Received: from sog-mx-2.v43.ch3.sourceforge.com ([172.29.43.192] helo=mx.sourceforge.net) by sfs-ml-4.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1YPyfS-0008AS-5e for bitcoin-development@lists.sourceforge.net; Mon, 23 Feb 2015 19:27:46 +0000 Received-SPF: pass (sog-mx-2.v43.ch3.sourceforge.com: domain of gmail.com designates 209.85.217.170 as permitted sender) client-ip=209.85.217.170; envelope-from=pagecr@gmail.com; helo=mail-lb0-f170.google.com; Received: from mail-lb0-f170.google.com ([209.85.217.170]) by sog-mx-2.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1YPyfQ-0006Va-CL for bitcoin-development@lists.sourceforge.net; Mon, 23 Feb 2015 19:27:46 +0000 Received: by lbvp9 with SMTP id p9so20819721lbv.0 for ; Mon, 23 Feb 2015 11:27:38 -0800 (PST) X-Received: by 10.152.228.167 with SMTP id sj7mr10923009lac.2.1424719657981; Mon, 23 Feb 2015 11:27:37 -0800 (PST) MIME-Version: 1.0 Received: by 10.25.42.79 with HTTP; Mon, 23 Feb 2015 11:27:17 -0800 (PST) From: Chris Page Date: Mon, 23 Feb 2015 14:27:17 -0500 Message-ID: To: bitcoin-development@lists.sourceforge.net Content-Type: multipart/alternative; boundary=001a113436661e5cb1050fc665c2 X-Spam-Score: -0.6 (/) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (pagecr[at]gmail.com) -0.0 SPF_PASS SPF: sender matches SPF record 1.0 HTML_MESSAGE BODY: HTML included in message -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-Headers-End: 1YPyfQ-0006Va-CL Subject: [Bitcoin-development] Request for comments on hybrid PoW/PoS enhancement for Bitcoin X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Feb 2015 19:27:46 -0000 --001a113436661e5cb1050fc665c2 Content-Type: text/plain; charset=UTF-8 I'm soliciting feedback on an idea to will improve security, increase the number of full nodes, and provide more avenues for bitcoin distribution. The idea is still in its infancy, but I need constructive feedback before I take this further, or decide to abandon the idea. In particular, my ego is in check and I'm ready to be made a fool, but in turn, I'll be that much better educated, so fair trade! Here is the high-level overview: 1) A new block B0 is mined and broadcast as usual 2) Full nodes verify block B0. A subset of these nodes broadcast a new "endorsement" message endorsing the block as valid, and preferred. 3) Miners, now assembling and beginning mining a new block (B1), add endorsements of B0 to B1's coinbase transaction, sharing the block reward with endorsers of B0. As proposed, the idea of Block Endorsement requires a new message, but fits into current structures. Here some details about each of the steps above, and what it buys us: 1) The mining of block B0: No changes to current process or format. Blocks are mined and broadcast as they are today. 2) Only a subset of nodes are eligible to endorse a block, and hence, only a subset are eligible for an endorsement reward. We restrict to avoid a flood of endorsement messages by every node following the announcement of each new block. An endorsement message needs to identify exactly one block at a specific height that it is endorsing. It needs to include a payout address that meets certain validation criteria relative to the block it is endorsing. A valid payout address will include some proof of stake (PoS), whether that be that it has a 1+ bitcoin balance, some age weighted balance, or something else is TBD. The reason for PoS is that it should not be the case that a subversive miner could easily fabricate a valid endorsement payout address. The other requirement is that the tail bits of a valid endorsement payout address, when masked (size of mask TBD) need to match the trailing bits of the hash of the block it is validating. This directly ties endorsements to a specific block, and makes it computationally inexpensive to verify/relay, or drop invalid endorsement messages. The combination of PoS and mask will restrict the number of valid addresses. There are no restrictions on which endorsements a miner can include, as long as they are valid. As part of new block validation, full nodes would need to do all that they do now, but they would also need to validate endorsements included in the coinbase transaction. 