1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
|
Received: from sog-mx-4.v43.ch3.sourceforge.com ([172.29.43.194]
helo=mx.sourceforge.net)
by sfs-ml-1.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
(envelope-from <jgarzik@bitpay.com>) id 1YsG0u-00022J-Bi
for bitcoin-development@lists.sourceforge.net;
Tue, 12 May 2015 19:38:48 +0000
Received-SPF: pass (sog-mx-4.v43.ch3.sourceforge.com: domain of bitpay.com
designates 209.85.218.45 as permitted sender)
client-ip=209.85.218.45; envelope-from=jgarzik@bitpay.com;
helo=mail-oi0-f45.google.com;
Received: from mail-oi0-f45.google.com ([209.85.218.45])
by sog-mx-4.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128)
(Exim 4.76) id 1YsG0s-0004vk-GJ
for bitcoin-development@lists.sourceforge.net;
Tue, 12 May 2015 19:38:48 +0000
Received: by oift201 with SMTP id t201so14548738oif.3
for <bitcoin-development@lists.sourceforge.net>;
Tue, 12 May 2015 12:38:40 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20130820;
h=x-gm-message-state:mime-version:in-reply-to:references:from:date
:message-id:subject:to:cc:content-type;
bh=Mf7bqRtG8DCM5GWSISIRiFzJycUgEF0em2bx8rrzHik=;
b=IDH9iTigG6HyvPooKKkvRohh24KUhn6BUGBxk840xBe723lNiymKCF1gctGXS2jjb4
eihgD0uR4Kg2aiXaidCbF1x3CeKh2T006N5pM3n3dKcZKO44cYlocONyOuIZ+kzyDaTy
xVbhrCYIEc0qjMAJhbtrFMTHBosfpbbAbl2SwnMG9TRVXfe12e6Qz+FEFyHWWsj1cmlq
1U4SdsvMMcoOh5lIZt7Pfna2rO/ZuJU1HVABNm9Ai8DerF05/X+FII0+no+Dw5tJrItU
FdsHBxu8j9y1epabqOUA+xbVA4EuoHTNFBEF6305x6EvXdccRKHTZhdoUXblrfdbaZg6
Fpcg==
X-Gm-Message-State: ALoCoQlh1xP8XEPgNbBeqvr9tvPkfOQgUT5t9LxPqb1XqQJ8pHTfl1iijoPtxXeZLlqEPp/RDdPf
X-Received: by 10.60.42.161 with SMTP id p1mr13398993oel.7.1431459520752; Tue,
12 May 2015 12:38:40 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.202.108.149 with HTTP; Tue, 12 May 2015 12:38:20 -0700 (PDT)
In-Reply-To: <CANJO25+qURmDzsMgnm7+tsw7icFO--gWhmKmQPuNQCoh_R2big@mail.gmail.com>
References: <CANJO25J1WRHtfQLVXUB2s_sjj39pTPWmixAcXNJ3t-5os8RPmQ@mail.gmail.com>
<CANJO25JTtfmfsOQYOzJeksJn3CoKE3W8iLGsRko-_xd4XhB3ZA@mail.gmail.com>
<CAJHLa0O5OxaX5g3u=dnCY6Lz_gK3QZgQEPNcWNVRD4JziwAmvg@mail.gmail.com>
<20150512171640.GA32606@savin.petertodd.org>
<CAE-z3OV3VdSoiTSfASwYHr1CjZSqio303sqGq_1Y9yaYgov2sw@mail.gmail.com>
<CAAS2fgRzGkcJbWbJmFN2-NSJGUcLdPKp0q7FjM0x7WDvHoRq=g@mail.gmail.com>
<CANJO25+qURmDzsMgnm7+tsw7icFO--gWhmKmQPuNQCoh_R2big@mail.gmail.com>
From: Jeff Garzik <jgarzik@bitpay.com>
Date: Tue, 12 May 2015 12:38:20 -0700
Message-ID: <CAJHLa0PDbxuqRHuGNhsyvLpAaDq=ZHSg_u-Sb7FqNVnYrhFkFg@mail.gmail.com>
To: gabe appleton <gappleto97@gmail.com>
Content-Type: multipart/alternative; boundary=001a11c24d803ec3420515e7a432
X-Spam-Score: -0.6 (/)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
See http://spamassassin.org/tag/ for more details.
