MIME-Version: 1.0
In-Reply-To: <CAAS2fgTr-OuL3T6mXX-4xFC_LHnAiogTTcPMbcjsM7WtRisQEQ@mail.gmail.com>
References: <CABsx9T2+dG0AE+MgKRAU97KhkHTU1MuxXuwHKv3BgpJswZ5vVg@mail.gmail.com>
	<CABaSBaxcDRzw0X7-fAfxPJyLcWxTHigpHuAPb4aNQ5zk5NoDCQ@mail.gmail.com>
	<CAAS2fgTr-OuL3T6mXX-4xFC_LHnAiogTTcPMbcjsM7WtRisQEQ@mail.gmail.com>
Date: Wed, 23 Sep 2015 17:37:25 -0400
Message-ID: <CABsx9T3NFRO5nw3z=jrs0Hu3caVNkkTTTb1ibqR7LMWsoou9RQ@mail.gmail.com>
From: Gavin Andresen <gavinandresen@gmail.com>
To: Gregory Maxwell <gmaxwell@gmail.com>
Content-Type: multipart/alternative; boundary=001a11c223d8ae3c40052070eb81
Cc: Bitcoin Dev <bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] Weak block thoughts...
Precedence: list

--001a11c223d8ae3c40052070eb81
Content-Type: text/plain; charset=UTF-8

On Wed, Sep 23, 2015 at 3:24 PM, Gregory Maxwell <gmaxwell@gmail.com> wrote:

> On Wed, Sep 23, 2015 at 3:43 PM, Gavin Andresen via bitcoin-dev
> <bitcoin-dev@lists.linuxfoundation.org> wrote:
> [...]
> > A miner could try to avoid validation work by just taking a weak block
> > announced by somebody else, replacing the coinbase and re-computing the
> > merkle root, and then mining. They will be at a slight disadvantage to
> fully
>
> Take care, here-- if a scheme is used where e.g. the full solution had
> to be exactly identical to a prior weak block then the result would be
> making mining not progress free because bigger miners would have
> disproportionately more access to the weak/strong one/two punch. I
> think what you're thinking here is okay, but it wasn't clear to me if
> you'd caught that particular potential issue.
>

I'm assuming the optimized protocol would be forward-error-coded (e.g.
using IBLTs)  and NOT require the full solution (or follow-on weak blocks)
to be exactly the same.


> Avoiding this is why I've always previously described this idea as
> merged mined block DAG (with blocks of arbitrary strength) which are
> always efficiently deferentially coded against prior state. A new
> solution (regardless of who creates it) can still be efficiently
> transmitted even if it differs in arbitrary ways (though the
> efficiency is less the more different it is).
>

Yup, although I don't get the 'merge mined' bit; the weak blocks are
ephemeral, probably purged out of memory as soon as a few full blocks are
found...


> I'm unsure of what approach to take for incentive compatibility
> analysis. In the worst case this approach class has no better delays
> (and higher bandwidth); but it doesn't seem to me to give rise to any
> immediate incrementally strategic behavior (or at least none worse
> than you'd get from just privately using the same scheme).
>

I don't see any incentive problems, either. Worst case is more miners
decide to skip validation and just mine a variation of the
highest-fee-paying weak block they've seen, but that's not a disaster--
invalid blocks will still get rejected by all the non-miners running full
nodes.

If we did see that behavior, I bet it would be a good strategy for a big
hashrate miner to dedicate some of their hashrate to announcing invalid
weak blocks; if you can get your lazy competitors to mine it, then you
win....

-- 
--
Gavin Andresen

--001a11c223d8ae3c40052070eb81
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div class=3D"gmail_extra"><div class=3D"gmail_quote">On W=
ed, Sep 23, 2015 at 3:24 PM, Gregory Maxwell <span dir=3D"ltr">&lt;<a href=
=3D"mailto:gmaxwell@gmail.com" target=3D"_blank">gmaxwell@gmail.com</a>&gt;=
</span> wrote:<br><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .=
8ex;border-left:1px #ccc solid;padding-left:1ex"><span class=3D"">On Wed, S=
ep 23, 2015 at 3:43 PM, Gavin Andresen via bitcoin-dev<br>
&lt;<a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org">bitcoin-dev@li=
sts.linuxfoundation.org</a>&gt; wrote:<br></span>[...]<br>
<span class=3D"">&gt; A miner could try to avoid validation work by just ta=
king a weak block<br>
&gt; announced by somebody else, replacing the coinbase and re-computing th=
e<br>
&gt; merkle root, and then mining. They will be at a slight disadvantage to=
 fully<br>
<br>
</span>Take care, here-- if a scheme is used where e.g. the full solution h=
ad<br>
to be exactly identical to a prior weak block then the result would be<br>
making mining not progress free because bigger miners would have<br>
disproportionately more access to the weak/strong one/two punch. I<br>
think what you&#39;re thinking here is okay, but it wasn&#39;t clear to me =
if<br>
you&#39;d caught that particular potential issue.<br></blockquote><div><br>=
</div><div>I&#39;m assuming the optimized protocol would be forward-error-c=
oded (e.g. using IBLTs) =C2=A0and NOT require the full solution (or follow-=
on weak blocks) to be exactly the same.</div><div><br></div><blockquote cla=
ss=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;pa=
dding-left:1ex"><br>
Avoiding this is why I&#39;ve always previously described this idea as<br>
merged mined block DAG (with blocks of arbitrary strength) which are<br>
always efficiently deferentially coded against prior state. A new<br>
solution (regardless of who creates it) can still be efficiently<br>
transmitted even if it differs in arbitrary ways (though the<br>
efficiency is less the more different it is).<br></blockquote><div><br></di=
v><div>Yup, although I don&#39;t get the &#39;merge mined&#39; bit; the wea=
k blocks are ephemeral, probably purged out of memory as soon as a few full=
 blocks are found...</div><div>=C2=A0</div><blockquote class=3D"gmail_quote=
" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">I=
&#39;m unsure of what approach to take for incentive compatibility<br>
analysis. In the worst case this approach class has no better delays<br>
(and higher bandwidth); but it doesn&#39;t seem to me to give rise to any<b=
r>
immediate incrementally strategic behavior (or at least none worse<br>
than you&#39;d get from just privately using the same scheme).<br></blockqu=
ote><div><br></div><div>I don&#39;t see any incentive problems, either. Wor=
st case is more miners decide to skip validation and just mine a variation =
of the highest-fee-paying weak block they&#39;ve seen, but that&#39;s not a=
 disaster-- invalid blocks will still get rejected by all the non-miners ru=
nning full nodes.</div><div><br></div><div>If we did see that behavior, I b=
et it would be a good strategy for a big hashrate miner to dedicate some of=
 their hashrate to announcing invalid weak blocks; if you can get your lazy=
 competitors to mine it, then you win....</div><div><br></div></div>-- <br>=
<div class=3D"gmail_signature">--<br>Gavin Andresen<br></div><div class=3D"=
gmail_signature"><br></div>
</div></div>

--001a11c223d8ae3c40052070eb81--