3) Miners consider whether to include endorsement payouts as part of their coinbase transaction. They need not do so, but by including endorsements, they significantly increase the likelihood that their block will be selected. CHANGE TO BEST CHAIN SELECTION Block Endorsement requires a change to the best chain selection algorithm to encourage miners to include endorsement payouts. Because there is an incentive to include endorsers, there is an incentive to broadcast mined blocks as soon as possible. For the purpose of best chain selection, a block should get a significant bonus to its work (10%) for each valid endorsement payout included in a block's valid coinbase transaction. How many endorsements should be permitted is a design parameter which is in play, but let's assume that up to 10 endorsements are permitted. For the purpose of block selection, a block's work, with 10 endorsements, is be effectively doubled. EFFECT ON 51% ATTACK With Block Endorsement, because of the extra weight given to a block that has endorsements, a sustained 51% attack becomes more expensive. Valid blocks with full endorsements would win out over the attack blocks unless the attacker was able to not only control 51% of the compute power, but to also control sufficient endorsements to overcome the rest of the network. To prevent an attacker from just using suitable addresses as endorsers from the blockchain, a full node would have to maintain a list of recently broadcast endorsement messages for TBD (100) blocks to prove the validity of the endorsements. Quite possibly we might need to provide a way for a booting node to request lists of endorsers. CHANGE TO BLOCK REWARD Miners would share block rewards with endorsers using a defined formula which is TBD. Endorsement rewards would be as much as 20% (design parameter) of the block reward, and shared evenly between all endorsers included in the coinbase. CHANGE TO MINING STRATEGIES When a new block is broadcast, miners will begin assembling yet another block. Meanwhile, full nodes would validate the new block, and endorsements would propagate quickly thereafter to all miners. This should not take long as it is easy to identify whether or not an address is a valid endorser. I would expect shortly after assembling a block, there would be a number of potential endorsers to include in the coinbase tx, and if 10 were not available, a miner could decide to wait, or begin mining it. I suspect the time to collect 10 valid endorsers would be low, as endorsers should reply quickly in hopes of being included. Therefore, this additional wait time, if any, would not have a appreciable impact on the level of difficulty required to mine a block. I have thoughts on how to provide additional incentives to miners to include multiple endorsers - for example, reducing the total endorsement fee down to 10% if endorsed by a full complement of endorsers. We could also start with a lower reward and ramp up to some target over time to not burden the business plans of current mining operations. But these and other ideas are added complexity that I don't know offers much return. It is easy to add complexity. The challenge is to keep it as simple as possible. CONCLUSION By implementing Block Endorsement, we increase security of the blockchain by giving more weight to blocks that have been broadcast and endorsed by multiple full nodes. By providing a reward to these endorsers, we provide an incentive for more full nodes. With proof of state mining on top of existing proof of work, we provide a low barrier to entry, while not sacrificing the benefits provided by PoW. With a lower barrier to entry, we provide a more accessible avenue for mining, and in turn, encourage bitcoin adoption. This is just the beginnings of an idea. Assuming there isn't a fundamental flaw(s), there are many knobs to tweak, and no doubt, it would benefit greatly by the technical expertise and creativity of others. I do feel as if there are still some gaps and that it hasn't yet been full explored yet even as a thought experiment. For instance, what new attack vectors might be introduced? Would a person controlling many potential endorsement addresses be able to launch an attack by endorsing a set of blocks, essentially launching a 51% attack but by using endorsements as a PoW multiplier? Or is that not practical? The answer is probably a function of the endorsement criteria. There are many different angles that require thought and scrutiny. I'm sure there are many that I've yet to even consider. And as I read discussions about double-spends and zero-confirmation transactions I can't help but wonder if maybe there is a way for endorsers to play a role in identifying possible double-spends. Negative endorsements? I'm new to the development process and the code base. Assuming the feedback isn't derailing, would the next step be to proceed with implementation, or would a new BIP be recommended? Well, I thought this would be only a few paragraphs. It is easy to carry on when you are excited about something. That's also the time when a person is most likely to miss some short-comings, so I am anxious for feedback. Thanks for reading, and I'd be most appreciative of constructive comments and questions. Thanks Chris Page --001a113436661e5cb1050fc665c2 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