-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
sender-domain
-0.0 SPF_PASS SPF: sender matches SPF record
1.0 HTML_MESSAGE BODY: HTML included in message
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
author's domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature,
not necessarily valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
X-Headers-End: 1YsG0s-0004vk-GJ
Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] Proposed additional options for pruned
nodes
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Tue, 12 May 2015 19:38:48 -0000
--001a11c24d803ec3420515e7a432
Content-Type: text/plain; charset=UTF-8
One general problem is that security is weakened when an attacker can DoS a
small part of the chain by DoS'ing a small number of nodes - yet the impact
is a network-wide DoS because nobody can complete a sync.
On Tue, May 12, 2015 at 12:24 PM, gabe appleton <gappleto97@gmail.com>
wrote:
> 0, 1, 3, 4, 5, 6 can be solved by looking at chunks chronologically. Ie,
> give the signed (by sender) hash of the first and last block in your range.
> This is less data dense than the idea above, but it might work better.
>
> That said, this is likely a less secure way to do it. To improve upon
> that, a node could request a block of random height within that range and
> verify it, but that violates point 2. And the scheme in itself definitely
> violates point 7.
> On May 12, 2015 3:07 PM, "Gregory Maxwell" <gmaxwell@gmail.com> wrote:
>
>> It's a little frustrating to see this just repeated without even
>> paying attention to the desirable characteristics from the prior
>> discussions.
>>
>> Summarizing from memory:
>>
>> (0) Block coverage should have locality; historical blocks are
>> (almost) always needed in contiguous ranges. Having random peers
>> with totally random blocks would be horrific for performance; as you'd
>> have to hunt down a working peer and make a connection for each block
>> with high probability.
>>
>> (1) Block storage on nodes with a fraction of the history should not
>> depend on believing random peers; because listening to peers can
>> easily create attacks (e.g. someone could break the network; by
>> convincing nodes to become unbalanced) and not useful-- it's not like
>> the blockchain is substantially different for anyone; if you're to the
>> point of needing to know coverage to fill then something is wrong.
>> Gaps would be handled by archive nodes, so there is no reason to
>> increase vulnerability by doing anything but behaving uniformly.
>>
>> (2) The decision to contact a node should need O(1) communications,
>> not just because of the delay of chasing around just to find who has
>> someone; but because that chasing process usually makes the process
>> _highly_ sybil vulnerable.
>>
>> (3) The expression of what blocks a node has should be compact (e.g.
>> not a dense list of blocks) so it can be rumored efficiently.
>>
>> (4) Figuring out what block (ranges) a peer has given should be
>> computationally efficient.
>>
>> (5) The communication about what blocks a node has should be compact.
>>
>> (6) The coverage created by the network should be uniform, and should
>> remain uniform as the blockchain grows; ideally it you shouldn't need
>> to update your state to know what blocks a peer will store in the
>> future, assuming that it doesn't change the amount of data its
>> planning to use. (What Tier Nolan proposes sounds like it fails this
>> point)
>>
>> (7) Growth of the blockchain shouldn't cause much (or any) need to
>> refetch old blocks.
>>
>> I've previously proposed schemes which come close but fail one of the
>> above.
>>
>> (e.g. a scheme based on reservoir sampling that gives uniform
>> selection of contiguous ranges, communicating only 64 bits of data to
>> know what blocks a node claims to have, remaining totally uniform as
>> the chain grows, without any need to refetch -- but needs O(height)
>> work to figure out what blocks a peer has from the data it
>> communicated.; or another scheme based on consistent hashes that has
>> log(height) computation; but sometimes may result in a node needing to
>> go refetch an old block range it previously didn't store-- creating
>> re-balancing traffic.)
