a g= ood point that in many cases filtering by txid of spending transaction may = be preferable to filtering by outpoint spend, which has the nice benefit th= at there are obviously fewer txs in a block than txins. This wouldn't w= ork for malleable transactions though.

I'm ope= n to the idea of splitting the basic filter into three separate filters bas= ed on data type, but there are some bandwidth concerns. First, the GCS enco= ding gets better compression with a greater number of elements, though as I= recall in my analysis, that starts to tail off at ~1000 elements per filte= r with P=3D20, in which case it's not as much of a concern given curren= t block sizes. The other is that clients need to download and/or store the = filter header chain for each filter type, which are 32 bytes each per block= . So if a client is expected to download all three filter types anyway, or = even two of three, it's less efficient in these terms. It would be poss= ible though to split the filters themselves, but still have the basic filte= r header cover all three filters. This would mean that full nodes could not= support just a subset of the basic filters -- they'd have to compute a= ll of them to compute the filter header.
--000000000000cb58c4056c6c8c87--