I'm soliciting feedback on an idea to will im= prove security, increase the number of full nodes, and provide more avenues= for bitcoin distribution. =C2=A0 The idea is still in its infancy, but I n= eed constructive feedback before I take this further, or decide to abandon = the idea.

In particular, my ego is in check and I&= #39;m ready to be made a fool, but in turn, I'll be that much better ed= ucated, so fair trade!

Here is the high-level over= view:

1) A new block B0 is mined and broadcast as = usual

2) Full nodes verify block B0. A subset of t= hese nodes broadcast a new "endorsement" message endorsing the bl= ock as valid, and preferred.

3) Miners, now assemb= ling and beginning mining a new block (B1), add endorsements of B0 to B1= 9;s coinbase transaction, sharing the block reward with endorsers of B0.

As proposed, the idea of Block Endorsement requires = a new message, but fits into current structures.

H= ere some details about each of the steps above, and what it buys us:
<= div>
1) The mining of block B0: No changes to current process= or format.=C2=A0 Blocks are mined and broadcast as they are today.

2) =C2=A0Only a subset of nodes are eligible to endorse a= block, and hence, only a subset are eligible for an endorsement reward.=C2= =A0 We restrict to avoid a flood of endorsement messages by every node foll= owing the announcement of each new block.=C2=A0 An endorsement message need= s to identify exactly one block at a specific height that it is endorsing.= =C2=A0 It needs to include a payout address that meets certain validation c= riteria relative to the block it is endorsing.=C2=A0 A valid payout address= will include some proof of stake (PoS), whether that be that it has a 1+ b= itcoin balance, some age weighted balance, or something else is TBD.=C2=A0 = The reason for PoS is that it should not be the case that a subversive mine= r could easily fabricate a valid endorsement payout address.=C2=A0 The othe= r requirement is that the tail bits of a valid endorsement payout address, = when masked (size of mask TBD) need to match the trailing bits of the hash = of the block it is validating. =C2=A0 This directly ties endorsements to a = specific block, and makes it computationally inexpensive to verify/relay, o= r drop invalid endorsement messages. The combination of PoS and mask will r= estrict the number of valid addresses.=C2=A0 There are no restrictions on w= hich endorsements a miner can include, as long as they are valid.=C2=A0 As = part of new block validation, full nodes would need to do all that they do = now, but they would also need to validate endorsements included in the coin= base transaction.

3) Miners consider whether to in= clude endorsement payouts as part of their coinbase transaction.=C2=A0 They= need not do so, but by including endorsements, they significantly increase= the likelihood that their block will be selected.

CHANGE TO BEST CHAIN SELECTION

Block Endorsement = requires a change to the best chain selection algorithm to encourage miners= to include endorsement payouts.=C2=A0 Because there is an incentive to inc= lude endorsers, there is an incentive to broadcast mined blocks as soon as = possible.=C2=A0

For the purpose of best chain sele= ction, a block should get a significant bonus to its work (10%) for each va= lid endorsement payout included in a block's valid coinbase transaction= .=C2=A0 How many endorsements should be permitted is a design parameter whi= ch is in play, but let's assume that up to 10 endorsements are permitte= d. =C2=A0 For the purpose of block selection, a block's work, with 10 e= ndorsements, is be effectively doubled.

EFFECT ON = 51% ATTACK

With Block Endorsement, because of the = extra weight given to a block that has endorsements, a sustained 51% attack= becomes more expensive.=C2=A0 Valid blocks with full endorsements would wi= n out over the attack blocks unless the attacker was able to not only contr= ol 51% of the compute power, but to also control sufficient endorsements to= overcome the rest of the network.=C2=A0 To prevent an attacker from just u= sing suitable addresses as endorsers from the blockchain, a full node would= have to maintain a list of recently broadcast endorsement messages for TBD= (100) blocks to prove the validity of the endorsements.=C2=A0 Quite possib= ly we might need to provide a way for a booting node to request lists of en= dorsers.