>>
>> So far something that meets all those criteria (and/or whatever ones
>> I'm not remembering) has not been discovered; but I don't really think
>> much time has been spent on it. I think its very likely possible.
>>
>>
>> ------------------------------------------------------------------------------
>> One dashboard for servers and applications across Physical-Virtual-Cloud
>> Widest out-of-the-box monitoring support with 50+ applications
>> Performance metrics, stats and reports that give you Actionable Insights
>> Deep dive visibility with transaction tracing using APM Insight.
>> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
>> _______________________________________________
>> Bitcoin-development mailing list
>> Bitcoin-development@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>>
>
>
> ------------------------------------------------------------------------------
> One dashboard for servers and applications across Physical-Virtual-Cloud
> Widest out-of-the-box monitoring support with 50+ applications
> Performance metrics, stats and reports that give you Actionable Insights
> Deep dive visibility with transaction tracing using APM Insight.
> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>
>
--
Jeff Garzik
Bitcoin core developer and open source evangelist
BitPay, Inc. https://bitpay.com/
--001a11c24d803ec3420515e7a432
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr">One general problem is that security is weakened when an a=
ttacker can DoS a small part of the chain by DoS'ing a small number of =
nodes - yet the impact is a network-wide DoS because nobody can complete a =
sync.<div><br></div></div><div class=3D"gmail_extra"><br><div class=3D"gmai=
l_quote">On Tue, May 12, 2015 at 12:24 PM, gabe appleton <span dir=3D"ltr">=
<<a href=3D"mailto:gappleto97@gmail.com" target=3D"_blank">gappleto97@gm=
ail.com</a>></span> wrote:<br><blockquote class=3D"gmail_quote" style=3D=
"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><p dir=3D"l=
tr">0, 1, 3, 4, 5, 6 can be solved by looking at chunks chronologically. Ie=
, give the signed (by sender) hash of the first and last block in your rang=
e. This is less data dense than the idea above, but it might work better. <=
/p>
<p dir=3D"ltr">That said, this is likely a less secure way to do it. To imp=
rove upon that, a node could request a block of random height within that r=
ange and verify it, but that violates point 2. And the scheme in itself def=
initely violates point 7.</p><div class=3D"HOEnZb"><div class=3D"h5">
<div class=3D"gmail_quote">On May 12, 2015 3:07 PM, "Gregory Maxwell&q=
uot; <<a href=3D"mailto:gmaxwell@gmail.com" target=3D"_blank">gmaxwell@g=
mail.com</a>> wrote:<br type=3D"attribution"><blockquote class=3D"gmail_=
quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1=
ex">It's a little frustrating to see this just repeated without even<br=
>
paying attention to the desirable characteristics from the prior<br>
discussions.<br>
<br>
Summarizing from memory:<br>
<br>
(0) Block coverage should have locality; historical blocks are<br>
(almost) always needed in contiguous ranges.=C2=A0 =C2=A0Having random peer=
s<br>
with totally random blocks would be horrific for performance; as you'd<=
br>
have to hunt down a working peer and make a connection for each block<br>
with high probability.<br>
<br>
(1) Block storage on nodes with a fraction of the history should not<br>
depend on believing random peers; because listening to peers can<br>
easily create attacks (e.g. someone could break the network; by<br>
convincing nodes to become unbalanced) and not useful-- it's not like<b=
r>
the blockchain is substantially different for anyone; if you're to the<=
br>
point of needing to know coverage to fill then something is wrong.<br>
Gaps would be handled by archive nodes, so there is no reason to<br>
increase vulnerability by doing anything but behaving uniformly.<br>
<br>
(2) The decision to contact a node should need O(1) communications,<br>
not just because of the delay of chasing around just to find who has<br>
someone; but because that chasing process usually makes the process<br>
_highly_ sybil vulnerable.<br>
<br>
(3) The expression of what blocks a node has should be compact (e.g.<br>
not a dense list of blocks) so it can be rumored efficiently.<br>
<br>
(4) Figuring out what block (ranges) a peer has given should be<br>
computationally efficient.<br>
<br>
(5) The communication about what blocks a node has should be compact.<br>
<br>
(6) The coverage created by the network should be uniform, and should<br>
remain uniform as the blockchain grows; ideally it you shouldn't need<b=
r>
to update your state to know what blocks a peer will store in the<br>
future, assuming that it doesn't change the amount of data its<br>
planning to use. (What Tier Nolan proposes sounds like it fails this<br>
point)<br>
<br>
(7) Growth of the blockchain shouldn't cause much (or any) need to<br>
refetch old blocks.<br>
<br>
I've previously proposed schemes which come close but fail one of the a=
bove.<br>
<br>
(e.g. a scheme based on reservoir sampling that gives uniform<br>
selection of contiguous ranges, communicating only 64 bits of data to<br>
know what blocks a node claims to have, remaining totally uniform as<br>
the chain grows, without any need to refetch -- but needs O(height)<br>
work to figure out what blocks a peer has from the data it<br>
communicated.;=C2=A0 =C2=A0or another scheme based on consistent hashes tha=
t has<br>
log(height) computation; but sometimes may result in a node needing to<br>
go refetch an old block range it previously didn't store-- creating<br>
re-balancing traffic.)<br>
<br>
So far something that meets all those criteria (and/or whatever ones<br>
I'm not remembering) has not been discovered; but I don't really th=
ink<br>
much time has been spent on it. I think its very likely possible.<br>
<br>
---------------------------------------------------------------------------=
---<br>
One dashboard for servers and applications across Physical-Virtual-Cloud<br=
>
Widest out-of-the-box monitoring support with 50+ applications<br>
Performance metrics, stats and reports that give you Actionable Insights<br=
>
Deep dive visibility with transaction tracing using APM Insight.<br>
<a href=3D"http://ad.doubleclick.net/ddm/clk/290420510;117567292;y" target=
=3D"_blank">http://ad.doubleclick.net/ddm/clk/290420510;117567292;y</a><br>
_______________________________________________<br>
Bitcoin-development mailing list<br>
<a href=3D"mailto:Bitcoin-development@lists.sourceforge.net" target=3D"_bla=
nk">Bitcoin-development@lists.sourceforge.net</a><br>
<a href=3D"https://lists.sourceforge.net/lists/listinfo/bitcoin-development=
" target=3D"_blank">https://lists.sourceforge.net/lists/listinfo/bitcoin-de=
velopment</a><br>
</blockquote></div>
</div></div><br>-----------------------------------------------------------=
-------------------<br>
One dashboard for servers and applications across Physical-Virtual-Cloud<br=
>
Widest out-of-the-box monitoring support with 50+ applications<br>
Performance metrics, stats and reports that give you Actionable Insights<br=
>
Deep dive visibility with transaction tracing using APM Insight.<br>
<a href=3D"http://ad.doubleclick.net/ddm/clk/290420510;117567292;y" target=
=3D"_blank">http://ad.doubleclick.net/ddm/clk/290420510;117567292;y</a><br>=
_______________________________________________<br>
Bitcoin-development mailing list<br>
<a href=3D"mailto:Bitcoin-development@lists.sourceforge.net">Bitcoin-develo=
pment@lists.sourceforge.net</a><br>
<a href=3D"https://lists.sourceforge.net/lists/listinfo/bitcoin-development=
" target=3D"_blank">https://lists.sourceforge.net/lists/listinfo/bitcoin-de=
velopment</a><br>
<br></blockquote></div><br><br clear=3D"all"><div><br></div>-- <br><div cla=
ss=3D"gmail_signature">Jeff Garzik<br>Bitcoin core developer and open sourc=
e evangelist<br>BitPay, Inc. =C2=A0 =C2=A0 =C2=A0<a href=3D"https://bitpay.=
com/" target=3D"_blank">https://bitpay.com/</a></div>
</div>
--001a11c24d803ec3420515e7a432--
|