CHANGE TO BLOCK REWARD

Miners would share block rewards with endorsers using a defined form= ula which is TBD.=C2=A0 Endorsement rewards would be as much as 20% (design= parameter) of the block reward, and shared evenly between all endorsers in= cluded in the coinbase.

CHANGE TO MINING STRATEGIE= S

When a new block is broadcast, miners will begin= assembling yet another block.=C2=A0 Meanwhile, full nodes would validate t= he new block, and endorsements would propagate quickly thereafter to all mi= ners.=C2=A0 This should not take long as it is easy to identify whether or = not an address is a valid endorser.=C2=A0 I would expect shortly after asse= mbling a block, there would be a number of potential endorsers to include i= n the coinbase tx, and if 10 were not available, a miner could decide to wa= it, or begin mining it.=C2=A0 I suspect the time to collect 10 valid endors= ers would be low, as endorsers should reply quickly in hopes of being inclu= ded. Therefore, this additional wait time, if any, would not have a appreci= able impact on the level of difficulty required to mine a block.
=
I have thoughts on how to provide additional incentives to m= iners to include multiple endorsers - for example, reducing the total endor= sement fee down to 10% if endorsed by a full complement of endorsers.=C2=A0= We could also start with a lower reward and ramp up to some target over ti= me to not burden the business plans of current mining operations.=C2=A0 But= these and other ideas are added complexity that I don't know offers mu= ch return.=C2=A0 It is easy to add complexity.=C2=A0 The challenge is to ke= ep it as simple as possible.=C2=A0

CONCLUSION

By implementing Block Endorsement, we increase securit= y of the blockchain by giving more weight to blocks that have been broadcas= t and endorsed by multiple full nodes.=C2=A0 By providing a reward to these= endorsers, we provide an incentive for more full nodes.=C2=A0 With proof o= f state mining on top of existing proof of work, we provide a low barrier t= o entry, while not sacrificing the benefits provided by PoW.=C2=A0 With a l= ower barrier to entry, we provide a more accessible avenue for mining, and = in turn, encourage bitcoin adoption.

This is just = the beginnings of an idea.=C2=A0 Assuming there isn't a fundamental fla= w(s), there are many knobs to tweak, and no doubt, it would benefit greatly= by the technical expertise and creativity of others.=C2=A0 I do feel as if= there are still some gaps and that it hasn't yet been full explored ye= t even as a thought experiment.=C2=A0 For instance, what new attack vectors= might be introduced?=C2=A0 Would a person controlling many potential endor= sement addresses be able to launch an attack by endorsing a set of blocks, = essentially launching a 51% attack but by using endorsements as a PoW multi= plier?=C2=A0 Or is that not practical?=C2=A0 The answer is probably a funct= ion of the endorsement criteria.=C2=A0 There are many different angles that= require thought and scrutiny.=C2=A0 I'm sure there are many that I'= ;ve yet to even consider.=C2=A0

And as I read disc= ussions about double-spends and zero-confirmation transactions I can't = help but wonder if maybe there is a way for endorsers to play a role in ide= ntifying possible double-spends.=C2=A0 Negative endorsements?
I'm new to the development process and the code base.=C2=A0= Assuming the feedback isn't derailing, would the next step be to proce= ed with implementation, or would a new BIP be recommended?=C2=A0
=
Well, I thought this would be only a few paragraphs.=C2=A0 I= t is easy to carry on when you are excited about something.=C2=A0 That'= s also the time when a person is most likely to miss some short-comings, so= I am anxious for feedback.=C2=A0 Thanks for reading, and I'd be most a= ppreciative of constructive comments and questions.

Thanks
Chris Page
--001a113436661e5cb1050fc665c2--